CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-25 14:07:49 +02:00
Code Issues Packages Projects Releases Wiki Activity
4,828 Commits 40 Branches 125 Tags
63884b73e13c0b61957142b093f607339f0a3340
Commit Graph

2804 Commits

Author SHA1 Message Date
m0duspwnens 63884b73e1 enable suricata threshold-file and point to proper file - https://github.com/Security-Onion-Solutions/securityonion/issues/1441 2020-10-05 12:10:52 -04:00
weslambert bc31e19e37 Put back rule.category for Wazuh alerts 2020-10-05 11:34:29 -04:00
weslambert 968dce0aee Adjust Wazuh logging so we don't log alerts to a separate file and so we don't write a separate log file for non-JSON for archives 2020-10-05 10:03:40 -04:00
Jason Ertel 1ebe970876 Disable escalate button if thehive is not enabled 2020-10-05 09:54:18 -04:00
weslambert 6b292ea62b Merge pull request #1448 from Security-Onion-Solutions/fix/so_elastic_clear 
Fix/so elastic clear
 2020-10-05 09:40:04 -04:00
Wes Lambert da8957b4f4 Use Elasticsearch pillar vs manager IP for so-elastic-clear 2020-10-05 13:37:06 +00:00
Wes Lambert 1970d95d5f Make Filebeat registry persistent to avoid re-reading old data 2020-10-05 13:30:04 +00:00
Doug Burks e7cba6ba1d Change SOC Alerts eventFetchLimit from 5000 to 500 #1447 2020-10-05 09:29:01 -04:00
Doug Burks 948e0c4c61 Add rule.name to Hunt Wazuh Alerts query #1442 2020-10-05 09:26:13 -04:00
Jason Ertel cf5b1245ea Add configurable flags to enable/disable dismiss and escalate buttons 2020-10-05 09:16:17 -04:00
Wes Lambert 77d31cb289 Add event.severity and event.severity_label config for Wazuh alerts 2020-10-05 12:50:29 +00:00
Josh Brower 8a78485906 Config Playbook SOC Alerts 2020-10-04 21:35:42 -04:00
Josh Brower c80b6ce104 Add so-allow-view and playbook event.sev.label 2020-10-04 20:39:21 -04:00
William Wernert 2a100c0dcc Add OLD_ prefix + only update rules if playbook enabled 2020-10-02 14:34:30 -04:00
William Wernert d0c267ca90 Fix sed command to not delete lines after match 2020-10-02 14:31:16 -04:00
William Wernert 54da2b869c Add OLD_ db init files for soup compatibility 2020-10-02 14:12:23 -04:00
William Wernert db12b6f3c6 Remove salt call to automation_user_create 2020-10-02 13:17:57 -04:00
William Wernert 96d32fda51 Add old api key to pillar during soup 2020-10-02 13:16:58 -04:00
William Wernert 39e14b3910 Merge branch 'dev' into feature/generate-playbook-api-key 2020-10-02 08:39:09 -04:00
Mike Reeves c7fcdc8084 Merge pull request #1438 from Security-Onion-Solutions/socyaml 
Socyaml
 2020-10-01 18:08:33 -04:00
Mike Reeves 4991ea8de3 Jason made me rename json 2020-10-01 18:07:06 -04:00
Mike Reeves 36ccece724 commas gone crazy 2020-10-01 18:02:06 -04:00
Mike Reeves a0432e97b0 Python print ftl 2020-10-01 17:57:56 -04:00
Mike Reeves 490278a4c3 Add alert events filed 2020-10-01 17:49:17 -04:00
Mike Reeves bd5efbabd9 Fix Mode 2020-10-01 17:43:43 -04:00
Mike Reeves 8fa426f265 Cleanup sync 2020-10-01 17:41:55 -04:00
Mike Reeves 9d9d3aac53 Switch to JSON from yaml 2020-10-01 17:37:57 -04:00
Mike Reeves 744a8bca73 More json for soc 2020-10-01 17:30:23 -04:00
Mike Reeves 8a41636e7f More json for soc 2020-10-01 17:28:45 -04:00
Mike Reeves dc79dca7fe More json for soc 2020-10-01 17:25:51 -04:00
Mike Reeves 1c55f738ec More json for soc 2020-10-01 17:23:29 -04:00
William Wernert e98012ae2c Fix jinja and change state orrder in setup 2020-10-01 17:16:26 -04:00
Mike Reeves 92fa33159e More json for soc 2020-10-01 17:12:08 -04:00
Mike Reeves 5730c85988 More json for soc 2020-10-01 17:04:15 -04:00
Mike Reeves 63be0734c9 More json for soc 2020-10-01 17:00:25 -04:00
Mike Reeves 5653828154 More json for soc 2020-10-01 16:57:04 -04:00
Wes Lambert 8a81a5148b Update scripted field for TheHive case 2020-10-01 20:52:57 +00:00
Wes Lambert eced18c3cc Add SOC url for api integration 2020-10-01 20:29:28 +00:00
Jason Ertel 8e15ed56d6 'Escalated' filter toggle will auto-enable 'acknowledged' filter toggle 2020-10-01 16:23:47 -04:00
Mike Reeves cc2f2de5b5 soc.json stuff 2020-10-01 15:23:07 -04:00
Mike Reeves b423e8d22a soc.json stuff 2020-10-01 15:20:13 -04:00
Mike Reeves 1a561f6b12 soc.json stuff 2020-10-01 15:18:34 -04:00
William Wernert a5bf4bbb35 Fix test for key in global.sls 2020-10-01 14:47:18 -04:00
Doug Burks e836f96c65 move rule.uuid after rule.name 2020-10-01 12:09:52 -04:00
Doug Burks 4851069a10 remove rule.gid from Alerts groupby since Wazuh and Playbook may not have that field 2020-10-01 11:51:40 -04:00
William Wernert 040730e8f5 Rename script for consistent naming 2020-10-01 11:22:11 -04:00
William Wernert afb777fc8f Add automation user creation to soup when resetting playbook db 2020-10-01 11:13:24 -04:00
Doug Burks bc19cce4c2 Acknowledging an alert may acknowledge more alerts than intended #1426 2020-10-01 10:00:54 -04:00
Doug Burks 26781de244 Add Strelka query to Hunt #1433 2020-10-01 06:59:36 -04:00
William Wernert 2264b6e51c Add comments to shell code explaining curl statements 2020-09-30 19:54:34 -04:00