CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-26 22:47:49 +02:00
Code Issues Packages Projects Releases Wiki Activity
14,390 Commits 40 Branches 125 Tags
65cdc1dc86b13b9132944a7e286eb0ad9da5e34b
Commit Graph

110 Commits

Author SHA1 Message Date
Doug Burks b8baca417b add endpoint_x_events_x_process to defaults.yaml 2024-02-23 14:03:04 -05:00
Josh Brower 1952f0f232 Merge remote-tracking branch 'origin/2.4/dev' into kilo 2024-02-21 13:11:49 -05:00
Jason Ertel 4b314c8715 replace correlate icon to avoid confusion with searcheng.in 2024-02-20 10:30:09 -05:00
Josh Brower ffb3cc87b7 Default ruleset; Descriptions 2024-02-16 11:55:10 -05:00
Corey Ogburn c64f37ab67 sigmaRulePackages is now a string array 2024-02-15 10:34:07 -07:00
Corey Ogburn a5db9f87dd Merge branch 'kilo' into cogburn/detection_playbooks 2024-02-13 14:08:44 -07:00
Josh Brower 0c6c6ba2d5 Various UI tweaks 2024-02-13 13:38:43 -05:00
Doug Burks 0741ae370a Update defaults.yaml 2024-02-13 12:51:26 -05:00
Doug Burks 8060751a66 Add table columns to process dashboard in defaults.yaml 2024-02-13 12:24:33 -05:00
Josh Brower ea80469c2d Detection Default queries 2024-02-12 19:39:55 -05:00
Doug Burks 0ad39a7e32 FEATURE: Add new SOC action to show process ancestry #12345 2024-02-12 19:18:29 -05:00
Doug Burks 20d2f3b97e Update Sublime action in defaults.yaml to use i18n 2024-02-12 19:13:32 -05:00
Josh Brower 5102269440 Update defaults 2024-02-12 16:44:54 -05:00
Corey Ogburn 29174566f3 WIP: Updated Detection Mappings, Changed Engine to Language 
Detection mappings updated to include the removal of Note and the addition of Tags, Ruleset, and Language.

SOC defaults updated to use language based queries rather than engine and show the language column instead of the engine column in results.
 2024-02-08 09:44:56 -07:00
Doug Burks d3d2305f00 FEATURE: Add new dashboards for community_id and firewall auth #12323 2024-02-07 16:08:27 -05:00
Doug Burks 7106095128 FEATURE: Improve Correlate and Hunt actions on SOC Actions menu #12315 2024-02-06 15:39:23 -05:00
Josh Brower 378c99ae88 Fix bindings 2024-02-02 18:27:49 -05:00
Corey Ogburn 8f81c9eb68 Updating config for Detection(s) 2024-02-02 11:49:58 -07:00
Josh Brower fe196b5661 Add SOC Config for Detections 2024-02-01 12:22:50 -05:00
Jason Ertel e075d07f5c show last highstate date/time on grid metrics screen; expose maxUploadSize and staleMetricsMs settings on config screen 2023-12-29 11:38:42 -05:00
Doug Burks ab5de4c104 update soc defaults.yaml 2023-12-19 07:27:07 -05:00
Doug Burks 4d8661d2e0 FIX: Update dashboard and hunt query for firewall logs #12021 2023-12-18 13:38:04 -05:00
Doug Burks 6a1073b616 FIX: Update dashboard and hunt query for firewall logs #12021 2023-12-18 12:57:40 -05:00
Doug Burks 8779fb8cbc Update defaults.yaml 2023-12-14 13:30:52 -05:00
Doug Burks 042e5ae9f0 https://github.com/Security-Onion-Solutions/securityonion/issues/12021 2023-12-14 12:46:28 -05:00
weslambert 0334ef9677 Add eml observable type 2023-12-05 19:10:16 -05:00
Doug Burks 4666b993e5 Update defaults.yaml 2023-11-14 09:58:45 -05:00
Wes bca1194a46 Sublime SOC Action 2023-11-01 14:01:55 +00:00
Jason Ertel 546c562ef0 expose standard relay timeout in config UI; up default to 45s to accommodate sluggish pillar.get calls 2023-09-01 10:31:02 -04:00
Corey Ogburn a615fc8e47 New Config Default: longRelayTimeoutMs 
Salt is getting a second timeout for operations known to take a long time such as sending and importing files. There's also an entry in soc_soc.yaml so the value can be changed in SOC's config page.
 2023-08-30 15:33:01 -06:00
weslambert 563a495725 Add Playbook 2023-08-21 11:24:07 -04:00
weslambert 9e18fe64cf Remove OSSEC configuration 2023-08-21 11:20:47 -04:00
bryant-treacle 036b81707b Update defaults.yaml 2023-08-08 16:10:54 -04:00
bryant-treacle 3d4fd08547 Update defaults.yaml 2023-08-08 15:28:06 -04:00
weslambert 527a6ba454 Use asterisk when searching 'msg' since it is now a keyword 2023-07-31 23:52:38 -04:00
Corey Ogburn aa56085758 New Action "Add to Case" 2023-07-28 09:55:44 -06:00
Corey Ogburn bb7a918a16 Added ReverseLookup Option 
Defaults to false, has metadata to show up in the config section of soc.
 2023-07-21 13:18:08 -06:00
Wes 1848a835f5 Remove keyword 2023-07-19 13:52:15 +00:00
Jason Ertel 951f04c265 remove use of pipe 2023-06-29 12:10:12 -04:00
Corey Ogburn fb27e7c479 Also add to dashboard 
Duplicate new queryToggleFilter from hunt to dashboard.
 2023-06-23 11:30:26 -06:00
Corey Ogburn 261acee8a0 New Hunt queryToggleFilter 
New filter to exclude soc logs from hunt results.
 2023-06-23 11:30:26 -06:00
Corey Ogburn 6769386c86 Change upload path 2023-06-22 10:59:24 -06:00
Corey Ogburn b5e5bd57ad Fix for Upload Import 
Needed to mount /nsm/soc/uploads into soc container.

Made the upload route configurable.

Added gpg logging to salt-relay.
 2023-06-21 15:41:16 -06:00
Josh Brower 6ba9e057a9 Merge pull request #10600 from Security-Onion-Solutions/fix/dataset_tags 
Change format of event dataset and assign dataset to tags
 2023-06-21 09:22:40 -04:00
Doug Burks 0e09d73aa0 Resolve conflicts with dataset PR 2023-06-20 07:40:10 -04:00
Doug Burks fc824359ed Update default fields for kratos.audit 2023-06-20 07:30:56 -04:00
Doug Burks 7caa7cec6b Fix SOC Auth queries in Dashboards and Hunt 
Change `event.dataset:audit` to `event.dataset:kratos.audit`.
 2023-06-20 07:13:33 -04:00
Wes b5bccc5e05 Use module in dataset name and add dataset tag 2023-06-15 13:06:57 +00:00
m0duspwnens 8e18986671 enabled/disable soc in ui 2023-05-11 15:33:16 -04:00
Doug Burks 5be5466efe fix GeoIP queries 2023-03-24 14:03:12 -04:00