CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 17:52:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
10,538 Commits 24 Branches 119 Tags
5bb0e6e8c00b7d7b8739ce113b349f6284c0190c
Commit Graph

322 Commits

Author SHA1 Message Date
Wes
a278194037 Add additional ICS/SCADA ingest node pipelines 2022-11-17 16:16:33 +00:00
lock-wire
73b1e5949b Add ecat, enip, cip, and opcua 2022-11-11 12:15:54 -08:00
lock-wire
85d30520ce Add BSAP protocol 2022-11-11 07:22:55 -08:00
Peter Di Giorgio
5ebf470a86 Update zeek.bacnet_discovery 2022-11-03 22:27:04 -07:00
Peter Di Giorgio
4b39ccec6d Update zeek.bacnet_property 2022-11-03 15:30:20 -07:00
Peter Di Giorgio
b97c822800 Add zeek.bacnet_discovery and zeek.bacnet_property 2022-10-27 15:40:52 -07:00
Peter Di Giorgio
71e3b2d1fb Create zeek.bacnet 2022-10-27 15:40:07 -07:00
Peter Di Giorgio
2b51d72585 Rename zeek.read_write_multiple_registers to zeek.modbus_read_write_multiple_registers 2022-10-25 17:20:01 -07:00
Peter Di Giorgio
7a60d0987c Update zeek.conn to include client.oui 2022-10-21 13:02:01 -07:00
Peter Di Giorgio
9ac06057c1 Create zeek.read_write_multiple_registers 2022-10-21 13:00:12 -07:00
Peter Di Giorgio
e5c69c3236 Create zeek.modbus_mask_write_register 2022-10-21 12:58:36 -07:00
Peter Di Giorgio
39f050c6e4 Rename modbus_detailed to zeek.modbus_detailed 2022-10-21 12:56:59 -07:00
Peter Di Giorgio
4ee083759c Rename dnp3_objects to zeek.dnp3_objects 2022-10-21 12:56:35 -07:00
Peter Di Giorgio
072bfd87b7 Create Ingest for Modbus Detailed 2022-10-21 12:53:30 -07:00
Peter Di Giorgio
b7aaaa80bb Create Ingest for DNP3 Objects extension 2022-10-21 12:51:13 -07:00
bryant-treacle
82dff3e9da Fix issues: 8591-8953 2022-08-30 13:48:53 +00:00
Wes Lambert
b06c16f750 Add ingest node pipeline for Kratos 2022-07-08 15:53:00 +00:00
doug
025993407e FIX: Add event.category field to pfsense firewall logs #8112 2022-06-13 08:03:44 -04:00
Josh Brower
2b39570b08 Fix matching logic 2022-04-18 10:37:38 -04:00
Josh Brower
886d69fb38 Compress + Clean ES & Logstash App Logs 2022-04-11 16:09:24 -04:00
weslambert
e6599cd10e Update with changes from Abe's PR and other fixes 2022-03-25 13:57:44 -04:00
Wes Lambert
2487d468ab Add RITA Elasticsearch ingest pipeline config 2022-03-22 17:38:22 +00:00
weslambert
fc3273fa49 Change to label fields to comply with what's defined in Filebeat template 2022-03-04 16:29:01 -05:00
Wes Lambert
a290602a70 Revert syslog pipeline updates from Abe' PR for now 2022-03-01 15:31:07 +00:00
Wes Lambert
dc07adca63 Rename ingest.timestamp to event.ingested 2022-03-01 15:05:08 +00:00
Doug Burks
32b71fdcac Avoid changing _index for imported logs 2022-02-26 10:36:09 -05:00
weslambert
23fb62c0d6 Split Zeek DNS records into a separate index 2022-02-24 12:52:25 -05:00
weslambert
bc2c1b4ccc Merge pull request #6935 from abesinger/issue/6912 
Updated syslog pipeline, resolves #6912.
 2022-02-24 08:33:55 -05:00
weslambert
c5b5c5858e Rename to prevent field conflict 2022-02-02 14:31:46 -05:00
weslambert
367b59188b Revert back to dns.answers for now 2022-01-31 09:54:39 -05:00
weslambert
8f0a327cb5 Fix Zeek field name so it doesn't conflict with mapping of other dns.answers fields 2022-01-26 15:02:59 -05:00
abesinger
31d22e717d Updated syslog pipeline, resolves #6912. Also cleaned up formatting to make it more readable. 2022-01-19 18:45:26 -06:00
m0duspwnens
494737549d move some es script to src elasticsearch/tools/sbin and dst /usr/sbin. set requires 2022-01-12 10:20:05 -05:00
m0duspwnens
baf297ab0a merge with dev, resolve conflict 2022-01-11 11:24:10 -05:00
m0duspwnens
716c98ec61 requires and ordering for socusersroles state 2022-01-10 14:39:00 -05:00
Josh Brower
56aa24d874 Fix Wazuh WEL Parsing 2022-01-10 13:55:38 -05:00
m0duspwnens
beb9a33628 only include curl.config if elasticsearch:auth is enabled 2022-01-10 11:48:16 -05:00
Josh Brower
5d4ea2ba3a Revert Wazuh parser update 2022-01-07 10:51:24 -05:00
Josh Brower
277c7f1ef8 Uppercase first char in Wazuh WEL 2022-01-06 14:58:50 -05:00
Jason Ertel
2c9062efb7 resolved merge conflicts 2021-12-21 09:34:39 -05:00
Jason Ertel
35617acaeb Update cacerts to reflect new path; this changed due to ES 7.16.2 2021-12-20 12:12:00 -05:00
Jason Ertel
6f116a2d01 Switch to new Ubuntu SSL dir 2021-12-20 09:43:59 -05:00
Mike Reeves
465ba1b7d3 Change CA certs location 2021-12-15 17:08:36 -05:00
Wes Lambert
f80b70e008 Add config for dynamically formatted ingest pipelines 2021-11-09 20:07:53 +00:00
Wes Lambert
46d3eb452d Add ECS testing pipeline 2021-11-08 20:08:56 +00:00
Josh Brower
2ba619144c Support non-WEL Beats 2021-11-02 08:23:29 -04:00
Mike Reeves
a3e0fb127a Merge pull request #5069 from datlife/datlife/asn-annotation 
Add ASN annotation for IP
 2021-10-05 06:50:31 -04:00
Dat
9569e73bd0 Added ASN annotation for IP 2021-10-04 12:41:20 -07:00
m0duspwnens
aed73511e4 file cleanup, comment cleanup 2021-09-20 09:24:03 -04:00
m0duspwnens
5b77dc109f Merge remote-tracking branch 'remotes/origin/dev' into issue/1257 2021-09-16 16:54:23 -04:00