CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-01-24 17:03:27 +01:00
Code Issues Packages Projects Releases Wiki Activity
14,269 Commits 23 Branches 121 Tags
0d297274c8fc4f278e7b9e8530bdd39856425fb9
Commit Graph

95 Commits

Author SHA1 Message Date
Corey Ogburn
29174566f3 WIP: Updated Detection Mappings, Changed Engine to Language 
Detection mappings updated to include the removal of Note and the addition of Tags, Ruleset, and Language.

SOC defaults updated to use language based queries rather than engine and show the language column instead of the engine column in results.
 2024-02-08 09:44:56 -07:00
Josh Brower
378c99ae88 Fix bindings 2024-02-02 18:27:49 -05:00
Corey Ogburn
8f81c9eb68 Updating config for Detection(s) 2024-02-02 11:49:58 -07:00
Josh Brower
fe196b5661 Add SOC Config for Detections 2024-02-01 12:22:50 -05:00
Jason Ertel
e075d07f5c show last highstate date/time on grid metrics screen; expose maxUploadSize and staleMetricsMs settings on config screen 2023-12-29 11:38:42 -05:00
Doug Burks
ab5de4c104 update soc defaults.yaml 2023-12-19 07:27:07 -05:00
Doug Burks
4d8661d2e0 FIX: Update dashboard and hunt query for firewall logs #12021 2023-12-18 13:38:04 -05:00
Doug Burks
6a1073b616 FIX: Update dashboard and hunt query for firewall logs #12021 2023-12-18 12:57:40 -05:00
Doug Burks
8779fb8cbc Update defaults.yaml 2023-12-14 13:30:52 -05:00
Doug Burks
042e5ae9f0 https://github.com/Security-Onion-Solutions/securityonion/issues/12021 2023-12-14 12:46:28 -05:00
weslambert
0334ef9677 Add eml observable type 2023-12-05 19:10:16 -05:00
Doug Burks
4666b993e5 Update defaults.yaml 2023-11-14 09:58:45 -05:00
Wes
bca1194a46 Sublime SOC Action 2023-11-01 14:01:55 +00:00
Jason Ertel
546c562ef0 expose standard relay timeout in config UI; up default to 45s to accommodate sluggish pillar.get calls 2023-09-01 10:31:02 -04:00
Corey Ogburn
a615fc8e47 New Config Default: longRelayTimeoutMs 
Salt is getting a second timeout for operations known to take a long time such as sending and importing files. There's also an entry in soc_soc.yaml so the value can be changed in SOC's config page.
 2023-08-30 15:33:01 -06:00
weslambert
563a495725 Add Playbook 2023-08-21 11:24:07 -04:00
weslambert
9e18fe64cf Remove OSSEC configuration 2023-08-21 11:20:47 -04:00
bryant-treacle
036b81707b Update defaults.yaml 2023-08-08 16:10:54 -04:00
bryant-treacle
3d4fd08547 Update defaults.yaml 2023-08-08 15:28:06 -04:00
weslambert
527a6ba454 Use asterisk when searching 'msg' since it is now a keyword 2023-07-31 23:52:38 -04:00
Corey Ogburn
aa56085758 New Action "Add to Case" 2023-07-28 09:55:44 -06:00
Corey Ogburn
bb7a918a16 Added ReverseLookup Option 
Defaults to false, has metadata to show up in the config section of soc.
 2023-07-21 13:18:08 -06:00
Wes
1848a835f5 Remove keyword 2023-07-19 13:52:15 +00:00
Jason Ertel
951f04c265 remove use of pipe 2023-06-29 12:10:12 -04:00
Corey Ogburn
fb27e7c479 Also add to dashboard 
Duplicate new queryToggleFilter from hunt to dashboard.
 2023-06-23 11:30:26 -06:00
Corey Ogburn
261acee8a0 New Hunt queryToggleFilter 
New filter to exclude soc logs from hunt results.
 2023-06-23 11:30:26 -06:00
Corey Ogburn
6769386c86 Change upload path 2023-06-22 10:59:24 -06:00
Corey Ogburn
b5e5bd57ad Fix for Upload Import 
Needed to mount /nsm/soc/uploads into soc container.

Made the upload route configurable.

Added gpg logging to salt-relay.
 2023-06-21 15:41:16 -06:00
Josh Brower
6ba9e057a9 Merge pull request #10600 from Security-Onion-Solutions/fix/dataset_tags 
Change format of event dataset and assign dataset to tags
 2023-06-21 09:22:40 -04:00
Doug Burks
0e09d73aa0 Resolve conflicts with dataset PR 2023-06-20 07:40:10 -04:00
Doug Burks
fc824359ed Update default fields for kratos.audit 2023-06-20 07:30:56 -04:00
Doug Burks
7caa7cec6b Fix SOC Auth queries in Dashboards and Hunt 
Change `event.dataset:audit` to `event.dataset:kratos.audit`.
 2023-06-20 07:13:33 -04:00
Wes
b5bccc5e05 Use module in dataset name and add dataset tag 2023-06-15 13:06:57 +00:00
m0duspwnens
8e18986671 enabled/disable soc in ui 2023-05-11 15:33:16 -04:00
Doug Burks
5be5466efe fix GeoIP queries 2023-03-24 14:03:12 -04:00
Doug Burks
a9dc7a14cb fix GeoIP queries 2023-03-24 13:56:51 -04:00
Doug Burks
aa9d44ab09 Add four new GeoIP dashboards 2023-03-24 13:51:13 -04:00
Josh Brower
bad905f54c SOC Logs & Hunt Query 2023-03-23 16:22:59 -04:00
Josh Brower
2fe8668f1b Merge pull request #9891 from Security-Onion-Solutions/2.4/huntqueries 
Initial updates for 2.4 fieldnames
 2023-03-09 14:37:50 -05:00
Josh Brower
73abf8dbfd Generic host dashboard 2023-03-09 14:32:52 -05:00
Josh Brower
1493806040 Change host dashboard titles 2023-03-08 17:03:02 -05:00
Josh Brower
a5c89bfaa1 update sysmon dashboards 2023-03-08 16:49:34 -05:00
Doug Burks
a2bda07820 add VLAN dashboard 2023-03-05 15:24:11 -05:00
Josh Brower
9db6df0f14 Initial updates for 2.4 fieldnames 2023-03-04 15:19:19 -05:00
Doug Burks
e24296d536 add SOC Dashboards groupby for Zeek conn vlan field 2023-03-03 15:23:43 -05:00
Jason Ertel
d3c5d0569a Remove FleetDM tool instead of deactivating it 2023-02-24 10:20:02 -05:00
Jason Ertel
cd27ae89cc influx upgrade 2023-02-10 16:34:06 -05:00
Jason Ertel
ea0c3db8e1 upgrade influxdb 2023-02-08 13:23:45 -05:00
Doug Burks
a44d83d69b Improve Suricata DHCP parsing and dashboard 2023-01-31 08:33:38 -05:00
Jason Ertel
7b1f867ac3 Add defaults for auto extracted observables 2023-01-24 13:17:50 -05:00