CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 09:42:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
14,982 Commits 24 Branches 119 Tags
31fdf15ce1b604791485f40a77c5b3cd97efb68c
Commit Graph

339 Commits

Author SHA1 Message Date
DefensiveDepth
8cc4d2668e Move compile_yara 2024-04-16 12:52:14 -04:00
DefensiveDepth
376efab40c Ship Defender logs 2024-04-08 14:01:38 -04:00
Jason Ertel
3aea2dec85 analytics 2024-04-01 09:50:18 -04:00
Josh Brower
d832158cc5 Drop Hashes field 2024-03-01 15:26:02 -05:00
Josh Brower
b017157d21 Add antivirus mapping 2024-03-01 14:04:56 -05:00
Josh Brower
d04aa06455 Fix source.ip 2024-02-22 14:01:02 -05:00
Josh Brower
c886e72793 Imphash mappings 2024-02-22 08:59:33 -05:00
Josh Brower
0a9022ba6a Add hash mappings 2024-02-21 17:07:08 -05:00
Josh Brower
81a3e95914 Fixup sigma pipelines 2024-02-07 16:42:16 -05:00
Josh Brower
7e3187c0b8 Fixup sigma pipelines 2024-02-07 15:35:31 -05:00
Corey Ogburn
858166bcae WIP: Detections Changes 
Removed some strelka/yara rules from salt.

Removed yara scripts for downloading and updating rules. This will be managed by SOC.

Added a new compile_yara.py script.

Added the strelka repos folder.
 2024-01-30 15:43:51 -07:00
Jason Ertel
c09e8f0d71 improve timing of responses 2023-11-16 15:58:48 -05:00
Jason Ertel
de99cda766 improve timing of responses 2023-11-16 15:51:17 -05:00
m0duspwnens
99662c999f log operation and minion target 2023-10-20 13:41:24 -04:00
Doug Burks
da56a421e5 Update motd.md 2023-08-31 09:17:33 -04:00
Doug Burks
4426437ad3 Update motd.md 2023-08-10 15:04:31 -04:00
Jason Ertel
951f04c265 remove use of pipe 2023-06-29 12:10:12 -04:00
Jason Ertel
b21b545756 use cluster-unique password for import encryption 2023-06-23 09:37:41 -04:00
Corey Ogburn
2b323ab661 Fix salt cmd.run commands for importing 
Functional and easy to read.
 2023-06-22 17:30:56 -06:00
Jason Ertel
0d92a1594a fix quotations 2023-06-22 14:41:39 -04:00
Corey Ogburn
b5e5bd57ad Fix for Upload Import 
Needed to mount /nsm/soc/uploads into soc container.

Made the upload route configurable.

Added gpg logging to salt-relay.
 2023-06-21 15:41:16 -06:00
Corey Ogburn
ad28ea275f Better state management 
When salt-cp runs it's course and finds it can't send a file, it outputs a report saying as much but the exit code will be zero. Now we remove the filename and node from the response and look for `True` to know if it succeeded. Also, respect the cleanup flag on success or failure.

Check the status of the decryption process before importing.

No longer decrypt locally, issue salt command for the remote client to do the decrypting.
 2023-06-20 09:41:14 -06:00
Corey Ogburn
41951659ec Use importer's new --json flag. 
Using the new --json flag is not only more reliable than using a regex, the way the import script was written even re-imports will provide a url. This means that in more cases we can provide the results to the users (even if nothing changed).
 2023-06-20 09:41:14 -06:00
Corey Ogburn
451a4784a1 send-file and import-file security 
Encrypt the file with a passphrase before sending and decrypt the file with the same passphrase before importing.
 2023-06-20 09:41:14 -06:00
Corey Ogburn
1b7095fa81 Improved import-file url regex 
sed doesn't remove ALL whitespace, only newlines. It's better to stop at the first whitespace than to stop at a particular, maybe-not-last query string parameter.
 2023-06-20 09:41:14 -06:00
Corey Ogburn
49055e260f salt-relay import-file reporting 
On successful import, return dashboard URL
 2023-06-20 09:41:14 -06:00
Corey Ogburn
a465039887 2 new capabilities: send-file and import-file 2023-06-20 09:41:14 -06:00
Jason Ertel
ba0ec18a33 Ignore Synchronize button clicks when an active salt job is running and another is already in queue 2023-05-22 14:52:07 -04:00
Jason Ertel
4930ae4ba6 add missing var for local dev 2023-05-17 18:14:21 -04:00
m0duspwnens
8e18986671 enabled/disable soc in ui 2023-05-11 15:33:16 -04:00
Doug Burks
4dcc79d245 FIX: Overview Customization link #10173 2023-04-20 16:26:51 -04:00
Jason Ertel
7f28cdd2a3 provide means for using salt-relay with local development against remove VMs 2023-04-10 14:04:03 -04:00
Jason Ertel
7f7e5474ed Add more logging for filecheck monitoring, and ensure scripts are accessible to salt-relay 2022-11-17 10:43:05 -05:00
Jason Ertel
0ffef75d7b Move background jobs to cron 2022-11-17 09:50:41 -05:00
Jason Ertel
35fab05bdd Retry so-user commands if another process is currently using so-user 2022-10-27 15:25:08 -04:00
Jason Ertel
981371c72f log salt-relay responses for troubleshooting assistance 2022-09-27 16:48:47 -04:00
Jason Ertel
53b4f01921 replace quotes on minion arg 2022-09-27 10:54:08 -04:00
Jason Ertel
7f7f2c15d0 add support for querying active salt jobs (future use) 2022-09-27 10:29:21 -04:00
Jason Ertel
556ddc2ee4 sync in background 2022-09-27 09:24:34 -04:00
Jason Ertel
8e175b2d3f add manual sync 2022-09-27 07:05:04 -04:00
Jason Ertel
0ad1a1a262 so-user and salt-relay updates for user management 2022-09-26 14:57:33 -04:00
Doug Burks
530c497800 Update motd.md 2022-09-20 15:16:04 -04:00
Jason Ertel
d12ff79af0 Remove comments to avoid confusing config viewers within SOC 2022-09-13 12:08:19 -04:00
Jason Ertel
21c7f940d7 Update copyrights 2022-09-13 11:48:25 -04:00
m0duspwnens
5bb001281b soc defaults changes - client child of server 2022-09-08 15:57:18 -04:00
Jason Ertel
b7bbe7d69f Add copyright notice 2022-09-08 10:27:56 -04:00
Jason Ertel
df6ba5cbe9 initial salt relay script for comms with soc 2022-09-07 16:19:16 -04:00
Mike Reeves
2bd9dd80e2 Move In Day 2022-09-07 09:06:25 -04:00
Doug Burks
94c637449d FIX: Improve default dashboards #8136 2022-06-21 12:53:06 -04:00
Doug Burks
dce415297c improve readability in motd.md 2022-06-04 06:59:09 -04:00