CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
10,735 Commits 24 Branches 119 Tags
592bbf42173fbe73046def9656ebb4637e42aacd
Commit Graph

10735 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jason Ertel
592bbf4217 fix filecheck for suricata deployments 2022-12-05 09:21:08 -05:00
Mike Reeves
eacf6238d8 Merge pull request #9274 from Security-Onion-Solutions/2.3.190 
2.3.190
 2022-12-02 15:33:53 -05:00
Mike Reeves
0a7ada314d 2.3.190 2022-12-02 15:31:42 -05:00
Mike Reeves
c8edb43748 Merge pull request #9272 from Security-Onion-Solutions/2.3.190 
2.3.190
 2022-12-02 15:28:02 -05:00
Mike Reeves
f112663a76 2.3.190 2022-12-02 15:21:42 -05:00
weslambert
4311d5135b Merge pull request #9269 from Security-Onion-Solutions/fix/zeek_scripts_bzar_remove_by_default 
Don't load BZAR script(s) by default
 2022-12-02 11:02:07 -05:00
weslambert
2b2d39c869 Don't load BZAR script(s) by default 2022-12-02 10:46:45 -05:00
Mike Reeves
fcc0534572 Merge pull request #9267 from Security-Onion-Solutions/TOoSmOotH-patch-4 
Update init.sls
 2022-12-02 09:41:03 -05:00
Mike Reeves
a3f9859fdb Update init.sls 2022-12-02 09:38:13 -05:00
Doug Burks
cf5d5e4fc2 Merge pull request #9257 from Security-Onion-Solutions/dougburks-patch-1 
Disable ecat_arp_info by default in so-zeek-logs and so-whiptail
 2022-12-01 07:31:47 -05:00
Doug Burks
7184b9cb25 disable ecat_arp_info by default in so-zeek-logs 2022-12-01 07:18:05 -05:00
Doug Burks
544d716c19 disable ecat_arp_info by default 2022-12-01 07:17:16 -05:00
weslambert
f1f611cede Merge pull request #9256 from Security-Onion-Solutions/fix/ics_ingest_pipelines_bsap_node_status 
Change 'bsap.node.status.byte' to 'bsap.node.status_byte'
 2022-11-30 13:04:39 -05:00
weslambert
5988c12773 Change 'bsap.node.status.byte' to 'bsap.node.status_byte' 2022-11-30 13:01:30 -05:00
Mike Reeves
dc5f4ef942 Merge pull request #9253 from Security-Onion-Solutions/TOoSmOotH-patch-2 
Use shutil in case there are multiple filesystems involved.
 2022-11-30 11:04:30 -05:00
Doug Burks
91e15c233d Merge pull request #9252 from Security-Onion-Solutions/dougburks-patch-1 
update stun, tunnel, and wireguard dashboards in dashboards.queries.json
 2022-11-30 11:03:56 -05:00
Mike Reeves
42cde0b6f0 Use shutil in case there are multiple filesystems involved. 2022-11-30 10:59:09 -05:00
Doug Burks
1279997ca9 update stun, tunnel, and wireguard dashboards in dashboards.queries.json 2022-11-30 10:59:00 -05:00
weslambert
93e0ec8696 Merge pull request #9249 from Security-Onion-Solutions/fix/ics_ingest_pipelines_additional_field_renames 
More ICS Field Name Updates
 2022-11-30 10:26:36 -05:00
Wes
8f0547beda Change 'bsap.node.status_byte' to 'bsap.node_status_byte'. 2022-11-30 15:24:53 +00:00
Wes
6cb4c02200 More field updates 2022-11-30 15:22:02 +00:00
weslambert
8c54c44690 Merge pull request #9248 from Security-Onion-Solutions/fix/ics_ingest_pipelines_additional_field_renames 
Additional ICS field renames and updates
 2022-11-30 10:09:44 -05:00
Wes
5d72f8d55a Additional field renames and updates 2022-11-30 15:01:41 +00:00
Mike Reeves
768225ff5a Merge pull request #9242 from Security-Onion-Solutions/TOoSmOotH-patch-1 2022-11-29 23:42:15 -05:00
Mike Reeves
571ac4edec Update soup 2022-11-29 18:36:47 -05:00
weslambert
86cfac4983 Merge pull request #9241 from Security-Onion-Solutions/fix/ics_pipelines_field_renames 
ICS Pipelines - Various Field Renames
 2022-11-29 17:23:34 -05:00
Wes
e00a80feb4 Use native link_id naming scheme for now 2022-11-29 22:05:37 +00:00
Wes
e8e39a7105 Various field renames 2022-11-29 21:32:05 +00:00
Wes
13ea44db95 Use native 'is_orig' since we are already using that field name for other logs 2022-11-29 21:21:41 +00:00
weslambert
7f4f1397e7 Merge pull request #9240 from Security-Onion-Solutions/fix/add_s7comm_upload_download_ingest_pipeline 
Add Zeek s7comm upload download ingest pipeline
 2022-11-29 15:00:26 -05:00
Wes
5db3e22363 Add s7comm_upload_download references in various places 2022-11-29 19:58:18 +00:00
Wes
6fe2857ba5 Add Zeek s7comm_upload_download ingest pipeline 2022-11-29 19:45:56 +00:00
weslambert
56b0bae089 Merge pull request #9238 from Security-Onion-Solutions/fix/opcua_encoding_mask_format 
Fix OP CUA Encoding Mask Format and Ensure Connection State Is Populated Before Assessing Its Value
 2022-11-29 14:16:03 -05:00
weslambert
f947e501cb Add space per request 2022-11-29 14:14:37 -05:00
weslambert
ff8bbc399f Add space per request 2022-11-29 14:14:08 -05:00
weslambert
80226a27cc Add space per request 2022-11-29 14:13:41 -05:00
weslambert
266207cc18 Add space per request 2022-11-29 14:12:52 -05:00
weslambert
5255c120c5 Add space per request 2022-11-29 14:11:20 -05:00
Wes
d44f8e495b Check if connection.state is populated before trying to assess its value 2022-11-29 19:00:47 +00:00
Wes
13a8cbdabb Add convert processor for opcua.encoding_mask 2022-11-29 18:59:30 +00:00
Doug Burks
c3c505f8ff Merge pull request #9237 from Security-Onion-Solutions/dougburks-patch-1 
add ICS COTP dashboard to dashboards.queries.json
 2022-11-29 13:40:24 -05:00
Doug Burks
7ea0aa87e4 add ICS COTP dashboard to dashboards.queries.json 2022-11-29 13:38:19 -05:00
weslambert
82317656b1 Merge pull request #9235 from Security-Onion-Solutions/fix/mobus_read_write_multiple_registers_pipeline_failure_resolution 
Change 'write' to 'read' to correct name and avoid pipeline failure
 2022-11-29 12:56:05 -05:00
weslambert
1cc5961c07 Change 'write' to 'read' to correct name and avoid pipeline failure 2022-11-29 12:54:55 -05:00
weslambert
220e998b45 Merge pull request #9234 from Security-Onion-Solutions/fix/add_dnp3_control_ingest_pipeline 
Add 'zeek.dnp3_control' ingest pipeline
 2022-11-29 12:29:44 -05:00
Wes
16cd1080be Add dnp3_control reference in various places 2022-11-29 17:23:37 +00:00
Wes
5db643e53b Add Zeek dnp3_control ingest pipeline 2022-11-29 17:18:24 +00:00
weslambert
745cdef538 Merge pull request #9232 from Security-Onion-Solutions/fix/filebeat_ics_tag_bsap 
Add 'ics' tag for 'bsap'-prefixed events/logs
 2022-11-29 11:37:18 -05:00
weslambert
aa767b8dc1 Add 'ics' tag for 'bsap'-prefixed events/logs 2022-11-29 11:27:41 -05:00
Doug Burks
45cdd16308 Merge pull request #9228 from Security-Onion-Solutions/fix/zeek-ics-eventfields 
More Zeek ICS changes
 2022-11-29 09:18:40 -05:00