CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 10:12:53 +01:00
Code Issues Packages Projects Releases Wiki Activity
15,376 Commits 24 Branches 119 Tags
34c3a58efe651b6b04f5890f6d2d0b48494cb15e
Commit Graph

9690 Commits

Author SHA1 Message Date
reyesj2
ca7253a589 Run kafka-clusterid script when pillar values are missing 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-11 15:38:03 -04:00
reyesj2
af53dcda1b Remove references to kafkanode 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-11 15:32:00 -04:00
reyesj2
55cf90f477 merge 2.4/dev 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-11 14:44:59 -04:00
reyesj2
c269fb90ac Added a Kismet Wifi devices dashboard for an overview of kismet data 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-11 14:41:54 -04:00
Mike Reeves
1250a728ac Merge pull request #12769 from Security-Onion-Solutions/TOoSmOotH-patch-3 
Update analyst.json
 2024-04-11 14:30:17 -04:00
reyesj2
68e016090b Fix network.wireless.ssid not parsing 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-11 13:21:54 -04:00
reyesj2
fd689a4607 Fix typo in ingest pipeline 
Test to fix duplicate events in SOC, by removing conflicting field event.created

Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-11 11:18:04 -04:00
DefensiveDepth
1c5f02ade2 Update annotations 2024-04-11 09:21:08 -04:00
DefensiveDepth
ed97aa4e78 Enable Detections Adv by default 2024-04-11 08:21:20 -04:00
reyesj2
7124f04138 Update ingest pipelines to match updated mappings 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-10 16:13:06 -04:00
reyesj2
2ab9cbba61 Update wording for Kismet poll interval annotation 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-10 16:12:22 -04:00
reyesj2
4097e1d81a Create mappings for Kismet integration 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-10 16:10:27 -04:00
m0duspwnens
d3bd56b131 disable logstash and redis if kafka enabled 2024-04-10 14:13:27 -04:00
m0duspwnens
e9e61ea2d8 Merge remote-tracking branch 'origin/2.4/dev' into kaffytaffy 2024-04-10 13:14:13 -04:00
m0duspwnens
86b984001d annotations and enable/disable from ui 2024-04-10 10:39:06 -04:00
Mike Reeves
2206553e03 Update analyst.json 2024-04-10 09:49:21 -04:00
m0duspwnens
fa7f8104c8 Merge remote-tracking branch 'origin/reyesj2/kafka' into kaffytaffy 2024-04-09 11:13:02 -04:00
m0duspwnens
bd5fe43285 jinja config files 2024-04-09 11:07:53 -04:00
m0duspwnens
d38051e806 fix client and server properties formatting 2024-04-09 10:36:37 -04:00
m0duspwnens
daa5342986 items not keys in for loop 2024-04-09 10:22:05 -04:00
m0duspwnens
c48436ccbf fix dict update 2024-04-09 10:19:17 -04:00
m0duspwnens
7aa00faa6c fix var 2024-04-09 09:31:54 -04:00
m0duspwnens
6217a7b9a9 add defaults and jijafy kafka config 2024-04-09 09:27:21 -04:00
reyesj2
d67ebabc95 Remove logstash output to kafka pipeline. Add additional topics for searchnodes to ingest and add partition/offset info to event 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-08 16:38:03 -04:00
DefensiveDepth
376efab40c Ship Defender logs 2024-04-08 14:01:38 -04:00
reyesj2
65274e89d7 Add client_id to logstash pipeline. To identify which searchnode is pulling messages 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-05 15:38:00 -04:00
reyesj2
721e04f793 initial logstash input from kafka over ssl 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-05 13:37:14 -04:00
Corey Ogburn
00cea6fb80 Detection Author as a Keyword instead of Text 
With Quick Actions added to Detections, as many fields should be usable as possible.
 2024-04-05 11:22:47 -06:00
reyesj2
433309ef1a Generate kafka cluster id if it doesn't exist 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-05 09:35:12 -04:00
Mike Reeves
21f86be8ee Update so-log-check 2024-04-05 08:03:42 -04:00
Josh Brower
8e38c3763e Merge pull request #12756 from Security-Onion-Solutions/2.4/detections-defaults 
Use list not string
 2024-04-04 17:00:38 -04:00
DefensiveDepth
ca807bd6bd Use list not string 2024-04-04 16:58:39 -04:00
reyesj2
735cfb4c29 Autogenerate kafka topics when a message it sent to non-existing topic 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-04 16:45:58 -04:00
reyesj2
6202090836 Merge remote-tracking branch 'origin/kaffytaffy' into reyesj2/kafka 2024-04-04 16:27:06 -04:00
reyesj2
436cbc1f06 Add kafka signing_policy for client/server auth. Add kafka-client cert on manager so manager can interact with kafka using its own cert 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-04 16:21:29 -04:00
reyesj2
40b08d737c Generate kafka keystore on changes to kafka.key 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-04 16:16:53 -04:00
m0duspwnens
4c5b42b898 restart container on server config changes 2024-04-04 15:47:01 -04:00
m0duspwnens
7a6b72ebac add so-kafka to manager for firewall 2024-04-04 15:46:11 -04:00
Josh Brower
f72cbd5f23 Merge pull request #12755 from Security-Onion-Solutions/2.4/detections-defaults 
2.4/detections defaults
 2024-04-04 11:33:59 -04:00
Josh Brower
1d7e47f589 Merge pull request #12682 from Security-Onion-Solutions/2.4/soup-playbook 
2.4/soup playbook
 2024-04-04 11:28:09 -04:00
DefensiveDepth
49d5fa95a2 Detections tweaks 2024-04-04 11:26:44 -04:00
Doug Burks
b0aee238b1 Merge pull request #12753 from Security-Onion-Solutions/dougburks-patch-1 
FEATURE: Add dashboards specific to Elastic Agent #12746
 2024-04-04 09:35:21 -04:00
Doug Burks
d8ac3f1292 FEATURE: Add dashboards specific to Elastic Agent #12746 2024-04-04 09:30:05 -04:00
Mike Reeves
784ec54795 2.3 updates 2024-04-04 09:24:17 -04:00
Mike Reeves
54fce4bf8f 2.3 updates 2024-04-04 09:21:16 -04:00
Mike Reeves
c4ebe25bab Attempt to fix 2.3 when main repo changes 2024-04-04 09:18:37 -04:00
Doug Burks
5ec3b834fb FEATURE: Add Events table columns for event.module sigma #12743 2024-04-04 09:11:41 -04:00
Mike Reeves
7668fa1396 Attempt to fix 2.3 when main repo changes 2024-04-04 09:03:29 -04:00
Mike Reeves
470b0e4bf6 Attempt to fix 2.3 when main repo changes 2024-04-04 08:55:13 -04:00
Mike Reeves
d3f163bf9e Attempt to fix 2.3 when main repo changes 2024-04-04 08:54:04 -04:00