CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
11,130 Commits 24 Branches 119 Tags
5c58cda872da93c8e4179e912283ad241b18136f
Commit Graph

11130 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Wes
5c58cda872 Move certificate configuration outside of conditional logic 2023-01-25 19:29:50 +00:00
Wes
c3717dae67 Add Elastic Fleet firewall configuration for Import Mode 2023-01-25 18:27:00 +00:00
Wes
86a925e1c7 Download Elastic Agent images for Import Mode 2023-01-25 16:09:12 +00:00
Wes
838beabae5 Add missing single quote for Elastic Agent Elasticsearch output 2023-01-25 15:58:06 +00:00
Wes
c46b5e734b Add 'elastic-fleet' to the list of allowed states for Import Mode 2023-01-25 14:38:23 +00:00
Wes
1414b75e01 Allow 'elastic-fleet' state to be applied for Import Mode 2023-01-25 14:07:25 +00:00
Wes
506baa854d Configure Elasticsearch output if running Import Mode 2023-01-25 13:52:54 +00:00
weslambert
4868bd8f5e Merge pull request #9638 from Security-Onion-Solutions/fix/elastic_agent_integration_kratos_data_stream_rename 
Rename Kratos Data Stream
 2023-01-25 08:45:37 -05:00
weslambert
c9f458e1e2 Set event.dataset for all Kratos logs to 'access' for now 2023-01-25 08:19:50 -05:00
weslambert
7bf9d77962 Rename Kratos data stream 2023-01-25 08:18:21 -05:00
weslambert
3f9764d22d Merge pull request #9633 from Security-Onion-Solutions/fix/elastic_agent_more_improvements 
More Elastic Agent Integration Improvements
 2023-01-24 15:16:52 -05:00
Wes
4b9c92c53d Set RITA event.dataset value explicitly 2023-01-24 18:00:34 +00:00
Wes
38ead7cb82 Remove import tag for now 2023-01-24 17:58:19 +00:00
Wes
44d149b1c3 Allow imported data to use a tag of 'import' 2023-01-24 17:01:52 +00:00
Wes
1e5377c78a Condense RITA integration policies, add ICS tags, and improve output readability 2023-01-24 16:56:20 +00:00
Jason Ertel
fd7d51a59b Merge pull request #9630 from Security-Onion-Solutions/kilo 
Kilo
 2023-01-24 10:45:12 -05:00
Jason Ertel
0dc5e7e714 try paths with wildcard 2023-01-24 10:38:59 -05:00
Jason Ertel
62b96c3698 rework filter for action 2023-01-24 10:31:02 -05:00
Jason Ertel
ec2e923530 Add proper spacing between headers and content 2023-01-24 10:28:39 -05:00
Jason Ertel
2bffd9b473 Merge pull request #9628 from Security-Onion-Solutions/kilo 
try paths filter on both even though docs only mention support for push
 2023-01-24 10:27:30 -05:00
Jason Ertel
cfc232eafa try paths filter on both even though docs only mention support for push 2023-01-24 10:23:42 -05:00
weslambert
7e0e5071d9 Merge pull request #9627 from Security-Onion-Solutions/fix/elastic_agent_integration_improvements 
Elastic Agent Integration Improvements
 2023-01-24 10:10:01 -05:00
Wes
7b4d8a47f0 Add copyright header to 'so-elastic-fleet-*' scripts 2023-01-24 15:07:00 +00:00
Josh Patterson
095ca29aca Merge pull request #9626 from Security-Onion-Solutions/2.4/firewall 
change MASTER to MANAGER in so-minion
 2023-01-24 09:46:17 -05:00
Wes
f19cf75311 Change how event.dataset is determined for Suricata events 2023-01-24 14:45:00 +00:00
m0duspwnens
ee98e0684e change MASTER to MANAGER 2023-01-24 09:44:01 -05:00
Josh Patterson
b797e356b4 Merge pull request #9624 from Security-Onion-Solutions/2.4/firewall 
remove filebeat and redis(commented out) from telegraf config
 2023-01-24 09:01:59 -05:00
m0duspwnens
88107fe0df remove filebeat and redis(commented out) from telegraf config 2023-01-24 08:59:51 -05:00
Wes
51692ac66c Update index pattern in various template definitions to match new data stream naming convention 2023-01-23 21:52:44 +00:00
Wes
40c6b380df Update Import and Zeek integration policies; also update Zeek ingest node pipelines to set event.dataset. 2023-01-23 21:44:46 +00:00
Wes
d342f3c4b8 Add 'so-elastic-fleet-integration-policy-bulk-delete' to perform bulk deletion of integration policies 2023-01-23 21:38:13 +00:00
Josh Patterson
a503632f30 Merge pull request #9620 from Security-Onion-Solutions/2.4/firewall 
2.4/firewall
 2023-01-23 15:56:53 -05:00
m0duspwnens
d1ec7c8ace remove to match with 2.4/dev 2023-01-23 15:50:53 -05:00
Jason Ertel
5da1b03d9b Merge pull request #9619 from Security-Onion-Solutions/kilo 
switch MySQL 8 to use native password for playbook compat; fix so-verify mail inspection
 2023-01-23 15:14:00 -05:00
Jason Ertel
5a016312f6 switch MySQL 8 to use native password to avoid playbook incompatibility 2023-01-23 14:53:39 -05:00
m0duspwnens
90a224793e merge with 2.4dev and fix conflict 2023-01-23 14:49:32 -05:00
m0duspwnens
22fbb953ea create cronjob to run highstate after setup 2023-01-23 14:46:26 -05:00
Jason Ertel
d421aa82a2 do not treat all installs as ISO; fix check for non-empty mail files 2023-01-23 14:04:26 -05:00
Josh Patterson
1039e77550 Merge pull request #9617 from Security-Onion-Solutions/2.4/firewall 
allow elastic agent on sensors to connect to managers
 2023-01-23 13:19:49 -05:00
Josh Brower
f811223ba7 Merge pull request #9614 from Security-Onion-Solutions/playbookfixup 
Playbookfixup
 2023-01-23 08:20:06 -05:00
Josh Brower
d3cb57bba2 Rerun the playbook state 2023-01-23 08:16:28 -05:00
m0duspwnens
a1fa4e3ef2 revert reload_modules since bugged 2023-01-20 15:43:57 -05:00
Josh Brower
1ab8c712e4 remove exit condition 2023-01-20 15:17:04 -05:00
Jason Ertel
a613d960b9 Merge pull request #9608 from Security-Onion-Solutions/kilo 
setup improvements
 2023-01-20 13:11:11 -05:00
Jason Ertel
9541214073 logCmd with tee is eating the exit code 2023-01-20 12:26:52 -05:00
Jason Ertel
56478da0b2 eliminate find/exec issue altogether to keep it simple 2023-01-20 11:58:29 -05:00
Jason Ertel
c3384d8381 further improvements 2023-01-20 11:23:13 -05:00
Jason Ertel
1e4f9c9f26 use newer find syntax to allow the exec to work inside a quoted string 2023-01-20 11:01:02 -05:00
Jason Ertel
fea4a1b33d Merge branch '2.4/dev' into kilo 2023-01-20 10:33:17 -05:00
Jason Ertel
ece63b72e2 Ensure so-verify output is logged 2023-01-20 07:38:58 -05:00