CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-01-02 22:33:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
11,435 Commits 20 Branches 120 Tags
663af7935b88ba49e05ab2cfe9cd7d91bfbfb40f
Commit Graph

6943 Commits

Author SHA1 Message Date
Jason Ertel
fde33de030 Use original style due to pgrep conflict with cron 2022-12-07 11:51:49 -05:00
Jason Ertel
e849783a86 Reduce cron noise; ensure filecheck is restarted if modified 2022-12-07 08:36:56 -05:00
weslambert
def0c85349 Disable Filebeat input for 'ecat_arp_info' Zeek logs 2022-12-07 08:00:21 -05:00
weslambert
7ce0924382 Ignore additional rules causing compilation errors 2022-12-06 13:59:21 -05:00
weslambert
73304e049c Merge pull request #9304 from Security-Onion-Solutions/feature/ics_scada_additions 
Port STUN, TDS, WireGuard, and ICS/SCADA Changes from 2.3 to 2.4
 2022-12-06 13:14:47 -05:00
weslambert
a626acced0 Add new ICS/SCADA event fields to the dashboards section of the configuration and remove extra space in key names. 2022-12-06 13:11:55 -05:00
Jason Ertel
88410bc8f8 Merge branch '2.4/dev' into config 2022-12-06 12:38:43 -05:00
Jason Ertel
168cd00e1b Handle suricata extracted with filecheck 2022-12-06 12:34:02 -05:00
Wes
1b5c1fecd4 Revert SOC default 'alerts' event fields and specify additional event fields for ICS/SCADA events 2022-12-06 17:28:30 +00:00
Wes
b048eec3c0 Add STUN, TDS, WireGuard, and ICS/SCADA dashboard queries 2022-12-06 17:17:49 +00:00
Wes
f44eee134a Add default queries and ICS/SCADA queries 2022-12-06 16:52:20 +00:00
Wes
c741fe6b4d Ensure ICS/SCADA plugins/scripts are enabled 2022-12-06 16:23:26 +00:00
Wes
be5775e4a0 Ensure Filebeat defaults file is updated with ICS/SCADA log references 2022-12-06 16:15:09 +00:00
Wes
499b5d95f2 Add 'ics' tag for 'bsap'-prefixed events/logs 2022-12-06 16:01:57 +00:00
Wes
14af1d36cb Ensure ICS/SCADA pipelines are present 2022-12-06 15:58:47 +00:00
Jason Ertel
fd13c7ccc0 Additional metadata for soc 2022-12-05 09:03:22 -05:00
Mike Reeves
f083b3867b Update init.sls 2022-12-02 09:40:35 -05:00
Mike Reeves
f83545c556 Update filecheck 2022-11-30 11:02:56 -05:00
Wes
7f324bc47e Remove extra space used during testing 2022-11-22 20:52:08 +00:00
Wes
a6bc5b108f Add missing OPCUA 'activate_session' pipelines 2022-11-22 20:51:44 +00:00
m0duspwnens
b95a83b016 Merge remote-tracking branch 'remotes/origin/2.4/dev' into dockerips 2022-11-22 14:17:19 -05:00
m0duspwnens
b05839bb93 use single quote 2022-11-22 13:07:58 -05:00
weslambert
356904f751 Fix spelling of 'wireguard.responses' field name 2022-11-22 13:03:04 -05:00
weslambert
6b77843e52 Fix format/speliing for 'enip.status_code' field name 2022-11-22 12:07:55 -05:00
weslambert
13faf63770 Fix spelling for 'stun.class' field name 2022-11-22 12:07:15 -05:00
m0duspwnens
4b6b42f9b9 dont try to add sosnet if it exists 2022-11-22 10:19:18 -05:00
Wes
a38e312df4 Add COTP and TDS ingest pipelines 2022-11-22 13:36:27 +00:00
weslambert
d2bc1a5523 Fix syntax error for 'ics' tag logic 2022-11-22 07:24:54 -05:00
weslambert
fe180d5657 Fix indentation 2022-11-21 17:02:17 -05:00
weslambert
9994d47a43 Add 'ics' tag to events generated from ICS protocol logs 2022-11-21 16:46:47 -05:00
Doug Burks
febb781428 Add ICS/SCADA logs to filebeat defaults.yaml 2022-11-21 12:10:55 -05:00
weslambert
061f0b0595 Merge pull request #9159 from Security-Onion-Solutions/feature/additional_ics_scada_ingest_pipelines_2_4 
Add additional ICS/SCADA ingest node pipelines
 2022-11-21 10:32:00 -05:00
Wes
05b9a067fd Add additional ICS/SCADA ingest node pipelines 2022-11-17 16:03:21 +00:00
Jason Ertel
ed9aa5b73f Ensure filecheck is up by checking every minute 2022-11-17 10:48:53 -05:00
Jason Ertel
7f7e5474ed Add more logging for filecheck monitoring, and ensure scripts are accessible to salt-relay 2022-11-17 10:43:05 -05:00
Jason Ertel
0ffef75d7b Move background jobs to cron 2022-11-17 09:50:41 -05:00
Jason Ertel
c572848ece temporarily remove filecheck for debug purposes 2022-11-17 08:06:24 -05:00
Jason Ertel
7cd5d625d1 temporarily remove salt-pipe for debug purposes 2022-11-16 20:45:50 -05:00
Jason Ertel
4497037442 Use bg:True to send cmd to background 2022-11-16 20:03:54 -05:00
Wes
638a3568b0 Update ingest node pipelines for ICS/SCADA protocols 2022-11-16 21:11:21 +00:00
m0duspwnens
d97e13b473 add /24 back to default bip, rever daemon.json 2022-11-16 14:47:40 -05:00
Josh Brower
8db49feb32 Use our docker image 2022-11-16 08:24:25 -05:00
m0duspwnens
9ffde8bff5 ensure options are strings 2022-11-15 17:46:08 -05:00
m0duspwnens
19f043cfe2 add some options for sosnet 2022-11-15 17:39:08 -05:00
m0duspwnens
54e4749ddf remove comma 2022-11-15 17:30:55 -05:00
m0duspwnens
d246aa6a80 we dont need default network config 2022-11-15 17:14:33 -05:00
m0duspwnens
75825617da add soc to sosnet 2022-11-15 17:13:25 -05:00
m0duspwnens
edd993fd82 change dupe soc to elastalert 2022-11-15 16:02:17 -05:00
Mike Reeves
813e59aa61 Add statics 2022-11-15 13:23:35 -05:00
Josh Brower
48d191b656 Merge remote-tracking branch 'remotes/origin/2.4/dev' into 2.4/elasticfleet-ag 2022-11-15 12:13:05 -05:00