CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-06-12 13:19:22 +02:00
Code Issues Packages Projects Releases Wiki Activity
18,064 Commits 33 Branches 127 Tags
29b24fa263748548b58e941160cf0cbb03e1c107
Commit Graph

917 Commits

Author SHA1 Message Date
Mike Reeves f7b80f5931 Merge branch '3/dev' into feature/postgres 2026-04-16 16:37:02 -04:00
Mike Reeves f11d315fea Fix soup 2026-04-16 16:35:24 -04:00
Mike Reeves 2013bf9e30 Fix soup 2026-04-16 16:20:25 -04:00
Mike Reeves a2ffb92b8d Fix soup 2026-04-16 16:19:53 -04:00
Jorge Reyes 7d22f7bd58 Merge pull request #15776 from Security-Onion-Solutions/foxtrot 
ES 9.3.3
 2026-04-15 16:29:34 -05:00
Mike Reeves cefbe01333 Add telegraf_output selector for InfluxDB/Postgres dual-write 
Introduces global.telegraf_output (INFLUXDB|POSTGRES|BOTH, default BOTH)
so Telegraf can write metrics to Postgres alongside or instead of
InfluxDB. Each minion authenticates with its own so_telegraf_<minion>
role and writes to a matching schema inside a shared so_telegraf
database, keeping blast radius per-credential to that minion's data.

- Per-minion credentials auto-generated and persisted in postgres/auth.sls
- postgres/telegraf_users.sls reconciles roles/schemas on every apply
- Firewall opens 5432 only to minion hostgroups when Postgres output is active
- Reactor on salt/auth + orch/telegraf_postgres_sync.sls provision new
  minions automatically on key accept
- soup post_to_3.1.0 backfills users for existing minions on upgrade
- so-show-stats prints latest CPU/mem/disk/load per minion for sanity checks
- so-telegraf-trim + nightly cron prune rows older than
  postgres.telegraf.retention_days (default 14)
 2026-04-15 14:32:10 -04:00
reyesj2 d598e20fbb soup 3.1.0 2026-04-14 14:55:33 -05:00
Jason Ertel 5634aed679 support minion node descriptions containing spaces 2026-04-13 15:19:39 -04:00
Mike Reeves c91deb97b1 Update SOUP_BRANCH to use 3/main instead of 2.4/main 2026-03-31 15:07:23 -04:00
Josh Patterson f0f9de4b44 add status updates for pillar conversions 2026-03-20 16:12:10 -04:00
Josh Patterson e857a8487a convert suricata pillar data yes/no to true/false 2026-03-20 15:35:44 -04:00
Josh Patterson 30ea309dff ensure bool sliders for manager 2026-03-19 14:36:36 -04:00
Jorge Reyes 20c4da50b1 Merge pull request #15632 from Security-Onion-Solutions/reyesj2-15601 
fix global override settings affecting non-data stream indices
 2026-03-18 10:51:17 -05:00
Doug Burks 930985b770 update helpLink references for new documentation 2026-03-18 09:46:45 -04:00
reyesj2 1a943aefc5 rollover datastreams to get latest index templates + remove existing ilm policies from so-case / so-detection indices 2026-03-17 13:49:20 -05:00
Josh Patterson 4224713cc6 Merge pull request #15624 from Security-Onion-Solutions/moreja 
Add SOC UI toggle for JA4+ fingerprinting
 2026-03-17 09:44:04 -04:00
Jason Ertel a3b471c1d1 fix health check for new hydra version 2026-03-16 18:43:36 -04:00
Mike Reeves 64bb0dfb5b Merge pull request #15610 from Security-Onion-Solutions/moresoup 
Add -r flag to so-yaml get and migrate pcap pillar to suricata
 2026-03-16 17:36:32 -04:00
Mike Reeves ddb26a9f42 Add test for raw dict output in so-yaml get to reach 100% coverage 
Covers the dict/list branch in raw mode (line 358) that was missing
test coverage.
 2026-03-16 17:19:14 -04:00
Josh Patterson 744d8fdd5e Merge pull request #15620 from Security-Onion-Solutions/mreeves/remove-non-oracle9-salt 
Remove non-Oracle Linux 9 support from salt states
 2026-03-16 17:10:24 -04:00
Mike Reeves afc14ec29d Remove non-Oracle Linux 9 support from salt states 
Simplifies salt states, map files, and modules to only support
Oracle Linux 9, removing all Debian/Ubuntu/CentOS/Rocky/AlmaLinux/RHEL
conditional branches.
 2026-03-16 16:58:39 -04:00
Mike Reeves d2cee468a0 Remove support for non-Oracle Linux 9 operating systems 
Security Onion now exclusively supports Oracle Linux 9. This removes
detection, setup, and update logic for Ubuntu, Debian, CentOS, Rocky,
AlmaLinux, and RHEL.
 2026-03-16 16:44:07 -04:00
Jason Ertel 7dcd923ebf Merge pull request #15612 from Security-Onion-Solutions/jertel/wip 
API errors will no longer redirect
 2026-03-13 17:04:51 -04:00
Jason Ertel 1fcd8a7c1a API errors will no longer redirect 2026-03-13 16:53:38 -04:00
Mike Reeves 4a89f7f26b Add -r flag to so-yaml get for raw output without YAML formatting 
Preserve default get behavior with yaml.safe_dump output for backwards
compatibility. Add -r flag for clean scalar output used by soup pcap
migration.
 2026-03-13 16:24:41 -04:00
Mike Reeves 12dec366e0 Fix so-yaml get to output booleans in YAML format and add bool test 2026-03-13 15:58:47 -04:00
Mike Reeves 1713f6af76 Fix so-yaml tests to match scalar output without document end marker 2026-03-13 15:53:53 -04:00
Mike Reeves 7f4adb70bd Fix so-yaml get to print scalar values without YAML document end marker 2026-03-13 15:34:04 -04:00
Mike Reeves e2483e4be0 Fix so-yaml addKey crash when intermediate key has None value 2026-03-13 15:22:29 -04:00
Mike Reeves 322c0b8d56 Move pcap.enabled under suricata.pcap.enabled in so-minion 2026-03-13 15:14:19 -04:00
Mike Reeves 81c1d8362d Fix pcap migration to strip yaml document end marker from so-yaml output 2026-03-13 15:09:37 -04:00
Mike Reeves 18f971954b Improve soup version checks and migrate pcap pillar to suricata 
Consolidate version checks to use regex patterns for 2.4.21X and 3.x
versions. Add migrate_pcap_to_suricata to move pcap.enabled to
suricata.pcap.enabled in minion and pcap pillar files during upgrade.
 2026-03-13 14:54:23 -04:00
Mike Reeves 89f144df75 Remove upgrade instructions for 2.4 branch 
Removed outdated instructions for upgrading to the latest 2.4 branch.
 2026-03-11 16:05:06 -04:00
Mike Reeves cfccbe2bed Update version check to include 2.4.211 2026-03-11 15:59:23 -04:00
Mike Reeves 4539024280 Add minimum version check and fix function call syntax in soup 
Require at least Security Onion 2.4.210 before allowing upgrade.
Fix determine_elastic_agent_upgrade() call syntax (remove parens).
 2026-03-10 15:05:52 -04:00
Mike Reeves 91759587f5 Update version numbers for upgrade scripts 2026-03-10 14:58:43 -04:00
Mike Reeves bc9841ea8c Refactor upgrade functions and remove unused code 
Removed deprecated functions and updated version checks for upgrades.
 2026-03-10 14:45:40 -04:00
Mike Reeves 685e22bd68 soup cleanup 2026-03-10 11:58:06 -04:00
Mike Reeves d78a5867b8 Refactor upgrade functions and version checks 
Removed redundant upgrade functions and streamlined version checks.
 2026-03-09 17:10:18 -04:00
Jason Ertel 2c4d833a5b update 2.4 references to 3 2026-03-05 11:05:19 -05:00
Jason Ertel 863276e24f Merge pull request #15539 from Security-Onion-Solutions/jertel/wip 
prepare for nextgen docs
 2026-02-27 13:18:47 -05:00
Jason Ertel 9bd5e1897a prepare for nextgen docs 2026-02-27 13:09:55 -05:00
Josh Brower 17e3a4bf21 Merge pull request #15536 from Security-Onion-Solutions/idstools-cleanup 
Move rm to post
 2026-02-27 08:39:50 -05:00
DefensiveDepth 2284283b17 Move rm to post 2026-02-27 08:35:28 -05:00
Josh Patterson 972aa1f8a1 Merge pull request #15534 from Security-Onion-Solutions/bravo 
restart salt minion before failing if not ready
 2026-02-26 15:20:44 -05:00
Josh Patterson 79d9b6e0a4 restart salt minion before failing if not ready 2026-02-26 12:05:21 -05:00
DefensiveDepth 5e7b0cfe0e Cleanup idstools 2026-02-26 09:05:54 -05:00
Mike Reeves fa479c4b89 Merge pull request #15517 from Security-Onion-Solutions/souppcap 
Add Support for upgrading to 3.0
 2026-02-24 10:11:24 -05:00
Mike Reeves be35b59b8c Update echo messages for PCAP engine clarity 2026-02-24 10:04:26 -05:00
Josh Patterson 2375061cfa so-yaml.py tell which key not found 2026-02-23 13:19:03 -05:00