CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-24 09:53:12 +01:00
Code Issues Packages Projects Releases Wiki Activity
14,988 Commits 19 Branches 120 Tags
2ad87bf1fe7496729b41d8ec6cc5bfae4b0955e5
Commit Graph

9403 Commits

Author SHA1 Message Date
reyesj2
2ad87bf1fe merge 2.4/dev 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-08 16:30:45 -04:00
reyesj2
eca2a4a9c8 Logstash consumer threads should match topic partition count 
- Default is set to 3. If there are too many consumer threads it may lead to idle logstash worker threads and could require decreasing this value to saturate workers

Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-08 16:17:09 -04:00
reyesj2
dff609d829 Add basic read-only metric collection from Kafka 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-08 16:13:09 -04:00
weslambert
b916465b06 Merge pull request #12974 from Security-Onion-Solutions/fix/strelka_yara 
Account for 0 active rules and change watch
 2024-05-08 15:59:20 -04:00
weslambert
0567b93534 Remove mode 2024-05-08 15:39:59 -04:00
Wes
77e2117051 Account for 0 active rules and change watch 2024-05-08 18:47:52 +00:00
Doug Burks
5a5a1e86ac FIX: Adjust so-import-pcap so that suricata works when it is pcapengine #12969 2024-05-08 13:26:36 -04:00
Josh Patterson
796eefc2f0 Merge pull request #12965 from Security-Onion-Solutions/orchit 
searchnode installation improvements
 2024-05-08 10:24:33 -04:00
m0duspwnens
1862deaf5e add copyright 2024-05-08 10:14:08 -04:00
m0duspwnens
0d2e5e0065 need repo and docker first 2024-05-08 09:50:01 -04:00
m0duspwnens
5dc098f0fc remove test file 2024-05-08 08:54:24 -04:00
Mike Reeves
af681881e6 Merge pull request #12963 from Security-Onion-Solutions/TOoSmOotH-patch-4 
Make the url list read only
 2024-05-08 08:45:34 -04:00
DefensiveDepth
6d2ecce9b7 remove old yara airgap code 2024-05-08 08:43:37 -04:00
Mike Reeves
326c59bb26 Update soc_idstools.yaml 2024-05-08 08:42:38 -04:00
Mike Reeves
2eee617788 Update soc_idstools.yaml 2024-05-07 17:21:01 -04:00
Corey Ogburn
1da88b70ac Specify Error Retry Wait and Error Limit for All Detection Engines 
If a sync errors out, the engine will wait `communityRulesImportErrorSeconds` seconds instead of the usual `communityRulesImportFrequencySeconds` seconds wait.

If `failAfterConsecutiveErrorCount` errors happen in a row when syncing detections to ElasticSearch then the sync is considered a failure and will give up and try again later. This assumes ElasticSearch is the source of the errors and backs of in hopes it'll be able to fix itself.
 2024-05-07 10:34:50 -06:00
Jason Ertel
b4817fa062 Merge pull request #12956 from Security-Onion-Solutions/jertel/testcy 
test regexes for detections
 2024-05-07 08:45:38 -07:00
weslambert
2e70d157e2 Add ref 2024-05-07 11:13:51 -04:00
m0duspwnens
5e2e5b2724 Merge remote-tracking branch 'origin/2.4/dev' into orchit 2024-05-07 10:44:14 -04:00
m0duspwnens
dcc1f656ee predownload logstash and elastic for new searchnode and heavynode 2024-05-07 10:13:51 -04:00
Wes
bee8c2c1ce Remove watch 2024-05-07 13:21:59 +00:00
Jason Ertel
4ebe070cd8 test regexes for detections 2024-05-06 19:03:12 -04:00
weslambert
a5e89c0854 Merge pull request #12947 from Security-Onion-Solutions/fix/strelka_yara_distributed 
Fix YARA rules for distributed deployments
 2024-05-06 15:53:08 -04:00
weslambert
a25e43db8f Merge pull request #12948 from Security-Onion-Solutions/fix/strelka_yara_watch 
Restart Strelka backend when YARA rules change
 2024-05-06 15:52:57 -04:00
Josh Brower
b997e44715 Merge pull request #12939 from Security-Onion-Solutions/2.4/detections-airgap 
Initial airgap support for detections
 2024-05-06 15:46:29 -04:00
Wes
1e48955376 Restart when rules change 2024-05-06 19:39:03 +00:00
Wes
5056ec526b Add compiled directory 2024-05-06 19:27:38 +00:00
m0duspwnens
2431d7b028 Merge branch '2.4/detections-airgap' of https://github.com/Security-Onion-Solutions/securityonion into 2.4/detections-airgap 2024-05-06 15:27:27 -04:00
Wes
d2fa77ae10 Update compile script 2024-05-06 19:10:41 +00:00
Wes
445fb31634 Add manager SLS 2024-05-06 19:09:37 +00:00
Wes
5aa611302a Handle YARA rules for distributed deployments 2024-05-06 19:08:01 +00:00
m0duspwnens
554a203541 update airgapEnabled in map file 2024-05-06 12:59:45 -04:00
DefensiveDepth
be1758aea7 Fix license and folder 2024-05-06 12:22:44 -04:00
m0duspwnens
38f74d2e9e change quotes 2024-05-06 11:38:30 -04:00
m0duspwnens
5b966b83a9 change rulesRepos for airgap or not 2024-05-06 09:26:52 -04:00
Doug Burks
3f73b14a6a FEATURE: Add event.dataset to all Events table layouts #12641 2024-05-06 09:20:47 -04:00
Doug Burks
f689cfcd0a FEATURE: Add Events table columns for stun logs #12940 2024-05-06 08:52:43 -04:00
DefensiveDepth
26c6a98b45 Initial airgap support for detections 2024-05-06 08:43:01 -04:00
Doug Burks
7b905f5a94 FEATURE: Add Events table columns for tunnel logs #12937 2024-05-06 08:22:08 -04:00
m0duspwnens
bdf1b45a07 redirect and throw in bg 2024-05-03 14:54:44 -04:00
m0duspwnens
3d4fd59a15 orchit 2024-05-03 13:48:51 -04:00
m0duspwnens
442a717d75 orchit 2024-05-03 12:08:57 -04:00
m0duspwnens
fa3522a233 fix requirement 2024-05-03 11:10:21 -04:00
m0duspwnens
bbc374b56e add logic in orch 2024-05-03 09:56:52 -04:00
m0duspwnens
2929877042 fix var 2024-05-02 16:37:54 -04:00
m0duspwnens
8035740d2b Merge remote-tracking branch 'origin/2.4/dev' into orchit 2024-05-02 16:34:24 -04:00
Josh Patterson
4f8aaba6c6 Merge pull request #12918 from Security-Onion-Solutions/pw 
run so-rule-update if ruleset or code changes for idstools
 2024-05-02 16:33:24 -04:00
m0duspwnens
e9b1263249 orchestate searchnode deployment 2024-05-02 16:32:43 -04:00
Josh Patterson
3b2d3573d8 Update pillarWatch.py 2024-05-02 16:06:04 -04:00
reyesj2
e960ae66a3 Merge remote-tracking branch 'remotes/origin/2.4/dev' into reyesj2/kafka 2024-05-02 15:12:27 -04:00