CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-22 00:43:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
8,397 Commits 18 Branches 120 Tags
2ffb723bbd77c3669687b13a42d8029e8b2d98a7
Commit Graph

4922 Commits

Author SHA1 Message Date
Wes Lambert
015a441e79 Change rule.signature_info to rule.reference and ensure common.nids exists 2020-10-07 15:20:26 +00:00
m0duspwnens
1106b2bf96 only send loss if timestamp on data has changed 2020-10-07 11:15:10 -04:00
Wes Lambert
f0a1457ffd Update common.nids 2020-10-07 15:14:08 +00:00
m0duspwnens
d09f0f841e only send loss if timestamp on data has changed 2020-10-07 11:13:03 -04:00
m0duspwnens
6f2d47cc40 only send loss if timestamp on data has changed 2020-10-07 11:11:06 -04:00
m0duspwnens
2317e8b348 only send loss if timestamp on data has changed 2020-10-07 11:08:41 -04:00
m0duspwnens
f96d6ae4f4 only send loss if timestamp on data has changed 2020-10-07 11:06:54 -04:00
m0duspwnens
5e534571ff set timestamp with capture loss 2020-10-07 10:20:51 -04:00
m0duspwnens
14dd80b410 handle whitespace 2020-10-06 18:46:32 -04:00
m0duspwnens
af2df2c7d1 just print the loss 2020-10-06 18:44:22 -04:00
m0duspwnens
f95712c502 update log file 2020-10-06 18:38:51 -04:00
m0duspwnens
48ca2cdff1 fix pillars we check 2020-10-06 18:10:41 -04:00
m0duspwnens
73ce948d42 add zeekcaptureloss to data to influxdb. rename broloss to zeekloss - https://github.com/Security-Onion-Solutions/securityonion/issues/1403 2020-10-06 18:05:41 -04:00
William Wernert
d84f85335e [fix] Add jinja option, missing log dirs, compress option 2020-10-06 17:18:39 -04:00
Wes Lambert
8c07c098f6 Pipeline cleanup 2020-10-06 20:14:15 +00:00
Wes Lambert
350cc41740 Let zeek.common handle common fields for zeek.tunnels 2020-10-06 20:12:23 +00:00
William Wernert
27351fa520 [fix] Correct jinja syntax + indent all lines 2020-10-06 14:51:42 -04:00
m0duspwnens
035d215398 fix yum db if corrupted - https://github.com/Security-Onion-Solutions/securityonion/issues/163 2020-10-06 14:28:01 -04:00
m0duspwnens
3d71766b64 Merge branch 'dev' of https://github.com/Security-Onion-Solutions/securityonion-saltstack into issue/1460 2020-10-06 13:58:02 -04:00
m0duspwnens
34dfc809c7 handle thread count for suricata and default max-pending-packets to 5000 - https://github.com/Security-Onion-Solutions/securityonion/issues/1460 2020-10-06 13:57:50 -04:00
William Wernert
9737b01676 [feat] Move logrotate configuration settings to pillar 2020-10-06 13:22:44 -04:00
William Wernert
94f15c63ce [fix] Correct indent in common init.sls 2020-10-06 13:21:37 -04:00
Wes Lambert
a6a69c57d1 Rename so-elasticsearch-templates to so-elasticsearch-templates-load 2020-10-06 17:18:42 +00:00
Wes Lambert
787f1d8732 Add so-elasticsearch-templates-list 2020-10-06 17:15:27 +00:00
Wes Lambert
4a5d50cf80 Add so-elasticsearch-pipelines-list and fix common script perms 2020-10-06 17:01:58 +00:00
m0duspwnens
5eada1cdd5 handle install locations of files copied 2020-10-06 11:39:34 -04:00
m0duspwnens
a5f4c96db0 qol user interaction improvements to analyst install 2020-10-06 11:19:43 -04:00
m0duspwnens
4eea0a464c include remaining log functions from so-functions 2020-10-06 10:57:43 -04:00
m0duspwnens
7840002d18 update log file in title func 2020-10-06 10:51:31 -04:00
m0duspwnens
85168e9318 add title function 2020-10-06 10:49:38 -04:00
m0duspwnens
2420cd5db1 add some system characteristics to log like normal install does 2020-10-06 10:46:11 -04:00
Doug Burks
a686704d37 remove rule.uuid now that underlying issue has been resolved 2020-10-06 09:39:57 -04:00
Wes Lambert
019bec992d Add Strelka YARA matches as alerts 2020-10-06 12:19:44 +00:00
m0duspwnens
acabcd27a7 change for network miner 2.6 - https://github.com/Security-Onion-Solutions/securityonion/issues/1290 2020-10-05 18:17:24 -04:00
Josh Patterson
24ff34ee81 Merge pull request #1457 from Security-Onion-Solutions/issue/1371 
Issue/1371
 2020-10-05 15:51:35 -04:00
Josh Brower
2e012432b4 Merge pull request #1455 from Security-Onion-Solutions/feature/training-req 
Write out nested json
 2020-10-05 15:34:43 -04:00
Josh Brower
de9ace62d4 Write out nested json 2020-10-05 15:34:02 -04:00
m0duspwnens
748dc5ba91 logstash changes per https://github.com/Security-Onion-Solutions/securityonion/issues/1444 2020-10-05 14:10:05 -04:00
William Wernert
5dfd11a018 [feat] Add wazuh archive cleanup + fix indentation 2020-10-05 13:58:49 -04:00
William Wernert
e6cb75ce7e [feat] Add common logrotate cron+config 2020-10-05 13:57:36 -04:00
Josh Patterson
f7daa391c7 Merge pull request #1453 from Security-Onion-Solutions/issue/1441 
enable suricata threshold-file and point to proper file
 2020-10-05 12:56:39 -04:00
Doug Burks
a45aa43f41 Add trailing comma to "thehive" stanza 2020-10-05 12:35:33 -04:00
m0duspwnens
63884b73e1 enable suricata threshold-file and point to proper file - https://github.com/Security-Onion-Solutions/securityonion/issues/1441 2020-10-05 12:10:52 -04:00
Wes Lambert
575da0f9d3 Change alert to case 2020-10-05 15:45:10 +00:00
weslambert
bc31e19e37 Put back rule.category for Wazuh alerts 2020-10-05 11:34:29 -04:00
weslambert
968dce0aee Adjust Wazuh logging so we don't log alerts to a separate file and so we don't write a separate log file for non-JSON for archives 2020-10-05 10:03:40 -04:00
Jason Ertel
1ebe970876 Disable escalate button if thehive is not enabled 2020-10-05 09:54:18 -04:00
weslambert
6b292ea62b Merge pull request #1448 from Security-Onion-Solutions/fix/so_elastic_clear 
Fix/so elastic clear
 2020-10-05 09:40:04 -04:00
Wes Lambert
da8957b4f4 Use Elasticsearch pillar vs manager IP for so-elastic-clear 2020-10-05 13:37:06 +00:00
Wes Lambert
1970d95d5f Make Filebeat registry persistent to avoid re-reading old data 2020-10-05 13:30:04 +00:00