CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
6,492 Commits 24 Branches 119 Tags
33696398eb877e8a668efcd3e08f48c5b8b6b1a1
Commit Graph

345 Commits

Author SHA1 Message Date
doug
71c7ffae3e Improve support for Suricata metadata #2200 2021-02-22 13:49:29 -05:00
doug
bcce205430 Improve support for Suricata metadata #2200 2021-02-22 13:00:14 -05:00
doug
3467f30603 Improve support for Suricata metadata #2200 2021-02-22 10:27:24 -05:00
Josh Brower
5ca3dc492c Merge pull request #3061 from Security-Onion-Solutions/foxtrot 
Fix Playbook Fields & Mappings
 2021-02-21 09:40:59 -05:00
Mike Reeves
0ea29144a8 Merge pull request #3047 from Security-Onion-Solutions/surifile2 
Suricata as Meta Data, File Extraction, And Parsing changes
 2021-02-19 14:09:38 -05:00
Mike Reeves
b4b449aa14 Pull in Suricata changes 2021-02-19 11:01:15 -05:00
doug
88eb5b1d61 Update syslog ingest parser to accomodate pfSense filterlog changes #3033 2021-02-19 08:02:32 -05:00
Josh Brower
d2a74c80e2 Update .security analyzer 2021-02-17 16:37:31 -05:00
Mike Reeves
160d307f4a Disable ML for features #2788 2021-01-30 20:00:41 -05:00
Mike Reeves
4212afe0c9 Add features option back 2021-01-30 19:57:18 -05:00
Josh Brower
13ab4c66eb Update Osquery Windows Eventlog Parsing 2021-01-27 09:15:54 -05:00
Mike Reeves
4ef38f8d04 Add EPS and RAID status collection for telegraf 2021-01-25 19:14:46 -05:00
Mike Reeves
636687ac59 Merge pull request #2702 from Security-Onion-Solutions/essecurity 
SSL with Elastic Basic license. Remove features option.
 2021-01-21 13:57:28 -05:00
Mike Reeves
9408d62c65 Remove features 2021-01-21 13:55:53 -05:00
Mike Reeves
f85ecf254e Fix dupe 2021-01-21 13:21:08 -05:00
Mike Reeves
9f984036c5 Use the internmediate cert 2021-01-21 13:00:46 -05:00
Mike Reeves
b0914fa604 try .p12 2021-01-21 12:46:00 -05:00
Mike Reeves
9759990233 Switch to java key store 2021-01-21 12:29:45 -05:00
Mike Reeves
bb523c44e6 Enable features temporarily 2021-01-21 12:19:41 -05:00
Mike Reeves
013b706ce4 Enable http ssl 2021-01-21 12:13:23 -05:00
Mike Reeves
84b75a38a3 Fix error in init.sls for ES 2021-01-21 11:21:04 -05:00
Mike Reeves
6de70ec820 Update docker mappings for ES 2021-01-21 11:12:12 -05:00
Mike Reeves
35c741ae63 Turn on Xpack SSL 2021-01-21 09:49:31 -05:00
m0duspwnens
b693373d8d change how we allow or disallow states to be run https://github.com/Security-Onion-Solutions/securityonion/issues/2679 2021-01-20 15:09:53 -05:00
Wes Lambert
875908dc90 Set @timestamp to winlog.systemTime 2021-01-06 16:47:35 +00:00
Mike Reeves
575098e368 Update init.sls 2020-12-17 20:23:38 -05:00
Mike Reeves
39425c1ba8 Fix extra extrahosts 2020-12-17 20:15:56 -05:00
TOoSmOotH
6448ddc31a Allow SNs to resolve the ES master 2020-12-17 20:08:21 -05:00
William Wernert
d670f96dc0 [fix] Exit on command failure in so-catrust 2020-12-16 11:07:00 -05:00
William Wernert
142649b396 [fix] Fix comparator 2020-12-16 10:38:34 -05:00
William Wernert
e464117e8a [fix] Run so-catrust in ES state on Helix sensor install 2020-12-16 10:19:44 -05:00
William Wernert
aa0d43b1db [fix] Always define ismanager var 2020-12-16 09:55:09 -05:00
William Wernert
af149d04a9 [fix] Only run portions of ES state, do not run container 2020-12-16 09:18:40 -05:00
Doug Burks
7a314b5935 Prevent Wazuh "last -n 20" logs from going to Alerts queue #2321 2020-12-12 11:35:29 -05:00
Doug Burks
61ae187d03 revert previous commit #2321 2020-12-12 10:12:23 -05:00
Mike Reeves
b5ed973abd Merge pull request #2138 from OmerTirosh/OmerTirosh-fix-win.eventlog 
Fix Error: SO elasticsearch ingest failed to convert 'winlog.event_data.SubjectUserName' to 'user.name'
 2020-12-12 10:00:27 -05:00
Doug Burks
85aac4ad75 Prevent Wazuh "last -n 20" logs from going to Alerts queue #2321 2020-12-12 09:22:08 -05:00
Mike Reeves
cd6a945a24 Merge pull request #2298 from Security-Onion-Solutions/escluster 
Traditional ES Clustering Support
 2020-12-10 12:07:17 -05:00
TOoSmOotH
42833b2086 Make non clustered node attributes 2020-12-10 11:14:32 -05:00
TOoSmOotH
d9d7f49b96 Adjust elasticsearch.yml 2020-12-10 11:09:38 -05:00
Wes Lambert
f689722559 Add initial suricata.ftp_data pipeline 2020-12-10 14:14:50 +00:00
TOoSmOotH
af15f0eb38 remove ml node.role 2020-12-09 16:23:38 -05:00
Mike Reeves
30e69bf7b2 Merge branch 'escluster' into newescluster 2020-12-09 15:23:49 -05:00
TOoSmOotH
0a48f7d5dc Simplify logic 2020-12-09 15:22:09 -05:00
TOoSmOotH
e983322a18 Fix elastic if statement 2020-12-09 11:31:22 -05:00
TOoSmOotH
6ceecbd524 Fixing some elasticsearch logic 2020-12-09 09:42:03 -05:00
Mike Reeves
8ea088c3fc Restart Elastic on addition of node. 2020-12-07 14:09:41 -05:00
Mike Reeves
94253e92a6 Adjust the elasticsearch config 2020-12-03 10:38:18 -05:00
weslambert
95570976a8 Add indices.query.bool.max_clause_count to allow for wildcard searches targeting more than 1024 fields 2020-12-03 09:29:44 -05:00
Mike Reeves
3e322c38eb Fix config for single cluster mode 2020-12-02 15:33:35 -05:00