CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 18:22:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
8,397 Commits 24 Branches 119 Tags
2ffb723bbd77c3669687b13a42d8029e8b2d98a7
Commit Graph

31 Commits

Author SHA1 Message Date
Mike Reeves
2ffb723bbd Rename so-common-template.json to so-common-template.json.jinja 2021-09-14 13:58:45 -04:00
Mike Reeves
e3900606dc Enable index sorting by default but allow it to be disabled 2021-09-04 10:42:18 -04:00
Rob Waight
b7591093cf Add index sorting to so-common-template.json 
Add index sorting to so-common-template.json
 2021-09-04 09:45:03 -04:00
Mike Reeves
a27263435a Add Templates for all filebeat modules 2021-08-27 14:41:04 -04:00
Mike Reeves
f8cdf5bca3 Add Templates for all filebeat modules 2021-08-27 14:39:02 -04:00
William Wernert
4f39cd1d7f Add logscan dynamic object to so-common template mappings 2021-07-30 16:02:02 -04:00
Wes Lambert
723172bc1f Add path_unmatch for data.port so it is not mapped as integer 2021-07-14 13:45:09 +00:00
Wes Lambert
323b5d6694 Add dynamic mapping for wazuh 2021-07-14 13:43:34 +00:00
weslambert
fcbacd473d Add ELK, redis 2021-06-30 09:34:56 -04:00
weslambert
06d77d9972 Update so-common-template.json 2021-06-30 09:31:32 -04:00
Mike Reeves
12d4d4a4f7 Dynamix Pipelines take 2 2021-06-10 09:19:15 -04:00
Mike Reeves
1c7741fdbe Add templates for SO logs 2021-06-09 12:38:19 -04:00
weslambert
cba719b3a0 Remove extra comma 2021-06-02 16:42:09 -04:00
weslambert
4241bb08b8 Add suricata/zeek until we migrate templates 2021-06-02 16:37:43 -04:00
Wes Lambert
a1a79719fc Add ignore above for message keyword field 2021-05-05 12:07:30 +00:00
Wes Lambert
619402cc67 Add event_data to common template so elastalert/playbook event_data fields can be indexed and searchable 2021-05-03 17:03:30 +00:00
Wes Lambert
942de130ca Enforce date type for ingest.timestamp 2021-03-31 12:24:51 +00:00
Josh Brower
71ae5b60ea Update Sigmac mappings and config for IPs and ports 2021-03-16 09:32:40 -04:00
Josh Brower
5fe025318b Update Sigmac mappings and config for IPs and ports 2021-03-15 15:53:00 -04:00
Josh Brower
548f67ca6f Initial support for Live Queries in Hunt 2021-03-04 18:21:13 -05:00
Josh Brower
d2a74c80e2 Update .security analyzer 2021-02-17 16:37:31 -05:00
Wes Lambert
3113d5fbdb Format scan.exiftool as text 2020-11-02 19:31:14 +00:00
Wes Lambert
af9daa4d71 Intel mapping enforcement and winlog.verion 2020-10-15 12:42:33 +00:00
Wes Lambert
b55ffa44f8 Fix module,dataset rename 2020-10-10 00:01:37 +00:00
Wes Lambert
019bec992d Add Strelka YARA matches as alerts 2020-10-06 12:19:44 +00:00
Josh Brower
8a78485906 Config Playbook SOC Alerts 2020-10-04 21:35:42 -04:00
Wes Lambert
36019727b3 Ensure IPs are typed as IP and ports as integer 2020-09-29 18:20:15 +00:00
Josh Brower
1cf7301db4 Adds new .security analyzed subfield 2020-08-26 05:11:42 -04:00
Josh Brower
15efe77e06 Ingest Parsing Update for Sysmon/WEL 2020-08-06 13:11:47 -04:00
Jason Ertel
d2df405cf0 so-import-pcap improvements: Ensure PCAP filenames with spaces are handled properly; Provide link directly to the imported logs, filtered by import ID; Require sudo access to run so-import-pcap 2020-07-21 11:07:09 -04:00
m0duspwnens
57bf23d83c move templates from logstash to elasticsearch 2020-07-14 16:07:46 -04:00