CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-01-13 03:31:21 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,451 Commits 22 Branches 120 Tags
271f545f4f8d2cbbf4fe2bb324126d35db2d455b
Commit Graph

311 Commits

Author SHA1 Message Date
DefensiveDepth
271f545f4f Fixup Airgap 2025-12-06 15:26:44 -05:00
DefensiveDepth
4bb0a7c9d9 Merge remote-tracking branch 'origin/2.4/dev' into idstools-refactor 2025-11-25 13:52:21 -05:00
DefensiveDepth
ced3af818c Refactor for Airgap 2025-11-25 13:51:50 -05:00
DefensiveDepth
148ef7ef21 add default ruleset 2025-11-18 11:57:30 -05:00
reyesj2
45b4b1d963 ingest zeek analyzer.log + update dpd dashboard with analyzer tag 2025-11-14 15:47:29 -06:00
Jason Ertel
045cf7866c Merge pull request #15225 from Security-Onion-Solutions/jertel/wip 
pcap annotations
 2025-11-14 08:37:37 -05:00
Corey Ogburn
dcc3206e51 Add Enabled Flag to Models 2025-11-13 15:32:28 -07:00
Jason Ertel
cec1890b6b pcap annotations 2025-11-13 16:15:47 -05:00
Corey Ogburn
b1b66045ea Change in prompt wording 2025-11-13 12:08:47 -07:00
Corey Ogburn
33b22bf2e4 Shorten Prompt 2025-11-13 11:09:09 -07:00
Corey Ogburn
3a38886345 CompressContextPrompt 2025-11-13 11:09:08 -07:00
DefensiveDepth
9a6ff75793 Merge remote-tracking branch 'origin/2.4/dev' into idstools-refactor 2025-11-12 08:51:51 -05:00
Mike Reeves
44594ba726 Update defaults.yaml 2025-11-10 14:24:27 -05:00
DefensiveDepth
2f6fb717c1 Merge remote-tracking branch 'origin/2.4/dev' into idstools-refactor 2025-11-06 10:38:37 -05:00
Corey Ogburn
f80b090c93 Update limits 2025-10-31 14:48:30 -06:00
Corey Ogburn
806173f7e3 Available Models 
Utilizes Jason's new Array of Objects UI.
 2025-10-31 14:07:30 -06:00
Jason Ertel
0994cd515a Merge pull request #15161 from Security-Onion-Solutions/jertel/wip 
add exclusion toggle
 2025-10-21 09:36:45 -04:00
Jason Ertel
bdcd1e099d add exclusion toggle 2025-10-21 09:33:41 -04:00
Corey Ogburn
c8aad2b03b New Config Entries 2025-10-14 13:24:43 -06:00
Corey Ogburn
5a2e704909 New field for assistant health check 
The health check has a smaller, configurable timeout.
 2025-09-30 15:33:20 -06:00
Matthew Wright
d81d9a0722 small tweak to investigation prompt 2025-09-25 14:45:06 -04:00
DefensiveDepth
ded520c2c1 Merge remote-tracking branch 'origin/2.4/dev' into idstools-refactor 2025-09-17 10:42:43 -04:00
DefensiveDepth
a77157391c remove idstools 2025-09-17 10:42:05 -04:00
Corey Ogburn
aa43177d8c Fix Setting Name 
enabledInSoc => enabled
 2025-09-08 09:13:25 -06:00
Matthew Wright
12959d114c added threshold config fields for assistant 2025-09-08 09:13:25 -06:00
Corey Ogburn
834e34128d Non-dev URL 2025-09-08 09:13:23 -06:00
Corey Ogburn
120e61e45c ClientParams 
Removed investigation prompt from module settings and moved to client settings, added enabledInSoc.
 2025-09-08 09:13:23 -06:00
Corey Ogburn
fc2d450de0 Update Settings 
The apiKey will be built off of the license rather than a new setting. The model is hardcoded for now at the AI Gateway level. We're going to use the investigationPrompt as a trigger for the feature being visible in the UI but by default will be blank for now.
 2025-09-08 09:13:22 -06:00
Corey Ogburn
ec27517bdd New Config Values 
New config values with annotations and defaults.

Updated Nginx config to allow streaming requests to not be buffered on the way to the client.
 2025-09-08 09:13:08 -06:00
Corey Ogburn
2181cddf49 Move EnableReverseLookup 
Move EnableReverseLookup and it's annotation from ClientParams to ServerConfig.
 2025-09-02 14:09:55 -06:00
Jason Ertel
9cb42911dc Merge branch '2.4/dev' into jertel/wip 2025-08-18 09:54:58 -04:00
Jason Ertel
a3cc6f025e reports 2025-08-18 09:54:40 -04:00
reyesj2
84b38daf62 name destination_geo & source_geo to destination.as and source.as better aligning with ECS and linking other log sources already using .as for ASN geo data. 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-07-25 16:17:22 -05:00
Doug Burks
6bb6c24641 Simplify UniFi dashboards #14838 2025-07-16 07:20:39 -04:00
Doug Burks
4f8bd16910 FEATURE: Add SOC Dashboards for CEF, iptables, and UniFi logs #14838 2025-07-14 15:37:10 -04:00
Doug Burks
ab9d03bc2e FEATURE: Add SOC Dashboards for UniFi logs #14838 2025-07-14 12:21:08 -04:00
Doug Burks
10bf3e8fab FEATURE: Add SOC default fields for CEF logs #14837 2025-07-14 12:07:02 -04:00
Doug Burks
f8108e93d5 FEATURE: Add SOC default fields for iptables logs #14836 2025-07-14 12:04:46 -04:00
Josh Brower
42552810fb Add user.name to kratos query 2025-07-08 09:50:08 -04:00
Corey Ogburn
33c23c30d3 Refactors playbook repo configuration 
Replaces individual playbook repo fields with an array of repos to support multiple playbook sources. Refactor Jinja.
 2025-06-30 11:43:02 -06:00
Josh Brower
a3b5db5945 Add support for Airgap for Playbooks 2025-06-06 16:17:14 -04:00
Corey Ogburn
fc9107f129 Updated Playbook Repo Config 
The repo and folder have changed. We're splitting out playbooks into their own repo: github.com/security-onion-solutions/securityonion-resources-playbooks.
 2025-06-03 13:33:30 -06:00
Josh Brower
0277891392 Use Stable branch 2025-06-02 13:10:13 -04:00
Corey Ogburn
11fb33fdeb Add RulesetName to Rule Repos 
Fill in `rulesetName` in the rules repos of the ElastAlert and Strelka engines. These will act as an example to anybody adding their repos to these lists. The field is not required, but helps avoid collisions when managing repos as the value is used for the folder name. When not present, the final folder of the repo url is used as the rulesetName and as the folder name on disk.

Note that rulesetNames including a `/` will create extra folders in the path but the rulesetName will contain the slash, i.e. `rulesetName="joesecurity/sigma-rules"` will create the nested structure of `reposFolder/joesecurity/sigma-rules" containing the contents of the repo. All rules imported from this repo will have the ruleset of `joesecurity/sigma-rules`.
 2025-05-19 14:19:56 -06:00
Corey Ogburn
78b7068638 Playbook Settings 
Map a folder from the manager's soc config folder to soc's sensoroni folder for storing the playbook repo.

Added playbook module section with default values.
 2025-05-14 13:19:49 -06:00
Doug Burks
a8cb18bb2e Update defaults.yaml to replace remaining instances of identity_id with user.name 2025-05-08 09:09:26 -04:00
Josh Brower
d47a798645 Show user.name instead of id 2025-05-07 11:17:00 -04:00
Jason Ertel
1ecf2b29fc update default actions for subgrid support 2025-05-06 13:56:16 -04:00
Corey Ogburn
21a64b6c1d Add Client Parameter 
Add groupItemsPerPage so detections groupby tables have proper default value for page size.
 2025-03-05 09:43:21 -07:00
Doug Burks
c6c67f4d06 FEATURE: Add sankey chart to Elastic Agent API dashboard to show relationship between process.name and process.Ext.api.name #14339 2025-03-05 06:31:16 -05:00