CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-09 18:52:52 +01:00
Code Issues Packages Projects Releases Wiki Activity
9,466 Commits 26 Branches 119 Tags
1366e5288e554ddef46219b87e407e87bb14fa86
Commit Graph

69 Commits

Author SHA1 Message Date
Wes Lambert
1366e5288e Add mappings references for new component templates to index templates 2022-02-07 19:54:23 +00:00
Wes Lambert
03bfb052ed Add component templates for Elasticsearch, Kibana, Logstash, Netflow, Suricata, and Zeek 2022-02-07 19:42:24 +00:00
Wes Lambert
317f6471d8 Add additional scan and rule filset mappings 2022-02-04 19:05:09 +00:00
Wes Lambert
1ce8bb3523 Fix winlog mapping reference reversion 2022-02-04 18:14:01 +00:00
Wes Lambert
5e03b1a5de Fix reference for file mappings in template 2022-02-04 18:11:03 +00:00
weslambert
898db542bf Merge pull request #7117 from Security-Onion-Solutions/feature/winlog_dtc_mappings 
Add winlog mappings
 2022-02-04 12:16:16 -05:00
Wes Lambert
69cb83cac9 Add winlog mappings 2022-02-04 17:08:26 +00:00
Wes Lambert
f3902cf77d Fix EG template and mappings 2022-02-04 16:00:16 +00:00
Wes Lambert
a3031b2b5c Additional DTC mapping changes 2022-02-04 15:38:51 +00:00
Wes Lambert
1ce386bb7f Add more DTC transition mappings 2022-02-03 17:33:05 +00:00
Wes Lambert
9db1510b0e Initial composable template configuration and base mappings 2022-02-02 02:08:31 +00:00
weslambert
fc0a5bce86 Revert field limit from testing 2022-01-27 11:18:35 -05:00
weslambert
60a0204975 Revert changes to common template 2022-01-27 11:02:47 -05:00
weslambert
1b3e7f9d79 Temp changes while adjusting mapping 2022-01-26 14:57:16 -05:00
weslambert
e77648c475 Merge pull request #6994 from Security-Onion-Solutions/feature/dtc 
Additional DTC changes
 2022-01-26 12:22:48 -05:00
Wes Lambert
e10749a495 Additional changes to template to accomodate default fields and keyword subfield 2022-01-26 17:16:29 +00:00
Jason Ertel
ed9b74dc33 store related event data as a flattened object blob 2022-01-26 12:16:05 -05:00
weslambert
ba52bd3835 Update template with syntax fixes 2022-01-25 08:56:03 -05:00
weslambert
f7a4cc20f2 Update so-common-template.json.jinja 2022-01-21 12:36:38 -05:00
weslambert
d1efa71c57 Remove dynamic keyword template to prevent field conflicts with mappings defined in common template 2022-01-20 12:34:32 -05:00
weslambert
e137ad60c5 Disable dynamic mapping and increase order to reduce potential field conflicts 2022-01-20 09:44:41 -05:00
Jason Ertel
dc44a91398 Prefix all SO fields to avoid potential conflicts with future ECS changes 2022-01-19 14:26:22 -05:00
Jason Ertel
d7ba1cedff remove unused fields object from related case schema 2022-01-19 08:39:21 -05:00
weslambert
c512351dd6 Add mapping for scan.exiftool and scan.pe.sections.entropy 2022-01-14 17:01:13 -05:00
weslambert
a90bc9dba9 Add mapping for scan.pe.sections.entropy 2022-01-14 16:58:53 -05:00
weslambert
84f7c6b13b Add event.acknowledged and event.escalated mappings 2022-01-10 16:08:35 -05:00
weslambert
1c3eeb5a34 Fix typo -- replace period with comma 2022-01-10 13:29:06 -05:00
Jason Ertel
d3656a7777 Merge branch 'dev' into kilo 2022-01-07 13:41:35 -05:00
Jason Ertel
391db568b0 Update field mappings based on Wes' feedback 2022-01-07 13:28:36 -05:00
weslambert
770e53d914 Add keyword subfield for event.severity_label 2022-01-07 11:21:57 -05:00
weslambert
c69e1353d9 Add event.severity_label 2022-01-07 11:19:54 -05:00
Wes Lambert
b60837e71a Initial commit for data type compliance 2022-01-05 16:38:56 +00:00
Jason Ertel
e87cbc37a4 Add case template 2021-12-28 19:17:15 -05:00
Mike Reeves
dc07aba63d Update so-common-template.json.jinja 2021-11-03 13:50:31 -04:00
Mike Reeves
747f14d60e Make common template honor replicas 2021-11-03 13:11:38 -04:00
weslambert
77ee1db44c Add .keyword subfield for conflict fields 2021-10-21 12:56:03 -04:00
weslambert
59852841ff Add keyword subfield for event.module 2021-10-15 13:29:50 -04:00
Wes Lambert
e1629d7ec4 Initial EG stuff 2021-10-13 17:13:07 +00:00
Mike Reeves
2ffb723bbd Rename so-common-template.json to so-common-template.json.jinja 2021-09-14 13:58:45 -04:00
Mike Reeves
e3900606dc Enable index sorting by default but allow it to be disabled 2021-09-04 10:42:18 -04:00
Rob Waight
b7591093cf Add index sorting to so-common-template.json 
Add index sorting to so-common-template.json
 2021-09-04 09:45:03 -04:00
Mike Reeves
a27263435a Add Templates for all filebeat modules 2021-08-27 14:41:04 -04:00
Mike Reeves
f8cdf5bca3 Add Templates for all filebeat modules 2021-08-27 14:39:02 -04:00
William Wernert
4f39cd1d7f Add logscan dynamic object to so-common template mappings 2021-07-30 16:02:02 -04:00
Wes Lambert
723172bc1f Add path_unmatch for data.port so it is not mapped as integer 2021-07-14 13:45:09 +00:00
Wes Lambert
323b5d6694 Add dynamic mapping for wazuh 2021-07-14 13:43:34 +00:00
weslambert
fcbacd473d Add ELK, redis 2021-06-30 09:34:56 -04:00
weslambert
06d77d9972 Update so-common-template.json 2021-06-30 09:31:32 -04:00
Mike Reeves
12d4d4a4f7 Dynamix Pipelines take 2 2021-06-10 09:19:15 -04:00
Mike Reeves
1c7741fdbe Add templates for SO logs 2021-06-09 12:38:19 -04:00