CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-06-14 14:18:40 +02:00
Code Issues Packages Projects Releases Wiki Activity
18,221 Commits 33 Branches 127 Tags
730c828becb011dc008cf88a77c06332eac8e105
Commit Graph

43 Commits

Author SHA1 Message Date
Josh Patterson 034711d148 Merge remote-tracking branch 'origin/3/dev' into saltthangs 2026-04-28 10:47:29 -04:00
Josh Patterson ee437265fc monitor raid for vms 2026-04-20 12:00:02 -04:00
Mike Reeves a0cf0489d6 reduce highstate frequency with active push for rules and pillars 
- schedule highstate every 2 hours (was 15 minutes); interval lives in
  global:push:highstate_interval_hours so the SOC admin UI can tune it and
  so-salt-minion-check derives its threshold as (interval + 1) * 3600
- add inotify beacon on the manager + master reactor + orch.push_batch that
  writes per-app intent files, with a so-push-drainer schedule on the manager
  that debounces, dedupes, and dispatches a single orchestration
- pillar_push_map.yaml allowlists the apps whose pillar changes trigger an
  immediate targeted state.apply (targets verified against salt/top.sls);
  edits under pillar/minions/ trigger a state.highstate on that one minion
- host-batch every push orchestration (batch: 25%, batch_wait: 15) so rule
  changes don't thundering-herd large fleets
- new global:push:enabled kill-switch tears down the beacon, reactor config,
  and drainer schedule on the next highstate for operators who want to keep
  highstate-only behavior
- set restart_policy: unless-stopped on 23 container states so docker
  recovers crashes without waiting for the next highstate; leave registry
  (always), strelka/backend (on-failure), kratos, and hydra alone with
  inline comments explaining why
 2026-04-10 15:43:16 -04:00
Jason Ertel 9bd5e1897a prepare for nextgen docs 2026-02-27 13:09:55 -05:00
DefensiveDepth f15a39c153 Add historical hashes 2025-12-03 11:24:04 -05:00
Jason Ertel 030e4961d7 updates for wiretap lib 2025-10-01 12:13:56 -04:00
reyesj2 84b38daf62 name destination_geo & source_geo to destination.as and source.as better aligning with ECS and linking other log sources already using .as for ASN geo data. 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-07-25 16:17:22 -05:00
Josh Patterson 445afca6ee use vrt 2025-04-03 13:44:13 -04:00
Josh Patterson 6c472dd383 Merge remote-tracking branch 'origin/2.4/dev' into vlb2 2025-03-05 08:58:03 -05:00
reyesj2 80fed1e045 default capinfos to use start/end time arg 2025-02-25 21:47:56 -06:00
Josh Patterson 3246176c0a comments 2025-02-21 14:34:08 -05:00
Mike Reeves ff479de7bd Add support for new appliance raid controllers 2024-08-21 14:10:24 -04:00
m0duspwnens ff5773c837 move so-tcpreplay back to common. return empty string if no sensor.interface pillar 2024-06-05 08:56:32 -04:00
m0duspwnens a2467d0418 move so-tcpreplay to sensor state 2024-06-05 08:24:57 -04:00
m0duspwnens c0b2cf7388 add the curlys 2024-06-04 10:28:21 -04:00
m0duspwnens b5f656ae58 dont render pillar each time so-tcpreplay runs 2024-05-23 13:22:22 -04:00
Doug Burks 5b7b6e5fb8 FEATURE: Add more fields to the SOC Dashboards URL for so-import-pcap #12972 2024-05-08 14:00:23 -04:00
Doug Burks 5a5a1e86ac FIX: Adjust so-import-pcap so that suricata works when it is pcapengine #12969 2024-05-08 13:26:36 -04:00
Mike Reeves b0447a9af5 Update so-raid-status for SM based appliances 2024-01-05 09:28:04 -05:00
m0duspwnens 036a21ff17 Merge remote-tracking branch 'origin/2.4/dev' into issue/11390 2023-09-26 11:01:44 -04:00
m0duspwnens e25d1c0ff3 so-salt-minion-check is jinja template 2023-09-26 10:01:21 -04:00
Wes a1e963f834 Reverse timestamps where necessary 2023-09-19 13:28:20 +00:00
Wes 5bac1e4d15 Show correct dates and Kibana URL for already processed EVTX files 2023-09-18 21:31:15 +00:00
m0duspwnens 6413050f2e set doc_desktop_url before jinja 2023-08-09 08:39:46 -04:00
m0duspwnens fe7a940082 add details for enabling in soc gui 2023-08-09 08:31:54 -04:00
m0duspwnens 2d25e352d4 write to adv_ pillar file since that is where it would be stored from using the soc ui 2023-08-09 08:18:13 -04:00
m0duspwnens 1440c72559 changes for desktop referencing Rocky/CentOS to OEL 2023-08-09 08:06:51 -04:00
Mike Reeves 18e31a4490 Merge pull request #10944 from Security-Onion-Solutions/raid 
Raid refactor + yara and rule proxy
 2023-08-03 17:18:19 -04:00
Mike Reeves 2caca92082 Raid refactor + yara and rule proxy 2023-08-03 17:11:43 -04:00
weslambert 3e4136e641 Update help text 2023-08-03 15:56:05 -04:00
weslambert cf2233bbb6 Add help information for time shift 2023-08-03 08:54:54 -04:00
weslambert 3847863b3d Add time shift 2023-08-03 08:51:23 -04:00
Doug Burks 3e71663669 Update so-desktop-install 2023-06-27 09:24:47 -04:00
Mike Reeves 740723ecd6 Fix some installs 2023-06-26 16:01:58 -04:00
Mike Reeves 02e6e11be7 so-desktop-install 2023-06-26 15:34:48 -04:00
Mike Reeves d26484fe1a so-desktop-install 2023-06-26 15:27:18 -04:00
Jason Ertel 90b740a997 ensure status line shows dates for new and existing imports 2023-06-13 15:11:13 -04:00
Doug Burks fb8ad71b27 Set START and END variables earlier in so-import-pcap 2023-06-13 13:19:18 -04:00
Jason Ertel 27e310c2a1 add json output option to so-import-evtx; clean up other issues 2023-06-05 13:54:44 -04:00
Jason Ertel 2fef1d5fa7 silence grep output 2023-06-02 15:43:48 -04:00
Jason Ertel 3bbfc3865d use proper URL spacing 2023-06-02 15:26:14 -04:00
Jason Ertel 6947fd6414 add ability to output PCAP import results in JSON format 2023-06-02 15:21:41 -04:00
Mike Reeves 7595072e85 Fix some files 2023-05-02 12:15:05 -04:00