CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
14,271 Commits 24 Branches 119 Tags
0c6c6ba2d5d2e529ab6239f53ea6bd38d8a13446
Commit Graph

14271 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Josh Brower
0c6c6ba2d5 Various UI tweaks 2024-02-13 13:38:43 -05:00
Josh Brower
ea80469c2d Detection Default queries 2024-02-12 19:39:55 -05:00
Josh Brower
5102269440 Update defaults 2024-02-12 16:44:54 -05:00
Corey Ogburn
64f6d0fba9 Updated Detection's ES Mappings 
Detection's now have a License field and the Comment model is defined now.
 2024-02-09 14:20:07 -07:00
Corey Ogburn
29174566f3 WIP: Updated Detection Mappings, Changed Engine to Language 
Detection mappings updated to include the removal of Note and the addition of Tags, Ruleset, and Language.

SOC defaults updated to use language based queries rather than engine and show the language column instead of the engine column in results.
 2024-02-08 09:44:56 -07:00
Josh Brower
81a3e95914 Fixup sigma pipelines 2024-02-07 16:42:16 -05:00
Josh Brower
7e3187c0b8 Fixup sigma pipelines 2024-02-07 15:35:31 -05:00
Josh Brower
b7b501d289 Add Sigma pipelines 2024-02-07 15:02:52 -05:00
Josh Brower
378c99ae88 Fix bindings 2024-02-02 18:27:49 -05:00
Corey Ogburn
8f81c9eb68 Updating config for Detection(s) 2024-02-02 11:49:58 -07:00
Josh Brower
fe196b5661 Add SOC Config for Detections 2024-02-01 12:22:50 -05:00
Josh Brower
49b5788ac1 add bindings 2024-02-01 07:21:49 -05:00
Josh Brower
881d6b313e Update VERSION - kilo 2024-01-31 17:04:11 -05:00
Josh Brower
db057b4dfa Merge pull request #12296 from Security-Onion-Solutions/cogburn/detection_playbooks 
Cogburn/detection playbooks
 2024-01-31 16:48:51 -05:00
Mike Reeves
a094d1007b Merge pull request #12293 from Security-Onion-Solutions/TOoSmOotH-patch-3 
fix salt lock for airgap version mismatches
 2024-01-31 16:21:16 -05:00
Mike Reeves
341ff5b564 Update so-functions 2024-01-31 16:18:51 -05:00
Corey Ogburn
585147d1de Added so-detection mapping in elasticsearch 2024-01-31 10:39:47 -07:00
Corey Ogburn
858166bcae WIP: Detections Changes 
Removed some strelka/yara rules from salt.

Removed yara scripts for downloading and updating rules. This will be managed by SOC.

Added a new compile_yara.py script.

Added the strelka repos folder.
 2024-01-30 15:43:51 -07:00
Corey Ogburn
0fa4d92f8f socsigmarepo 
Need write permissions on the /opt/so/rules dir so I can clone the sigma repo there.
 2024-01-30 14:49:05 -07:00
Jorge Reyes
4dd0b4a4fd Merge pull request #12283 from Security-Onion-Solutions/reyesj2-patch-6 
Remove remediate from initial oscap scan
 2024-01-30 15:56:13 -05:00
reyesj2
b5ffa186fb Remove remediate from initial oscap scan 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-01-30 15:54:23 -05:00
Jorge Reyes
cb5e111a00 Merge pull request #12267 from Security-Onion-Solutions/reyesj2-patch-6 
Update soup
 2024-01-29 10:22:35 -05:00
reyesj2
7c08b348aa Add comment for soup update w/ STIGs enabled 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-01-29 10:16:34 -05:00
weslambert
dc5ea89255 Merge pull request #12260 from Security-Onion-Solutions/fix/endpoint_diagnostic 
Add template for endpoint.diagnostic.collection
 2024-01-26 16:13:30 -05:00
reyesj2
c4301d7cc1 Soup script update locations 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-01-26 15:51:06 -05:00
reyesj2
91c7b8144d soup logic 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-01-26 15:43:42 -05:00
reyesj2
2e026b637d Update soup to retry modified salt command on failure to update soup scripts. 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-01-26 11:36:33 -05:00
reyesj2
cd6e387bcb remove --local from soup common.soup_scripts update. 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-01-25 16:15:53 -05:00
Wes
12ab6338db Add diagnostic 2024-01-25 20:16:52 +00:00
weslambert
cd54d4becb Fix indent 2024-01-25 13:57:02 -05:00
weslambert
5f1c76f6ec endpoint.diagnostic.collection 2024-01-25 09:46:25 -05:00
weslambert
d2d70d1c5b Merge pull request #12250 from Security-Onion-Solutions/fix/scan_pe_flags 
Fix PE Flags
 2024-01-24 14:29:23 -05:00
Jason Ertel
e53030feef Merge pull request #12248 from Security-Onion-Solutions/jertel/pfeat 
standardize feature names
 2024-01-24 12:12:16 -05:00
Jason Ertel
9f17bd2255 lks/fps 2024-01-24 11:17:32 -05:00
Wes
8426aad56d Text mapping for scan.pe.flags 2024-01-24 15:10:42 +00:00
Wes
d23d367058 Make scan.pe.flags a string 2024-01-24 15:08:38 +00:00
weslambert
cbdaf2e9a1 Merge pull request #12242 from Security-Onion-Solutions/upgrade/strelka_0.24.01.18 
Fix quote
 2024-01-23 14:02:35 -05:00
weslambert
4d7af21dd5 Fix quote 2024-01-23 13:55:37 -05:00
weslambert
8348506acc Merge pull request #12240 from Security-Onion-Solutions/upgrade/strelka_0.24.01.18 
UPGRADE: Strelka 0.24.01.18
 2024-01-23 13:50:15 -05:00
weslambert
1698d95efe Use PLACEHOLDER for key values 2024-01-23 13:45:26 -05:00
weslambert
b1052ddcce Merge pull request #12241 from Security-Onion-Solutions/fix/leak_test 
Exclude specific Strelka key values
 2024-01-23 13:43:18 -05:00
weslambert
0cb36bb0aa Exclude StrelkaHexDump and PLACEHOLDER values 2024-01-23 13:39:59 -05:00
weslambert
0ccdfcb07c Exclude only offset_meta_key 2024-01-23 13:11:43 -05:00
weslambert
63ba97306c Exclude Strelka defaults 2024-01-23 13:05:58 -05:00
weslambert
72319e33db Avoid leak test triggering 2024-01-23 12:38:09 -05:00
weslambert
34bb37e415 Merge pull request #12227 from Security-Onion-Solutions/feature/rita_logs 
RITA Logs
 2024-01-23 12:32:32 -05:00
Wes
3bcb0bc132 Update defaults 2024-01-23 17:18:54 +00:00
Jorge Reyes
d25a2d4c30 Merge pull request #12230 from Security-Onion-Solutions/reyesj2-patch-sl 
Handle non-zero
 2024-01-23 08:31:48 -05:00
reyesj2
350b0df3bf Handle non-zero 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-01-22 22:48:15 -05:00
Wes
5542db0aac Leave package version null 2024-01-22 21:07:46 +00:00