CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 18:22:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
14,617 Commits 24 Branches 119 Tags
7124f041388310e191c30fa97336c5f8f94c278c
Commit Graph

14617 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Doug Burks
d3d2305f00 FEATURE: Add new dashboards for community_id and firewall auth #12323 2024-02-07 16:08:27 -05:00
Josh Brower
7e3187c0b8 Fixup sigma pipelines 2024-02-07 15:35:31 -05:00
Josh Brower
b7b501d289 Add Sigma pipelines 2024-02-07 15:02:52 -05:00
m0duspwnens
6534f392a9 update backup filename 2024-02-07 14:25:28 -05:00
m0duspwnens
478fb6261e Merge remote-tracking branch 'origin/2.4/dev' into salt3006.6 2024-02-07 14:15:11 -05:00
m0duspwnens
e42e07b245 update salt mine after salt-master restarts 2024-02-07 13:05:45 -05:00
m0duspwnens
f97d0f2f36 add /opt/so/rules/ to files_roots 2024-02-07 09:25:56 -05:00
m0duspwnens
24fd3ef8cc uopdate error message 2024-02-06 16:22:13 -05:00
m0duspwnens
b3f6153667 update so-yaml tests 2024-02-06 16:15:54 -05:00
Doug Burks
d800d59304 Merge pull request #12316 from Security-Onion-Solutions/feature/improve-soc-actions 
FEATURE: Improve Correlate and Hunt actions on SOC Actions menu #12315
 2024-02-06 15:46:31 -05:00
Doug Burks
7106095128 FEATURE: Improve Correlate and Hunt actions on SOC Actions menu #12315 2024-02-06 15:39:23 -05:00
m0duspwnens
9d62ade32e update so-yaml tests 2024-02-06 11:14:27 -05:00
m0duspwnens
2643ae08a7 add append to list 2024-02-05 17:54:30 -05:00
Josh Brower
378c99ae88 Fix bindings 2024-02-02 18:27:49 -05:00
Corey Ogburn
8f81c9eb68 Updating config for Detection(s) 2024-02-02 11:49:58 -07:00
Pete
cf83d1cb86 feat: use mountpoint for Elastic log limit 
Instead of just existence, this checks if the directories are separate mountpoints when determining disk size and log_size_limit calculations.

It also sets the percentage to 80 if /nsm/elasticsearch is a separate mountpoint.  This allows for better disk utilization on server configurations where /nsm is based on large slow HDDs for increased PCAP retention but /nsm/elasticsearch is based on SSDs for faster Elasticsearch performance.
 2024-02-02 12:25:16 -05:00
Pete
7a29b3a529 call salt before stopping salt services 
salt-call does not work when the salt-master is not running.  If these calls are to succeed, they should occur before the salt services are stopped.
 2024-02-02 08:45:01 -05:00
Josh Brower
fe196b5661 Add SOC Config for Detections 2024-02-01 12:22:50 -05:00
m0duspwnens
61ee41e431 Merge remote-tracking branch 'origin/2.4/dev' into salt3006.6 2024-02-01 11:07:06 -05:00
m0duspwnens
0d5db58c86 upgrade salt3006.6 2024-02-01 10:32:41 -05:00
Josh Brower
3d478b92b2 Merge pull request #12294 from Security-Onion-Solutions/jppffa 
Jppffa
 2024-02-01 09:47:18 -05:00
Josh Brower
e090518b59 Refactor script 2024-02-01 09:46:53 -05:00
weslambert
91c1e595ef Merge pull request #12297 from Security-Onion-Solutions/feature/pipeline_config_ui 
Manage custom Elasticsearch and Logstash pipelines in UI
 2024-02-01 09:18:30 -05:00
Wes
1818e134ca Change numbers for Logstash 2024-02-01 14:01:55 +00:00
Wes
182667bafb Change numbers for Elasticsearch 2024-02-01 13:59:23 +00:00
Josh Brower
49b5788ac1 add bindings 2024-02-01 07:21:49 -05:00
Josh Brower
881d6b313e Update VERSION - kilo 2024-01-31 17:04:11 -05:00
Josh Brower
db057b4dfa Merge pull request #12296 from Security-Onion-Solutions/cogburn/detection_playbooks 
Cogburn/detection playbooks
 2024-01-31 16:48:51 -05:00
Wes
136097f981 Custom Logstash pipeline annotations 2024-01-31 21:47:09 +00:00
Wes
bc502cc065 Custom Elasticserach pipeline annotations 2024-01-31 21:46:33 +00:00
m0duspwnens
ae32ac40c2 add fleet node nginx to docker annotations 2024-01-31 16:28:45 -05:00
m0duspwnens
2f03248612 use different nginx defaults for so-fleet node hosting artifacts 2024-01-31 16:25:09 -05:00
Mike Reeves
a094d1007b Merge pull request #12293 from Security-Onion-Solutions/TOoSmOotH-patch-3 
fix salt lock for airgap version mismatches
 2024-01-31 16:21:16 -05:00
Mike Reeves
341ff5b564 Update so-functions 2024-01-31 16:18:51 -05:00
Josh Brower
0fe96bfc2d switch to symlink 2024-01-31 16:17:40 -05:00
Wes
4672a5b8eb Custom pipeline configuration in UI 2024-01-31 20:18:17 +00:00
Wes
1853dc398b Custom pipeline configuration 2024-01-31 20:17:33 +00:00
Wes
bc75be9402 Custom pipelines in UI 2024-01-31 20:16:48 +00:00
Wes
cd4bd6460a Custom pipelines 2024-01-31 20:16:18 +00:00
Corey Ogburn
585147d1de Added so-detection mapping in elasticsearch 2024-01-31 10:39:47 -07:00
Mike Reeves
0d01d09d2e fix pcap paths 2024-01-31 09:15:35 -05:00
Pete
1192dbd530 also remove intca symlink 
The symlink is created in init.sls; it should be removed here.
 2024-01-31 09:01:56 -05:00
Mike Reeves
00289c201e fix pcap paths 2024-01-31 08:58:57 -05:00
Corey Ogburn
858166bcae WIP: Detections Changes 
Removed some strelka/yara rules from salt.

Removed yara scripts for downloading and updating rules. This will be managed by SOC.

Added a new compile_yara.py script.

Added the strelka repos folder.
 2024-01-30 15:43:51 -07:00
m0duspwnens
4be1214bab pcap engine logic for sensoroni 2024-01-30 16:53:57 -05:00
Corey Ogburn
0fa4d92f8f socsigmarepo 
Need write permissions on the /opt/so/rules dir so I can clone the sigma repo there.
 2024-01-30 14:49:05 -07:00
m0duspwnens
8a25748e33 grammar 2024-01-30 16:06:24 -05:00
m0duspwnens
8b503e2ffa telegraf dont run stenoloss script if suricata is pcap engine 2024-01-30 15:58:11 -05:00
Jorge Reyes
4dd0b4a4fd Merge pull request #12283 from Security-Onion-Solutions/reyesj2-patch-6 
Remove remediate from initial oscap scan
 2024-01-30 15:56:13 -05:00
reyesj2
b5ffa186fb Remove remediate from initial oscap scan 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-01-30 15:54:23 -05:00