CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-24 18:03:10 +01:00
Code Issues Packages Projects Releases Wiki Activity
14,253 Commits 19 Branches 120 Tags
1192dbd5305c190460effdc28ccbd85d79427cf7
Commit Graph

91 Commits

Author SHA1 Message Date
Jason Ertel
e075d07f5c show last highstate date/time on grid metrics screen; expose maxUploadSize and staleMetricsMs settings on config screen 2023-12-29 11:38:42 -05:00
Doug Burks
ab5de4c104 update soc defaults.yaml 2023-12-19 07:27:07 -05:00
Doug Burks
4d8661d2e0 FIX: Update dashboard and hunt query for firewall logs #12021 2023-12-18 13:38:04 -05:00
Doug Burks
6a1073b616 FIX: Update dashboard and hunt query for firewall logs #12021 2023-12-18 12:57:40 -05:00
Doug Burks
8779fb8cbc Update defaults.yaml 2023-12-14 13:30:52 -05:00
Doug Burks
042e5ae9f0 https://github.com/Security-Onion-Solutions/securityonion/issues/12021 2023-12-14 12:46:28 -05:00
weslambert
0334ef9677 Add eml observable type 2023-12-05 19:10:16 -05:00
Doug Burks
4666b993e5 Update defaults.yaml 2023-11-14 09:58:45 -05:00
Wes
bca1194a46 Sublime SOC Action 2023-11-01 14:01:55 +00:00
Jason Ertel
546c562ef0 expose standard relay timeout in config UI; up default to 45s to accommodate sluggish pillar.get calls 2023-09-01 10:31:02 -04:00
Corey Ogburn
a615fc8e47 New Config Default: longRelayTimeoutMs 
Salt is getting a second timeout for operations known to take a long time such as sending and importing files. There's also an entry in soc_soc.yaml so the value can be changed in SOC's config page.
 2023-08-30 15:33:01 -06:00
weslambert
563a495725 Add Playbook 2023-08-21 11:24:07 -04:00
weslambert
9e18fe64cf Remove OSSEC configuration 2023-08-21 11:20:47 -04:00
bryant-treacle
036b81707b Update defaults.yaml 2023-08-08 16:10:54 -04:00
bryant-treacle
3d4fd08547 Update defaults.yaml 2023-08-08 15:28:06 -04:00
weslambert
527a6ba454 Use asterisk when searching 'msg' since it is now a keyword 2023-07-31 23:52:38 -04:00
Corey Ogburn
aa56085758 New Action "Add to Case" 2023-07-28 09:55:44 -06:00
Corey Ogburn
bb7a918a16 Added ReverseLookup Option 
Defaults to false, has metadata to show up in the config section of soc.
 2023-07-21 13:18:08 -06:00
Wes
1848a835f5 Remove keyword 2023-07-19 13:52:15 +00:00
Jason Ertel
951f04c265 remove use of pipe 2023-06-29 12:10:12 -04:00
Corey Ogburn
fb27e7c479 Also add to dashboard 
Duplicate new queryToggleFilter from hunt to dashboard.
 2023-06-23 11:30:26 -06:00
Corey Ogburn
261acee8a0 New Hunt queryToggleFilter 
New filter to exclude soc logs from hunt results.
 2023-06-23 11:30:26 -06:00
Corey Ogburn
6769386c86 Change upload path 2023-06-22 10:59:24 -06:00
Corey Ogburn
b5e5bd57ad Fix for Upload Import 
Needed to mount /nsm/soc/uploads into soc container.

Made the upload route configurable.

Added gpg logging to salt-relay.
 2023-06-21 15:41:16 -06:00
Josh Brower
6ba9e057a9 Merge pull request #10600 from Security-Onion-Solutions/fix/dataset_tags 
Change format of event dataset and assign dataset to tags
 2023-06-21 09:22:40 -04:00
Doug Burks
0e09d73aa0 Resolve conflicts with dataset PR 2023-06-20 07:40:10 -04:00
Doug Burks
fc824359ed Update default fields for kratos.audit 2023-06-20 07:30:56 -04:00
Doug Burks
7caa7cec6b Fix SOC Auth queries in Dashboards and Hunt 
Change `event.dataset:audit` to `event.dataset:kratos.audit`.
 2023-06-20 07:13:33 -04:00
Wes
b5bccc5e05 Use module in dataset name and add dataset tag 2023-06-15 13:06:57 +00:00
m0duspwnens
8e18986671 enabled/disable soc in ui 2023-05-11 15:33:16 -04:00
Doug Burks
5be5466efe fix GeoIP queries 2023-03-24 14:03:12 -04:00
Doug Burks
a9dc7a14cb fix GeoIP queries 2023-03-24 13:56:51 -04:00
Doug Burks
aa9d44ab09 Add four new GeoIP dashboards 2023-03-24 13:51:13 -04:00
Josh Brower
bad905f54c SOC Logs & Hunt Query 2023-03-23 16:22:59 -04:00
Josh Brower
2fe8668f1b Merge pull request #9891 from Security-Onion-Solutions/2.4/huntqueries 
Initial updates for 2.4 fieldnames
 2023-03-09 14:37:50 -05:00
Josh Brower
73abf8dbfd Generic host dashboard 2023-03-09 14:32:52 -05:00
Josh Brower
1493806040 Change host dashboard titles 2023-03-08 17:03:02 -05:00
Josh Brower
a5c89bfaa1 update sysmon dashboards 2023-03-08 16:49:34 -05:00
Doug Burks
a2bda07820 add VLAN dashboard 2023-03-05 15:24:11 -05:00
Josh Brower
9db6df0f14 Initial updates for 2.4 fieldnames 2023-03-04 15:19:19 -05:00
Doug Burks
e24296d536 add SOC Dashboards groupby for Zeek conn vlan field 2023-03-03 15:23:43 -05:00
Jason Ertel
d3c5d0569a Remove FleetDM tool instead of deactivating it 2023-02-24 10:20:02 -05:00
Jason Ertel
cd27ae89cc influx upgrade 2023-02-10 16:34:06 -05:00
Jason Ertel
ea0c3db8e1 upgrade influxdb 2023-02-08 13:23:45 -05:00
Doug Burks
a44d83d69b Improve Suricata DHCP parsing and dashboard 2023-01-31 08:33:38 -05:00
Jason Ertel
7b1f867ac3 Add defaults for auto extracted observables 2023-01-24 13:17:50 -05:00
Doug Burks
5754365c6d Improve default sysmon fields and add new network_connection fields 2023-01-04 07:42:24 -05:00
doug
4e5d1d587e update sysmon ingest parser and Sysmon File dashboard 2023-01-03 09:02:17 -05:00
Doug Burks
69415a0d8d Improve Strelka dashboard 2022-12-21 15:34:35 -05:00
Doug Burks
506556f0d2 Improve Firewall dashboard 2022-12-21 15:29:09 -05:00