527a6ba454
Use asterisk when searching 'msg' since it is now a keyword
2023-07-31 23:52:38 -04:00
aa56085758
New Action "Add to Case"
2023-07-28 09:55:44 -06:00
c1190064ad
Merge pull request #10823 from Security-Onion-Solutions/2.4/dockerips
...
2.4/dockerips
2023-07-25 08:39:49 -04:00
4c9d172721
sorange to range
2023-07-21 16:21:18 -04:00
bb7a918a16
Added ReverseLookup Option
...
Defaults to false, has metadata to show up in the config section of soc.
2023-07-21 13:18:08 -06:00
1848a835f5
Remove keyword
2023-07-19 13:52:15 +00:00
5eca1acbeb
incorporate features pillar
2023-07-06 13:24:45 -04:00
951f04c265
remove use of pipe
2023-06-29 12:10:12 -04:00
fb27e7c479
Also add to dashboard
...
Duplicate new queryToggleFilter from hunt to dashboard.
2023-06-23 11:30:26 -06:00
261acee8a0
New Hunt queryToggleFilter
...
New filter to exclude soc logs from hunt results.
2023-06-23 11:30:26 -06:00
b21b545756
use cluster-unique password for import encryption
2023-06-23 09:37:41 -04:00
2b323ab661
Fix salt cmd.run commands for importing
...
Functional and easy to read.
2023-06-22 17:30:56 -06:00
f4cbe20ddf
Merge pull request #10641 from Security-Onion-Solutions/jertel/fix-import
...
fix quotations
2023-06-22 14:46:41 -04:00
0d92a1594a
fix quotations
2023-06-22 14:41:39 -04:00
6769386c86
Change upload path
2023-06-22 10:59:24 -06:00
b5e5bd57ad
Fix for Upload Import
...
Needed to mount /nsm/soc/uploads into soc container.
Made the upload route configurable.
Added gpg logging to salt-relay.
2023-06-21 15:41:16 -06:00
6ba9e057a9
Merge pull request #10600 from Security-Onion-Solutions/fix/dataset_tags
...
Change format of event dataset and assign dataset to tags
2023-06-21 09:22:40 -04:00
ad28ea275f
Better state management
...
When salt-cp runs it's course and finds it can't send a file, it outputs a report saying as much but the exit code will be zero. Now we remove the filename and node from the response and look for `True` to know if it succeeded. Also, respect the cleanup flag on success or failure.
Check the status of the decryption process before importing.
No longer decrypt locally, issue salt command for the remote client to do the decrypting.
2023-06-20 09:41:14 -06:00
41951659ec
Use importer's new --json flag.
...
Using the new --json flag is not only more reliable than using a regex, the way the import script was written even re-imports will provide a url. This means that in more cases we can provide the results to the users (even if nothing changed).
2023-06-20 09:41:14 -06:00
451a4784a1
send-file and import-file security
...
Encrypt the file with a passphrase before sending and decrypt the file with the same passphrase before importing.
2023-06-20 09:41:14 -06:00
1b7095fa81
Improved import-file url regex
...
sed doesn't remove ALL whitespace, only newlines. It's better to stop at the first whitespace than to stop at a particular, maybe-not-last query string parameter.
2023-06-20 09:41:14 -06:00
89d789fe0f
New folder for salt to maintain
...
This folder is where a manager will initially store uploaded PCAP/EVTX files before sending to sensors. Sensors will store uploads in this folder on their own system.
2023-06-20 09:41:14 -06:00
49055e260f
salt-relay import-file reporting
...
On successful import, return dashboard URL
2023-06-20 09:41:14 -06:00
a465039887
2 new capabilities: send-file and import-file
2023-06-20 09:41:14 -06:00
0e09d73aa0
Resolve conflicts with dataset PR
2023-06-20 07:40:10 -04:00
fc824359ed
Update default fields for kratos.audit
2023-06-20 07:30:56 -04:00
7caa7cec6b
Fix SOC Auth queries in Dashboards and Hunt
...
Change `event.dataset:audit` to `event.dataset:kratos.audit`.
2023-06-20 07:13:33 -04:00
b5bccc5e05
Use module in dataset name and add dataset tag
2023-06-15 13:06:57 +00:00
cace817c79
Merge branch '2.4/dev' of https://github.com/Security-Onion-Solutions/securityonion into airgaps
2023-05-24 08:43:03 -04:00
ba0ec18a33
Ignore Synchronize button clicks when an active salt job is running and another is already in queue
2023-05-22 14:52:07 -04:00
5315c51197
Allow additional docker parameters
2023-05-18 16:52:38 -04:00
7ab31e36af
Merge branch '2.4/dev' of https://github.com/Security-Onion-Solutions/securityonion into airgaps
2023-05-18 15:19:15 -04:00
0fd9fb9294
Allow additional docker parameters
2023-05-18 15:19:09 -04:00
4930ae4ba6
add missing var for local dev
2023-05-17 18:14:21 -04:00
e15c14cc2e
fix indent
2023-05-17 15:50:31 -04:00
f7ddf57f39
move files out of config
2023-05-17 15:49:22 -04:00
05a81596e5
place and access sensoronikey from sensoroni.config
2023-05-12 14:38:39 -04:00
fa1a428133
fix import
2023-05-11 15:36:20 -04:00
8e18986671
enabled/disable soc in ui
2023-05-11 15:33:16 -04:00
cbd1c05929
Sbin Changes
2023-05-04 10:36:03 -04:00
2d4f4791e0
Move files out of common
2023-05-01 15:21:31 -04:00
4dcc79d245
FIX: Overview Customization link #10173
2023-04-20 16:26:51 -04:00
1047462898
add identifiers for all cron.present
2023-04-13 16:25:47 -04:00
7f28cdd2a3
provide means for using salt-relay with local development against remove VMs
2023-04-10 14:04:03 -04:00
5be5466efe
fix GeoIP queries
2023-03-24 14:03:12 -04:00
a9dc7a14cb
fix GeoIP queries
2023-03-24 13:56:51 -04:00
aa9d44ab09
Add four new GeoIP dashboards
2023-03-24 13:51:13 -04:00
bad905f54c
SOC Logs & Hunt Query
2023-03-23 16:22:59 -04:00
2fe8668f1b
Merge pull request #9891 from Security-Onion-Solutions/2.4/huntqueries
...
Initial updates for 2.4 fieldnames
2023-03-09 14:37:50 -05:00
73abf8dbfd
Generic host dashboard
2023-03-09 14:32:52 -05:00
weslambert
Corey Ogburn
Josh Patterson
Jason Ertel
Jason Ertel
Josh Brower
Doug Burks
Mike Reeves