CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-24 21:47:48 +02:00
Code Issues Packages Projects Releases Wiki Activity
15,562 Commits 41 Branches 125 Tags
212cc478dea31d9be4aaaadea7f6984db12334c7
Commit Graph

9818 Commits

Author SHA1 Message Date
DefensiveDepth 4bcb4b5b9c removed unneeded import 2024-06-14 09:32:34 -04:00
DefensiveDepth 68302e14b9 add to defaults and tweaks 2024-06-14 09:28:23 -04:00
DefensiveDepth c1abc7a7f1 Update description 2024-06-14 08:51:34 -04:00
DefensiveDepth 484717d57d initial support for custom suricata urls and local rulesets 2024-06-14 08:42:10 -04:00
reyesj2 8f8ece2b34 Only comment out so-kafka from so-status when it exists & only run ensure_default_pipeline when Kafka is configured 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-13 15:50:34 -04:00
reyesj2 816a1d446e Generate kafka-logstash cert on standalone,manager,managersearch in addition to searchnodes. 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-13 12:18:13 -04:00
reyesj2 19bfd5beca fix kafka nodeid assignment to increment correctly 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-13 12:16:39 -04:00
Jorge Reyes 9ac7e051b3 Merge pull request #13190 from Security-Onion-Solutions/reyesj2/kafka 
Initial Kafka support
 2024-06-13 09:42:59 -04:00
reyesj2 80b1d51f76 wrong location for global.pipeline check 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-13 08:50:53 -04:00
reyesj2 9c31622598 telegraft should only include jolokia config when Kafka is set as the global.pipeline 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-12 15:42:00 -04:00
reyesj2 f372b0907b Use kafka:password for kafka certs 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-12 15:41:10 -04:00
coreyogburn fac96e0b08 Merge pull request #13183 from Security-Onion-Solutions/cogburn/cleanup-config 
Fix unnecessary escaping
 2024-06-12 11:57:31 -06:00
reyesj2 2bc53f9868 Merge remote-tracking branch 'remotes/origin/2.4/dev' into reyesj2/kafka 2024-06-12 12:36:58 -04:00
reyesj2 e8106befe9 Append '-securityonion' to all Security Onion related Kafka topics. Adjust logstash to ingest all topics ending in '-securityonion' to avoid having to manually list topic names 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-12 12:05:16 -04:00
reyesj2 b7eebad2a5 Update Kafka self reset & add initial Kafka wrapper scripts to build out 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-12 11:01:40 -04:00
m0duspwnens 8f8698fd02 Merge remote-tracking branch 'origin/2.4/dev' into issue/13073 2024-06-12 10:50:18 -04:00
Josh Patterson 092f716f12 Merge pull request #13189 from Security-Onion-Solutions/soupmsgq 
remove this \n
 2024-06-12 10:41:49 -04:00
m0duspwnens c38f48c7f2 remove this \n 2024-06-12 10:34:32 -04:00
m0duspwnens 98837bc379 this method does not cause soup to fail 2024-06-12 09:11:02 -04:00
m0duspwnens 0f243bb6ec Merge remote-tracking branch 'origin/2.4/dev' into issue/13073 2024-06-11 16:33:23 -04:00
m0duspwnens 88fc1bbe32 quotes on vars 2024-06-11 16:32:57 -04:00
Corey Ogburn d5ef0e5744 Fix unnecessary escaping 2024-06-11 12:34:32 -06:00
m0duspwnens 2ecac38f6d disable logstash on heavynodes 2024-06-11 13:50:29 -04:00
Josh Brower e90557d7dc Merge pull request #13179 from Security-Onion-Solutions/2.4/fixintegritycheck 
Add new bind - suricata all.rules
 2024-06-11 13:08:40 -04:00
reyesj2 628893fd5b remove redundant 'kafka_' from annotations & defaults 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-11 11:56:21 -04:00
reyesj2 a81e4c3362 remove dash(-) from kafka.id 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-11 11:55:17 -04:00
reyesj2 ca7b89c308 Added Kafka reset to SOC UI. Incase of changing an active broker to a controller topics may become unavailable. Resolving this would require manual intervention. This option allows running a reset to start from a clean slate to then configure cluster to desired state before reenabling Kafka as global pipeline. 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-11 11:21:13 -04:00
reyesj2 08557ae287 kafka.id field should only be present when metadata for kafka exists 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-11 11:01:34 -04:00
DefensiveDepth 08d2a6242d Add new bind - suricata all.rules 2024-06-11 10:03:33 -04:00
m0duspwnens 4b481bd405 add epoch to docker for oracle 2024-06-11 09:41:58 -04:00
m0duspwnens 0b1e3b2a7f upgrade docker for focal 2024-06-10 16:24:44 -04:00
m0duspwnens dbd9873450 upgrade docker for jammy 2024-06-10 16:04:11 -04:00
m0duspwnens c6d0a17669 docker upgrade debian 12 2024-06-10 15:43:29 -04:00
m0duspwnens adeab10f6d upgrade docker and containerd.io for oracle 2024-06-10 12:14:27 -04:00
reyesj2 824f852ed7 merge 2.4/dev 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-10 11:26:23 -04:00
reyesj2 284c1be85f Update Kafka controller(s) via SOC UI 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-10 11:08:54 -04:00
Jason Ertel f1638faa3a correct placement of error check override 2024-06-08 08:18:34 -04:00
Jason Ertel dea786abfa Merge pull request #13170 from Security-Onion-Solutions/jertel/yaml 
gracefully handle missing parent key
 2024-06-08 07:49:49 -04:00
Jason Ertel f96b82b112 gracefully handle missing parent key 2024-06-08 07:44:46 -04:00
Josh Patterson 95fe11c6b4 Merge pull request #13162 from Security-Onion-Solutions/soupmsgq 
fix elastic templates not loading due to global_override phases
 2024-06-07 16:23:03 -04:00
Jason Ertel f2f688b9b8 Update soup 2024-06-07 16:18:09 -04:00
m0duspwnens 0139e18271 additional description 2024-06-07 16:03:21 -04:00
Mike Reeves 657995d744 Merge pull request #13165 from Security-Onion-Solutions/TOoSmOotH-patch-3 
Update defaults.yaml
 2024-06-07 15:38:01 -04:00
Mike Reeves 4057238185 Update defaults.yaml 2024-06-07 15:33:49 -04:00
Mike Reeves dbc56ffee7 Update defaults.yaml 2024-06-07 15:09:09 -04:00
Corey Ogburn ee696be51d Remove rootCA and insecureSkipVerify from SOC defaults 2024-06-07 13:07:04 -06:00
Corey Ogburn 5d3fd3d389 AdditionalCA and InsecureSkipVerify 
New fields have been added to manager and then duplicated over to SOC's config in the same vein as how proxy was updated earlier this week.

AdditionalCA holds the PEM formatted public keys that should be trusted when making requests. It has been implemented for both Sigma's zip downloads and Sigma and Suricata's repository clones and pulls.

InsecureSkipVerify has been added to help our users troubleshoot their configuration. Setting it to true will not verify the cert on outgoing requests. Self signed, missing, or invalid certs will not throw an error.
 2024-06-07 12:47:09 -06:00
Corey Ogburn fa063722e1 RootCA and InsecureSkipVerify 
New empty settings and their annotations.
 2024-06-07 09:10:14 -06:00
m0duspwnens f5cc35509b fix output alignment 2024-06-07 11:03:26 -04:00
m0duspwnens d39c8fae54 format output 2024-06-07 09:01:16 -04:00