CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-23 01:13:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
12,449 Commits 18 Branches 120 Tags
32f3ee0b01884e7dc2dd82b80ff19cefc1ae996d
Commit Graph

7619 Commits

Author SHA1 Message Date
weslambert
32f3ee0b01 Merge pull request #10564 from Security-Onion-Solutions/fix/elasticsearch_templates 
Update templates for integrations
 2023-06-12 09:05:31 -04:00
Doug Burks
ae14e4870d Add ocsp to logging.zeek.exclued in defaults.yaml 2023-06-12 08:44:46 -04:00
Doug Burks
b3f8ed7dcd FIX: Suricata DHCP logs not ingesting #10565 2023-06-10 11:42:41 -04:00
Wes
ad5a424c03 Update templates for integrations 2023-06-09 18:32:50 +00:00
Jason Ertel
8a4f5d6dcb Merge branch '2.4/dev' into jertel/pcap 2023-06-09 11:51:37 -04:00
Jason Ertel
884a7041af Merge branch '2.4/dev' into jertel/pcap 2023-06-09 10:47:26 -04:00
Jason Ertel
023008c54c do not allow node_description to be set at global grid-wide level 2023-06-09 10:46:56 -04:00
Jason Ertel
6f7de954d9 Merge pull request #10559 from Security-Onion-Solutions/jertel/pcap 
Telegraf should monitor all mount points
 2023-06-09 09:18:54 -04:00
Jason Ertel
46371aaaf5 Monitor all mount points for simplicity 2023-06-09 09:14:36 -04:00
Doug Burks
e5f76a9c6e change suricata parsers from dataset to event.dataset 2023-06-08 12:31:31 -04:00
weslambert
d1c86cb9ff Merge pull request #10550 from Security-Onion-Solutions/kilo 
Elastalert and EQL
 2023-06-08 11:21:18 -04:00
Josh Brower
8b35002169 EQL Refactor 2023-06-07 13:44:37 -04:00
Wes
81e3d26540 Ignore empty list 2023-06-07 13:14:52 +00:00
weslambert
96b60fa39a Restore original URL syntax, but use data stream 2023-06-06 20:53:05 -04:00
weslambert
f172a74fbc Remove EQL setting 2023-06-06 20:51:29 -04:00
weslambert
c4be56ec7b Update host syntax 2023-06-06 20:51:03 -04:00
Wes
495a9c0783 Add mapping for event.severity_label 2023-06-05 21:19:37 +00:00
Wes
905bc564fc Change data stream name 2023-06-05 21:18:47 +00:00
Wes
f6f387428f Update Playbook alerter to write to a data stream 2023-06-05 21:17:10 +00:00
Jason Ertel
db5abcb3cf Merge pull request #10503 from Security-Onion-Solutions/jertel/pcap 
add ability to output PCAP import results in JSON format
 2023-06-05 14:32:32 -04:00
Jason Ertel
27e310c2a1 add json output option to so-import-evtx; clean up other issues 2023-06-05 13:54:44 -04:00
Wes
841d0b4b1f Update dependencies after git add 2023-06-05 15:42:55 +00:00
Wes
272f97e2d7 Update dependencies 2023-06-05 15:42:38 +00:00
Wes
eac9a3fc86 Update requests and whoisit 2023-06-05 15:41:01 +00:00
Jason Ertel
2fef1d5fa7 silence grep output 2023-06-02 15:43:48 -04:00
Jason Ertel
3bbfc3865d use proper URL spacing 2023-06-02 15:26:14 -04:00
Jason Ertel
6947fd6414 add ability to output PCAP import results in JSON format 2023-06-02 15:21:41 -04:00
Doug Burks
09e005127e Update soc_zeek.yaml 2023-06-02 07:41:55 -04:00
weslambert
3a5a59af59 Merge pull request #10485 from Security-Onion-Solutions/fix/elastic_fleet_dedicated 
Add so-fleet role logic
 2023-05-31 16:04:40 -04:00
Josh Patterson
8f3a874e61 Merge pull request #10483 from Security-Onion-Solutions/dedfleetES 
exclude elasticsearch.ca state from fleet and receiver nodes
 2023-05-31 16:02:57 -04:00
m0duspwnens
66dc6274e6 exclude elasticsearch.ca state from fleet and receiver nodes 2023-05-31 15:59:36 -04:00
Wes
302e580d8f Add so-fleet role logic 2023-05-31 19:56:17 +00:00
Wes
344e2bf1d0 Update defaults file 2023-05-31 15:30:03 +00:00
Wes
2bb77251b0 Move Elastic Fleet logging exclusions to the Fleet pillar 2023-05-31 13:38:58 +00:00
weslambert
36791665f3 Merge pull request #10462 from Security-Onion-Solutions/feature/elastic_agent_zeek_logging 
Dynamic integration configuration and Zeek log exclusions for Elastic Agent
 2023-05-30 19:27:13 -04:00
Wes
f3be63051b Remove Fleet configuration 2023-05-30 20:48:43 +00:00
m0duspwnens
743ed316f8 dont apply suricata.enabled on import nodes 2023-05-30 16:10:41 -04:00
Wes
e4b4bbcfdc Use ZEEKMERGED from zeek/config.map.jinja 2023-05-30 19:51:13 +00:00
Wes
b6e090f29f Move Elastic Fleet logic in so-common to so-elastic-fleet-common 2023-05-30 18:43:56 +00:00
weslambert
25006ed20b Merge pull request #10455 from Security-Onion-Solutions/fix/curator_cluster_delete_delete 
Update so-elasticsearch-cluster-space-used and so-curator-cluster-delete-delete
 2023-05-30 14:28:22 -04:00
Wes
4469a93a75 Fix typo 2023-05-30 18:24:30 +00:00
Wes
096dadf9bd Change 1024 to 1000 for gigabytes 2023-05-30 17:29:42 +00:00
Wes
b441fe662f Change 1024 to 1000 for gigabytes 2023-05-30 17:28:59 +00:00
Wes
e5117a343d Change description 2023-05-30 17:10:17 +00:00
Wes
b9d692eb0e Remove default value 2023-05-30 17:08:52 +00:00
Wes
36a7f54160 Add extension 2023-05-30 16:46:38 +00:00
Wes
9035fa3037 Don't load Elasticsearch integration 2023-05-30 15:46:00 +00:00
Wes
b4b87e5620 Only provide JSON output 2023-05-30 15:43:31 +00:00
Wes
97c53d70a4 Remove integrations 2023-05-30 14:05:40 +00:00
Wes
53b4f7bd5c Add spacing 2023-05-30 14:05:11 +00:00