CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-11 03:32:53 +01:00
Code Issues Packages Projects Releases Wiki Activity
15,376 Commits 26 Branches 119 Tags
34c3a58efe651b6b04f5890f6d2d0b48494cb15e
Commit Graph

32 Commits

Author SHA1 Message Date
m0duspwnens
469ca44016 fix maps 2024-06-20 16:53:12 -04:00
m0duspwnens
81fcd68e9b create and use redis:nodes and elasticsearch:nodes pillars 2024-06-20 16:42:11 -04:00
Corey Ogburn
5d3fd3d389 AdditionalCA and InsecureSkipVerify 
New fields have been added to manager and then duplicated over to SOC's config in the same vein as how proxy was updated earlier this week.

AdditionalCA holds the PEM formatted public keys that should be trusted when making requests. It has been implemented for both Sigma's zip downloads and Sigma and Suricata's repository clones and pulls.

InsecureSkipVerify has been added to help our users troubleshoot their configuration. Setting it to true will not verify the cert on outgoing requests. Self signed, missing, or invalid certs will not throw an error.
 2024-06-07 12:47:09 -06:00
Corey Ogburn
e85c3e5b27 SOC Proxy Setting 
The so_proxy value we build during install is now copied to SOC's config.
 2024-06-06 11:55:27 -06:00
Jason Ertel
45fd07cdf8 Merge pull request #12987 from Security-Onion-Solutions/jertel/testcy 
Add quick action to find related alerts for a detection
 2024-05-09 18:08:08 -04:00
Jason Ertel
fecd674fdb Add quick action to find related alerts for a detection 2024-05-09 17:55:41 -04:00
m0duspwnens
554a203541 update airgapEnabled in map file 2024-05-06 12:59:45 -04:00
m0duspwnens
5b966b83a9 change rulesRepos for airgap or not 2024-05-06 09:26:52 -04:00
m0duspwnens
7122709bbf set Sigma rules based on role if defined and default if not 2024-05-01 12:25:34 -04:00
DefensiveDepth
ca807bd6bd Use list not string 2024-04-04 16:58:39 -04:00
DefensiveDepth
49d5fa95a2 Detections tweaks 2024-04-04 11:26:44 -04:00
DefensiveDepth
94ee761207 Remove Playbook ref 2024-03-25 21:11:47 -04:00
Jason Ertel
844cfe55cd handle airgap when detections not enabled 2024-03-13 20:52:17 -04:00
Jason Ertel
927fe9039d handle airgap when detections not enabled 2024-03-13 20:50:03 -04:00
m0duspwnens
1a829190ac remove modules if detections disabled 2024-03-13 09:46:44 -04:00
Josh Brower
c6baa4be1b Airgap Support - Detections module 2024-02-26 16:19:32 -05:00
Doug Burks
daf96d7934 fix new eventFields in merged.map.jinja 2024-02-23 17:07:48 -05:00
Doug Burks
7da0ccf5a6 add more endpoint.events.x entries to merged.map.jinja 2024-02-23 15:35:53 -05:00
m0duspwnens
573d565976 convert _x_ to . for soc ui to config 2024-02-23 15:03:44 -05:00
m0duspwnens
35157f2e8b add comment 2023-09-07 15:46:04 -04:00
m0duspwnens
60f1947eb4 prevent endgame_dict from being added to standard_actions if it is already present 2023-09-07 14:01:19 -04:00
m0duspwnens
ffaab4a1b4 only add endgame to action if it is populated 2023-09-06 14:19:53 -04:00
m0duspwnens
8e18986671 enabled/disable soc in ui 2023-05-11 15:33:16 -04:00
Jason Ertel
aed41404fc Merge pull request #9852 from Security-Onion-Solutions/kilo 
Remove FleetDM tool from SOC instead of deactivating it; generate SRV key during setup
 2023-02-24 13:05:58 -05:00
Jason Ertel
d3c5d0569a Remove FleetDM tool instead of deactivating it 2023-02-24 10:20:02 -05:00
m0duspwnens
8f46e4aa30 set docker extra_hosts for soc 2023-02-23 12:26:58 -05:00
Jason Ertel
ea0c3db8e1 upgrade influxdb 2023-02-08 13:23:45 -05:00
Jason Ertel
f84ceca03e consolidate eventFields from hunt and dashbaords into a single setting 2022-12-15 14:22:23 -05:00
Jason Ertel
deb19d24b8 Always use local docs 2022-09-13 14:24:35 -04:00
m0duspwnens
5ccc103083 fix soc dashboards and things 2022-09-09 14:31:04 -04:00
m0duspwnens
5bb001281b soc defaults changes - client child of server 2022-09-08 15:57:18 -04:00
Mike Reeves
2bd9dd80e2 Move In Day 2022-09-07 09:06:25 -04:00