CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-10 03:02:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
4,770 Commits 26 Branches 119 Tags
63be0734c9499f5457acf5f7c8bf56ea1c0a658c
Commit Graph

108 Commits

Author SHA1 Message Date
Mike Reeves
63be0734c9 More json for soc 2020-10-01 17:00:25 -04:00
Mike Reeves
5653828154 More json for soc 2020-10-01 16:57:04 -04:00
Mike Reeves
cc2f2de5b5 soc.json stuff 2020-10-01 15:23:07 -04:00
Mike Reeves
b423e8d22a soc.json stuff 2020-10-01 15:20:13 -04:00
Mike Reeves
1a561f6b12 soc.json stuff 2020-10-01 15:18:34 -04:00
Doug Burks
e836f96c65 move rule.uuid after rule.name 2020-10-01 12:09:52 -04:00
Doug Burks
4851069a10 remove rule.gid from Alerts groupby since Wazuh and Playbook may not have that field 2020-10-01 11:51:40 -04:00
Doug Burks
bc19cce4c2 Acknowledging an alert may acknowledge more alerts than intended #1426 2020-10-01 10:00:54 -04:00
Doug Burks
26781de244 Add Strelka query to Hunt #1433 2020-10-01 06:59:36 -04:00
Jason Ertel
ff04bb507a Remove default Elastalert rules to stop automated alerts from being sent to thehive 2020-09-30 15:06:54 -04:00
Doug Burks
60134829d5 Alerts - Drilldown should display rule.uuid #1416 2020-09-29 07:51:45 -04:00
Doug Burks
c7b43ac220 Update soc.json 2020-09-29 07:41:49 -04:00
Doug Burks
a7f24b62e6 Hunt - improve NIDS query and eventFields #1415 2020-09-29 07:34:44 -04:00
Doug Burks
6e9e4dc99c Hunt third magnifying glass should group output by event.module and event.dataset #1407 2020-09-28 14:19:55 -04:00
Doug Burks
0516a9ddd5 Alerts page "Hunt for this field" action should quote field and group output #1406 2020-09-28 12:35:08 -04:00
Doug Burks
3904295137 Hunt - improve HTTP queries #1401 2020-09-27 08:04:28 -04:00
Doug Burks
aa7f927ffd Hunt - improve x509 queries #1400 2020-09-27 07:17:46 -04:00
Jason Ertel
68f18da832 Add alert query toggle filters for ack'd and escalated alerts 2020-09-25 17:03:42 -04:00
Doug Burks
11b200e9c0 Hunt - remove SMTP fields #1397 2020-09-25 14:17:14 -04:00
Doug Burks
20a56d0831 Hunt - add network.community_id column to Events table for more data types #1396 2020-09-25 13:18:28 -04:00
Jason Ertel
c0be252f9f SOC config adjustments for alerting 2020-09-24 16:37:27 -04:00
Doug Burks
62dbe425a6 Hunt - fix x509 eventFields #1387 2020-09-24 07:52:46 -04:00
Doug Burks
2b8b8e2f40 Hunt - fix file eventFields #1386 2020-09-24 07:44:28 -04:00
Doug Burks
60daacd6dc Hunt - fix DHCP eventFields #1385 2020-09-24 07:34:29 -04:00
Jason Ertel
694635a38f Add pivot to hunt as a new alerts quick action 2020-09-21 17:10:03 -04:00
Jason Ertel
8f4a6df53a Add event.module to default alert query 2020-09-21 09:06:56 -04:00
Jason Ertel
fc51c2aef4 Group by community ID on second alert quick query 2020-09-19 08:39:01 -04:00
Jason Ertel
5b38acb64b Add alerting configuration for soc container 2020-09-18 13:51:23 -04:00
Mike Reeves
5910fe642c Fix Update XML 2020-09-16 13:08:21 -04:00
Mike Reeves
a0f64440e0 Update changes.json 2020-09-16 13:06:26 -04:00
Mike Reeves
3e0e41be32 Update changes.json 2020-09-16 11:41:21 -04:00
Mike Reeves
1801361cf8 Update changes.json 2020-09-16 11:40:05 -04:00
Jason Ertel
f86780a0db Open PCAPs in same tab, but open external sites in new tabs 2020-09-14 10:41:39 -04:00
Doug Burks
18dc7a915a Hunt: Fix Tunnel query #1335 2020-09-13 08:26:33 -04:00
Jason Ertel
89c38541ee Force all SOC quick actions to open in new tab 2020-09-13 02:52:25 -04:00
Doug Burks
311d67b934 Hunt: fix RFB groupby #1332 2020-09-12 06:14:58 -04:00
Doug Burks
8c280221da Hunt: Fix Intel groupby #1131 2020-09-10 07:00:54 -04:00
Doug Burks
7161a662aa improve Wazuh support in Hunt 2020-09-10 06:03:33 -04:00
Jason Ertel
fc4ad1d556 Add Google search quick action to Hunt; Change VirusTotal quick action to be applicable to all field values 2020-09-09 12:22:38 -04:00
Jason Ertel
9babc445ce Add Google search quick action to Hunt; Change VirusTotal quick action to be applicable to all field values 2020-09-09 12:07:23 -04:00
Jason Ertel
ad05e75ce7 Add new quick actions to SOC config template 2020-09-09 00:46:23 -04:00
Jason Ertel
f27e5164d0 Update to latest kratos; add support for a custom status trait to represent whether a user is locked or not; refactor so-user to use new enable/disable capabilities in SOC; remove 'delete' option from so-user usage to avoid having user lists out of sync across SOC and external apps 2020-09-04 17:01:52 -04:00
Doug Burks
77b3ebdabe Hunt Events table should show ssl.server_name when searching for ssl 
Hunt Events table should show ssl.server_name when searching for ssl #1267
 2020-08-30 06:56:15 -04:00
Mike Reeves
05d727e599 Final changes.json update 2020-08-20 19:18:39 -04:00
Jason Ertel
d1e5649a68 Corrected JSON typo and improved formatting 2020-08-20 13:46:20 -04:00
Mike Reeves
3eea2c6b10 2.1.0 Release notes in changes.json 2020-08-20 13:26:14 -04:00
m0duspwnens
e6da423dc3 change reference from manager:url_base to global:url_base - https://github.com/Security-Onion-Solutions/securityonion/issues/1039 2020-08-14 17:55:30 -04:00
Mike Reeves
32f8ea3158 Removes https from rest port 2020-08-11 10:02:00 -04:00
Mike Reeves
e659af3466 ES basic SSL 2020-08-10 14:26:56 -04:00
Jason Ertel
31fd0b6407 Update the Hunt event fields lookups to reflect the latest ingest configs 2020-08-06 14:59:39 -04:00