CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
9,797 Commits 24 Branches 119 Tags
722b200e16d172200e79962f9e10c07b0e10032f
Commit Graph

300 Commits

Author SHA1 Message Date
weslambert
fc3273fa49 Change to label fields to comply with what's defined in Filebeat template 2022-03-04 16:29:01 -05:00
Wes Lambert
a290602a70 Revert syslog pipeline updates from Abe' PR for now 2022-03-01 15:31:07 +00:00
Wes Lambert
dc07adca63 Rename ingest.timestamp to event.ingested 2022-03-01 15:05:08 +00:00
Doug Burks
32b71fdcac Avoid changing _index for imported logs 2022-02-26 10:36:09 -05:00
weslambert
23fb62c0d6 Split Zeek DNS records into a separate index 2022-02-24 12:52:25 -05:00
weslambert
bc2c1b4ccc Merge pull request #6935 from abesinger/issue/6912 
Updated syslog pipeline, resolves #6912.
 2022-02-24 08:33:55 -05:00
weslambert
c5b5c5858e Rename to prevent field conflict 2022-02-02 14:31:46 -05:00
weslambert
367b59188b Revert back to dns.answers for now 2022-01-31 09:54:39 -05:00
weslambert
8f0a327cb5 Fix Zeek field name so it doesn't conflict with mapping of other dns.answers fields 2022-01-26 15:02:59 -05:00
abesinger
31d22e717d Updated syslog pipeline, resolves #6912. Also cleaned up formatting to make it more readable. 2022-01-19 18:45:26 -06:00
m0duspwnens
494737549d move some es script to src elasticsearch/tools/sbin and dst /usr/sbin. set requires 2022-01-12 10:20:05 -05:00
m0duspwnens
baf297ab0a merge with dev, resolve conflict 2022-01-11 11:24:10 -05:00
m0duspwnens
716c98ec61 requires and ordering for socusersroles state 2022-01-10 14:39:00 -05:00
Josh Brower
56aa24d874 Fix Wazuh WEL Parsing 2022-01-10 13:55:38 -05:00
m0duspwnens
beb9a33628 only include curl.config if elasticsearch:auth is enabled 2022-01-10 11:48:16 -05:00
Josh Brower
5d4ea2ba3a Revert Wazuh parser update 2022-01-07 10:51:24 -05:00
Josh Brower
277c7f1ef8 Uppercase first char in Wazuh WEL 2022-01-06 14:58:50 -05:00
Jason Ertel
2c9062efb7 resolved merge conflicts 2021-12-21 09:34:39 -05:00
Jason Ertel
35617acaeb Update cacerts to reflect new path; this changed due to ES 7.16.2 2021-12-20 12:12:00 -05:00
Jason Ertel
6f116a2d01 Switch to new Ubuntu SSL dir 2021-12-20 09:43:59 -05:00
Mike Reeves
465ba1b7d3 Change CA certs location 2021-12-15 17:08:36 -05:00
Wes Lambert
f80b70e008 Add config for dynamically formatted ingest pipelines 2021-11-09 20:07:53 +00:00
Wes Lambert
46d3eb452d Add ECS testing pipeline 2021-11-08 20:08:56 +00:00
Josh Brower
2ba619144c Support non-WEL Beats 2021-11-02 08:23:29 -04:00
Mike Reeves
a3e0fb127a Merge pull request #5069 from datlife/datlife/asn-annotation 
Add ASN annotation for IP
 2021-10-05 06:50:31 -04:00
Dat
9569e73bd0 Added ASN annotation for IP 2021-10-04 12:41:20 -07:00
m0duspwnens
aed73511e4 file cleanup, comment cleanup 2021-09-20 09:24:03 -04:00
m0duspwnens
5b77dc109f Merge remote-tracking branch 'remotes/origin/dev' into issue/1257 2021-09-16 16:54:23 -04:00
Josh Brower
a75238bc3f so-import-evtx - fix ingest formatting 2021-09-15 14:13:16 -04:00
m0duspwnens
93f2cd75a4 add the jinja template 2021-09-09 10:19:46 -04:00
Josh Brower
7b93f355e2 so-import-evtx - timestamp extraction 2021-08-25 15:17:19 -04:00
Mike Reeves
71bbb41b5f Merge branch 'dev' into bravo 2021-08-04 10:57:10 -04:00
William Wernert
8a49039b85 Only append source.ip to logscan.source.ips if it's been created 2021-08-02 09:50:49 -04:00
William Wernert
2a6277c0c3 Fix field names in logscan pipeline 2021-07-30 15:46:39 -04:00
William Wernert
33bd6aed20 Fix logscan pipeline on eval 
* Rename logscan pipeline to logscan.alert
* Add module to indices array in filebeat.yml
 2021-07-30 14:41:15 -04:00
William Wernert
0b06d0bfdb Merge branch 'dev' into foxtrot 2021-07-29 15:15:25 -04:00
Jason Ertel
4c6447a3da merge 2.3.61 MSEARCH hotfix into dev 2021-07-29 15:00:58 -04:00
Mike Reeves
a42d8c9229 Fix Manager Search 2021-07-28 17:03:14 -04:00
doug
3d3593a1a9 FIX: Suricata dns.response.code needs to be renamed to dns.response.code_name #4770 2021-07-22 09:50:21 -04:00
Mike Reeves
09165daab8 Several Suricata things 2021-07-21 09:10:33 -04:00
William Wernert
9bf1d3e0c6 Misc fixes 2021-07-16 14:59:44 -04:00
William Wernert
3a12d28d20 Merge branch 'dev' into feature/logscan 2021-07-16 14:13:19 -04:00
Wes Lambert
05aad07bfc Replace staging path with processed path for analyzed files 2021-07-14 15:04:46 +00:00
Wes Lambert
441cd3fc59 Move Wazuh-specific data to wazuh.data 2021-07-14 13:42:51 +00:00
William Wernert
e7a6172d7e [fix] Add single quotes to strings 2021-07-13 14:07:27 -04:00
William Wernert
115e0a6fee [fix] Add missing comma 2021-07-13 12:04:10 -04:00
William Wernert
e059c25ebc [fix][wip] Fix pipeline parsing errors 2021-07-13 11:05:05 -04:00
William Wernert
2b0bca8e55 Merge branch 'dev' into feature/logscan 2021-07-12 14:58:30 -04:00
doug
e6f9592cde FIX: Suricata dns.response.code needs to be renamed to dns.response.code_name #4770 2021-07-12 13:24:21 -04:00
William Wernert
bac7ef71d8 Add logscan.source.ips field 2021-07-09 10:55:11 -04:00