CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-24 01:43:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
14,815 Commits 19 Branches 120 Tags
33d1170a914b5e787cb25436bc3b306af5cbda3c
Commit Graph

9257 Commits

Author SHA1 Message Date
m0duspwnens
33d1170a91 add default pillar value for pillarWatch 2024-05-02 11:58:39 -04:00
Wes
3285ae9366 Update mappings for detection fields 2024-05-01 20:11:56 +00:00
Josh Patterson
72b2503b49 Merge pull request #12906 from Security-Onion-Solutions/det_easr 
Apply autoEnabledSigmaRules based on role if defined and default if not
 2024-05-01 13:05:36 -04:00
Mike Reeves
854799fabb Merge pull request #12902 from Security-Onion-Solutions/TOoSmOotH-patch-2 
Update config.sls
 2024-05-01 12:56:04 -04:00
m0duspwnens
47ba4c0f57 add new annotation for soc autoEnabledSigmaRules 2024-05-01 12:55:29 -04:00
Mike Reeves
10c8e4203c Update config.sls 2024-05-01 12:54:21 -04:00
Jason Ertel
05c69925c9 Merge pull request #12904 from Security-Onion-Solutions/jertel/wf 
mark detections settings as read-only via the UI
 2024-05-01 09:54:03 -07:00
Jason Ertel
252d9a5320 make rule settings advanced 2024-05-01 12:51:04 -04:00
m0duspwnens
7122709bbf set Sigma rules based on role if defined and default if not 2024-05-01 12:25:34 -04:00
Mike Reeves
f7223f132a Update config.sls 2024-05-01 12:00:39 -04:00
Mike Reeves
8cd75902f2 Update config.sls 2024-05-01 11:47:51 -04:00
Jason Ertel
c71af9127b mark detections settings as read-only via the UI 2024-05-01 11:47:38 -04:00
weslambert
e6f45161c1 Merge pull request #12900 from Security-Onion-Solutions/fix/cold_min_age 
Cold min_age to 60d
 2024-05-01 11:24:48 -04:00
weslambert
fe2edeb2fb 30d to 60d 2024-05-01 11:01:59 -04:00
weslambert
6294f751ee Cold min_age to 60d 2024-05-01 10:59:41 -04:00
Jason Ertel
66563a4da0 zeek networks will only ever have one HOME_NETWORKS setting 2024-05-01 09:31:11 -04:00
Jason Ertel
d0e140cf7b zeek networks will only ever have one HOME_NETWORKS setting 2024-05-01 09:30:52 -04:00
Jason Ertel
87c6d0a820 zeek networks will only ever have one HOME_NETWORKS setting 2024-05-01 09:29:36 -04:00
Jason Ertel
72db369fbb Merge branch '2.4/dev' into jertel/wf 2024-04-30 15:16:41 -04:00
Jason Ertel
84db82852c annotation updates for custom settings 2024-04-30 15:14:56 -04:00
coreyogburn
ea4750d8ad Merge pull request #12882 from Security-Onion-Solutions/cogburn/community-repos 
Mark Repos as Community
 2024-04-30 09:12:25 -06:00
Doug Burks
4d6124f982 FIX: Elasticsearch min_age regex #12885 2024-04-30 10:18:34 -04:00
Corey Ogburn
ddf662bdb4 Mark Repos as Community 
Indicate that detection rules pulled from configured repos should be marked as Community rules.
 2024-04-29 16:22:30 -06:00
reyesj2
fadb6e2aa9 Re-add original timestamp format + ignore failures with this processor 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-29 16:57:48 -04:00
reyesj2
192d91565d Update final pipeline timestamp format for event.module system events 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-29 16:34:29 -04:00
DefensiveDepth
f2c3c928fc Sigma pivot fix and cleanup 2024-04-29 08:49:05 -04:00
m0duspwnens
2c7eb3c755 only apply ulimits to suricata container if user enable mmap-locked 2024-04-25 10:05:59 -04:00
weslambert
b424426298 Exclude suricata 2024-04-25 09:14:18 -04:00
Josh Patterson
03f9160fcc Merge pull request #12860 from Security-Onion-Solutions/issue/12856 
allow for enabled/disable of so-elasticsearch-indices-delete cronjob
 2024-04-25 09:07:44 -04:00
m0duspwnens
d50de804a8 update annotation 2024-04-25 09:04:34 -04:00
weslambert
983ef362e9 Merge pull request #12858 from Security-Onion-Solutions/fix/index_sorting 
Change index sorting to account for older so-prefixed indices
 2024-04-25 08:54:22 -04:00
Josh Brower
d88c1a5e0a Merge pull request #12861 from Security-Onion-Solutions/2.4/detectionlogs 
Add runtime status logs
 2024-04-24 20:07:32 -04:00
weslambert
44afa55274 Fix comments about deletion 2024-04-24 17:41:37 -04:00
weslambert
ab832e4bb2 Include logstash-prefixed indices 2024-04-24 17:17:53 -04:00
DefensiveDepth
3c3ed8b5c5 Add runtime status logs 2024-04-24 16:33:47 -04:00
m0duspwnens
c9d9979f22 allow for enabled/disable of so-elasticsearch-indices-delete cronjob 2024-04-24 16:18:45 -04:00
m0duspwnens
73b5bb1a75 add memlock to so-suricata container 2024-04-24 15:35:17 -04:00
weslambert
59a02635ed Change index sorting 2024-04-24 15:18:49 -04:00
m0duspwnens
13a6520a8c mmap-locked default no 2024-04-24 13:50:12 -04:00
m0duspwnens
4b7f826a2a quote is so true becomes yes 2024-04-24 13:29:55 -04:00
m0duspwnens
0bd0c7b1ec allow for mmap-locked to be configured 2024-04-24 13:26:25 -04:00
weslambert
1b3a0a3de8 Remove hot max_age 2024-04-24 10:11:02 -04:00
weslambert
75b5e16696 Update description, type, and regex 2024-04-24 09:14:39 -04:00
weslambert
8a0a435700 Fix warm description 2024-04-24 08:35:19 -04:00
weslambert
691b02a15e Fix warm description 2024-04-23 10:40:09 -04:00
DefensiveDepth
58ddd55123 Exclude yara runtime log 2024-04-23 07:28:07 -04:00
Jorge Reyes
d402943403 Merge pull request #12773 from Security-Onion-Solutions/reyesj2/kismet 
Kismet integration for WiFi devices
 2024-04-22 15:59:22 -04:00
Josh Brower
64c43b1a55 Merge pull request #12805 from Security-Onion-Solutions/2.4/detectiondefaults 
Strelka fixes and more
 2024-04-19 16:53:07 -04:00
DefensiveDepth
a237ef5d96 Update default queries 2024-04-19 16:33:35 -04:00
Doug Burks
406dda6051 Update so-elasticsearch-cluster-space-used 2024-04-18 11:48:15 -04:00