CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-25 14:07:49 +02:00
Code Issues Packages Projects Releases Wiki Activity
6,167 Commits 40 Branches 125 Tags
537f7529f8299b62acf6dff85eb98bc771849c7d
Commit Graph

333 Commits

Author SHA1 Message Date
Mike Reeves 636687ac59 Merge pull request #2702 from Security-Onion-Solutions/essecurity 
SSL with Elastic Basic license. Remove features option.
 2021-01-21 13:57:28 -05:00
Mike Reeves 9408d62c65 Remove features 2021-01-21 13:55:53 -05:00
Mike Reeves f85ecf254e Fix dupe 2021-01-21 13:21:08 -05:00
Mike Reeves 9f984036c5 Use the internmediate cert 2021-01-21 13:00:46 -05:00
Mike Reeves b0914fa604 try .p12 2021-01-21 12:46:00 -05:00
Mike Reeves 9759990233 Switch to java key store 2021-01-21 12:29:45 -05:00
Mike Reeves bb523c44e6 Enable features temporarily 2021-01-21 12:19:41 -05:00
Mike Reeves 013b706ce4 Enable http ssl 2021-01-21 12:13:23 -05:00
Mike Reeves 84b75a38a3 Fix error in init.sls for ES 2021-01-21 11:21:04 -05:00
Mike Reeves 6de70ec820 Update docker mappings for ES 2021-01-21 11:12:12 -05:00
Mike Reeves 35c741ae63 Turn on Xpack SSL 2021-01-21 09:49:31 -05:00
m0duspwnens b693373d8d change how we allow or disallow states to be run https://github.com/Security-Onion-Solutions/securityonion/issues/2679 2021-01-20 15:09:53 -05:00
Wes Lambert 875908dc90 Set @timestamp to winlog.systemTime 2021-01-06 16:47:35 +00:00
Mike Reeves 575098e368 Update init.sls 2020-12-17 20:23:38 -05:00
Mike Reeves 39425c1ba8 Fix extra extrahosts 2020-12-17 20:15:56 -05:00
TOoSmOotH 6448ddc31a Allow SNs to resolve the ES master 2020-12-17 20:08:21 -05:00
William Wernert d670f96dc0 [fix] Exit on command failure in so-catrust 2020-12-16 11:07:00 -05:00
William Wernert 142649b396 [fix] Fix comparator 2020-12-16 10:38:34 -05:00
William Wernert e464117e8a [fix] Run so-catrust in ES state on Helix sensor install 2020-12-16 10:19:44 -05:00
William Wernert aa0d43b1db [fix] Always define ismanager var 2020-12-16 09:55:09 -05:00
William Wernert af149d04a9 [fix] Only run portions of ES state, do not run container 2020-12-16 09:18:40 -05:00
Doug Burks 7a314b5935 Prevent Wazuh "last -n 20" logs from going to Alerts queue #2321 2020-12-12 11:35:29 -05:00
Doug Burks 61ae187d03 revert previous commit #2321 2020-12-12 10:12:23 -05:00
Mike Reeves b5ed973abd Merge pull request #2138 from OmerTirosh/OmerTirosh-fix-win.eventlog 
Fix Error: SO elasticsearch ingest failed to convert 'winlog.event_data.SubjectUserName' to 'user.name'
 2020-12-12 10:00:27 -05:00
Doug Burks 85aac4ad75 Prevent Wazuh "last -n 20" logs from going to Alerts queue #2321 2020-12-12 09:22:08 -05:00
Mike Reeves cd6a945a24 Merge pull request #2298 from Security-Onion-Solutions/escluster 
Traditional ES Clustering Support
 2020-12-10 12:07:17 -05:00
TOoSmOotH 42833b2086 Make non clustered node attributes 2020-12-10 11:14:32 -05:00
TOoSmOotH d9d7f49b96 Adjust elasticsearch.yml 2020-12-10 11:09:38 -05:00
Wes Lambert f689722559 Add initial suricata.ftp_data pipeline 2020-12-10 14:14:50 +00:00
TOoSmOotH af15f0eb38 remove ml node.role 2020-12-09 16:23:38 -05:00
Mike Reeves 30e69bf7b2 Merge branch 'escluster' into newescluster 2020-12-09 15:23:49 -05:00
TOoSmOotH 0a48f7d5dc Simplify logic 2020-12-09 15:22:09 -05:00
TOoSmOotH e983322a18 Fix elastic if statement 2020-12-09 11:31:22 -05:00
TOoSmOotH 6ceecbd524 Fixing some elasticsearch logic 2020-12-09 09:42:03 -05:00
Mike Reeves 8ea088c3fc Restart Elastic on addition of node. 2020-12-07 14:09:41 -05:00
Mike Reeves 94253e92a6 Adjust the elasticsearch config 2020-12-03 10:38:18 -05:00
weslambert 95570976a8 Add indices.query.bool.max_clause_count to allow for wildcard searches targeting more than 1024 fields 2020-12-03 09:29:44 -05:00
Mike Reeves 3e322c38eb Fix config for single cluster mode 2020-12-02 15:33:35 -05:00
Mike Reeves d004263b71 Add Elastic Clustering 2020-12-02 14:33:22 -05:00
Mike Reeves ddca9563e5 Merge branch 'mkrmerge' into escluster 2020-11-24 10:29:57 -05:00
OmerTirosh e2ee0db727 Ignore failure for rename processor 
Ignore failure for winlog.event_data.SubjectUserName rename processor.
For some event ids (for example 4688), this field already been added in winlogbeat JS processor.
Therefor, elastic throw [user.name] already exists error.
 2020-11-24 17:21:47 +02:00
Mike Reeves 426769588a Merge pull request #1739 from jtgreen-cse/patch-2 
fix for Windows events via osquery
 2020-11-21 13:27:05 -05:00
Josh Brower 1908a68330 Cleanup & fix sysmon pid ingest 2020-11-14 16:19:23 -05:00
Wes Lambert fddfb8eb92 Syslog updates 2020-11-13 16:06:22 +00:00
Wes Lambert 8258b782fc Update syslog pipeline to allow for initial CEF parsing and pipeline targeting 2020-11-11 21:39:40 +00:00
weslambert ea1f53b40c Add check for field 2020-11-11 10:29:58 -05:00
m0duspwnens 1fca5e65df redo how containers get added to so-status https://github.com/Security-Onion-Solutions/securityonion/issues/1681 2020-11-10 15:31:47 -05:00
Wes Lambert 7e578d2ce0 Pull out additional fields from Exif info 2020-11-09 16:53:53 +00:00
Wes Lambert 3113d5fbdb Format scan.exiftool as text 2020-11-02 19:31:14 +00:00
Wes Lambert 6420ee0310 Update parsing for scan.exiftool 2020-11-02 19:28:12 +00:00