securityonion

mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 09:42:46 +01:00

Author	SHA1	Message	Date
Mike Reeves	63be0734c9	More json for soc	2020-10-01 17:00:25 -04:00
Mike Reeves	5653828154	More json for soc	2020-10-01 16:57:04 -04:00
Mike Reeves	cc2f2de5b5	soc.json stuff	2020-10-01 15:23:07 -04:00
Mike Reeves	b423e8d22a	soc.json stuff	2020-10-01 15:20:13 -04:00
Mike Reeves	1a561f6b12	soc.json stuff	2020-10-01 15:18:34 -04:00
Doug Burks	e836f96c65	move rule.uuid after rule.name	2020-10-01 12:09:52 -04:00
Doug Burks	4851069a10	remove rule.gid from Alerts groupby since Wazuh and Playbook may not have that field	2020-10-01 11:51:40 -04:00
Doug Burks	bc19cce4c2	Acknowledging an alert may acknowledge more alerts than intended #1426	2020-10-01 10:00:54 -04:00
Doug Burks	26781de244	Add Strelka query to Hunt #1433	2020-10-01 06:59:36 -04:00
weslambert	6818de9e64	Merge pull request #1431 from Security-Onion-Solutions/fix/elastlert_rules Remove rule sync, since we don't have any rules to sync	2020-09-30 18:36:11 -04:00
weslambert	887937a75d	Remove rule sync, since we don't have any rules to sync	2020-09-30 18:35:35 -04:00
Jason Ertel	1454201505	Disable thehivealerter	2020-09-30 15:26:29 -04:00
Jason Ertel	3af6e9e1fe	Remove mount point for SOCtopus generated playbook rules to avoid them activating and sending alerts to TheHive	2020-09-30 15:14:45 -04:00
Mike Reeves	8b5ff31351	Merge pull request #1430 from Security-Onion-Solutions/redis Add Redis pillar and fix idstools	2020-09-30 15:09:59 -04:00
Mike Reeves	7314e2dea8	Add Redis pillar and fix idstools	2020-09-30 15:08:44 -04:00
Jason Ertel	ff04bb507a	Remove default Elastalert rules to stop automated alerts from being sent to thehive	2020-09-30 15:06:54 -04:00
weslambert	5b16a65422	Merge pull request #1429 from Security-Onion-Solutions/fix/zeek_server_ip Fix issue with null Zeek server IP	2020-09-30 13:54:50 -04:00
Wes Lambert	02d2e5e2c6	Fix isue with null Zeek server IP	2020-09-30 17:53:30 +00:00
William Wernert	f3b8da1f9d	Fix Engrish (can causing -> can cause)	2020-09-30 13:40:57 -04:00
William Wernert	25d4bde33b	Merge pull request #1428 from Security-Onion-Solutions/feature/warn-dhcp Add warning about IP address changing for network/DHCP iso installs	2020-09-30 13:13:40 -04:00
William Wernert	1ff20f7e27	Add warning about IP address changing for network/DHCP iso installs	2020-09-30 13:11:33 -04:00
weslambert	defe832121	Merge pull request #1427 from Security-Onion-Solutions/fix/wazuh_filebeat Fix Filebeat config for Wazuh	2020-09-30 10:59:01 -04:00
Wes Lambert	d8f70397f7	Fix Filebeat config for Wazuh	2020-09-30 14:57:56 +00:00
weslambert	dac2ad5dbf	Merge pull request #1425 from Security-Onion-Solutions/feature/soctopus_pillar Add initial implementation of SOCtopus pillar	2020-09-30 10:25:26 -04:00
Wes Lambert	c62acf5e4e	Add initial implmentation of SOCtopus pillar	2020-09-30 14:24:15 +00:00
Josh Patterson	10f4e09b70	Merge pull request #1424 from Security-Onion-Solutions/issue/1070 Issue/1070	2020-09-30 10:11:37 -04:00
William Wernert	00785c6ba5	Merge pull request #1418 from Security-Onion-Solutions/feature/replace-hardcoded-pass Feature/replace hardcoded pass	2020-09-30 08:56:35 -04:00
Doug Burks	0a995f4a7a	Update README.md	2020-09-30 07:43:20 -04:00
m0duspwnens	85969dc16d	add quotes and remove quotes	2020-09-29 16:29:05 -04:00
m0duspwnens	bf99bab6c0	add quotes and remove quotes	2020-09-29 16:26:45 -04:00
weslambert	401764437f	Merge pull request #1421 from Security-Onion-Solutions/fix/ip_type Ensure IPs are typed as IP and ports as integer	2020-09-29 14:21:25 -04:00
Wes Lambert	36019727b3	Ensure IPs are typed as IP and ports as integer	2020-09-29 18:20:15 +00:00
m0duspwnens	547c3ff52c	single quote inputs to yaml files	2020-09-29 13:59:16 -04:00
William Wernert	7d43d48aca	Remove bad line in playbook_db_init.sh	2020-09-29 11:13:09 -04:00
William Wernert	55058a11aa	Generate passwords for Grafana + Playbook default users	2020-09-29 11:12:09 -04:00
William Wernert	ebe00822f8	Merge pull request #1417 from Security-Onion-Solutions/bugfix/local_zeeklogs Bugfix/local zeeklogs	2020-09-29 08:58:02 -04:00
Doug Burks	60134829d5	Alerts - Drilldown should display rule.uuid #1416	2020-09-29 07:51:45 -04:00
Doug Burks	c7b43ac220	Update soc.json	2020-09-29 07:41:49 -04:00
Doug Burks	a7f24b62e6	Hunt - improve NIDS query and eventFields #1415	2020-09-29 07:34:44 -04:00
Josh Patterson	9ca13ebccd	Merge pull request #1414 from Security-Onion-Solutions/issue/1404 change so salt module to /usr/sbin/so-status	2020-09-28 18:31:26 -04:00
Mike Reeves	c828a2ea75	Merge pull request #1413 from Security-Onion-Solutions/experimental Airgap SOUP!	2020-09-28 17:47:38 -04:00
m0duspwnens	8741520263	change so salt module to /usr/sbin/so-status	2020-09-28 17:31:05 -04:00
Mike Reeves	6b8b0f1b26	Change add registry	2020-09-28 16:48:02 -04:00
William Wernert	f77305e22f	Generate zeeklogs sls earlier to avoid error	2020-09-28 16:45:06 -04:00
William Wernert	f782299281	Remove preconfigured zeeklog + create it during setup	2020-09-28 15:12:36 -04:00
Josh Patterson	fa6396b121	Merge pull request #1410 from Security-Onion-Solutions/fix/disable_auto_start send to dev/null to prevent output	2020-09-28 15:07:40 -04:00
weslambert	3d6c956e02	Merge pull request #1409 from Security-Onion-Solutions/feature/wazuh_wel Add initial parsing for Wazuh WEL/Sysmon	2020-09-28 15:07:15 -04:00
m0duspwnens	0bb1ba2853	send to dev/null to prevent output	2020-09-28 15:06:43 -04:00
Wes Lambert	869767d9d9	Add initial parsing for Wazuh WEL/Sysmon	2020-09-28 19:04:21 +00:00
Josh Patterson	0944cd1bcd	Merge pull request #1408 from Security-Onion-Solutions/issue/1093 Issue/1093	2020-09-28 14:45:18 -04:00

1 2 3 4 5 ...

4770 Commits