CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-25 14:07:49 +02:00
Code Issues Packages Projects Releases Wiki Activity
16,159 Commits 40 Branches 125 Tags
7155ccaf962ab99272f3533fbb2288f5f5a6fd6a
Commit Graph

1223 Commits

Author SHA1 Message Date
reyesj2 69b559fb26 ES 8.17.2 pipeline version updates 2025-02-20 17:11:28 -06:00
reyesj2 df350b5a56 ES 8.17.2 2025-02-20 14:20:09 -06:00
reyesj2 3b6344e7f0 add back settings previously defined when overwritting logs-elastic_agent@package and logs-endpoint.diagnostics.collection@package 2025-02-20 12:42:30 -06:00
reyesj2 c9b41e2eb1 formatting 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-02-20 10:11:34 -06:00
reyesj2 499d473b9d set metrics indices to 0 replicas 2025-02-20 10:06:59 -06:00
reyesj2 45c66b93d7 make sure only a non-empty file is loaded 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-02-19 09:23:48 -06:00
Jorge Reyes a3dba9b566 Merge pull request #14255 from Security-Onion-Solutions/foxtrot 
ES 8.17.1
 2025-02-18 14:58:46 -06:00
reyesj2 1be8de7acb must use null check 2025-02-18 11:16:57 -06:00
reyesj2 c1c72ddd9b update global@custom pipeline ignore null/empty string values 2025-02-18 10:39:54 -06:00
reyesj2 235a8e3934 update index templates for endpoint integration 2025-02-17 18:30:51 -06:00
reyesj2 12f0195f29 pfsense integration - keep suricata events 2025-02-17 12:28:23 -06:00
reyesj2 c711ffe6c5 keep pipeline "managed" metadata 2025-02-13 08:44:56 -06:00
reyesj2 09c7b31918 update pfsense pipeline version. Remove unused component templates 2025-02-12 16:33:56 -06:00
reyesj2 40cb3a53ae Revert ES 8.17.2 upgrade -> 8.17.1 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-02-12 13:18:08 -06:00
reyesj2 fb0cd436d3 ES 8.17.2 TODO: Check import-evtx-logs.json for updated pipeline versions 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-02-11 11:23:04 -06:00
reyesj2 33f145a40b ensure network packet capture integration data has event.module:network_traffic 2025-02-10 13:16:39 -06:00
reyesj2 9bde70a8e2 zeek.software typo 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-02-07 15:19:40 -06:00
Joshua Brower b874619f0d Fix ip-mappings ILM 2025-02-03 09:31:08 -05:00
Josh Patterson fe4129c8e0 env discovery.type single-node change 
only managers and heavynodes are eligible for discovery.type=single-node
 2025-01-29 09:11:52 -05:00
Joshua Brower e994f3a220 Fix commits 2025-01-27 14:48:50 -05:00
Josh Brower 9738ef382c Upgrade Elastic to 8.17.1 2025-01-23 08:12:02 -05:00
Jorge Reyes c2f5c2226f Merge pull request #14138 from Security-Onion-Solutions/reyesj2/es-integ-tmp 
add back missing component for http_endpoint_x_generic & winlog_x_win…
 2025-01-22 10:16:30 -06:00
reyesj2 d779f7ae7f add back missing component for http_endpoint_x_generic & winlog_x_winglog 2025-01-22 10:15:16 -06:00
Jorge Reyes d26c7e6f9b Merge pull request #14134 from Security-Onion-Solutions/reyesj2/es-integ-tmp 
remove individual <integration>@custom mappings. Moved over to so-fle…
 2025-01-21 11:00:18 -06:00
reyesj2 6331298eac remove individual <integration>@custom mappings. Moved over to so-fleet_integrations.ip_mappings-1 2025-01-21 10:49:54 -06:00
reyesj2 76abf37351 Merge remote-tracking branch 'origin/2.4/dev' into foxtrot 2025-01-21 09:03:04 -06:00
reyesj2 1396083b7d use so-elasticsearch-query where possible; simplify suricata.alerts index reroute 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-01-17 13:29:46 -06:00
reyesj2 d35ffef503 merge 2.4/dev 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-01-17 11:23:54 -06:00
reyesj2 9032d7d7bc any suricata.alert with event.imported: true remains in logs-import-so 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-01-16 18:48:31 -06:00
reyesj2 45d3438d18 update ingest pipeline for imported logs 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-01-16 17:33:14 -06:00
reyesj2 b3b7fb8f29 add null check and move tag lookup to .contains() in global@custom 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-01-15 12:16:11 -06:00
reyesj2 4618256442 include okta-mappings in so-logs-okta.system index template 2025-01-13 11:32:27 -06:00
reyesj2 323ef1d5d6 add missing lifecycle name to trend_micro_vision_one indices 2025-01-13 09:29:22 -06:00
reyesj2 a5b1648b68 add missing lifecycle name to crowdstrike indices 2025-01-13 09:26:16 -06:00
reyesj2 4f92b7ced1 add support for cloudflare_logpush integration 2025-01-13 09:23:05 -06:00
reyesj2 e60a1e4357 zeek ldap & ldap_search parsing 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-01-09 16:06:10 -06:00
reyesj2 0e87351a9c add zeek.quic mappings 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-01-08 16:18:53 -06:00
reyesj2 b97619b8f9 Merge remote-tracking branch 'origin/2.4/dev' into reyesj2/es-integ-tmp 2025-01-06 14:44:35 -06:00
reyesj2 3d3f0460fa move addon integration script run to elasticfleet state 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-01-06 14:42:16 -06:00
reyesj2 9fe3f6042f Remove individual integrations ip mappings component template. Replaced with global mappings 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-01-06 10:44:22 -06:00
reyesj2 cdd4a1ff1f fixes addon integration map file 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-01-03 16:06:22 -06:00
reyesj2 9f83853922 Zeek QUIC support 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-12-31 13:44:20 -06:00
reyesj2 ecf094f684 WIP: support all es fleet integrations 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-12-26 16:18:04 -06:00
reyesj2 b3436415dc merge 2.4/dev 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-12-18 14:13:25 -06:00
reyesj2 157185c370 add ti_opencti integration support 2024-12-18 11:33:49 -06:00
reyesj2 9bc20c26bb Merge branch '2.4/dev' of github.com:Security-Onion-Solutions/securityonion into reyesj2/es-integ-tmp 2024-12-06 14:29:25 -06:00
reyesj2 ad8b339a3b fix error due to null reference 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-12-06 09:07:16 -06:00
reyesj2 754d28e95d add openvpn & ipsec support to Zeek 2024-12-05 09:52:55 -06:00
reyesj2 888145a2ed remove optional integrations from defaults.yaml & soc_elasticsearch.yaml 2024-12-03 08:55:43 -06:00
reyesj2 993d56cb58 ti_rapid7* 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-11-25 15:51:49 -06:00