CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 09:42:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
14,793 Commits 24 Branches 119 Tags
72db369fbbb9c93994bacf3b2a62692e4cdf5419
Commit Graph

1054 Commits

Author SHA1 Message Date
Doug Burks
4d6124f982 FIX: Elasticsearch min_age regex #12885 2024-04-30 10:18:34 -04:00
reyesj2
fadb6e2aa9 Re-add original timestamp format + ignore failures with this processor 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-29 16:57:48 -04:00
reyesj2
192d91565d Update final pipeline timestamp format for event.module system events 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-29 16:34:29 -04:00
weslambert
b424426298 Exclude suricata 2024-04-25 09:14:18 -04:00
Josh Patterson
03f9160fcc Merge pull request #12860 from Security-Onion-Solutions/issue/12856 
allow for enabled/disable of so-elasticsearch-indices-delete cronjob
 2024-04-25 09:07:44 -04:00
m0duspwnens
d50de804a8 update annotation 2024-04-25 09:04:34 -04:00
weslambert
44afa55274 Fix comments about deletion 2024-04-24 17:41:37 -04:00
weslambert
ab832e4bb2 Include logstash-prefixed indices 2024-04-24 17:17:53 -04:00
m0duspwnens
c9d9979f22 allow for enabled/disable of so-elasticsearch-indices-delete cronjob 2024-04-24 16:18:45 -04:00
weslambert
59a02635ed Change index sorting 2024-04-24 15:18:49 -04:00
weslambert
1b3a0a3de8 Remove hot max_age 2024-04-24 10:11:02 -04:00
weslambert
75b5e16696 Update description, type, and regex 2024-04-24 09:14:39 -04:00
weslambert
8a0a435700 Fix warm description 2024-04-24 08:35:19 -04:00
weslambert
691b02a15e Fix warm description 2024-04-23 10:40:09 -04:00
Jorge Reyes
d402943403 Merge pull request #12773 from Security-Onion-Solutions/reyesj2/kismet 
Kismet integration for WiFi devices
 2024-04-22 15:59:22 -04:00
Doug Burks
406dda6051 Update so-elasticsearch-cluster-space-used 2024-04-18 11:48:15 -04:00
Doug Burks
229a989914 Update so-elasticsearch-cluster-space-total 2024-04-18 11:47:01 -04:00
Mike Reeves
67a57e9df7 Update limited-analyst.json 2024-04-17 13:14:45 -04:00
reyesj2
55cf90f477 merge 2.4/dev 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-11 14:44:59 -04:00
reyesj2
68e016090b Fix network.wireless.ssid not parsing 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-11 13:21:54 -04:00
reyesj2
fd689a4607 Fix typo in ingest pipeline 
Test to fix duplicate events in SOC, by removing conflicting field event.created

Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-11 11:18:04 -04:00
reyesj2
7124f04138 Update ingest pipelines to match updated mappings 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-10 16:13:06 -04:00
reyesj2
4097e1d81a Create mappings for Kismet integration 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-10 16:10:27 -04:00
Mike Reeves
2206553e03 Update analyst.json 2024-04-10 09:49:21 -04:00
DefensiveDepth
376efab40c Ship Defender logs 2024-04-08 14:01:38 -04:00
Corey Ogburn
00cea6fb80 Detection Author as a Keyword instead of Text 
With Quick Actions added to Detections, as many fields should be usable as possible.
 2024-04-05 11:22:47 -06:00
Wes
105eadf111 Add cef 2024-04-03 14:40:41 +00:00
reyesj2
000d15a53c Kismet integration: TODO Elasticsearch mappings 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-03-29 13:56:01 -04:00
weslambert
df058b3f4a Merge branch '2.4/dev' into feature/pfsense_suricata 2024-03-25 10:08:03 -04:00
Wes
5e21da443f Minor verbiage updates 2024-03-25 13:58:32 +00:00
weslambert
4e1543b6a8 Get only code 2024-03-22 09:56:21 -04:00
Wes
5934829e0d Include pfsense config 2024-03-21 20:08:33 +00:00
Wes
486a633dfe Add pfsense Suricata config 2024-03-21 20:07:59 +00:00
Wes
c6df805556 Add SOC template 2024-03-18 14:53:36 +00:00
Wes
005930f7fd Add error.message mapping for system.syslog 2024-03-07 15:41:23 +00:00
weslambert
d8e8933ea0 Add AWS Security Hub template 2024-03-05 09:25:41 -05:00
weslambert
d85ac39e28 Add AWS Inspector template 2024-03-05 09:23:17 -05:00
weslambert
1514f1291e Add AWS GuardDuty template 2024-03-05 09:21:48 -05:00
weslambert
b64d61065a Add AWS Cloudfront template 2024-03-05 09:19:43 -05:00
weslambert
df3943b465 Daily rollover 2024-02-27 17:24:27 -05:00
weslambert
1d099f97d2 Update pattern for endpoint diagnostic template 2024-02-26 11:27:56 -05:00
Josh Patterson
d2f7946377 Merge pull request #12411 from Security-Onion-Solutions/issue/12382 
nest under policy
 2024-02-21 16:28:04 -05:00
m0duspwnens
162785575c nest under policy 2024-02-21 15:28:24 -05:00
Josh Brower
686304f24a Merge remote-tracking branch 'origin/2.4/dev' into kilo 2024-02-15 09:47:51 -05:00
Corey Ogburn
0d297274c8 DetectionComment Mapping Defined 2024-02-13 12:53:18 -07:00
Corey Ogburn
64f6d0fba9 Updated Detection's ES Mappings 
Detection's now have a License field and the Comment model is defined now.
 2024-02-09 14:20:07 -07:00
Corey Ogburn
29174566f3 WIP: Updated Detection Mappings, Changed Engine to Language 
Detection mappings updated to include the removal of Note and the addition of Tags, Ruleset, and Language.

SOC defaults updated to use language based queries rather than engine and show the language column instead of the engine column in results.
 2024-02-08 09:44:56 -07:00
Wes
182667bafb Change numbers for Elasticsearch 2024-02-01 13:59:23 +00:00
Wes
bc502cc065 Custom Elasticserach pipeline annotations 2024-01-31 21:46:33 +00:00
Wes
bc75be9402 Custom pipelines in UI 2024-01-31 20:16:48 +00:00