CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-11 11:42:50 +01:00
Code Issues Packages Projects Releases Wiki Activity
15,376 Commits 26 Branches 119 Tags
34c3a58efe651b6b04f5890f6d2d0b48494cb15e
Commit Graph

215 Commits

Author SHA1 Message Date
weslambert
bf91030204 Add option for detections without license 2024-06-21 15:33:11 -04:00
Doug Burks
07b9011636 Update defaults.yaml to put Process actions in logical order 2024-06-20 10:09:27 -04:00
Matthew Wright
bc2b3b7f8f Merge pull request #13236 from Security-Onion-Solutions/mwright/licenseDropdown 
Added license presets to defaults.yaml file
 2024-06-18 18:05:15 -04:00
unknown
ea02a2b868 Added license presets to defaults.yaml file 2024-06-18 16:52:00 -04:00
Doug Burks
de18bf06c3 FEATURE: Add new Process actions #13226 2024-06-18 10:36:41 -04:00
DefensiveDepth
521cccaed6 Update defaults 2024-06-18 08:43:00 -04:00
DefensiveDepth
7af94c172f Change spelling 2024-06-14 16:00:22 -04:00
DefensiveDepth
7556587e35 Update rule templates 2024-06-14 15:47:57 -04:00
DefensiveDepth
b7ac599a42 set to empty 2024-06-14 13:21:36 -04:00
DefensiveDepth
68302e14b9 add to defaults and tweaks 2024-06-14 09:28:23 -04:00
Corey Ogburn
d5ef0e5744 Fix unnecessary escaping 2024-06-11 12:34:32 -06:00
Corey Ogburn
85c269e697 Added TemplateDetections To Detection ClientParams 
The UI can now insert templates when you select a Detection language. These are those templates, annotated.
 2024-05-30 15:59:03 -06:00
Jason Ertel
bd11d59c15 add event.dataset since there are other datasets in soc logs 2024-05-24 08:38:12 -04:00
Jason Ertel
15155613c3 provide default columns when viewing SOC logs 2024-05-24 08:23:45 -04:00
Mike Reeves
1e6161f89c Update defaults.yaml 2024-05-23 08:19:43 -04:00
Doug Burks
3d4f3a04a3 Update defaults.yaml to fix order of groupby tables and eliminate duplicate 2024-05-23 05:56:18 -04:00
DefensiveDepth
f9e9b825cf Removed unneeded groupby 2024-05-21 17:53:20 -04:00
DefensiveDepth
3992ef1082 Add rule.uuid to default groupbys 2024-05-21 17:45:56 -04:00
Corey Ogburn
fcc72a4f4e Add Default IntegrityCheck Frequency Values 2024-05-20 11:23:25 -06:00
DefensiveDepth
b4aec9a9d0 alphabetical order 2024-05-15 16:29:21 -04:00
Doug Burks
67645a662d FEATURE: Add NetFlow dashboard #13009 2024-05-14 10:14:16 -04:00
Doug Burks
5b45c80a62 FEATURE: Add NetFlow dashboard #13009 2024-05-14 10:01:18 -04:00
DefensiveDepth
e430de88d3 Change rule updates to 24h 2024-05-13 13:15:06 -04:00
Jason Ertel
45fd07cdf8 Merge pull request #12987 from Security-Onion-Solutions/jertel/testcy 
Add quick action to find related alerts for a detection
 2024-05-09 18:08:08 -04:00
Jason Ertel
fecd674fdb Add quick action to find related alerts for a detection 2024-05-09 17:55:41 -04:00
Corey Ogburn
1da88b70ac Specify Error Retry Wait and Error Limit for All Detection Engines 
If a sync errors out, the engine will wait `communityRulesImportErrorSeconds` seconds instead of the usual `communityRulesImportFrequencySeconds` seconds wait.

If `failAfterConsecutiveErrorCount` errors happen in a row when syncing detections to ElasticSearch then the sync is considered a failure and will give up and try again later. This assumes ElasticSearch is the source of the errors and backs of in hopes it'll be able to fix itself.
 2024-05-07 10:34:50 -06:00
Josh Brower
b997e44715 Merge pull request #12939 from Security-Onion-Solutions/2.4/detections-airgap 
Initial airgap support for detections
 2024-05-06 15:46:29 -04:00
m0duspwnens
2431d7b028 Merge branch '2.4/detections-airgap' of https://github.com/Security-Onion-Solutions/securityonion into 2.4/detections-airgap 2024-05-06 15:27:27 -04:00
m0duspwnens
554a203541 update airgapEnabled in map file 2024-05-06 12:59:45 -04:00
DefensiveDepth
be1758aea7 Fix license and folder 2024-05-06 12:22:44 -04:00
m0duspwnens
5b966b83a9 change rulesRepos for airgap or not 2024-05-06 09:26:52 -04:00
Doug Burks
3f73b14a6a FEATURE: Add event.dataset to all Events table layouts #12641 2024-05-06 09:20:47 -04:00
Doug Burks
f689cfcd0a FEATURE: Add Events table columns for stun logs #12940 2024-05-06 08:52:43 -04:00
Doug Burks
7b905f5a94 FEATURE: Add Events table columns for tunnel logs #12937 2024-05-06 08:22:08 -04:00
Doug Burks
0822a46e94 FIX: Improve File dashboard #12914 2024-05-02 10:42:34 -04:00
Doug Burks
1be3e6204d FIX: Improve File dashboard #12914 2024-05-02 10:38:56 -04:00
Josh Patterson
72b2503b49 Merge pull request #12906 from Security-Onion-Solutions/det_easr 
Apply autoEnabledSigmaRules based on role if defined and default if not
 2024-05-01 13:05:36 -04:00
m0duspwnens
7122709bbf set Sigma rules based on role if defined and default if not 2024-05-01 12:25:34 -04:00
Corey Ogburn
ddf662bdb4 Mark Repos as Community 
Indicate that detection rules pulled from configured repos should be marked as Community rules.
 2024-04-29 16:22:30 -06:00
DefensiveDepth
f2c3c928fc Sigma pivot fix and cleanup 2024-04-29 08:49:05 -04:00
DefensiveDepth
3c3ed8b5c5 Add runtime status logs 2024-04-24 16:33:47 -04:00
Jorge Reyes
d402943403 Merge pull request #12773 from Security-Onion-Solutions/reyesj2/kismet 
Kismet integration for WiFi devices
 2024-04-22 15:59:22 -04:00
DefensiveDepth
a237ef5d96 Update default queries 2024-04-19 16:33:35 -04:00
DefensiveDepth
ff28476191 Fix compile_yara path 2024-04-16 13:10:17 -04:00
DefensiveDepth
dbfb178556 Add test 2024-04-16 12:22:53 -04:00
DefensiveDepth
f5e42e73af Add docs for ruleset change 2024-04-12 13:30:20 -04:00
DefensiveDepth
49ccd86c39 Fix fingerprint paths 2024-04-12 08:35:44 -04:00
reyesj2
55cf90f477 merge 2.4/dev 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-11 14:44:59 -04:00
reyesj2
c269fb90ac Added a Kismet Wifi devices dashboard for an overview of kismet data 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-11 14:41:54 -04:00
DefensiveDepth
ed97aa4e78 Enable Detections Adv by default 2024-04-11 08:21:20 -04:00