CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-02-09 08:43:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,653 Commits 25 Branches 121 Tags
2e468fe95c4ea27fde67a113a54ded4c5dec20d2
Commit Graph

127 Commits

Author SHA1 Message Date
reyesj2
2038227308 remove reference to .fleet_final_pipeline-1 
- configure global@custom ingest pipeline to run  .fleet_final_pipeline-1 when available (heavynodes do not have this pipeline).
  - Update global@custom pipeline to remove error message related to sending EA logs through logstash (https://github.com/elastic/kibana/issues/183959)
 2026-01-26 14:01:58 -06:00
reyesj2
c5db7c8752 suricata.capture_file keyword 2025-11-20 14:26:12 -06:00
Corey Ogburn
73776f8d11 Cleaning up New ES Indexes 2025-09-08 09:13:23 -06:00
Corey Ogburn
cea4eaf081 Updated Assistant Mapping 2025-09-08 09:13:22 -06:00
Corey Ogburn
b1753f86f9 New Message Structure 2025-09-08 09:13:22 -06:00
Corey Ogburn
6323fbf46b Content Object 2025-09-08 09:13:21 -06:00
Corey Ogburn
ba601c39b3 Rough Go at New Mappings/Settings 2025-09-08 09:13:21 -06:00
reyesj2
e26310d172 elastic agent offline alerter 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-09-02 17:00:03 -05:00
reyesj2
b3eb06f53e ja4 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-07-16 15:56:34 -05:00
reyesj2
58df566c79 add mapping for metadata.kafka.timestamp 2025-04-14 14:30:40 -05:00
reyesj2
395b81ffc6 FIX: Add log.origin.file.line to base templates #14417 2025-04-14 14:30:00 -05:00
reyesj2
4dd72ad15c fix osquery action_data mapping conflict 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-03-07 17:05:13 -06:00
reyesj2
124bf266b5 osquery v1.15.0 index templates updates 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-03-04 12:27:04 -06:00
reyesj2
e2772e899e component template missing metadata field 2025-02-24 10:24:11 -06:00
reyesj2
3f2b0973af manually create unused logs-soc@package for successful elasticsearch templates load 2025-02-24 08:59:59 -06:00
reyesj2
c9b41e2eb1 formatting 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-02-20 10:11:34 -06:00
reyesj2
499d473b9d set metrics indices to 0 replicas 2025-02-20 10:06:59 -06:00
reyesj2
09c7b31918 update pfsense pipeline version. Remove unused component templates 2025-02-12 16:33:56 -06:00
reyesj2
6331298eac remove individual <integration>@custom mappings. Moved over to so-fleet_integrations.ip_mappings-1 2025-01-21 10:49:54 -06:00
reyesj2
d35ffef503 merge 2.4/dev 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-01-17 11:23:54 -06:00
reyesj2
4f92b7ced1 add support for cloudflare_logpush integration 2025-01-13 09:23:05 -06:00
reyesj2
e60a1e4357 zeek ldap & ldap_search parsing 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-01-09 16:06:10 -06:00
reyesj2
0e87351a9c add zeek.quic mappings 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-01-08 16:18:53 -06:00
reyesj2
9fe3f6042f Remove individual integrations ip mappings component template. Replaced with global mappings 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-01-06 10:44:22 -06:00
reyesj2
157185c370 add ti_opencti integration support 2024-12-18 11:33:49 -06:00
reyesj2
754d28e95d add openvpn & ipsec support to Zeek 2024-12-05 09:52:55 -06:00
reyesj2
44ec237447 additional integration support - cisco secure email gateway - rapid7 threat command 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-11-15 11:39:01 -06:00
Corey Ogburn
8334fd9c46 Source Dates 2024-11-07 14:44:45 -07:00
reyesj2
039d5c22ac fix: crowdstrike integration 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-11-06 14:35:41 -06:00
defensivedepth
7896f951f3 timestamp fix 2024-10-31 10:24:58 -04:00
reyesj2
36fc3bbd6d add so-ip-mappings index 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-10-30 10:24:11 -04:00
Corey Ogburn
640f53d085 Cleanup 
Fix indentation and trailing comma.
 2024-10-24 17:05:36 -06:00
Corey Ogburn
1aa9d87c5d Corrected 
Put the note on the right model this time.
 2024-10-24 17:05:36 -06:00
Corey Ogburn
e11c562022 Added Note to ES Mappings 2024-10-24 17:05:35 -06:00
Jorge Reyes
cf95af66c6 Revert "Add support for cybereason integration" 2024-10-21 15:23:05 -04:00
reyesj2
8b11019712 Add support for cybereason integration 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-10-18 11:56:47 -04:00
reyesj2
322199358d add support for trendmicro integration 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-10-16 16:45:46 -04:00
Wes
70c5a07913 Add back meta ad error.message 2024-09-23 21:36:40 +00:00
Wes
41112a59ec Add back meta 2024-09-23 20:12:14 +00:00
Wes
764eb98bc2 Add custom component for ints 2024-09-17 19:43:13 +00:00
Wes
25a9fb9b5c Add destination IP for so-system 2024-09-09 20:16:23 +00:00
Wes
9264a03dbc Add custom system component 2024-07-31 17:03:26 +00:00
weslambert
bae348bef7 Change version 2024-07-30 16:44:44 -04:00
Wes
2d0de87530 Add component templates for Fleet metrics 2024-07-17 15:19:46 +00:00
Wes
a8c231ad8c Add component templates 2024-05-31 17:47:01 +00:00
Wes
3285ae9366 Update mappings for detection fields 2024-05-01 20:11:56 +00:00
reyesj2
55cf90f477 merge 2.4/dev 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-11 14:44:59 -04:00
reyesj2
68e016090b Fix network.wireless.ssid not parsing 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-11 13:21:54 -04:00
reyesj2
4097e1d81a Create mappings for Kismet integration 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-10 16:10:27 -04:00
Corey Ogburn
00cea6fb80 Detection Author as a Keyword instead of Text 
With Quick Actions added to Detections, as many fields should be usable as possible.
 2024-04-05 11:22:47 -06:00