Corey Ogburn
d2bd9c0e26
Changes to allow reviews to start showing
2024-10-10 09:48:59 -06:00
defensivedepth
778d5be407
Change summaries branch
2024-09-25 15:35:08 -04:00
Jason Ertel
caa8d9ecb0
fix repo path
2024-08-09 06:58:40 -04:00
Corey Ogburn
8c1feccbe0
Tweak value
2024-08-08 12:53:51 -06:00
Corey Ogburn
5ee15c8b41
Tweak value
2024-08-08 12:00:07 -06:00
Corey Ogburn
5328f55322
Remove new config value
2024-08-08 11:43:15 -06:00
Corey Ogburn
ccd7d86302
More AI Summaries Config/Annotations
...
Added aiRepoBranch to all 3 detection engines.
Added showUnreviewedAiSummaries to client parameters.
Added annotations.
2024-08-08 10:46:41 -06:00
Corey Ogburn
fc89604982
New Config Values/Annotations for Ai Summaries
...
Each engine pulls the same repo into the same location and shows the summaries.
Which repo and where to keep them is advanced, but turning AI summaries on or off is not.
2024-08-06 13:55:54 -06:00
Jason Ertel
3130b56d58
Provide new setting to require OTP
2024-07-30 10:39:57 -04:00
Corey Ogburn
45b2413175
Removed Allow/Deny Regexes, Added Enable/Disable Regex
...
Update config and annotations for new regex support for suricata.
2024-07-19 12:45:24 -06:00
Corey Ogburn
d0565baaa3
New Config Values for Detections Bulk Indexer
...
`maxScrollSize` defines the "page size" of each scroll request.
`bulkIndexerWorkerCount` defines how many worker threads a bulk indexer should use. 0 or fewer indicates that 1 thread per CPU core should be used.
2024-07-15 14:43:47 -06:00
Doug Burks
3991c7b5fe
FEATURE: Add new action to SOC Actions list to allow users to more easily add their own actions #13346
2024-07-15 15:52:00 -04:00
weslambert
bf91030204
Add option for detections without license
2024-06-21 15:33:11 -04:00
Doug Burks
07b9011636
Update defaults.yaml to put Process actions in logical order
2024-06-20 10:09:27 -04:00
Matthew Wright
bc2b3b7f8f
Merge pull request #13236 from Security-Onion-Solutions/mwright/licenseDropdown
...
Added license presets to defaults.yaml file
2024-06-18 18:05:15 -04:00
unknown
ea02a2b868
Added license presets to defaults.yaml file
2024-06-18 16:52:00 -04:00
Doug Burks
de18bf06c3
FEATURE: Add new Process actions #13226
2024-06-18 10:36:41 -04:00
DefensiveDepth
521cccaed6
Update defaults
2024-06-18 08:43:00 -04:00
DefensiveDepth
7af94c172f
Change spelling
2024-06-14 16:00:22 -04:00
DefensiveDepth
7556587e35
Update rule templates
2024-06-14 15:47:57 -04:00
DefensiveDepth
b7ac599a42
set to empty
2024-06-14 13:21:36 -04:00
DefensiveDepth
68302e14b9
add to defaults and tweaks
2024-06-14 09:28:23 -04:00
Corey Ogburn
d5ef0e5744
Fix unnecessary escaping
2024-06-11 12:34:32 -06:00
Corey Ogburn
85c269e697
Added TemplateDetections To Detection ClientParams
...
The UI can now insert templates when you select a Detection language. These are those templates, annotated.
2024-05-30 15:59:03 -06:00
Jason Ertel
bd11d59c15
add event.dataset since there are other datasets in soc logs
2024-05-24 08:38:12 -04:00
Jason Ertel
15155613c3
provide default columns when viewing SOC logs
2024-05-24 08:23:45 -04:00
Mike Reeves
1e6161f89c
Update defaults.yaml
2024-05-23 08:19:43 -04:00
Doug Burks
3d4f3a04a3
Update defaults.yaml to fix order of groupby tables and eliminate duplicate
2024-05-23 05:56:18 -04:00
DefensiveDepth
f9e9b825cf
Removed unneeded groupby
2024-05-21 17:53:20 -04:00
DefensiveDepth
3992ef1082
Add rule.uuid to default groupbys
2024-05-21 17:45:56 -04:00
Corey Ogburn
fcc72a4f4e
Add Default IntegrityCheck Frequency Values
2024-05-20 11:23:25 -06:00
DefensiveDepth
b4aec9a9d0
alphabetical order
2024-05-15 16:29:21 -04:00
Doug Burks
67645a662d
FEATURE: Add NetFlow dashboard #13009
2024-05-14 10:14:16 -04:00
Doug Burks
5b45c80a62
FEATURE: Add NetFlow dashboard #13009
2024-05-14 10:01:18 -04:00
DefensiveDepth
e430de88d3
Change rule updates to 24h
2024-05-13 13:15:06 -04:00
Jason Ertel
45fd07cdf8
Merge pull request #12987 from Security-Onion-Solutions/jertel/testcy
...
Add quick action to find related alerts for a detection
2024-05-09 18:08:08 -04:00
Jason Ertel
fecd674fdb
Add quick action to find related alerts for a detection
2024-05-09 17:55:41 -04:00
Corey Ogburn
1da88b70ac
Specify Error Retry Wait and Error Limit for All Detection Engines
...
If a sync errors out, the engine will wait `communityRulesImportErrorSeconds` seconds instead of the usual `communityRulesImportFrequencySeconds` seconds wait.
If `failAfterConsecutiveErrorCount` errors happen in a row when syncing detections to ElasticSearch then the sync is considered a failure and will give up and try again later. This assumes ElasticSearch is the source of the errors and backs of in hopes it'll be able to fix itself.
2024-05-07 10:34:50 -06:00
Josh Brower
b997e44715
Merge pull request #12939 from Security-Onion-Solutions/2.4/detections-airgap
...
Initial airgap support for detections
2024-05-06 15:46:29 -04:00
m0duspwnens
2431d7b028
Merge branch '2.4/detections-airgap' of https://github.com/Security-Onion-Solutions/securityonion into 2.4/detections-airgap
2024-05-06 15:27:27 -04:00
m0duspwnens
554a203541
update airgapEnabled in map file
2024-05-06 12:59:45 -04:00
DefensiveDepth
be1758aea7
Fix license and folder
2024-05-06 12:22:44 -04:00
m0duspwnens
5b966b83a9
change rulesRepos for airgap or not
2024-05-06 09:26:52 -04:00
Doug Burks
3f73b14a6a
FEATURE: Add event.dataset to all Events table layouts #12641
2024-05-06 09:20:47 -04:00
Doug Burks
f689cfcd0a
FEATURE: Add Events table columns for stun logs #12940
2024-05-06 08:52:43 -04:00
Doug Burks
7b905f5a94
FEATURE: Add Events table columns for tunnel logs #12937
2024-05-06 08:22:08 -04:00
Doug Burks
0822a46e94
FIX: Improve File dashboard #12914
2024-05-02 10:42:34 -04:00
Doug Burks
1be3e6204d
FIX: Improve File dashboard #12914
2024-05-02 10:38:56 -04:00
Josh Patterson
72b2503b49
Merge pull request #12906 from Security-Onion-Solutions/det_easr
...
Apply autoEnabledSigmaRules based on role if defined and default if not
2024-05-01 13:05:36 -04:00
m0duspwnens
7122709bbf
set Sigma rules based on role if defined and default if not
2024-05-01 12:25:34 -04:00
