CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
8,397 Commits 24 Branches 119 Tags
2ffb723bbd77c3669687b13a42d8029e8b2d98a7
Commit Graph

371 Commits

Author SHA1 Message Date
William Wernert
33bd6aed20 Fix logscan pipeline on eval 
* Rename logscan pipeline to logscan.alert
* Add module to indices array in filebeat.yml
 2021-07-30 14:41:15 -04:00
William Wernert
b9980c9d30 Fix pipeline name 2021-07-30 13:09:09 -04:00
William Wernert
df6d1d72e2 Merge branch 'dev' into feature/logscan 2021-07-19 15:19:59 -04:00
weslambert
fea4f3f973 Check if Filebeat modules are being used for incoming Beats 2021-07-19 12:57:42 -04:00
William Wernert
9bf1d3e0c6 Misc fixes 2021-07-16 14:59:44 -04:00
William Wernert
3a12d28d20 Merge branch 'dev' into feature/logscan 2021-07-16 14:13:19 -04:00
William Wernert
e8ba4bdc6c Add quotes to string 2021-07-16 14:07:23 -04:00
weslambert
7cdb967810 Only route to FB module pipeline if filebeat in metadata 2021-07-13 11:36:18 -04:00
William Wernert
80525ee736 [wip] Add logscan pipeline 2021-07-08 12:29:50 -04:00
m0duspwnens
0627ca2fc2 use heavynode hostname for certs if heavynode. changes to logstash pipeline for redis if heavynode 2021-07-06 15:32:39 -04:00
weslambert
2f3f04e4ca Change from nodename to host 2021-07-06 14:18:39 -04:00
weslambert
2e91f27336 Add conditional for heavynode 2021-07-06 14:17:49 -04:00
weslambert
10b1829830 Add conditional for heavynode 2021-07-06 14:16:34 -04:00
weslambert
4946f32d88 Add extra_hosts entry for local instance when running as heavy node 2021-07-06 14:14:58 -04:00
Jason Ertel
2d34208269 Elastic auth: Fun with Salt 2021-06-16 17:52:22 -04:00
Jason Ertel
09fbb045a1 If ES auth disabled ensure user/pass are blank 2021-06-16 09:59:57 -04:00
Jason Ertel
dd8eb29a18 Continue merge of ECS into Elastic Auth 2021-06-15 09:11:58 -04:00
Jason Ertel
fca1c6e957 Merge branch 'dev' into kilo 2021-06-14 10:40:04 -04:00
Mike Reeves
12d4d4a4f7 Dynamix Pipelines take 2 2021-06-10 09:19:15 -04:00
Mike Reeves
7fba904f75 Dynamix Pipelines take 1 2021-06-09 15:32:39 -04:00
Mike Reeves
4c90a0ed7e Add templates for SO logs 2021-06-09 12:04:32 -04:00
Mike Reeves
a959ec1eb1 Revert to SO taxonomy for zeek and suricata 2021-06-08 13:23:31 -04:00
Mike Reeves
3e138cbc6d Revert to SO taxonomy for zeek and suricata 2021-06-08 13:14:46 -04:00
Jason Ertel
e22421ec99 Refactor users/roles management via salt due to Salt's clobbering of the inode which breaks Docker mounts 2021-06-04 20:01:30 -04:00
Jason Ertel
5c527b2c48 Rename username param to user since logstash is 'unique' 2021-06-03 07:51:43 -04:00
Jason Ertel
901242f7e9 remove extra parenthesis 2021-06-02 16:23:45 -04:00
weslambert
a1b34e7a88 Fix Suricata index name 2021-06-02 15:30:14 -04:00
Jason Ertel
20e896cacf Update all configs to pass user/pass to ES 2021-06-02 12:17:15 -04:00
Mike Reeves
bfcde15a24 elastic pipeline test 2021-05-26 14:22:14 -04:00
Mike Reeves
1e564c2140 Fix zeek jinja 2021-05-25 10:22:36 -04:00
Wes Lambert
37929dbd7d Add additional config for Filebeat modules 2021-05-06 13:54:28 +00:00
Mike Reeves
2e01330e1b Update 9101_output_osquery_livequery.conf.jinja 2021-03-09 13:15:04 -05:00
Josh Brower
00da549430 Merge pull request #3358 from Security-Onion-Solutions/delta 
FEATURE: Initial support for viewing Osquery Live Query results in Hunt
 2021-03-09 09:18:57 -05:00
Josh Brower
fe8788c09a Merge remote-tracking branch 'remotes/origin/dev' into delta 2021-03-08 12:56:47 -05:00
Josh Brower
548f67ca6f Initial support for Live Queries in Hunt 2021-03-04 18:21:13 -05:00
Mike Reeves
a0a8d12526 Enable SSL and Features 2021-03-04 10:08:28 -05:00
Mike Reeves
49371a1d6a fix elastic output for ssl 2021-03-03 14:30:45 -05:00
Mike Reeves
bfd05a8cfc Change to https for elastic connections 2021-03-02 11:32:29 -05:00
Mike Reeves
3219f4cd12 Remove Features Option 2021-03-02 11:04:50 -05:00
Josh Brower
b8137214e4 Initial Support - Live Query to Hunt 2021-02-26 08:08:09 -05:00
Mike Reeves
4212afe0c9 Add features option back 2021-01-30 19:57:18 -05:00
Mike Reeves
636687ac59 Merge pull request #2702 from Security-Onion-Solutions/essecurity 
SSL with Elastic Basic license. Remove features option.
 2021-01-21 13:57:28 -05:00
Mike Reeves
9408d62c65 Remove features 2021-01-21 13:55:53 -05:00
m0duspwnens
b693373d8d change how we allow or disallow states to be run https://github.com/Security-Onion-Solutions/securityonion/issues/2679 2021-01-20 15:09:53 -05:00
William Wernert
a4897d2063 [fix] Add Elasticsearch to containers running on Helix sensor 2020-12-16 09:07:38 -05:00
William Wernert
15347d1209 [fix] More condition changes for Helix 2020-12-15 15:08:33 -05:00
m0duspwnens
1fca5e65df redo how containers get added to so-status https://github.com/Security-Onion-Solutions/securityonion/issues/1681 2020-11-10 15:31:47 -05:00
Mike Reeves
13be0da484 Add a place where custom logstash certs can go 2020-10-28 15:26:41 -04:00
Mike Reeves
361b13dc88 Add a place where custom logstash certs can go 2020-10-28 15:25:00 -04:00
Wes Lambert
884cc2d054 Don't predefine index date for Logstash outputs 2020-10-12 15:41:47 +00:00