CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-11 15:22:34 +02:00
Code Issues Packages Projects Releases Wiki Activity
17,973 Commits 31 Branches 125 Tags
2dfa83dd7da1ec2a0cb87aef8a9cabdc42fc0161
Commit Graph

333 Commits

Author SHA1 Message Date
Mike Reeves
2dfa83dd7d Wire postgres credentials into SOC module config 
- Create vars/postgres.map.jinja for postgres auth globals
- Add POSTGRES_GLOBALS to all manager-type role vars
  (manager, eval, standalone, managersearch, import)
- Add postgres module config to soc/defaults.yaml
- Inject so_postgres credentials from auth pillar into
  soc/defaults.map.jinja (conditional on auth pillar existing)
 2026-04-09 14:09:32 -04:00
Josh Brower
9e53bd3f2d update yara template 2026-03-24 15:56:26 -04:00
Josh Brower
165e69cd11 Add support for websockets 2026-03-23 07:52:36 -04:00
Jason Ertel
825f377d2d more doc updates 2026-03-18 13:05:36 -04:00
Jason Ertel
863276e24f Merge pull request #15539 from Security-Onion-Solutions/jertel/wip 
prepare for nextgen docs
 2026-02-27 13:18:47 -05:00
Jason Ertel
9bd5e1897a prepare for nextgen docs 2026-02-27 13:09:55 -05:00
Mike Reeves
479e3e0afa Update display name for Claude Sonnet model 2026-02-24 10:10:49 -05:00
Mike Reeves
c52d3269d6 Rename model ID from 'sonnet-4.5' to 'sonnet' 2026-02-24 09:45:46 -05:00
Matthew Wright
3d1a2c12ec add investigated query toggle filter 2026-02-17 13:17:12 -05:00
Mike Reeves
0661c3af1a Remove QWEN 235B model from defaults.yaml 
Removed QWEN 235B model and its associated details from defaults.yaml.
 2026-02-09 11:47:58 -05:00
Jason Ertel
4778bd6680 Merge pull request #15472 from Security-Onion-Solutions/jertel/wip 
default roles
 2026-02-09 09:48:46 -05:00
Jason Ertel
5033462098 default roles 2026-02-09 09:29:07 -05:00
Corey Ogburn
eea14b493c Assistant Config Tweaks 2026-02-03 12:24:26 -07:00
Corey Ogburn
6b98c5a10d Fix Adapter Names 
The bedrock adapter was renamed to securityonion_ai_cloud. The available models needed updating to match.
 2026-02-03 12:24:26 -07:00
Corey Ogburn
42060a9112 Organized, Annotated 
Settling on the final shape of the new config values.
 2026-02-03 12:24:25 -07:00
Corey Ogburn
cca4bec43f Adapter Field 2026-02-03 12:24:24 -07:00
reyesj2
f2b7ffe0eb align with ECS fieldnames 2026-01-05 14:48:10 -06:00
Mike Reeves
99dc72cece Merge branch '2.4/dev' into TOoSmOotH-patch-3 2025-12-10 17:19:32 -05:00
Mike Reeves
dc945dad00 Remove Claude Sonnet 4 model configuration 
Removed configuration for Claude Sonnet 4 model.
 2025-12-09 11:00:53 -05:00
Mike Reeves
03dd746601 Add origin field to model configurations 2025-12-08 16:34:19 -05:00
Mike Reeves
eec3373ae7 Update display name for Claude Sonnet 4 2025-12-08 16:30:50 -05:00
Mike Reeves
db45ce07ed Modify model display names and remove GPT-OSS 120B 
Updated display names for models and removed GPT-OSS 120B.
 2025-12-08 16:26:45 -05:00
DefensiveDepth
271f545f4f Fixup Airgap 2025-12-06 15:26:44 -05:00
DefensiveDepth
4bb0a7c9d9 Merge remote-tracking branch 'origin/2.4/dev' into idstools-refactor 2025-11-25 13:52:21 -05:00
DefensiveDepth
ced3af818c Refactor for Airgap 2025-11-25 13:51:50 -05:00
DefensiveDepth
148ef7ef21 add default ruleset 2025-11-18 11:57:30 -05:00
reyesj2
45b4b1d963 ingest zeek analyzer.log + update dpd dashboard with analyzer tag 2025-11-14 15:47:29 -06:00
Jason Ertel
045cf7866c Merge pull request #15225 from Security-Onion-Solutions/jertel/wip 
pcap annotations
 2025-11-14 08:37:37 -05:00
Corey Ogburn
dcc3206e51 Add Enabled Flag to Models 2025-11-13 15:32:28 -07:00
Jason Ertel
cec1890b6b pcap annotations 2025-11-13 16:15:47 -05:00
Corey Ogburn
b1b66045ea Change in prompt wording 2025-11-13 12:08:47 -07:00
Corey Ogburn
33b22bf2e4 Shorten Prompt 2025-11-13 11:09:09 -07:00
Corey Ogburn
3a38886345 CompressContextPrompt 2025-11-13 11:09:08 -07:00
DefensiveDepth
9a6ff75793 Merge remote-tracking branch 'origin/2.4/dev' into idstools-refactor 2025-11-12 08:51:51 -05:00
Mike Reeves
44594ba726 Update defaults.yaml 2025-11-10 14:24:27 -05:00
DefensiveDepth
2f6fb717c1 Merge remote-tracking branch 'origin/2.4/dev' into idstools-refactor 2025-11-06 10:38:37 -05:00
Corey Ogburn
f80b090c93 Update limits 2025-10-31 14:48:30 -06:00
Corey Ogburn
806173f7e3 Available Models 
Utilizes Jason's new Array of Objects UI.
 2025-10-31 14:07:30 -06:00
Jason Ertel
0994cd515a Merge pull request #15161 from Security-Onion-Solutions/jertel/wip 
add exclusion toggle
 2025-10-21 09:36:45 -04:00
Jason Ertel
bdcd1e099d add exclusion toggle 2025-10-21 09:33:41 -04:00
Corey Ogburn
c8aad2b03b New Config Entries 2025-10-14 13:24:43 -06:00
Corey Ogburn
5a2e704909 New field for assistant health check 
The health check has a smaller, configurable timeout.
 2025-09-30 15:33:20 -06:00
Matthew Wright
d81d9a0722 small tweak to investigation prompt 2025-09-25 14:45:06 -04:00
DefensiveDepth
ded520c2c1 Merge remote-tracking branch 'origin/2.4/dev' into idstools-refactor 2025-09-17 10:42:43 -04:00
DefensiveDepth
a77157391c remove idstools 2025-09-17 10:42:05 -04:00
Corey Ogburn
aa43177d8c Fix Setting Name 
enabledInSoc => enabled
 2025-09-08 09:13:25 -06:00
Matthew Wright
12959d114c added threshold config fields for assistant 2025-09-08 09:13:25 -06:00
Corey Ogburn
834e34128d Non-dev URL 2025-09-08 09:13:23 -06:00
Corey Ogburn
120e61e45c ClientParams 
Removed investigation prompt from module settings and moved to client settings, added enabledInSoc.
 2025-09-08 09:13:23 -06:00
Corey Ogburn
fc2d450de0 Update Settings 
The apiKey will be built off of the license rather than a new setting. The model is hardcoded for now at the AI Gateway level. We're going to use the investigationPrompt as a trigger for the feature being visible in the UI but by default will be blank for now.
 2025-09-08 09:13:22 -06:00