CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 17:52:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
15,376 Commits 24 Branches 119 Tags
34c3a58efe651b6b04f5890f6d2d0b48494cb15e
Commit Graph

9690 Commits

Author SHA1 Message Date
Mike Reeves
326c59bb26 Update soc_idstools.yaml 2024-05-08 08:42:38 -04:00
Mike Reeves
2eee617788 Update soc_idstools.yaml 2024-05-07 17:21:01 -04:00
Corey Ogburn
1da88b70ac Specify Error Retry Wait and Error Limit for All Detection Engines 
If a sync errors out, the engine will wait `communityRulesImportErrorSeconds` seconds instead of the usual `communityRulesImportFrequencySeconds` seconds wait.

If `failAfterConsecutiveErrorCount` errors happen in a row when syncing detections to ElasticSearch then the sync is considered a failure and will give up and try again later. This assumes ElasticSearch is the source of the errors and backs of in hopes it'll be able to fix itself.
 2024-05-07 10:34:50 -06:00
Jason Ertel
b4817fa062 Merge pull request #12956 from Security-Onion-Solutions/jertel/testcy 
test regexes for detections
 2024-05-07 08:45:38 -07:00
weslambert
2e70d157e2 Add ref 2024-05-07 11:13:51 -04:00
m0duspwnens
5e2e5b2724 Merge remote-tracking branch 'origin/2.4/dev' into orchit 2024-05-07 10:44:14 -04:00
m0duspwnens
dcc1f656ee predownload logstash and elastic for new searchnode and heavynode 2024-05-07 10:13:51 -04:00
Wes
bee8c2c1ce Remove watch 2024-05-07 13:21:59 +00:00
Jason Ertel
4ebe070cd8 test regexes for detections 2024-05-06 19:03:12 -04:00
weslambert
a5e89c0854 Merge pull request #12947 from Security-Onion-Solutions/fix/strelka_yara_distributed 
Fix YARA rules for distributed deployments
 2024-05-06 15:53:08 -04:00
weslambert
a25e43db8f Merge pull request #12948 from Security-Onion-Solutions/fix/strelka_yara_watch 
Restart Strelka backend when YARA rules change
 2024-05-06 15:52:57 -04:00
Josh Brower
b997e44715 Merge pull request #12939 from Security-Onion-Solutions/2.4/detections-airgap 
Initial airgap support for detections
 2024-05-06 15:46:29 -04:00
Wes
1e48955376 Restart when rules change 2024-05-06 19:39:03 +00:00
Wes
5056ec526b Add compiled directory 2024-05-06 19:27:38 +00:00
m0duspwnens
2431d7b028 Merge branch '2.4/detections-airgap' of https://github.com/Security-Onion-Solutions/securityonion into 2.4/detections-airgap 2024-05-06 15:27:27 -04:00
Wes
d2fa77ae10 Update compile script 2024-05-06 19:10:41 +00:00
Wes
445fb31634 Add manager SLS 2024-05-06 19:09:37 +00:00
Wes
5aa611302a Handle YARA rules for distributed deployments 2024-05-06 19:08:01 +00:00
m0duspwnens
554a203541 update airgapEnabled in map file 2024-05-06 12:59:45 -04:00
DefensiveDepth
be1758aea7 Fix license and folder 2024-05-06 12:22:44 -04:00
m0duspwnens
38f74d2e9e change quotes 2024-05-06 11:38:30 -04:00
m0duspwnens
5b966b83a9 change rulesRepos for airgap or not 2024-05-06 09:26:52 -04:00
Doug Burks
3f73b14a6a FEATURE: Add event.dataset to all Events table layouts #12641 2024-05-06 09:20:47 -04:00
Doug Burks
f689cfcd0a FEATURE: Add Events table columns for stun logs #12940 2024-05-06 08:52:43 -04:00
DefensiveDepth
26c6a98b45 Initial airgap support for detections 2024-05-06 08:43:01 -04:00
Doug Burks
7b905f5a94 FEATURE: Add Events table columns for tunnel logs #12937 2024-05-06 08:22:08 -04:00
m0duspwnens
bdf1b45a07 redirect and throw in bg 2024-05-03 14:54:44 -04:00
m0duspwnens
3d4fd59a15 orchit 2024-05-03 13:48:51 -04:00
m0duspwnens
442a717d75 orchit 2024-05-03 12:08:57 -04:00
m0duspwnens
fa3522a233 fix requirement 2024-05-03 11:10:21 -04:00
m0duspwnens
bbc374b56e add logic in orch 2024-05-03 09:56:52 -04:00
m0duspwnens
2929877042 fix var 2024-05-02 16:37:54 -04:00
m0duspwnens
8035740d2b Merge remote-tracking branch 'origin/2.4/dev' into orchit 2024-05-02 16:34:24 -04:00
Josh Patterson
4f8aaba6c6 Merge pull request #12918 from Security-Onion-Solutions/pw 
run so-rule-update if ruleset or code changes for idstools
 2024-05-02 16:33:24 -04:00
m0duspwnens
e9b1263249 orchestate searchnode deployment 2024-05-02 16:32:43 -04:00
Josh Patterson
3b2d3573d8 Update pillarWatch.py 2024-05-02 16:06:04 -04:00
reyesj2
e960ae66a3 Merge remote-tracking branch 'remotes/origin/2.4/dev' into reyesj2/kafka 2024-05-02 15:12:27 -04:00
reyesj2
093cbc5ebc Reconfigure Kafka defaults 
- Set default number of partitions per topic -> 3. Helps ensure that out of the box we can take advantage of multi-node Kafka clusters via load balancing across atleast 3 brokers. Also multiple searchnodes will be able to pull from each topic. In this case 3 searchnodes (consumers) would be able to pull from all topics concurrently.
- Set default replication factor -> 2. This is the minimum value required for redundancy. Every partition will have 1 replica. In this case if we have 2 brokers each topic will have 3 partitions (load balanced across brokers) and each partition will have a replica on separate broker for redundancy

Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-02 15:10:13 -04:00
reyesj2
f663ef8c16 Setup Kafka to use PKCS12 and remove need for converting to JKS 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-02 14:53:28 -04:00
reyesj2
de9f6425f9 Automatically switch between Kafka output policy and logstash output policy when globals.pipeline changes 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-02 12:13:46 -04:00
m0duspwnens
33d1170a91 add default pillar value for pillarWatch 2024-05-02 11:58:39 -04:00
Doug Burks
0822a46e94 FIX: Improve File dashboard #12914 2024-05-02 10:42:34 -04:00
Doug Burks
1be3e6204d FIX: Improve File dashboard #12914 2024-05-02 10:38:56 -04:00
Wes
3285ae9366 Update mappings for detection fields 2024-05-01 20:11:56 +00:00
reyesj2
47ced60243 Create new Kafka output policy using salt 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-01 14:49:51 -04:00
Josh Patterson
72b2503b49 Merge pull request #12906 from Security-Onion-Solutions/det_easr 
Apply autoEnabledSigmaRules based on role if defined and default if not
 2024-05-01 13:05:36 -04:00
reyesj2
58ebbfba20 Add kafka state to standalone highstate 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-01 13:03:14 -04:00
reyesj2
e164d15ec6 Generate different Kafka certs for different SO nodetypes 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-01 13:02:47 -04:00
reyesj2
3efdb4e532 Reconfigure logstash Kafka input 
- TODO: Configure what topics are pulled to searchnodes via the SOC UI

Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-01 13:01:29 -04:00
Mike Reeves
854799fabb Merge pull request #12902 from Security-Onion-Solutions/TOoSmOotH-patch-2 
Update config.sls
 2024-05-01 12:56:04 -04:00