CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
9,204 Commits 24 Branches 119 Tags
66c9e20c6a0d639ae2da42db384af79da96ecf14
Commit Graph

9204 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jason Ertel
66c9e20c6a Add wilcards for CCS compatibility 2022-01-07 15:57:08 -05:00
Jason Ertel
d3656a7777 Merge branch 'dev' into kilo 2022-01-07 13:41:35 -05:00
Josh Patterson
3c44f6fd41 Merge pull request #6793 from Security-Onion-Solutions/23100soup_jpp 
23100soup
 2022-01-07 13:32:33 -05:00
Jason Ertel
391db568b0 Update field mappings based on Wes' feedback 2022-01-07 13:28:36 -05:00
Jason Ertel
a4f01d4412 Merge pull request #6792 from Security-Onion-Solutions/kilo 
Add case exclusion toggle to Hunt to avoid hunt results getting case …
 2022-01-07 13:02:27 -05:00
Jason Ertel
9ef83da23f Add case exclusion toggle to Hunt to avoid hunt results getting case data hits unintentionally 2022-01-07 12:58:35 -05:00
m0duspwnens
871fd115ae put so-firewalll in /usr/sbin since salt-master isnt running at this time 2022-01-07 12:04:19 -05:00
weslambert
218f7f3a13 Merge pull request #6790 from Security-Onion-Solutions/fix/dtc_severity_label 
Add event.severity_label
 2022-01-07 11:44:30 -05:00
weslambert
770e53d914 Add keyword subfield for event.severity_label 2022-01-07 11:21:57 -05:00
weslambert
c69e1353d9 Add event.severity_label 2022-01-07 11:19:54 -05:00
m0duspwnens
fd0e5d7d29 make sure so-firewall is up to date 2022-01-07 11:10:48 -05:00
Josh Brower
ae6aa0dafd Merge pull request #6789 from Security-Onion-Solutions/fix/wazuh-parsing-revert 
Revert Wazuh parser update
 2022-01-07 10:53:53 -05:00
Josh Brower
5d4ea2ba3a Revert Wazuh parser update 2022-01-07 10:51:24 -05:00
weslambert
a7e7566532 Merge pull request #6780 from Security-Onion-Solutions/feature/datatype_compliance 
Initial commit for data type compliance
 2022-01-06 16:38:17 -05:00
m0duspwnens
5ecb63f5cf prevent exit if minion doesnt respond 2022-01-06 16:17:51 -05:00
Josh Brower
ca4aaae47c Merge pull request #6778 from Security-Onion-Solutions/fix/wazuh-parsing 
Uppercase first char in Wazuh WEL
 2022-01-06 16:01:09 -05:00
Josh Brower
277c7f1ef8 Uppercase first char in Wazuh WEL 2022-01-06 14:58:50 -05:00
m0duspwnens
cd590b894a check that ossec.conf exists 2022-01-06 12:39:48 -05:00
weslambert
3f02003ea2 Merge pull request #6777 from Security-Onion-Solutions/fix/deprecation_ecs_compatibility_logstash 
Add config option for ECS compatibility (default of disabled)
 2022-01-06 11:31:51 -05:00
weslambert
8e2f500b9c Add config option for ECS compatibility (default of disabled) 2022-01-06 11:24:04 -05:00
weslambert
099e3e1ceb Merge pull request #6775 from Security-Onion-Solutions/fix/deprecation_warning_suppress 
Add logger stanza to suppress ES deprecation warning messages
 2022-01-06 10:45:37 -05:00
weslambert
900d12b556 Add logger stanza to suppress deprecation warning messages for now due to current system index access warning messages flooding the ES log 2022-01-06 10:35:50 -05:00
Jason Ertel
8cf7ea8b87 Merge pull request #6772 from Security-Onion-Solutions/kilo 
Prevent PCAP action from showing up outside of hunt/alerts
 2022-01-05 19:15:02 -05:00
Josh Patterson
eaa6597cd7 Merge pull request #6773 from Security-Onion-Solutions/issue/6765 
Issue/6765
 2022-01-05 18:11:06 -05:00
m0duspwnens
6338ba2e45 remove /var/cache/salt/ for reinstall 2022-01-05 16:54:56 -05:00
m0duspwnens
8af74e8bb3 remove more salt configs for reinstall 2022-01-05 16:53:54 -05:00
m0duspwnens
9357995bfa remove root cron and restore yeselastic.txt 2022-01-05 16:04:32 -05:00
weslambert
2fb488f768 Merge pull request #6769 from Security-Onion-Solutions/fix/id_fielddata_deprecation 
Fix issue with _id field fielddata/deprecation
 2022-01-05 15:40:25 -05:00
Wes Lambert
1cafacfa51 Update saved objects to reflect removal of TheHive scripted field and replacement of PCAP pivot with Hunt pivot 2022-01-05 20:36:23 +00:00
weslambert
c1a88977cf Disable fielddata for _id field by default (since it is deprecated and can be memory-intensive) 2022-01-05 15:23:52 -05:00
m0duspwnens
0ff5e3cf6f require so-elasticsearch container to be running to run the scripts 2022-01-05 14:48:41 -05:00
m0duspwnens
8950f94fb0 restore state files so python3-influxdb state doesnt try to patch during a restinstall 2022-01-05 12:02:53 -05:00
Wes Lambert
b60837e71a Initial commit for data type compliance 2022-01-05 16:38:56 +00:00
Jason Ertel
4f8524e0ac Prevent PCAP action from showing up outside of hunt/alerts 2022-01-05 11:13:12 -05:00
weslambert
2f9672d3ea Merge pull request #6764 from Security-Onion-Solutions/feature/soup_branch 
Denote which branch is being used in SOUP if BRANCH is specified
 2022-01-05 10:54:29 -05:00
weslambert
db43e21378 Fix indentation 2022-01-05 10:46:41 -05:00
weslambert
4d8b417fc9 Denote which branch is being used in SOUP if BRANCH is specified 2022-01-05 10:41:27 -05:00
Jason Ertel
89415b12ce Merge pull request #6762 from Security-Onion-Solutions/kilo 
Switch soc.json to use lowercase labels in default queries; Also enab…
 2022-01-05 09:59:39 -05:00
Jason Ertel
4bfdfffe21 Switch soc.json to use lowercase labels in default queries; Also enable the 'Add Case' feature 2022-01-05 09:54:13 -05:00
Mike Reeves
1adc4c5346 Merge pull request #6752 from Security-Onion-Solutions/ubufix 
Fix docker holds so re-install will work properly
 2022-01-04 18:56:06 -05:00
Mike Reeves
3ca0ce9eea Update so-functions 2022-01-04 18:47:35 -05:00
Mike Reeves
e869013057 Remove docker the reinstall it 2022-01-04 15:24:10 -05:00
Mike Reeves
dd104c9490 Add holds for ubuntu 2022-01-04 13:07:09 -05:00
m0duspwnens
7bb9b6efa9 populate mine with network.ip_addrs pillar.host.mainint for each host prior to highstate 2022-01-04 10:27:45 -05:00
Mike Reeves
288389c93e Soup changes for 2.3.100 2022-01-04 08:38:14 -05:00
Josh Patterson
4247a3a816 Merge pull request #6730 from Security-Onion-Solutions/fix/ub1804ssl 
more detailed logging for the retry command
 2021-12-30 13:19:58 -05:00
m0duspwnens
cc2f6e23ca more detailed logging for the retry command 2021-12-30 13:09:29 -05:00
Josh Patterson
064355dfb5 Merge pull request #6729 from Security-Onion-Solutions/fix/ub1804ssl 
change exitCode to exitcode. set exitcode to 1 if failed output found
 2021-12-30 11:38:32 -05:00
m0duspwnens
d274615376 change exitCode to exitcode. set exitcode to 1 if failed output found 2021-12-30 10:45:30 -05:00
Josh Patterson
78eda75c0f Merge pull request #6725 from Security-Onion-Solutions/fix/ub1804ssl 
add option to look for failed outout in retry function in so-common. …
 2021-12-29 18:18:12 -05:00