CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
15,507 Commits 24 Branches 119 Tags
52e52f35f79aab950617ee846221e5ebfbb8ecdb
Commit Graph

1116 Commits

Author SHA1 Message Date
Wes
9264a03dbc Add custom system component 2024-07-31 17:03:26 +00:00
Wes
fb2a42a9af Use custom system component 2024-07-31 17:02:45 +00:00
weslambert
bae348bef7 Change version 2024-07-30 16:44:44 -04:00
weslambert
0453f51e64 Actually ignore missing templates 2024-07-30 12:54:07 -04:00
weslambert
d833bd0d55 Elastic 8.14.3 2024-07-30 12:45:25 -04:00
weslambert
46eeb014af Add metrics settings 2024-07-30 12:39:50 -04:00
weslambert
c60b14e2e7 Merge branch '2.4/dev' into foxtrot 2024-07-30 08:52:48 -04:00
Corey Ogburn
20f915f649 so-detection refresh_interval => 1s 
Speeds up the refresh_interval so bulk indexing a single rule does not wait 30s.
 2024-07-25 12:53:04 -06:00
Wes
c55fa6dc6a Fix pattern for pipelines 2024-07-23 17:48:32 +00:00
Wes
17f37750e5 Remove onchanges condition 2024-07-23 16:46:18 +00:00
Wes
e789c17bc3 Add global@custom pipeline file 2024-07-23 16:37:37 +00:00
Wes
6f44d39b18 Remove Fleet final pipeline file 2024-07-23 16:37:03 +00:00
Wes
dd85249781 Remove Fleet final pipeline 2024-07-23 16:36:41 +00:00
Wes
2d0de87530 Add component templates for Fleet metrics 2024-07-17 15:19:46 +00:00
m0duspwnens
6d18177f98 only include global phases if defined in default for that index 2024-07-17 10:16:11 -04:00
m0duspwnens
72ad49ed12 add policy for so-lists and so-items 2024-07-16 14:36:06 -04:00
m0duspwnens
91b2e7d400 Merge remote-tracking branch 'origin/2.4/dev' into silsll 2024-07-16 14:06:56 -04:00
m0duspwnens
34c3a58efe add cold policy 2024-07-16 14:03:48 -04:00
Josh Patterson
a867557f54 Merge pull request #13353 from Security-Onion-Solutions/fci 
fix custom indices
 2024-07-16 13:18:11 -04:00
m0duspwnens
b814f32e0a fix custom indices 2024-07-16 12:39:30 -04:00
weslambert
bf07d56da6 Merge pull request #13341 from Security-Onion-Solutions/revert-13323-fix/agent_pipeline 
Revert "Change pipeline version for agent"
 2024-07-15 11:38:56 -04:00
weslambert
4e81860a13 Revert "Change pipeline version for agent" 2024-07-15 11:33:52 -04:00
weslambert
fe1824aedd Revert "Elastic 8.14.2" 2024-07-15 11:28:59 -04:00
weslambert
d432019ad9 Change version from 1.13.1 to 1.20.0 2024-07-10 12:48:08 -04:00
weslambert
0db0754ee5 Merge pull request #13316 from Security-Onion-Solutions/foxtrot 
Elastic 8.14.2
 2024-07-10 08:53:03 -04:00
Wes
1f5a990b1e Remove lines that aren't needed right now 2024-07-09 18:32:06 +00:00
Wes
669f68ad88 Fleet metric annotations 2024-07-09 15:39:59 +00:00
weslambert
8615e5d5ea Move enabled and index_clean back to the top 2024-07-08 16:50:06 -04:00
weslambert
745b6775f1 Change name for ILM 2024-07-02 09:05:35 -04:00
Wes
1b47d5c622 Changes for Elastic 8.14.1 2024-07-01 15:16:58 +00:00
Wes
32d7927a49 Template changes for Elastic 8.14.1 2024-07-01 15:16:06 +00:00
m0duspwnens
50f0c43212 merge dev 2024-06-26 12:33:32 -04:00
m0duspwnens
81fcd68e9b create and use redis:nodes and elasticsearch:nodes pillars 2024-06-20 16:42:11 -04:00
reyesj2
a81e4c3362 remove dash(-) from kafka.id 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-11 11:55:17 -04:00
reyesj2
08557ae287 kafka.id field should only be present when metadata for kafka exists 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-11 11:01:34 -04:00
reyesj2
4581a46529 Merge remote-tracking branch 'remotes/origin/2.4/dev' into reyesj2/kafka 2024-06-05 20:47:41 -04:00
reyesj2
3b0339a9b3 create kafka.id from kafka {partition}-{offset}-{timestamp} for tracking event 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-04 14:27:52 -04:00
reyesj2
75bdc92bbf Merge remote-tracking branch 'remotes/origin/2.4/dev' into reyesj2/kafka 2024-05-31 14:02:43 -04:00
Wes
a8c231ad8c Add component templates 2024-05-31 17:47:01 +00:00
Wes
f396247838 Add index templates and lifecycle policies 2024-05-31 17:46:19 +00:00
Wes
2c635bce62 Set index for Suricata alerts 2024-05-30 17:02:31 +00:00
Wes
e831354401 Add Suricata alerts setting for configuration 2024-05-30 17:00:11 +00:00
Wes
55c5ea5c4c Add template for Suricata alerts 2024-05-30 16:58:56 +00:00
reyesj2
1fd5165079 Merge remote-tracking branch 'origin/2.4/dev' into reyesj2/kafka 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-29 23:37:40 -04:00
DefensiveDepth
8e7c487cb0 Fix strelka rule.uuid 2024-05-23 05:59:31 -04:00
weslambert
f4490fab58 Add rule.uuid for YARA matches 2024-05-21 17:05:39 -04:00
weslambert
deb140e38e Exclude detections from template name matching 2024-05-21 13:38:52 -04:00
m0duspwnens
cc6cb346e7 fix issue/13030 2024-05-16 16:31:45 -04:00
m0duspwnens
b54632080e check if exists in override before popping 2024-05-16 16:04:17 -04:00
m0duspwnens
9796354b48 dont merge policy from global_overrides if not defined in default index_settings 2024-05-16 14:27:32 -04:00