CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-05-07 20:08:03 +02:00
Code Issues Packages Projects Releases Wiki Activity
18,152 Commits 52 Branches 125 Tags
2e411625c4742c1905fd01b19b9657f8304cfcf6
Commit Graph

556 Commits

Author SHA1 Message Date
Josh Patterson c2c5aea244 ensure bool sliders for each state:enabled annotation 2026-03-19 12:35:38 -04:00
Josh Patterson 74ad2990a7 Merge remote-tracking branch 'origin/3/dev' into delta 2026-03-18 13:05:02 -04:00
Josh Patterson e19e83bebb allow user defined ulimits 2026-03-18 10:38:15 -04:00
Doug Burks 930985b770 update helpLink references for new documentation 2026-03-18 09:46:45 -04:00
Josh Patterson 2349750e13 DOCKER to DOCKERMERGED 2026-03-17 16:19:02 -04:00
Josh Patterson 00986dc2fd Merge remote-tracking branch 'origin/delta' into customulimit 2026-03-17 16:04:09 -04:00
Mike Reeves 2d97dfc8a1 Add customizable ulimit settings for all Docker containers 
Add ulimits as a configurable advanced setting for every container,
allowing customization through the web UI. Move hardcoded ulimits
from elasticsearch and zeek into defaults.yaml and fix elasticsearch
ulimits that were incorrectly nested under the environment key.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-17 15:10:42 -04:00
Josh Patterson 4dc377c99f DOCKER to DOCKERMERGED 2026-03-17 15:06:06 -04:00
Josh Patterson 94f454c311 cleanup file.absent 2026-03-16 15:57:15 -04:00
Josh Patterson d381248e30 fix include 2026-01-20 16:27:37 -05:00
Josh Patterson 1234cbd04b allow logstash.ssl on so-eval 2026-01-20 09:30:32 -05:00
Josh Patterson 00fbc1c259 add back individual signing policies 2026-01-12 09:25:15 -05:00
Josh Patterson 3bc552ef38 Merge remote-tracking branch 'origin/2.4/dev' into bravo 2026-01-08 17:15:48 -05:00
reyesj2 7977a020ac elasticsearch 9.0.8 2025-12-16 16:03:47 -06:00
reyesj2 d518f75468 update deprecated config items 2025-12-11 20:07:06 -06:00
Josh Patterson b9ff1704b0 the great ssl refactor 2025-12-11 17:30:06 -05:00
reyesj2 8773ebc3dc logstash wrappers for troubleshooting 2025-10-14 13:34:33 -05:00
Josh Patterson 4afc986f48 firewall and logstash pipeline for managerhype 2025-09-05 13:14:47 -04:00
Josh Patterson ed80c4e13b Merge remote-tracking branch 'origin/2.4/dev' into vlb2 2025-04-23 15:42:04 -04:00
reyesj2 30c4acb828 group 2025-04-21 16:38:16 -05:00
reyesj2 4ec185a9c7 make logstash and kratos homedirs 2025-04-21 16:26:20 -05:00
Jason Ertel f5a8e917a4 researching install failures 2025-04-21 14:32:33 -04:00
Josh Patterson 07ef3d632c Merge remote-tracking branch 'origin/2.4/dev' into vlb2 2025-04-15 08:08:12 -04:00
reyesj2 c0f9c344bb set logstash log rollover when log size exceeds 1G 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-04-14 08:13:27 -05:00
Josh Patterson 44a5b3b1e5 MANAGERHYPE setup is now complete! 2025-03-12 21:05:04 -04:00
reyesj2 dd17ee7665 fix defining custom logstash pipelines when kafka is enabled 2025-02-06 22:19:24 -06:00
defensivedepth 4c5099d429 Initial support for local lookup 2024-10-29 10:27:54 -04:00
m0duspwnens 5fb660bc9a remove kernel bool option, just use list 2024-10-17 09:29:03 -04:00
Jason Ertel 217bb388a0 Clarify enabled settings 2024-09-16 10:05:17 -04:00
m0duspwnens 8702d95434 only elasticsearch image uses es version 2024-09-09 16:38:38 -04:00
m0duspwnens 5a1d61a042 ref es version 2024-09-05 08:45:44 -04:00
m0duspwnens cd9c9a25d3 reference elastic versions from defaults 2024-08-21 11:25:56 -04:00
reyesj2 7ea8d5efd0 Remove redis input pipeline from searchnodes when global pipeline is Kafka 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-07-12 14:44:10 -04:00
reyesj2 4182ff66a0 rearrange kafka pillar, declutters SOC ui 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-07-11 16:37:16 -04:00
reyesj2 d5faf535c3 Only interact with logstash configuration when Kafka pipeline is enabled otherwise leave it default 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-07-10 11:36:44 -04:00
reyesj2 8e1edd1d91 split Kafka ssl from ssl/init. Certs won't be generated until Kafka is enabled. Also runs some clean up for old Kafka certs 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-07-10 11:32:43 -04:00
reyesj2 d791b23838 Generate new Kafka truststore 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-07-10 11:29:09 -04:00
m0duspwnens 50f0c43212 merge dev 2024-06-26 12:33:32 -04:00
reyesj2 c332cd777c remove import/heavynode artifact caused by kafka cert not existing but being bound in docker. (empty dir created) 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-24 08:50:37 -04:00
m0duspwnens 469ca44016 fix maps 2024-06-20 16:53:12 -04:00
m0duspwnens 81fcd68e9b create and use redis:nodes and elasticsearch:nodes pillars 2024-06-20 16:42:11 -04:00
m0duspwnens 55f8303dc2 remove manager and search pipelines from heavynode 2024-06-17 10:06:43 -04:00
reyesj2 0b1175b46c kafka logstash input plugin handle empty brokers list 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-14 23:03:36 -04:00
reyesj2 8080e05444 on fresh install kafka nodes pillar may not have populated. Avoiding this by only generating kafka input pipeline when kafka nodes pillar is not empty 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-14 14:17:26 -04:00
reyesj2 f372b0907b Use kafka:password for kafka certs 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-12 15:41:10 -04:00
reyesj2 e8106befe9 Append '-securityonion' to all Security Onion related Kafka topics. Adjust logstash to ingest all topics ending in '-securityonion' to avoid having to manually list topic names 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-12 12:05:16 -04:00
reyesj2 b1beb617b3 Logstash should be disabled when Kafka is enabled except when a minion override exists OR node is a standalone 
- Standalone subscribes to Kafka topics via logstash for ingest

Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-22 13:38:09 -04:00
reyesj2 2ad87bf1fe merge 2.4/dev 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-08 16:30:45 -04:00
reyesj2 eca2a4a9c8 Logstash consumer threads should match topic partition count 
- Default is set to 3. If there are too many consumer threads it may lead to idle logstash worker threads and could require decreasing this value to saturate workers

Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-08 16:17:09 -04:00
m0duspwnens dcc1f656ee predownload logstash and elastic for new searchnode and heavynode 2024-05-07 10:13:51 -04:00