CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-01-01 13:53:18 +01:00
Code Issues Packages Projects Releases Wiki Activity
12,666 Commits 20 Branches 120 Tags
2f2394dca2c94ae2e7a2d2d31f331f6858cbb84c
Commit Graph

72 Commits

Author SHA1 Message Date
Jason Ertel
951f04c265 remove use of pipe 2023-06-29 12:10:12 -04:00
Corey Ogburn
fb27e7c479 Also add to dashboard 
Duplicate new queryToggleFilter from hunt to dashboard.
 2023-06-23 11:30:26 -06:00
Corey Ogburn
261acee8a0 New Hunt queryToggleFilter 
New filter to exclude soc logs from hunt results.
 2023-06-23 11:30:26 -06:00
Corey Ogburn
6769386c86 Change upload path 2023-06-22 10:59:24 -06:00
Corey Ogburn
b5e5bd57ad Fix for Upload Import 
Needed to mount /nsm/soc/uploads into soc container.

Made the upload route configurable.

Added gpg logging to salt-relay.
 2023-06-21 15:41:16 -06:00
Josh Brower
6ba9e057a9 Merge pull request #10600 from Security-Onion-Solutions/fix/dataset_tags 
Change format of event dataset and assign dataset to tags
 2023-06-21 09:22:40 -04:00
Doug Burks
0e09d73aa0 Resolve conflicts with dataset PR 2023-06-20 07:40:10 -04:00
Doug Burks
fc824359ed Update default fields for kratos.audit 2023-06-20 07:30:56 -04:00
Doug Burks
7caa7cec6b Fix SOC Auth queries in Dashboards and Hunt 
Change `event.dataset:audit` to `event.dataset:kratos.audit`.
 2023-06-20 07:13:33 -04:00
Wes
b5bccc5e05 Use module in dataset name and add dataset tag 2023-06-15 13:06:57 +00:00
m0duspwnens
8e18986671 enabled/disable soc in ui 2023-05-11 15:33:16 -04:00
Doug Burks
5be5466efe fix GeoIP queries 2023-03-24 14:03:12 -04:00
Doug Burks
a9dc7a14cb fix GeoIP queries 2023-03-24 13:56:51 -04:00
Doug Burks
aa9d44ab09 Add four new GeoIP dashboards 2023-03-24 13:51:13 -04:00
Josh Brower
bad905f54c SOC Logs & Hunt Query 2023-03-23 16:22:59 -04:00
Josh Brower
2fe8668f1b Merge pull request #9891 from Security-Onion-Solutions/2.4/huntqueries 
Initial updates for 2.4 fieldnames
 2023-03-09 14:37:50 -05:00
Josh Brower
73abf8dbfd Generic host dashboard 2023-03-09 14:32:52 -05:00
Josh Brower
1493806040 Change host dashboard titles 2023-03-08 17:03:02 -05:00
Josh Brower
a5c89bfaa1 update sysmon dashboards 2023-03-08 16:49:34 -05:00
Doug Burks
a2bda07820 add VLAN dashboard 2023-03-05 15:24:11 -05:00
Josh Brower
9db6df0f14 Initial updates for 2.4 fieldnames 2023-03-04 15:19:19 -05:00
Doug Burks
e24296d536 add SOC Dashboards groupby for Zeek conn vlan field 2023-03-03 15:23:43 -05:00
Jason Ertel
d3c5d0569a Remove FleetDM tool instead of deactivating it 2023-02-24 10:20:02 -05:00
Jason Ertel
cd27ae89cc influx upgrade 2023-02-10 16:34:06 -05:00
Jason Ertel
ea0c3db8e1 upgrade influxdb 2023-02-08 13:23:45 -05:00
Doug Burks
a44d83d69b Improve Suricata DHCP parsing and dashboard 2023-01-31 08:33:38 -05:00
Jason Ertel
7b1f867ac3 Add defaults for auto extracted observables 2023-01-24 13:17:50 -05:00
Doug Burks
5754365c6d Improve default sysmon fields and add new network_connection fields 2023-01-04 07:42:24 -05:00
doug
4e5d1d587e update sysmon ingest parser and Sysmon File dashboard 2023-01-03 09:02:17 -05:00
Doug Burks
69415a0d8d Improve Strelka dashboard 2022-12-21 15:34:35 -05:00
Doug Burks
506556f0d2 Improve Firewall dashboard 2022-12-21 15:29:09 -05:00
Doug Burks
d7b2c88201 Improve Software dashboard 2022-12-21 15:24:58 -05:00
Doug Burks
4519c533a2 Improve Intel dashboard 2022-12-21 15:20:27 -05:00
Doug Burks
3a367d69f4 Improve FTP dashboard 2022-12-21 14:37:17 -05:00
Doug Burks
a4f1f75306 Improve NIDS Alerts dashboard 2022-12-21 14:33:01 -05:00
Doug Burks
3d1ce4ef10 Improve SOC dashboards 2022-12-21 13:26:04 -05:00
Jason Ertel
b37697e95d Switch license key to single line to avoid multiline/list conflicts 2022-12-16 12:50:22 -05:00
Jason Ertel
7853d972b6 Set default key to empty string to ensure new keys are type aligned correctly 2022-12-15 18:31:47 -05:00
Jason Ertel
f84ceca03e consolidate eventFields from hunt and dashbaords into a single setting 2022-12-15 14:22:23 -05:00
Doug Burks
e1d200e6ce Remove duplicate TDS dashboard from defaults.yaml 2022-12-11 14:39:08 -05:00
Doug Burks
72f71ba695 Fix TDS dashboard in defaults.yaml 2022-12-11 14:36:27 -05:00
Doug Burks
cb16bd36fb fix descriptions in defaults.yaml 2022-12-10 14:31:59 -05:00
Doug Burks
cf7d8076e9 remove old Wazuh Hunt queries in defaults.yaml 2022-12-10 14:21:58 -05:00
Doug Burks
cd664b2d39 remove old Modbus dashboard from defaults.yaml 2022-12-10 14:16:39 -05:00
Doug Burks
7f07a94a98 remove old DNP3 and Wazuh dashboards from defaults.yaml 2022-12-10 14:14:24 -05:00
Doug Burks
187ca4c453 Update soc defaults.yaml to include dnp3_control and dnp3_objects eventfields 2022-12-10 07:33:09 -05:00
weslambert
a626acced0 Add new ICS/SCADA event fields to the dashboards section of the configuration and remove extra space in key names. 2022-12-06 13:11:55 -05:00
Wes
1b5c1fecd4 Revert SOC default 'alerts' event fields and specify additional event fields for ICS/SCADA events 2022-12-06 17:28:30 +00:00
Wes
b048eec3c0 Add STUN, TDS, WireGuard, and ICS/SCADA dashboard queries 2022-12-06 17:17:49 +00:00
Wes
f44eee134a Add default queries and ICS/SCADA queries 2022-12-06 16:52:20 +00:00