b753d40861
Tighten parsing
2025-05-20 17:06:11 -04:00
2fff6232c1
Merge pull request #14638 from Security-Onion-Solutions/2.4/playbooks-parsing
...
Add parsing for Playbook
2025-05-19 18:06:05 -04:00
f751c82e1c
Merge pull request #14639 from Security-Onion-Solutions/cogburn/ruleset-name
...
Add RulesetName to Rule Repos
2025-05-19 15:40:02 -06:00
39f74fe547
Use the new JSON object editor for RulesRepos config entries
2025-05-19 15:38:45 -06:00
11fb33fdeb
Add RulesetName to Rule Repos
...
Fill in `rulesetName` in the rules repos of the ElastAlert and Strelka engines. These will act as an example to anybody adding their repos to these lists. The field is not required, but helps avoid collisions when managing repos as the value is used for the folder name. When not present, the final folder of the repo url is used as the rulesetName and as the folder name on disk.
Note that rulesetNames including a `/` will create extra folders in the path but the rulesetName will contain the slash, i.e. `rulesetName="joesecurity/sigma-rules"` will create the nested structure of `reposFolder/joesecurity/sigma-rules" containing the contents of the repo. All rules imported from this repo will have the ruleset of `joesecurity/sigma-rules`.
2025-05-19 14:19:56 -06:00
58f4db95ea
Create playbooks dir
2025-05-19 15:31:50 -04:00
b55cb257b6
Add parsing for Playbook
2025-05-19 13:25:27 -04:00
2948577b0e
Merge pull request #14629 from Security-Onion-Solutions/reyesj2-wt2
...
logstash isn't running on receivers or manager when kafka is the glob…
2025-05-16 10:27:18 -05:00
870a9ff80c
dedup
2025-05-16 10:24:09 -05:00
689db57f5f
logstash isn't running on receivers or manager when kafka is the global.pipeline
2025-05-16 10:05:38 -05:00
2768722132
Merge pull request #14623 from Security-Onion-Solutions/cogburn/playbooks
...
Cogburn/playbooks
2025-05-15 13:27:02 -06:00
df103b3dca
Spacing
2025-05-14 16:36:59 -04:00
0542c77137
Remove wip config
2025-05-14 16:35:09 -04:00
9022dc24fb
Add Parsing for Playbooks
2025-05-14 13:19:50 -06:00
78b7068638
Playbook Settings
...
Map a folder from the manager's soc config folder to soc's sensoroni folder for storing the playbook repo.
Added playbook module section with default values.
2025-05-14 13:19:49 -06:00
70339b9a94
Merge pull request #14621 from Security-Onion-Solutions/TOoSmOotH-patch-1
...
Update soup
2025-05-14 13:48:53 -04:00
5c8460fd26
Update soup
2025-05-14 13:47:26 -04:00
69e90e1e70
Update soup
...
Souper Duper!
2025-05-14 13:41:08 -04:00
8c5ea19d3c
Merge pull request #14619 from Security-Onion-Solutions/jertel/wip
...
improve consistency
2025-05-14 09:31:56 -04:00
82562f89f6
improve consistency
2025-05-14 09:23:35 -04:00
ede36b5ef8
Merge pull request #14614 from Security-Onion-Solutions/TOoSmOotH-patch-1
...
Get ready for .160
2025-05-12 10:49:46 -04:00
fd00a4db85
Update VERSION
2025-05-12 10:48:52 -04:00
510c7a0c19
Update 2-4.yml
2025-05-12 10:48:12 -04:00
2a7365c7d7
Merge pull request #14612 from Security-Onion-Solutions/2.4/dev
...
2.4.150
2025-05-12 10:34:22 -04:00
f7ca3e45ac
Merge pull request #14611 from Security-Onion-Solutions/2.4.150
...
2.4.150
2025-05-12 10:24:27 -04:00
0172272e1b
2.4.150
2025-05-12 09:58:09 -04:00
776f574427
Merge pull request #14609 from Security-Onion-Solutions/2.4/jbrower-patch-2
...
Cleanup
2025-05-09 10:42:05 -04:00
a0aafb7c51
Cleanup
2025-05-09 10:29:23 -04:00
09ec14acd8
Merge pull request #14608 from Security-Onion-Solutions/m0duspwnens-patch-1
...
fix file permissions for download
2025-05-09 09:29:33 -04:00
61f8b251f0
cp to mv
2025-05-09 09:25:46 -04:00
75dd04c398
fix file permissions for download
2025-05-09 09:21:30 -04:00
e2ef544bfc
Merge pull request #14607 from Security-Onion-Solutions/2.4/jbpatch
...
Regen installers
2025-05-09 08:21:46 -04:00
daad99a0b6
Regen installers
2025-05-09 08:17:46 -04:00
fdeee45d3f
Merge pull request #14605 from Security-Onion-Solutions/jertel/wip
...
more analyzer dep updates
2025-05-08 15:57:08 -04:00
7fe9e2cbfd
more analyzer dep updates
2025-05-08 15:53:16 -04:00
74d557a5e0
Merge pull request #14603 from Security-Onion-Solutions/reyesj2/fix-14602
...
add null check
2025-05-08 08:34:53 -05:00
82f9043a14
Merge pull request #14604 from Security-Onion-Solutions/dougburks-patch-1
...
Update defaults.yaml to replace remaining instances of identity_id with user.name
2025-05-08 09:14:03 -04:00
a8cb18bb2e
Update defaults.yaml to replace remaining instances of identity_id with user.name
2025-05-08 09:09:26 -04:00
e1d31c895e
add null check
2025-05-07 21:25:30 -05:00
e661c73583
Merge pull request #14601 from Security-Onion-Solutions/2.4/upgradeeafix
...
Only upgrade node agents for local stack version
2025-05-07 16:11:10 -04:00
42ba778740
Only upgrade node agents for local stack version
2025-05-07 16:08:47 -04:00
204d53e4a7
Merge pull request #14596 from Security-Onion-Solutions/2.4/kratosuser
...
Show user.name instead of id
2025-05-07 11:21:18 -04:00
d47a798645
Show user.name instead of id
2025-05-07 11:17:00 -04:00
68ea229a1c
Merge pull request #14595 from Security-Onion-Solutions/jertel/wip
...
update default actions for subgrid support
2025-05-06 14:35:01 -04:00
1ecf2b29fc
update default actions for subgrid support
2025-05-06 13:56:16 -04:00
8a321e3f15
Merge pull request #14593 from Security-Onion-Solutions/reyesj2/feat-254
...
missing globals.is_manager swap
2025-05-06 09:01:58 -05:00
b4214f73f4
typo
2025-05-06 09:01:22 -05:00
b9da7eb35b
missing globals.is_manager swap
2025-05-06 08:58:47 -05:00
d6139d0f19
Merge pull request #14580 from Security-Onion-Solutions/reyesj2/feat-254
...
collect es index sizes
2025-05-06 08:39:16 -05:00
d2fe8da082
Merge pull request #14592 from Security-Onion-Solutions/fleetlocal
...
copy so_agent-installers to nsm for nginx
2025-05-05 13:47:22 -04:00
Josh Brower
coreyogburn
Corey Ogburn
Jorge Reyes
Mike Reeves
Jason Ertel
Jason Ertel
Mike Reeves
Josh Patterson
Doug Burks