aa43177d8c
Fix Setting Name
...
enabledInSoc => enabled
2025-09-08 09:13:25 -06:00
12959d114c
added threshold config fields for assistant
2025-09-08 09:13:25 -06:00
0a3ff47008
Cleanup Annotations
...
Removed fields no longer need annotations.
2025-09-08 09:13:24 -06:00
834e34128d
Non-dev URL
2025-09-08 09:13:23 -06:00
120e61e45c
ClientParams
...
Removed investigation prompt from module settings and moved to client settings, added enabledInSoc.
2025-09-08 09:13:23 -06:00
fc2d450de0
Update Settings
...
The apiKey will be built off of the license rather than a new setting. The model is hardcoded for now at the AI Gateway level. We're going to use the investigationPrompt as a trigger for the feature being visible in the UI but by default will be blank for now.
2025-09-08 09:13:22 -06:00
ec27517bdd
New Config Values
...
New config values with annotations and defaults.
Updated Nginx config to allow streaming requests to not be buffered on the way to the client.
2025-09-08 09:13:08 -06:00
df0b484b45
More Descriptive Description
...
Include instructions for how to add local lookups and a help link.
2025-09-02 15:07:13 -06:00
2181cddf49
Move EnableReverseLookup
...
Move EnableReverseLookup and it's annotation from ClientParams to ServerConfig.
2025-09-02 14:09:55 -06:00
304985b61e
Merge pull request #14959 from Security-Onion-Solutions/jertel/wip
...
rpt
2025-08-22 16:55:45 -04:00
d99857002d
Improved Label
...
The underlying field is called "rulesetName" but for playbook repos we're not talking about rulesets. Improved the label for user experience.
2025-08-22 13:18:22 -06:00
2a6c74917e
Ruleset Name UiElement
...
Add a missing UiElement so all the repo fields are represented in the UI.
2025-08-22 13:00:17 -06:00
884bec7465
fix typo
2025-08-18 15:01:49 -04:00
9cb42911dc
Merge branch '2.4/dev' into jertel/wip
2025-08-18 09:54:58 -04:00
a3cc6f025e
reports
2025-08-18 09:54:40 -04:00
930c8147e7
simplify cpu and memory regex
2025-08-01 08:52:21 -04:00
84b38daf62
name destination_geo & source_geo to destination.as and source.as better aligning with ECS and linking other log sources already using .as for ASN geo data.
...
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com >
2025-07-25 16:17:22 -05:00
e61e2f04b3
handle hw not having sfp,disk or copper. show none for total if that is the case
2025-07-16 15:24:43 -04:00
6bb6c24641
Simplify UniFi dashboards #14838
2025-07-16 07:20:39 -04:00
4f8bd16910
FEATURE: Add SOC Dashboards for CEF, iptables, and UniFi logs #14838
2025-07-14 15:37:10 -04:00
ab9d03bc2e
FEATURE: Add SOC Dashboards for UniFi logs #14838
2025-07-14 12:21:08 -04:00
10bf3e8fab
FEATURE: Add SOC default fields for CEF logs #14837
2025-07-14 12:07:02 -04:00
f8108e93d5
FEATURE: Add SOC default fields for iptables logs #14836
2025-07-14 12:04:46 -04:00
e49b3fc260
Merge pull request #14832 from Security-Onion-Solutions/jertel/wip
...
fix typo
2025-07-11 11:32:18 -04:00
9b125fbe53
fix typo
2025-07-11 11:30:01 -04:00
10e3b32fed
fix typo
2025-07-11 11:29:16 -04:00
42552810fb
Add user.name to kratos query
2025-07-08 09:50:08 -04:00
a86105294b
Playbook Annotations
2025-06-30 12:50:56 -06:00
33c23c30d3
Refactors playbook repo configuration
...
Replaces individual playbook repo fields with an array of repos to support multiple playbook sources. Refactor Jinja.
2025-06-30 11:43:02 -06:00
0602601655
Merge remote-tracking branch 'origin/2.4/dev' into vlb2
2025-06-20 16:25:16 -04:00
31cd5b1365
Add support for dns.resolved_ip
2025-06-20 15:02:59 -04:00
bd4f2093db
add vm delete warning for ui element
2025-06-11 09:39:15 -04:00
07359ad6ec
Merge remote-tracking branch 'origin/2.4/dev' into vlb2
2025-06-09 14:48:26 -04:00
dbdbffa4b0
Add nsm bind
2025-06-08 08:23:09 -04:00
a3b5db5945
Add support for Airgap for Playbooks
2025-06-06 16:17:14 -04:00
2ef89be67d
Merge remote-tracking branch 'origin/2.4/dev' into vlb2
2025-06-05 09:40:44 -04:00
fc9107f129
Updated Playbook Repo Config
...
The repo and folder have changed. We're splitting out playbooks into their own repo: github.com/security-onion-solutions/securityonion-resources-playbooks.
2025-06-03 13:33:30 -06:00
6e1e617124
Merge remote-tracking branch 'origin/2.4/dev' into vlb2
2025-06-02 14:06:00 -04:00
0277891392
Use Stable branch
2025-06-02 13:10:13 -04:00
be5e41227f
rename step
2025-05-23 11:41:45 -04:00
b2650da057
Merge remote-tracking branch 'origin/2.4/dev' into vlb2
2025-05-22 09:10:20 -04:00
2fff6232c1
Merge pull request #14638 from Security-Onion-Solutions/2.4/playbooks-parsing
...
Add parsing for Playbook
2025-05-19 18:06:05 -04:00
39f74fe547
Use the new JSON object editor for RulesRepos config entries
2025-05-19 15:38:45 -06:00
11fb33fdeb
Add RulesetName to Rule Repos
...
Fill in `rulesetName` in the rules repos of the ElastAlert and Strelka engines. These will act as an example to anybody adding their repos to these lists. The field is not required, but helps avoid collisions when managing repos as the value is used for the folder name. When not present, the final folder of the repo url is used as the rulesetName and as the folder name on disk.
Note that rulesetNames including a `/` will create extra folders in the path but the rulesetName will contain the slash, i.e. `rulesetName="joesecurity/sigma-rules"` will create the nested structure of `reposFolder/joesecurity/sigma-rules" containing the contents of the repo. All rules imported from this repo will have the ruleset of `joesecurity/sigma-rules`.
2025-05-19 14:19:56 -06:00
58f4db95ea
Create playbooks dir
2025-05-19 15:31:50 -04:00
b55cb257b6
Add parsing for Playbook
2025-05-19 13:25:27 -04:00
b0a8191f59
Merge remote-tracking branch 'origin/2.4/dev' into vlb2
2025-05-19 10:02:26 -04:00
28aedcf50b
remove vm map example
2025-05-19 09:58:43 -04:00
9022dc24fb
Add Parsing for Playbooks
2025-05-14 13:19:50 -06:00
78b7068638
Playbook Settings
...
Map a folder from the manager's soc config folder to soc's sensoroni folder for storing the playbook repo.
Added playbook module section with default values.
2025-05-14 13:19:49 -06:00
Corey Ogburn
Matthew Wright
Jason Ertel
Jason Ertel
Josh Patterson
reyesj2
Doug Burks
Josh Brower