CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-25 05:57:49 +02:00
Code Issues Packages Projects Releases Wiki Activity
14,450 Commits 40 Branches 125 Tags
58d222284e93264c6f0b0e0cd2e2fa74b14a94a0
Commit Graph

336 Commits

Author SHA1 Message Date
Josh Brower d832158cc5 Drop Hashes field 2024-03-01 15:26:02 -05:00
Josh Brower b017157d21 Add antivirus mapping 2024-03-01 14:04:56 -05:00
Josh Brower d04aa06455 Fix source.ip 2024-02-22 14:01:02 -05:00
Josh Brower c886e72793 Imphash mappings 2024-02-22 08:59:33 -05:00
Josh Brower 0a9022ba6a Add hash mappings 2024-02-21 17:07:08 -05:00
Josh Brower 81a3e95914 Fixup sigma pipelines 2024-02-07 16:42:16 -05:00
Josh Brower 7e3187c0b8 Fixup sigma pipelines 2024-02-07 15:35:31 -05:00
Corey Ogburn 858166bcae WIP: Detections Changes 
Removed some strelka/yara rules from salt.

Removed yara scripts for downloading and updating rules. This will be managed by SOC.

Added a new compile_yara.py script.

Added the strelka repos folder.
 2024-01-30 15:43:51 -07:00
Jason Ertel c09e8f0d71 improve timing of responses 2023-11-16 15:58:48 -05:00
Jason Ertel de99cda766 improve timing of responses 2023-11-16 15:51:17 -05:00
m0duspwnens 99662c999f log operation and minion target 2023-10-20 13:41:24 -04:00
Doug Burks da56a421e5 Update motd.md 2023-08-31 09:17:33 -04:00
Doug Burks 4426437ad3 Update motd.md 2023-08-10 15:04:31 -04:00
Jason Ertel 951f04c265 remove use of pipe 2023-06-29 12:10:12 -04:00
Jason Ertel b21b545756 use cluster-unique password for import encryption 2023-06-23 09:37:41 -04:00
Corey Ogburn 2b323ab661 Fix salt cmd.run commands for importing 
Functional and easy to read.
 2023-06-22 17:30:56 -06:00
Jason Ertel 0d92a1594a fix quotations 2023-06-22 14:41:39 -04:00
Corey Ogburn b5e5bd57ad Fix for Upload Import 
Needed to mount /nsm/soc/uploads into soc container.

Made the upload route configurable.

Added gpg logging to salt-relay.
 2023-06-21 15:41:16 -06:00
Corey Ogburn ad28ea275f Better state management 
When salt-cp runs it's course and finds it can't send a file, it outputs a report saying as much but the exit code will be zero. Now we remove the filename and node from the response and look for `True` to know if it succeeded. Also, respect the cleanup flag on success or failure.

Check the status of the decryption process before importing.

No longer decrypt locally, issue salt command for the remote client to do the decrypting.
 2023-06-20 09:41:14 -06:00
Corey Ogburn 41951659ec Use importer's new --json flag. 
Using the new --json flag is not only more reliable than using a regex, the way the import script was written even re-imports will provide a url. This means that in more cases we can provide the results to the users (even if nothing changed).
 2023-06-20 09:41:14 -06:00
Corey Ogburn 451a4784a1 send-file and import-file security 
Encrypt the file with a passphrase before sending and decrypt the file with the same passphrase before importing.
 2023-06-20 09:41:14 -06:00
Corey Ogburn 1b7095fa81 Improved import-file url regex 
sed doesn't remove ALL whitespace, only newlines. It's better to stop at the first whitespace than to stop at a particular, maybe-not-last query string parameter.
 2023-06-20 09:41:14 -06:00
Corey Ogburn 49055e260f salt-relay import-file reporting 
On successful import, return dashboard URL
 2023-06-20 09:41:14 -06:00
Corey Ogburn a465039887 2 new capabilities: send-file and import-file 2023-06-20 09:41:14 -06:00
Jason Ertel ba0ec18a33 Ignore Synchronize button clicks when an active salt job is running and another is already in queue 2023-05-22 14:52:07 -04:00
Jason Ertel 4930ae4ba6 add missing var for local dev 2023-05-17 18:14:21 -04:00
m0duspwnens 8e18986671 enabled/disable soc in ui 2023-05-11 15:33:16 -04:00
Doug Burks 4dcc79d245 FIX: Overview Customization link #10173 2023-04-20 16:26:51 -04:00
Jason Ertel 7f28cdd2a3 provide means for using salt-relay with local development against remove VMs 2023-04-10 14:04:03 -04:00
Jason Ertel 7f7e5474ed Add more logging for filecheck monitoring, and ensure scripts are accessible to salt-relay 2022-11-17 10:43:05 -05:00
Jason Ertel 0ffef75d7b Move background jobs to cron 2022-11-17 09:50:41 -05:00
Jason Ertel 35fab05bdd Retry so-user commands if another process is currently using so-user 2022-10-27 15:25:08 -04:00
Jason Ertel 981371c72f log salt-relay responses for troubleshooting assistance 2022-09-27 16:48:47 -04:00
Jason Ertel 53b4f01921 replace quotes on minion arg 2022-09-27 10:54:08 -04:00
Jason Ertel 7f7f2c15d0 add support for querying active salt jobs (future use) 2022-09-27 10:29:21 -04:00
Jason Ertel 556ddc2ee4 sync in background 2022-09-27 09:24:34 -04:00
Jason Ertel 8e175b2d3f add manual sync 2022-09-27 07:05:04 -04:00
Jason Ertel 0ad1a1a262 so-user and salt-relay updates for user management 2022-09-26 14:57:33 -04:00
Doug Burks 530c497800 Update motd.md 2022-09-20 15:16:04 -04:00
Jason Ertel d12ff79af0 Remove comments to avoid confusing config viewers within SOC 2022-09-13 12:08:19 -04:00
Jason Ertel 21c7f940d7 Update copyrights 2022-09-13 11:48:25 -04:00
m0duspwnens 5bb001281b soc defaults changes - client child of server 2022-09-08 15:57:18 -04:00
Jason Ertel b7bbe7d69f Add copyright notice 2022-09-08 10:27:56 -04:00
Jason Ertel df6ba5cbe9 initial salt relay script for comms with soc 2022-09-07 16:19:16 -04:00
Mike Reeves 2bd9dd80e2 Move In Day 2022-09-07 09:06:25 -04:00
Doug Burks 94c637449d FIX: Improve default dashboards #8136 2022-06-21 12:53:06 -04:00
Doug Burks dce415297c improve readability in motd.md 2022-06-04 06:59:09 -04:00
Doug Burks de126647f8 Update motd.md to include links to Dashboards and Cases 2022-06-04 06:55:08 -04:00
Doug Burks 83bff5ee87 add bar and pie examples to overview dashboard in dashboards.queries.json 2022-06-03 15:02:40 -04:00
Doug Burks 4a886338c8 fix description field for default dashboard in dashboards.queries.json 2022-06-03 11:10:01 -04:00