CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-25 05:57:49 +02:00
Code Issues Packages Projects Releases Wiki Activity
15,562 Commits 40 Branches 125 Tags
212cc478dea31d9be4aaaadea7f6984db12334c7
Commit Graph

148 Commits

Author SHA1 Message Date
Wes 9264a03dbc Add custom system component 2024-07-31 17:03:26 +00:00
weslambert bae348bef7 Change version 2024-07-30 16:44:44 -04:00
Wes 2d0de87530 Add component templates for Fleet metrics 2024-07-17 15:19:46 +00:00
Wes a8c231ad8c Add component templates 2024-05-31 17:47:01 +00:00
Wes 3285ae9366 Update mappings for detection fields 2024-05-01 20:11:56 +00:00
reyesj2 55cf90f477 merge 2.4/dev 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-11 14:44:59 -04:00
reyesj2 68e016090b Fix network.wireless.ssid not parsing 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-11 13:21:54 -04:00
reyesj2 4097e1d81a Create mappings for Kismet integration 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-10 16:10:27 -04:00
Corey Ogburn 00cea6fb80 Detection Author as a Keyword instead of Text 
With Quick Actions added to Detections, as many fields should be usable as possible.
 2024-04-05 11:22:47 -06:00
reyesj2 000d15a53c Kismet integration: TODO Elasticsearch mappings 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-03-29 13:56:01 -04:00
Wes 005930f7fd Add error.message mapping for system.syslog 2024-03-07 15:41:23 +00:00
Corey Ogburn 0d297274c8 DetectionComment Mapping Defined 2024-02-13 12:53:18 -07:00
Corey Ogburn 64f6d0fba9 Updated Detection's ES Mappings 
Detection's now have a License field and the Comment model is defined now.
 2024-02-09 14:20:07 -07:00
Corey Ogburn 29174566f3 WIP: Updated Detection Mappings, Changed Engine to Language 
Detection mappings updated to include the removal of Note and the addition of Tags, Ruleset, and Language.

SOC defaults updated to use language based queries rather than engine and show the language column instead of the engine column in results.
 2024-02-08 09:44:56 -07:00
Corey Ogburn 585147d1de Added so-detection mapping in elasticsearch 2024-01-31 10:39:47 -07:00
Wes 12ab6338db Add diagnostic 2024-01-25 20:16:52 +00:00
Wes 8426aad56d Text mapping for scan.pe.flags 2024-01-24 15:10:42 +00:00
weslambert 1dcca0bfd3 Change pipeline to 1.13.1 2023-11-07 12:17:51 -05:00
weslambert cce80eb2fb Change pipeline to 1.8.0 2023-11-07 09:02:48 -05:00
Wes 0bba68769b Make scan.pe.image_version type of 'float' 2023-09-26 14:05:12 +00:00
Wes cf19c8f8c2 Remove templates 2023-09-05 13:43:41 +00:00
Wes 0fed757b11 Add entropy mapping 2023-08-31 15:10:27 +00:00
Josh Brower 9437a47946 Fix formatting 2023-07-26 10:54:24 -04:00
Wes 4efc951eaf Add tags 2023-07-24 20:57:39 +00:00
Wes 4b7e7978ef Add final pipeline 2023-07-19 19:56:54 +00:00
Wes a59eda319e Remove security subfield 2023-07-18 19:00:50 +00:00
Wes 1d3e39b6bd Map user name to keyword and remove security subfield generation 2023-07-18 14:46:47 +00:00
Wes 48331ce35b Add system.system component templates 2023-06-14 13:29:11 +00:00
Wes 8cde05807c Remove elastic-agent dir 2023-06-13 21:33:04 +00:00
Wes 2ac0aba916 Add osquery files 2023-06-13 21:32:02 +00:00
Wes af003cc2a1 Add osquery templates 2023-06-13 20:43:39 +00:00
Wes bd7644a557 Add another template 2023-06-13 19:13:20 +00:00
Wes 1b90fd8581 Add custom component templates 2023-06-13 18:21:45 +00:00
Wes e43b7607bb Add more component templates 2023-06-13 17:04:03 +00:00
Wes a265c06e31 Add other component templates 2023-06-13 15:47:25 +00:00
Wes 2aa954cb0a Add component templates 2023-06-13 15:25:23 +00:00
Wes 1208915896 Remove Elastic Agent package templates 2023-06-12 14:24:59 +00:00
Wes 495a9c0783 Add mapping for event.severity_label 2023-06-05 21:19:37 +00:00
Wes 3fba27a0d4 Ensure component template files are in the correct directory 2023-03-22 20:45:33 +00:00
Wes 28f5dcd43b Add managed generic Elastic Agent log component templates 2023-03-22 19:57:46 +00:00
Mike Reeves 5fc297b8c1 Change Elastic Logic 2023-03-21 16:52:08 -04:00
Wes 0fd5fee868 Fix syntax for Fleet component templates 2022-09-22 15:07:43 +00:00
Wes 46dd4c2749 Rename component mappings and references for Security Onion 2022-09-20 20:33:06 +00:00
Wes 7f2c5bc757 Add component templates for Fleet 2022-09-20 20:27:26 +00:00
doug fdffac83e1 sysmon fix by bryant 2022-09-19 14:47:45 -04:00
Wes eeffded248 Remove duplicate security subfield configuration from component templates 2022-09-07 21:23:04 +00:00
Wes 3c50072690 Add Elastic Agent component templates 2022-09-07 18:51:57 +00:00
Wes Lambert fe1b72655b Additional .keyword shims for process mappings 2022-03-24 16:45:06 +00:00
weslambert 406267a892 Add process.name.keyword 2022-03-08 12:42:34 -05:00
Wes Lambert ffae22beef Add DTC syslog mappings for .keyword and add refs to defaults.yml 2022-03-04 13:04:11 +00:00