CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 17:52:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
11,026 Commits 24 Branches 119 Tags
4923fb1c3593670a476c311c81aa7f53c7b6f4d2
Commit Graph

6660 Commits

Author SHA1 Message Date
weslambert
4391c22335 Move Suricata import policy definition so that it does not get caught in the for loop for Zeek policies 2023-01-11 12:23:50 -05:00
weslambert
b3e0183e39 Remove pipeline.load from top.sls so that Filebeat module loading is not attempted 2023-01-11 12:19:06 -05:00
Wes
52b620b137 Add additional conditional logic for Filebeat and disable Filebeat 2023-01-11 14:10:11 +00:00
Wes
33e2affb1d Remove newlines from end of Syslog processor definitions 2023-01-11 14:08:28 +00:00
Wes
c3b83f1fc8 Update template settings to use data streams 2023-01-11 14:03:11 +00:00
Wes
5062dd2873 Suricata Elasticsearch ingest node pipeline changes - set 'alert' dataset 2023-01-11 14:02:09 +00:00
Wes
2e886d0c55 Remove data_index_name processor since we are using data streams 2023-01-11 13:58:38 +00:00
Wes
5d86edeed4 Modify Logstash Elastic Agent output to accomodate for events with and without 'metadata.pipeline' 2023-01-11 13:57:32 +00:00
Wes
caf0ea6b53 Add Elastic Agent policy view script 2023-01-11 13:56:21 +00:00
Wes
a146f1134e Add Elastic Agent utility scripts 2023-01-11 13:54:42 +00:00
Mike Reeves
7cecc910d5 Merge pull request #9458 from Security-Onion-Solutions/2.4/firewall 
2.4/firewall
 2023-01-11 08:49:15 -05:00
m0duspwnens
76fff1b1e0 add logstash ports 2023-01-10 17:02:54 -05:00
Doug Burks
c15db73561 Avoid unnecessary Zeek processes in Import Mode 2023-01-10 16:48:47 -05:00
Doug Burks
554754421c Avoid unecessary Suricata processes in Import Mode 2023-01-10 16:48:06 -05:00
Doug Burks
322efa304a Avoid unnecessary processes in Import Mode 2023-01-10 16:47:18 -05:00
Mike Reeves
ab3a7abcc7 run restore each time 2023-01-10 16:08:44 -05:00
Mike Reeves
302bf28b6c Merge branch '2.4/firewall' of https://github.com/Security-Onion-Solutions/securityonion into 2.4/firewall 2023-01-09 15:00:05 -05:00
Mike Reeves
5058210bbb Changes to iptables.jinja 2023-01-09 14:59:55 -05:00
m0duspwnens
ac157432de include docker 2023-01-09 14:58:36 -05:00
m0duspwnens
ec5c565cec put elastalert on sosbridge 2023-01-09 14:49:33 -05:00
m0duspwnens
dbbcea0009 look for True 2023-01-09 11:53:32 -05:00
m0duspwnens
c313b19b50 Merge remote-tracking branch 'remotes/origin/2.4/dev' into 2.4/firewall 2023-01-09 11:18:08 -05:00
Mike Reeves
73ae48d28e Merge pull request #9539 from Security-Onion-Solutions/mkr24 
Changes to accept minion
 2023-01-09 11:17:45 -05:00
Mike Reeves
0e1e9ff343 Changes to accept minion 2023-01-09 11:15:29 -05:00
Doug Burks
c1dfb9f935 Add missing Zeek log to filebeat defaults.yaml 2023-01-06 14:27:40 -05:00
Doug Burks
10e82c5f1c Remove line numbers from vi 2023-01-06 14:23:54 -05:00
m0duspwnens
d4c6834cd0 merge with 2.4/dev 2023-01-06 14:01:58 -05:00
m0duspwnens
4aacc6d1db change role names in so-firewall-minion 2023-01-06 11:09:09 -05:00
m0duspwnens
cb1822a62d change ref to DOCKER.sosrange 2023-01-05 15:57:06 -05:00
m0duspwnens
f10238da42 fw changes 2023-01-04 16:06:14 -05:00
Mike Reeves
2e53476a06 Merge pull request #9516 from Security-Onion-Solutions/mkr24 
Add PW auth for Redis
 2023-01-04 14:50:27 -05:00
Mike Reeves
275aead5b9 Allow auth for redis check for tgraf 2023-01-04 14:30:28 -05:00
Mike Reeves
e52b54720a Allow auth for redis check for tgraf 2023-01-04 14:26:24 -05:00
Mike Reeves
5afad52b3f Allow auth for redis check for tgraf 2023-01-04 14:18:08 -05:00
Mike Reeves
9bc08661c5 Allow auth for redis check for tgraf 2023-01-04 14:15:53 -05:00
Mike Reeves
48a3f4e261 Allow auth for redis check for tgraf 2023-01-04 14:14:10 -05:00
doug
7ba4bdd87b fix jinja whitespace 2023-01-04 13:50:25 -05:00
Mike Reeves
831300b540 Require password auth for redis access 2023-01-04 11:02:40 -05:00
Doug Burks
5754365c6d Improve default sysmon fields and add new network_connection fields 2023-01-04 07:42:24 -05:00
Mike Reeves
08d7b24fb4 Update soc_global.yaml 2023-01-03 12:17:51 -05:00
Mike Reeves
df89445ab5 Update soc_global.yaml 2023-01-03 12:17:14 -05:00
m0duspwnens
203e612452 enable icc and hostbinding on sosbridge 2023-01-03 11:21:05 -05:00
m0duspwnens
c35a3e122f add ip to container.add containers to sosbridge 2023-01-03 11:13:50 -05:00
Wes
c8ff2c7a06 Update RITA beacon parsing 2023-01-03 16:03:49 +00:00
doug
4e5d1d587e update sysmon ingest parser and Sysmon File dashboard 2023-01-03 09:02:17 -05:00
Jason Ertel
a89976779d Ensure create/update dates are both reset when an admin sets a user's password 2022-12-30 11:30:09 -05:00
Mike Reeves
058b4013aa Merge pull request #9470 from Security-Onion-Solutions/kilo 
Kilo
 2022-12-23 10:37:22 -05:00
Jason Ertel
136867c96a ensure zombie pipe is destroyed before SOC restarts 2022-12-23 10:27:49 -05:00
Mike Reeves
75ffd1f56b Update soc_global.yaml 2022-12-23 08:55:19 -05:00
m0duspwnens
24876eecd9 change refs from sosnet to sosbridge 2022-12-22 14:02:40 -05:00