CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-25 05:57:49 +02:00
Code Issues Packages Projects Releases Wiki Activity
8,401 Commits 40 Branches 125 Tags
18d81352c620b1de0e20de89e329203fec044d9c
Commit Graph

447 Commits

Author SHA1 Message Date
Josh Brower c06668c68e Merge pull request #5527 from Security-Onion-Solutions/feature/so-import-evtx 
Feature/so import evtx
 2021-09-15 14:17:15 -04:00
Josh Brower a75238bc3f so-import-evtx - fix ingest formatting 2021-09-15 14:13:16 -04:00
Jason Ertel 19a02baa7c Merge pull request #5425 from Security-Onion-Solutions/kilo 
Auth enhancements
 2021-09-07 13:10:36 -04:00
Jason Ertel 3c59579f99 Add maintenance privilege for analysts to refresh indices 2021-09-07 13:03:30 -04:00
Jason Ertel 72cff7ec7a Merge branch 'dev' into kilo 2021-09-07 10:49:08 -04:00
Mike Reeves e3900606dc Enable index sorting by default but allow it to be disabled 2021-09-04 10:42:18 -04:00
Rob Waight b7591093cf Add index sorting to so-common-template.json 
Add index sorting to so-common-template.json
 2021-09-04 09:45:03 -04:00
Jason Ertel 94ea1f856b Add auditor role; update analyst role with correct syntax 2021-09-03 15:59:48 -04:00
Jason Ertel fbbb7f4e85 Add auditor role; update analyst role with correct syntax 2021-09-03 15:54:05 -04:00
Jason Ertel 10126bb7ef Auth enhancements 2021-09-02 09:44:57 -04:00
Mike Reeves a27263435a Add Templates for all filebeat modules 2021-08-27 14:41:04 -04:00
Mike Reeves f8cdf5bca3 Add Templates for all filebeat modules 2021-08-27 14:39:02 -04:00
Josh Brower 7b93f355e2 so-import-evtx - timestamp extraction 2021-08-25 15:17:19 -04:00
Mike Reeves 71bbb41b5f Merge branch 'dev' into bravo 2021-08-04 10:57:10 -04:00
William Wernert 8a49039b85 Only append source.ip to logscan.source.ips if it's been created 2021-08-02 09:50:49 -04:00
William Wernert 4f39cd1d7f Add logscan dynamic object to so-common template mappings 2021-07-30 16:02:02 -04:00
William Wernert 2a6277c0c3 Fix field names in logscan pipeline 2021-07-30 15:46:39 -04:00
William Wernert 33bd6aed20 Fix logscan pipeline on eval 
* Rename logscan pipeline to logscan.alert
* Add module to indices array in filebeat.yml
 2021-07-30 14:41:15 -04:00
William Wernert 0b06d0bfdb Merge branch 'dev' into foxtrot 2021-07-29 15:15:25 -04:00
Jason Ertel 4c6447a3da merge 2.3.61 MSEARCH hotfix into dev 2021-07-29 15:00:58 -04:00
Mike Reeves a42d8c9229 Fix Manager Search 2021-07-28 17:03:14 -04:00
doug 3d3593a1a9 FIX: Suricata dns.response.code needs to be renamed to dns.response.code_name #4770 2021-07-22 09:50:21 -04:00
Mike Reeves 09165daab8 Several Suricata things 2021-07-21 09:10:33 -04:00
William Wernert 9bf1d3e0c6 Misc fixes 2021-07-16 14:59:44 -04:00
William Wernert 3a12d28d20 Merge branch 'dev' into feature/logscan 2021-07-16 14:13:19 -04:00
Wes Lambert 05aad07bfc Replace staging path with processed path for analyzed files 2021-07-14 15:04:46 +00:00
Wes Lambert 723172bc1f Add path_unmatch for data.port so it is not mapped as integer 2021-07-14 13:45:09 +00:00
Wes Lambert 323b5d6694 Add dynamic mapping for wazuh 2021-07-14 13:43:34 +00:00
Wes Lambert 441cd3fc59 Move Wazuh-specific data to wazuh.data 2021-07-14 13:42:51 +00:00
William Wernert e7a6172d7e [fix] Add single quotes to strings 2021-07-13 14:07:27 -04:00
William Wernert 115e0a6fee [fix] Add missing comma 2021-07-13 12:04:10 -04:00
William Wernert e059c25ebc [fix][wip] Fix pipeline parsing errors 2021-07-13 11:05:05 -04:00
William Wernert 2b0bca8e55 Merge branch 'dev' into feature/logscan 2021-07-12 14:58:30 -04:00
doug e6f9592cde FIX: Suricata dns.response.code needs to be renamed to dns.response.code_name #4770 2021-07-12 13:24:21 -04:00
William Wernert bac7ef71d8 Add logscan.source.ips field 2021-07-09 10:55:11 -04:00
William Wernert 80525ee736 [wip] Add logscan pipeline 2021-07-08 12:29:50 -04:00
Mike Reeves 693f455862 ECS hotfix 2021-07-02 08:55:49 -04:00
weslambert fcbacd473d Add ELK, redis 2021-06-30 09:34:56 -04:00
weslambert 06d77d9972 Update so-common-template.json 2021-06-30 09:31:32 -04:00
Jason Ertel 5298cb8cfb Update copyrights 2021-06-21 07:06:49 -04:00
Jason Ertel fca1c6e957 Merge branch 'dev' into kilo 2021-06-14 10:40:04 -04:00
Mike Reeves 12d4d4a4f7 Dynamix Pipelines take 2 2021-06-10 09:19:15 -04:00
Jason Ertel 89a02383b8 Correct cronjob path issue for sysctl; suppress diff outputs from users/roles files; suppress salt state output during user sync 2021-06-09 16:31:32 -04:00
Mike Reeves 1c7741fdbe Add templates for SO logs 2021-06-09 12:38:19 -04:00
Jason Ertel e22421ec99 Refactor users/roles management via salt due to Salt's clobbering of the inode which breaks Docker mounts 2021-06-04 20:01:30 -04:00
weslambert cba719b3a0 Remove extra comma 2021-06-02 16:42:09 -04:00
weslambert 4241bb08b8 Add suricata/zeek until we migrate templates 2021-06-02 16:37:43 -04:00
weslambert 4c74e7f308 Add event.kind and set name to module[dot]dataset 2021-06-02 15:35:26 -04:00
weslambert db48c15f1d Create event.kind field and rename dataset to be module[dot]dataset 2021-06-02 15:33:18 -04:00
Jason Ertel fc6b3726a4 Fix missing colon for mode 2021-06-02 15:23:16 -04:00