securityonion

mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00

Author	SHA1	Message	Date
Mike Reeves	42cde0b6f0	Use shutil in case there are multiple filesystems involved.	2022-11-30 10:59:09 -05:00
Doug Burks	1279997ca9	update stun, tunnel, and wireguard dashboards in dashboards.queries.json	2022-11-30 10:59:00 -05:00
weslambert	93e0ec8696	Merge pull request #9249 from Security-Onion-Solutions/fix/ics_ingest_pipelines_additional_field_renames More ICS Field Name Updates	2022-11-30 10:26:36 -05:00
Wes	8f0547beda	Change 'bsap.node.status_byte' to 'bsap.node_status_byte'.	2022-11-30 15:24:53 +00:00
Wes	6cb4c02200	More field updates	2022-11-30 15:22:02 +00:00
weslambert	8c54c44690	Merge pull request #9248 from Security-Onion-Solutions/fix/ics_ingest_pipelines_additional_field_renames Additional ICS field renames and updates	2022-11-30 10:09:44 -05:00
Wes	5d72f8d55a	Additional field renames and updates	2022-11-30 15:01:41 +00:00
Mike Reeves	768225ff5a	Merge pull request #9242 from Security-Onion-Solutions/TOoSmOotH-patch-1	2022-11-29 23:42:15 -05:00
Mike Reeves	571ac4edec	Update soup	2022-11-29 18:36:47 -05:00
weslambert	86cfac4983	Merge pull request #9241 from Security-Onion-Solutions/fix/ics_pipelines_field_renames ICS Pipelines - Various Field Renames	2022-11-29 17:23:34 -05:00
Wes	e00a80feb4	Use native link_id naming scheme for now	2022-11-29 22:05:37 +00:00
Wes	e8e39a7105	Various field renames	2022-11-29 21:32:05 +00:00
Wes	13ea44db95	Use native 'is_orig' since we are already using that field name for other logs	2022-11-29 21:21:41 +00:00
weslambert	7f4f1397e7	Merge pull request #9240 from Security-Onion-Solutions/fix/add_s7comm_upload_download_ingest_pipeline Add Zeek s7comm upload download ingest pipeline	2022-11-29 15:00:26 -05:00
Wes	5db3e22363	Add s7comm_upload_download references in various places	2022-11-29 19:58:18 +00:00
Wes	6fe2857ba5	Add Zeek s7comm_upload_download ingest pipeline	2022-11-29 19:45:56 +00:00
weslambert	56b0bae089	Merge pull request #9238 from Security-Onion-Solutions/fix/opcua_encoding_mask_format Fix OP CUA Encoding Mask Format and Ensure Connection State Is Populated Before Assessing Its Value	2022-11-29 14:16:03 -05:00
weslambert	f947e501cb	Add space per request	2022-11-29 14:14:37 -05:00
weslambert	ff8bbc399f	Add space per request	2022-11-29 14:14:08 -05:00
weslambert	80226a27cc	Add space per request	2022-11-29 14:13:41 -05:00
weslambert	266207cc18	Add space per request	2022-11-29 14:12:52 -05:00
weslambert	5255c120c5	Add space per request	2022-11-29 14:11:20 -05:00
Wes	d44f8e495b	Check if connection.state is populated before trying to assess its value	2022-11-29 19:00:47 +00:00
Wes	13a8cbdabb	Add convert processor for opcua.encoding_mask	2022-11-29 18:59:30 +00:00
Doug Burks	c3c505f8ff	Merge pull request #9237 from Security-Onion-Solutions/dougburks-patch-1 add ICS COTP dashboard to dashboards.queries.json	2022-11-29 13:40:24 -05:00
Doug Burks	7ea0aa87e4	add ICS COTP dashboard to dashboards.queries.json	2022-11-29 13:38:19 -05:00
weslambert	82317656b1	Merge pull request #9235 from Security-Onion-Solutions/fix/mobus_read_write_multiple_registers_pipeline_failure_resolution Change 'write' to 'read' to correct name and avoid pipeline failure	2022-11-29 12:56:05 -05:00
weslambert	1cc5961c07	Change 'write' to 'read' to correct name and avoid pipeline failure	2022-11-29 12:54:55 -05:00
weslambert	220e998b45	Merge pull request #9234 from Security-Onion-Solutions/fix/add_dnp3_control_ingest_pipeline Add 'zeek.dnp3_control' ingest pipeline	2022-11-29 12:29:44 -05:00
Wes	16cd1080be	Add dnp3_control reference in various places	2022-11-29 17:23:37 +00:00
Wes	5db643e53b	Add Zeek dnp3_control ingest pipeline	2022-11-29 17:18:24 +00:00
weslambert	745cdef538	Merge pull request #9232 from Security-Onion-Solutions/fix/filebeat_ics_tag_bsap Add 'ics' tag for 'bsap'-prefixed events/logs	2022-11-29 11:37:18 -05:00
weslambert	aa767b8dc1	Add 'ics' tag for 'bsap'-prefixed events/logs	2022-11-29 11:27:41 -05:00
Doug Burks	45cdd16308	Merge pull request #9228 from Security-Onion-Solutions/fix/zeek-ics-eventfields More Zeek ICS changes	2022-11-29 09:18:40 -05:00
doug	1bb76bb251	update zeek s7comm parsers	2022-11-29 07:50:21 -05:00
doug	4251331bd4	update zeek tds parsers and dashboard	2022-11-29 07:43:20 -05:00
doug	124d56f4b9	update zeek cip parsers	2022-11-29 07:36:30 -05:00
doug	02821b97ad	update bacnet parsers	2022-11-29 07:26:11 -05:00
doug	9a50832669	fix more typos	2022-11-29 07:16:30 -05:00
doug	cffbe757a6	fix bsap typos	2022-11-29 06:56:51 -05:00
Doug Burks	14ff5670f7	add bsap entries to hunt.eventfields.json	2022-11-29 06:48:20 -05:00
Doug Burks	92e238aa10	Merge pull request #9227 from Security-Onion-Solutions/fix/zeek-ics-parsers Fix Zeek ICS parsers and add dashboards	2022-11-28 15:58:24 -05:00
doug	8462e66873	fix opcua_binary_browse_description	2022-11-28 13:50:24 -05:00
Doug Burks	2763b5846c	improve dashboard descriptions	2022-11-28 13:10:23 -05:00
Doug Burks	dd4c34397d	improve dashboard descriptions	2022-11-28 13:03:54 -05:00
Doug Burks	a796fa2ff7	make sure that ICS dashboards with sankey also have separate event.dataset table	2022-11-28 12:09:57 -05:00
Doug Burks	268253ce14	update ENIP dashboard	2022-11-28 12:05:35 -05:00
Doug Burks	6a2f886fcc	improve ecat dashboard	2022-11-28 12:01:35 -05:00
Doug Burks	63915b0486	consolidate DNP3 dashboards	2022-11-28 11:58:48 -05:00
Doug Burks	ce7b16a230	more ICS dashboards	2022-11-28 10:06:58 -05:00

... 2 3 4 5 6 ...

10871 Commits