CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-16 05:53:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
9,798 Commits 28 Branches 119 Tags
5ec5b9a2ee7044ea119ab47fdcd10aa850c365a3
Commit Graph

5853 Commits

Author SHA1 Message Date
weslambert
5ec5b9a2ee Remove older module config files 2022-03-18 10:14:13 -04:00
weslambert
c659a443b0 Update from search.remote to cluster.remote for Elastic 8 2022-03-17 21:25:10 -04:00
weslambert
99430fddeb Update from search.remote to cluster.remote for Elastic 8 2022-03-17 21:24:39 -04:00
weslambert
7128b04636 Remove indices.query.bool.max_clause_count because it is dynamically allocated in Elastic 8 2022-03-17 21:20:41 -04:00
weslambert
712a92aa39 Switch from log input to filestream input 2022-03-17 21:18:03 -04:00
Wes Lambert
6e2aaa0098 Clean up original map file 2022-03-17 21:08:57 +00:00
Wes Lambert
09892a815b Add back bind mounts and remove THIRDPARTY 2022-03-17 21:06:07 +00:00
Wes Lambert
a60ef33930 Reorganize FB module management 2022-03-17 21:01:03 +00:00
weslambert
aaded58131 Merge pull request #7565 from Security-Onion-Solutions/fix/es_template_fix 
Custom ES template fixes
 2022-03-15 11:09:46 -04:00
Doug Burks
9bf0265cea Merge pull request #7566 from Security-Onion-Solutions/feature/hunt-soc-auth 
FEATURE: Add new Hunt query for SOC logins #7327
 2022-03-15 10:58:40 -04:00
Mike Reeves
e01c1398d5 Merge pull request #7564 from Security-Onion-Solutions/removethehive 
Removethehive
 2022-03-15 10:56:08 -04:00
Wes Lambert
42d6c3a956 Replace Elastic connection check using ELASTICCURL with so-elasticsearch-query 2022-03-15 14:55:04 +00:00
Doug Burks
eec44a6b02 Add a SOC Auth query to hunt.queries.json 2022-03-15 10:38:46 -04:00
Doug Burks
d1e1887e36 Add support for Kratos audit logs in hunt.eventfields.json 2022-03-15 10:37:58 -04:00
Wes Lambert
5f56c7a261 Replace ELASTICCURL with so-elasticsearch-query 2022-03-15 14:32:00 +00:00
weslambert
d46620ea2a Merge pull request #7561 from Security-Onion-Solutions/es_template_map_fix 
Custom ES Template Fixes
 2022-03-15 10:01:42 -04:00
Mike Reeves
9c80ff4f65 Remove hive from more files 2022-03-15 09:37:58 -04:00
Mike Reeves
81f0aa58b8 Remove hive from more files 2022-03-15 08:28:03 -04:00
Doug Burks
db4f138a78 FIX: surilogcompress cron job not running 
The suricata user was originally created with `/opt/so/conf/suricata` as its home directory. I think at some point we changed permissions on `/opt/so/conf` and at that point the `surilogcompress` cron job stopped working. Changing the home directory to `/nsm/suricata` works on all of my PROD systems (including Ubuntu and CentOS).

For more information, please see:
https://github.com/Security-Onion-Solutions/securityonion/issues/7133
 2022-03-15 07:10:02 -04:00
Mike Reeves
b5b60af16f Remove hive from so-user 2022-03-14 15:06:07 -04:00
Mike Reeves
b83fec6fd2 More hive remova 2022-03-14 14:51:39 -04:00
Mike Reeves
ff30f572d7 Remove thehive from image common 2022-03-14 10:40:41 -04:00
Jason Ertel
5a28725def Add assignee to case list 2022-03-14 08:45:28 -04:00
Wes Lambert
d12ff503c2 Chage role loading verbiage 2022-03-11 16:23:19 +00:00
Wes Lambert
dc258cf043 Load custom component templates in so-elasticsearch-templates-load 2022-03-11 16:22:55 +00:00
Wes Lambert
8e43a6e571 Don't generate index template if index_template definition is not present in pillar 2022-03-11 16:22:06 +00:00
m0duspwnens
e1e8a20e11 make sure values exist in data structure 2022-03-10 17:09:00 -05:00
weslambert
c83b63d0d8 Add .template extension to load template file 2022-03-08 20:53:16 -05:00
weslambert
8d9ddf5f1b Add .template extension to load template 2022-03-08 20:52:13 -05:00
weslambert
8115da358f Add .template extension to load template file 2022-03-08 20:51:50 -05:00
Doug Burks
b76c01ef53 Revert security_opt addition in telegraf init.sls 2022-03-08 18:27:15 -05:00
weslambert
65f998d6f7 Remove process.name.keyword for future-proofing 2022-03-08 12:44:51 -05:00
weslambert
406267a892 Add process.name.keyword 2022-03-08 12:42:34 -05:00
weslambert
d9c3160fbf Merge pull request #7465 from Security-Onion-Solutions/fix/kibana_saved_objects_load 
Kibana dashboard/saved objects loading improvements
 2022-03-08 12:22:55 -05:00
Wes Lambert
d392cb258c Switch Kibana state to kibana.so_savedobjects_defaults in top file 2022-03-08 16:59:48 +00:00
Wes Lambert
86e228b200 Add .template extension for future-proofing config files 2022-03-08 16:58:37 +00:00
Wes Lambert
a6fd1023b4 Fix criteria for successful execution 2022-03-08 16:57:26 +00:00
Wes Lambert
3f31f7fd41 Add .template extension to fix script behavior and not modify watched file 2022-03-08 16:43:43 +00:00
Jason Ertel
0cec5879bb Gracefully handle situations when another process is using the Kratos DB 2022-03-08 10:55:26 -05:00
Wes Lambert
28554164cd Remove drop file when securitySolution saved objects change 2022-03-08 14:39:23 +00:00
Wes Lambert
14dddd8649 Remove drop file when config saved objects change 2022-03-08 14:37:15 +00:00
Wes Lambert
c0f49f6fb0 Remove drop file when dashbaord saved objects change 2022-03-08 14:35:04 +00:00
Wes Lambert
d10d4acf9f Modify Kibana config load script to drop file if successfully executed 2022-03-08 14:33:15 +00:00
Doug Burks
104de2a3c9 Update init.sls to avoid telegraf apparmor issues 
See #2560
 2022-03-07 16:11:22 -05:00
Mike Reeves
fb59421f5b Merge pull request #7446 from Security-Onion-Solutions/fixpipelineload 
Only load pipelines on change
 2022-03-07 15:17:32 -05:00
Mike Reeves
4eb37fd5a9 Update init.sls 2022-03-07 15:09:36 -05:00
Wes Lambert
fa9be58b23 Specify index templates 2022-03-07 20:04:23 +00:00
Wes Lambert
647b316a96 Remove old ES index templates 
Signed-off-by: Wes Lambert <wlambertts@gmail.com>
 2022-03-07 20:02:45 +00:00
Mike Reeves
d33db6fb23 Only load pipelines on change 2022-03-07 14:25:46 -05:00
Wes Lambert
c549b20221 Add DTC client mappings 2022-03-07 18:36:26 +00:00