CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
3,307 Commits 24 Branches 119 Tags
1737b46abbdfade2574d9aff2d07bf27c6957e40
Commit Graph

109 Commits

Author SHA1 Message Date
Wes Lambert
51f5d64ef6 Rename tunnel_parents 2020-06-01 13:51:32 +00:00
Wes Lambert
d7ce3d4719 fix naming of uid field for tunnel 2020-06-01 12:52:57 +00:00
Wes Lambert
4059121dd6 fix framed_addr field 2020-05-29 11:55:18 +00:00
Wes Lambert
d2b93d531e Basic syslog config 2020-05-28 12:36:29 +00:00
Josh Brower
8723f8785e osquery pipeline fix and fail state if errors 2020-05-26 13:05:56 -04:00
Wes Lambert
0e51ab41cf Update ES watermark settings 2020-05-26 14:18:58 +00:00
Josh Brower
56f5fbdf6b Ingest pipeline commid fix for conn logs 2020-05-22 17:11:08 -04:00
Josh Brower
bff86ea802 zeek.common ingest parser fix 2020-05-21 14:35:25 -04:00
Josh Brower
c74ace89ba Initial support - Ingest community_id 2020-05-21 14:34:00 -04:00
Doug Burks
29420da565 Only process zeek.dns.tld if dns.query.name contains a dot #734 
https://github.com/Security-Onion-Solutions/securityonion-saltstack/issues/734
 2020-05-19 10:08:30 -04:00
Doug Burks
9cc750a90f fix dns tld failures 2020-05-18 08:32:37 -04:00
Mike Reeves
329a030585 Merge remote-tracking branch 'remotes/origin/dev' into issue/140 2020-05-17 09:38:30 -04:00
Wes Lambert
4b91ade2e8 fix message_types one more time :) 2020-05-16 15:03:27 +00:00
Wes Lambert
9845ee189c fix message_types for real 2020-05-16 15:02:41 +00:00
Wes Lambert
6a2ddd4ef6 move to DNS 2020-05-16 14:58:51 +00:00
Wes Lambert
66c89abbc6 Fix DHCP message types 2020-05-16 14:58:06 +00:00
m0duspwnens
6c7f487a3e Merge remote-tracking branch 'remotes/origin/dev' into issue/140 2020-05-15 19:43:18 -04:00
Doug Burks
cc7a244d0b Create zeek.dns.tld 
https://github.com/Security-Onion-Solutions/securityonion-saltstack/issues/599
 2020-05-15 15:32:25 -04:00
Doug Burks
60d2a0818b Add to zeek.dns and have it send to zeek.dns.tld 
https://github.com/Security-Onion-Solutions/securityonion-saltstack/issues/599
 2020-05-15 15:31:17 -04:00
m0duspwnens
4e63477b98 Merge remote-tracking branch 'remotes/origin/dev' into issue/140 2020-05-15 15:21:03 -04:00
Josh Brower
e02bf2ebb5 Merge branch 'dev' of https://github.com/Security-Onion-Solutions/securityonion-saltstack into dev 2020-05-15 15:05:47 -04:00
Josh Brower
9d4536dcbe osquery ingest parsing update 2020-05-15 15:05:21 -04:00
Doug Burks
fc883745e5 add fields to conn log 
https://github.com/Security-Onion-Solutions/securityonion-saltstack/issues/599
 2020-05-15 15:02:02 -04:00
Doug Burks
58d59c6844 use null safe operator for source.port and destination.port 
https://github.com/Security-Onion-Solutions/securityonion-saltstack/issues/594
 2020-05-15 14:58:21 -04:00
Wes Lambert
03805bd6e2 remove type field 2020-05-15 18:29:49 +00:00
Wes Lambert
5d5f5cf105 update DCE/RPC parsing 2020-05-15 18:19:05 +00:00
m0duspwnens
f4db261baf change elif - https://github.com/Security-Onion-Solutions/securityonion-saltstack/issues/140 2020-05-15 10:57:25 -04:00
m0duspwnens
fdae84bb74 remove = in - https://github.com/Security-Onion-Solutions/securityonion-saltstack/issues/140 2020-05-15 10:56:16 -04:00
m0duspwnens
509188092c adding so-standalone state logic, add zeek pillar to so-standalone - https://github.com/Security-Onion-Solutions/securityonion-saltstack/issues/140 2020-05-15 10:02:25 -04:00
m0duspwnens
7f464af5fa run so-elasticsearch-pipelines only on changes - https://github.com/Security-Onion-Solutions/securityonion-saltstack/issues/682 2020-05-14 13:39:19 -04:00
Josh Brower
abd907fee1 Merge pull request #659 from Security-Onion-Solutions/bugfix/nids-parsing-alerting 
suricata parsing
 2020-05-12 14:07:51 -04:00
Josh Brower
62bec93190 suricata parsing 2020-05-12 14:04:02 -04:00
Mike Reeves
0b7568e08f Update soc.json with default search info 2020-05-12 13:57:40 -04:00
m0duspwnens
766b56a944 update dockers to 1.2.2 2020-04-23 10:11:26 -04:00
Josh Brower
6332509a33 osquery pipeline fix 2020-04-15 20:22:54 -04:00
Mike Reeves
d9e27a5444 Update Versions 2020-04-15 15:37:59 -04:00
Wes Lambert
59787a6532 update parsing for Zeek files 2020-04-14 13:08:31 +00:00
Josh Brower
634100318e osquery ingest ecs 2020-04-13 10:58:13 -04:00
Josh Brower
edae63097c fleet osquery fixes 2020-04-10 16:56:37 -04:00
Mike Reeves
6625e17bf2 Have templates applied on the master only 2020-04-09 12:22:27 -04:00
Mike Reeves
ac52c014d1 Remove ES watch 2020-04-09 11:30:24 -04:00
Mike Reeves
0b07d0f25f Fix ES Watch 2020-04-09 11:25:46 -04:00
Mike Reeves
5692f2a672 Make Kibana run faster on checkins 2020-04-09 11:16:36 -04:00
Wes Lambert
9e50387eec update ingest files 2020-04-05 20:40:00 +00:00
Wes Lambert
e023aeb9be use agent name for observer name 2020-04-01 21:27:25 +00:00
weslambert
f13093dc51 Add message rename 2020-04-01 11:31:57 -04:00
Josh Brower
0e76447d11 osquery ingest - initial support 2020-04-01 10:17:36 -04:00
Wes Lambert
eacd3c9bfd update zeek.common 2020-03-31 00:36:42 +00:00
Wes Lambert
ad50093315 add community_id parsing for ingest 2020-03-30 15:49:36 +00:00
Wes Lambert
93c3c86e2f update wazuh fields and category 2020-03-30 14:24:01 +00:00