CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
15,391 Commits 24 Branches 119 Tags
17f37750e528fc6192fe9d1f8bc40129fbdc91f6
Commit Graph

1094 Commits

Author SHA1 Message Date
Wes
17f37750e5 Remove onchanges condition 2024-07-23 16:46:18 +00:00
Wes
e789c17bc3 Add global@custom pipeline file 2024-07-23 16:37:37 +00:00
Wes
6f44d39b18 Remove Fleet final pipeline file 2024-07-23 16:37:03 +00:00
Wes
dd85249781 Remove Fleet final pipeline 2024-07-23 16:36:41 +00:00
Wes
2d0de87530 Add component templates for Fleet metrics 2024-07-17 15:19:46 +00:00
Wes
1f5a990b1e Remove lines that aren't needed right now 2024-07-09 18:32:06 +00:00
Wes
669f68ad88 Fleet metric annotations 2024-07-09 15:39:59 +00:00
weslambert
8615e5d5ea Move enabled and index_clean back to the top 2024-07-08 16:50:06 -04:00
weslambert
745b6775f1 Change name for ILM 2024-07-02 09:05:35 -04:00
Wes
1b47d5c622 Changes for Elastic 8.14.1 2024-07-01 15:16:58 +00:00
Wes
32d7927a49 Template changes for Elastic 8.14.1 2024-07-01 15:16:06 +00:00
reyesj2
a81e4c3362 remove dash(-) from kafka.id 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-11 11:55:17 -04:00
reyesj2
08557ae287 kafka.id field should only be present when metadata for kafka exists 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-11 11:01:34 -04:00
reyesj2
4581a46529 Merge remote-tracking branch 'remotes/origin/2.4/dev' into reyesj2/kafka 2024-06-05 20:47:41 -04:00
reyesj2
3b0339a9b3 create kafka.id from kafka {partition}-{offset}-{timestamp} for tracking event 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-04 14:27:52 -04:00
reyesj2
75bdc92bbf Merge remote-tracking branch 'remotes/origin/2.4/dev' into reyesj2/kafka 2024-05-31 14:02:43 -04:00
Wes
a8c231ad8c Add component templates 2024-05-31 17:47:01 +00:00
Wes
f396247838 Add index templates and lifecycle policies 2024-05-31 17:46:19 +00:00
Wes
2c635bce62 Set index for Suricata alerts 2024-05-30 17:02:31 +00:00
Wes
e831354401 Add Suricata alerts setting for configuration 2024-05-30 17:00:11 +00:00
Wes
55c5ea5c4c Add template for Suricata alerts 2024-05-30 16:58:56 +00:00
reyesj2
1fd5165079 Merge remote-tracking branch 'origin/2.4/dev' into reyesj2/kafka 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-29 23:37:40 -04:00
DefensiveDepth
8e7c487cb0 Fix strelka rule.uuid 2024-05-23 05:59:31 -04:00
weslambert
f4490fab58 Add rule.uuid for YARA matches 2024-05-21 17:05:39 -04:00
weslambert
deb140e38e Exclude detections from template name matching 2024-05-21 13:38:52 -04:00
m0duspwnens
cc6cb346e7 fix issue/13030 2024-05-16 16:31:45 -04:00
m0duspwnens
b54632080e check if exists in override before popping 2024-05-16 16:04:17 -04:00
m0duspwnens
9796354b48 dont merge policy from global_overrides if not defined in default index_settings 2024-05-16 14:27:32 -04:00
weslambert
d606f259d1 Add detection alerts 2024-05-13 14:25:11 -04:00
weslambert
c8870eae65 Add detection alerts template 2024-05-13 14:23:47 -04:00
Doug Burks
26cb8d43e1 FIX: so-index-list typo #12988 2024-05-10 08:01:56 -04:00
Doug Burks
a1291e43c3 FIX: so-index-list typo #12988 2024-05-10 07:58:13 -04:00
reyesj2
2ad87bf1fe merge 2.4/dev 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-08 16:30:45 -04:00
m0duspwnens
5dc098f0fc remove test file 2024-05-08 08:54:24 -04:00
m0duspwnens
dcc1f656ee predownload logstash and elastic for new searchnode and heavynode 2024-05-07 10:13:51 -04:00
reyesj2
e960ae66a3 Merge remote-tracking branch 'remotes/origin/2.4/dev' into reyesj2/kafka 2024-05-02 15:12:27 -04:00
Wes
3285ae9366 Update mappings for detection fields 2024-05-01 20:11:56 +00:00
weslambert
fe2edeb2fb 30d to 60d 2024-05-01 11:01:59 -04:00
weslambert
6294f751ee Cold min_age to 60d 2024-05-01 10:59:41 -04:00
Doug Burks
4d6124f982 FIX: Elasticsearch min_age regex #12885 2024-04-30 10:18:34 -04:00
reyesj2
fadb6e2aa9 Re-add original timestamp format + ignore failures with this processor 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-29 16:57:48 -04:00
reyesj2
192d91565d Update final pipeline timestamp format for event.module system events 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-29 16:34:29 -04:00
weslambert
b424426298 Exclude suricata 2024-04-25 09:14:18 -04:00
Josh Patterson
03f9160fcc Merge pull request #12860 from Security-Onion-Solutions/issue/12856 
allow for enabled/disable of so-elasticsearch-indices-delete cronjob
 2024-04-25 09:07:44 -04:00
m0duspwnens
d50de804a8 update annotation 2024-04-25 09:04:34 -04:00
weslambert
44afa55274 Fix comments about deletion 2024-04-24 17:41:37 -04:00
weslambert
ab832e4bb2 Include logstash-prefixed indices 2024-04-24 17:17:53 -04:00
m0duspwnens
c9d9979f22 allow for enabled/disable of so-elasticsearch-indices-delete cronjob 2024-04-24 16:18:45 -04:00
weslambert
59a02635ed Change index sorting 2024-04-24 15:18:49 -04:00
weslambert
1b3a0a3de8 Remove hot max_age 2024-04-24 10:11:02 -04:00