CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-24 21:47:48 +02:00
Code Issues Packages Projects Releases Wiki Activity
14,615 Commits 41 Branches 125 Tags
32b8649c77e0698c987b0b4e01fdeb9dfcb406ad
Commit Graph

9108 Commits

Author SHA1 Message Date
Doug Burks b7ef1e8af1 add more endpoint.events.x fields to soc_soc.yaml 2024-02-23 15:38:53 -05:00
Doug Burks 7da0ccf5a6 add more endpoint.events.x entries to merged.map.jinja 2024-02-23 15:35:53 -05:00
m0duspwnens 573d565976 convert _x_ to . for soc ui to config 2024-02-23 15:03:44 -05:00
Doug Burks b8baca417b add endpoint_x_events_x_process to defaults.yaml 2024-02-23 14:03:04 -05:00
Josh Brower d04aa06455 Fix source.ip 2024-02-22 14:01:02 -05:00
Mike Reeves e7914fc5a1 Update stenoloss.sh 2024-02-22 12:49:06 -05:00
Mike Reeves 759b2ff59e Manage the repos 2024-02-22 10:03:51 -05:00
Josh Brower c886e72793 Imphash mappings 2024-02-22 08:59:33 -05:00
Josh Brower 0a9022ba6a Add hash mappings 2024-02-21 17:07:08 -05:00
Josh Patterson d2f7946377 Merge pull request #12411 from Security-Onion-Solutions/issue/12382 
nest under policy
 2024-02-21 16:28:04 -05:00
m0duspwnens 162785575c nest under policy 2024-02-21 15:28:24 -05:00
Josh Brower 1952f0f232 Merge remote-tracking branch 'origin/2.4/dev' into kilo 2024-02-21 13:11:49 -05:00
Mike Reeves 9ca0f586ae Manage the repos 2024-02-21 11:45:02 -05:00
Mike Reeves 89010dacab Merge pull request #12348 from Security-Onion-Solutions/TOoSmOotH-patch-4 
Update soup
 2024-02-20 12:10:09 -05:00
Jason Ertel 4b314c8715 replace correlate icon to avoid confusion with searcheng.in 2024-02-20 10:30:09 -05:00
Josh Brower ffb3cc87b7 Default ruleset; Descriptions 2024-02-16 11:55:10 -05:00
Josh Brower e4dcb4a8dd Merge remote-tracking branch 'origin/cogburn/detection_playbooks' into kilo 2024-02-15 17:50:37 -05:00
Corey Ogburn c64f37ab67 sigmaRulePackages is now a string array 2024-02-15 10:34:07 -07:00
Josh Brower 686304f24a Merge remote-tracking branch 'origin/2.4/dev' into kilo 2024-02-15 09:47:51 -05:00
m0duspwnens a2b17d2348 move jinja to top 2024-02-14 14:27:41 -05:00
m0duspwnens c1f467a068 handle airgap 2024-02-14 14:22:18 -05:00
m0duspwnens 7d5932ee5e Merge remote-tracking branch 'origin/2.4/dev' into 2450soup 2024-02-14 13:29:39 -05:00
m0duspwnens 79e98e508f pass in UPDATE_DIR as a pillar 2024-02-14 13:28:12 -05:00
Josh Patterson cf6266a92b Merge pull request #12354 from Security-Onion-Solutions/2450soup 
modify soup to update soup scripts using salt
 2024-02-13 16:23:57 -05:00
m0duspwnens 2e9fa2438b add back comment 2024-02-13 16:19:50 -05:00
Corey Ogburn a5db9f87dd Merge branch 'kilo' into cogburn/detection_playbooks 2024-02-13 14:08:44 -07:00
Corey Ogburn f321e734eb Added so-detection mapping in elasticsearch 2024-02-13 14:05:27 -07:00
Corey Ogburn 8800b7e878 WIP: Detections Changes 
Removed some strelka/yara rules from salt.

Removed yara scripts for downloading and updating rules. This will be managed by SOC.

Added a new compile_yara.py script.

Added the strelka repos folder.
 2024-02-13 14:05:27 -07:00
Corey Ogburn 031ee078c5 socsigmarepo 
Need write permissions on the /opt/so/rules dir so I can clone the sigma repo there.
 2024-02-13 14:05:27 -07:00
m0duspwnens 00f2374582 fix path for so-firewall 2024-02-13 15:43:02 -05:00
m0duspwnens 468eedfaeb add soup script update retru 2024-02-13 15:30:24 -05:00
m0duspwnens 88786e8342 use file.copy to preserve perms 2024-02-13 15:05:09 -05:00
Corey Ogburn c933627a71 Merge branch 'kilo' of github.com:security-onion-solutions/securityonion into kilo 2024-02-13 12:53:29 -07:00
Corey Ogburn 0d297274c8 DetectionComment Mapping Defined 2024-02-13 12:53:18 -07:00
m0duspwnens 141fd49f02 use rsync 2024-02-13 14:27:22 -05:00
m0duspwnens 7112337c85 fix copy 2024-02-13 13:52:14 -05:00
Josh Brower 0c6c6ba2d5 Various UI tweaks 2024-02-13 13:38:43 -05:00
m0duspwnens d6ac7a3286 fix the jinja 2024-02-13 13:31:34 -05:00
m0duspwnens 9175a73456 dont need $ for vars 2024-02-13 13:08:09 -05:00
m0duspwnens 1bde002f20 update case 2024-02-13 12:51:53 -05:00
Doug Burks 0741ae370a Update defaults.yaml 2024-02-13 12:51:26 -05:00
m0duspwnens d7f853b5b2 comment out script copy in soup 2024-02-13 12:50:22 -05:00
m0duspwnens 5c9b1ab38b copy with cp 2024-02-13 12:48:31 -05:00
m0duspwnens b713771494 add back common soup_scripts state 2024-02-13 12:30:36 -05:00
Doug Burks 8060751a66 Add table columns to process dashboard in defaults.yaml 2024-02-13 12:24:33 -05:00
m0duspwnens c1258f9a92 Merge remote-tracking branch 'origin/2.4/dev' into 2450soup 2024-02-13 11:09:24 -05:00
m0duspwnens 92634724c4 move rm 2024-02-13 11:09:08 -05:00
m0duspwnens 3efaba1104 modify soup to update soup scripts without using salt 2024-02-13 11:04:26 -05:00
Josh Brower ea80469c2d Detection Default queries 2024-02-12 19:39:55 -05:00
Doug Burks 0ad39a7e32 FEATURE: Add new SOC action to show process ancestry #12345 2024-02-12 19:18:29 -05:00