CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 09:42:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
8,284 Commits 24 Branches 119 Tags
72ba29fb7bd9bab3ba64e7c66cd41e899cabcc0c
Commit Graph

177 Commits

Author SHA1 Message Date
Mike Reeves
71bbb41b5f Merge branch 'dev' into bravo 2021-08-04 10:57:10 -04:00
William Wernert
8a49039b85 Only append source.ip to logscan.source.ips if it's been created 2021-08-02 09:50:49 -04:00
William Wernert
2a6277c0c3 Fix field names in logscan pipeline 2021-07-30 15:46:39 -04:00
William Wernert
33bd6aed20 Fix logscan pipeline on eval 
* Rename logscan pipeline to logscan.alert
* Add module to indices array in filebeat.yml
 2021-07-30 14:41:15 -04:00
Mike Reeves
09165daab8 Several Suricata things 2021-07-21 09:10:33 -04:00
William Wernert
9bf1d3e0c6 Misc fixes 2021-07-16 14:59:44 -04:00
William Wernert
3a12d28d20 Merge branch 'dev' into feature/logscan 2021-07-16 14:13:19 -04:00
Wes Lambert
05aad07bfc Replace staging path with processed path for analyzed files 2021-07-14 15:04:46 +00:00
Wes Lambert
441cd3fc59 Move Wazuh-specific data to wazuh.data 2021-07-14 13:42:51 +00:00
William Wernert
e7a6172d7e [fix] Add single quotes to strings 2021-07-13 14:07:27 -04:00
William Wernert
115e0a6fee [fix] Add missing comma 2021-07-13 12:04:10 -04:00
William Wernert
e059c25ebc [fix][wip] Fix pipeline parsing errors 2021-07-13 11:05:05 -04:00
William Wernert
2b0bca8e55 Merge branch 'dev' into feature/logscan 2021-07-12 14:58:30 -04:00
doug
e6f9592cde FIX: Suricata dns.response.code needs to be renamed to dns.response.code_name #4770 2021-07-12 13:24:21 -04:00
William Wernert
bac7ef71d8 Add logscan.source.ips field 2021-07-09 10:55:11 -04:00
William Wernert
80525ee736 [wip] Add logscan pipeline 2021-07-08 12:29:50 -04:00
Mike Reeves
693f455862 ECS hotfix 2021-07-02 08:55:49 -04:00
weslambert
4c74e7f308 Add event.kind and set name to module[dot]dataset 2021-06-02 15:35:26 -04:00
weslambert
db48c15f1d Create event.kind field and rename dataset to be module[dot]dataset 2021-06-02 15:33:18 -04:00
Jason Ertel
44ad8ce888 Switch to the ES-included community_id plugin 2021-04-29 12:08:07 -04:00
Josh Brower
7cbeed985a Differentiate between event & ingest timestamp 2021-04-13 12:55:40 -04:00
Josh Brower
cf4de255ec Fix Wazuh WEL Shipping 2021-04-12 15:18:18 -04:00
Josh Brower
44c75122ed Update Sigmac mappings and config for IPs and ports 2021-03-16 09:05:35 -04:00
doug
adbc7436b6 FIX: Populate http.status_message field #3408 2021-03-11 16:42:20 -05:00
doug
b4ad7e7359 FIX: Improve Suricata DHCP logging and parsing #3397 2021-03-11 11:01:51 -05:00
Josh Brower
548f67ca6f Initial support for Live Queries in Hunt 2021-03-04 18:21:13 -05:00
doug
71c7ffae3e Improve support for Suricata metadata #2200 2021-02-22 13:49:29 -05:00
doug
bcce205430 Improve support for Suricata metadata #2200 2021-02-22 13:00:14 -05:00
doug
3467f30603 Improve support for Suricata metadata #2200 2021-02-22 10:27:24 -05:00
Mike Reeves
0ea29144a8 Merge pull request #3047 from Security-Onion-Solutions/surifile2 
Suricata as Meta Data, File Extraction, And Parsing changes
 2021-02-19 14:09:38 -05:00
Mike Reeves
b4b449aa14 Pull in Suricata changes 2021-02-19 11:01:15 -05:00
doug
88eb5b1d61 Update syslog ingest parser to accomodate pfSense filterlog changes #3033 2021-02-19 08:02:32 -05:00
Josh Brower
13ab4c66eb Update Osquery Windows Eventlog Parsing 2021-01-27 09:15:54 -05:00
Wes Lambert
875908dc90 Set @timestamp to winlog.systemTime 2021-01-06 16:47:35 +00:00
Doug Burks
7a314b5935 Prevent Wazuh "last -n 20" logs from going to Alerts queue #2321 2020-12-12 11:35:29 -05:00
Doug Burks
61ae187d03 revert previous commit #2321 2020-12-12 10:12:23 -05:00
Mike Reeves
b5ed973abd Merge pull request #2138 from OmerTirosh/OmerTirosh-fix-win.eventlog 
Fix Error: SO elasticsearch ingest failed to convert 'winlog.event_data.SubjectUserName' to 'user.name'
 2020-12-12 10:00:27 -05:00
Doug Burks
85aac4ad75 Prevent Wazuh "last -n 20" logs from going to Alerts queue #2321 2020-12-12 09:22:08 -05:00
Wes Lambert
f689722559 Add initial suricata.ftp_data pipeline 2020-12-10 14:14:50 +00:00
OmerTirosh
e2ee0db727 Ignore failure for rename processor 
Ignore failure for winlog.event_data.SubjectUserName rename processor.
For some event ids (for example 4688), this field already been added in winlogbeat JS processor.
Therefor, elastic throw [user.name] already exists error.
 2020-11-24 17:21:47 +02:00
Mike Reeves
426769588a Merge pull request #1739 from jtgreen-cse/patch-2 
fix for Windows events via osquery
 2020-11-21 13:27:05 -05:00
Josh Brower
1908a68330 Cleanup & fix sysmon pid ingest 2020-11-14 16:19:23 -05:00
Wes Lambert
fddfb8eb92 Syslog updates 2020-11-13 16:06:22 +00:00
Wes Lambert
8258b782fc Update syslog pipeline to allow for initial CEF parsing and pipeline targeting 2020-11-11 21:39:40 +00:00
weslambert
ea1f53b40c Add check for field 2020-11-11 10:29:58 -05:00
Wes Lambert
7e578d2ce0 Pull out additional fields from Exif info 2020-11-09 16:53:53 +00:00
Wes Lambert
6420ee0310 Update parsing for scan.exiftool 2020-11-02 19:28:12 +00:00
jtgreen-cse
6359e03ba6 fix for Windows events via osquery 
This change was required to properly let Windows events flow through their specific pipelines. Otherwise, the `temp` field stays around and gets ingested in ES.
 2020-10-29 15:03:13 -04:00
weslambert
4765ef5f5c Change rule_ruleset to rule.ruleset 2020-10-20 22:14:23 -04:00
Wes Lambert
54c4ee796f Rename file.flavors.mime to file.mime_type 2020-10-14 18:56:44 +00:00