CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
12,457 Commits 24 Branches 119 Tags
73812b11a321c808bbfa13e1ad7ec37e236dce3b
Commit Graph

341 Commits

Author SHA1 Message Date
Wes
38ab426470 Add final Fleet pipeline 2023-06-13 13:36:26 +00:00
Doug Burks
b3f8ed7dcd FIX: Suricata DHCP logs not ingesting #10565 2023-06-10 11:42:41 -04:00
Doug Burks
e5f76a9c6e change suricata parsers from dataset to event.dataset 2023-06-08 12:31:31 -04:00
weslambert
2c10ad7eec Check if 'dns.query' is null 2023-05-19 15:50:33 -04:00
Doug Burks
a67cbb3276 FIX: Suricata DNS A and CNAME parsing #10117 2023-04-13 10:56:17 -04:00
Josh Brower
bad905f54c SOC Logs & Hunt Query 2023-03-23 16:22:59 -04:00
weslambert
6d87620c6a Explicitly set 'event.dataset' as 'file' 2023-03-22 11:04:18 -04:00
Josh Brower
df036206a8 Fix Kratos parsing 2023-03-20 16:53:25 -04:00
Josh Brower
f7be4ba31c Remove host field from NIDS logs 2023-03-13 14:07:17 -04:00
Doug Burks
19ab2a5a46 rename suricata vlan field to network.vlan.id 2023-03-05 05:57:52 -05:00
Doug Burks
9940a36722 update Elasticsearch ingest for Zeek conn vlan field 2023-03-03 15:22:43 -05:00
Doug Burks
a44d83d69b Improve Suricata DHCP parsing and dashboard 2023-01-31 08:33:38 -05:00
weslambert
0436f885b8 Set values for '@timestamp' and 'event.ingested' 2023-01-31 08:04:49 -05:00
weslambert
2772b03dca Change event.dataset value from 'tunnels' to 'tunnel' 2023-01-27 11:03:49 -05:00
weslambert
716ec7f936 Change event.dataset value from 'files' to 'file' 2023-01-27 11:02:44 -05:00
weslambert
c9f458e1e2 Set event.dataset for all Kratos logs to 'access' for now 2023-01-25 08:19:50 -05:00
Wes
4b9c92c53d Set RITA event.dataset value explicitly 2023-01-24 18:00:34 +00:00
Wes
f19cf75311 Change how event.dataset is determined for Suricata events 2023-01-24 14:45:00 +00:00
Wes
40c6b380df Update Import and Zeek integration policies; also update Zeek ingest node pipelines to set event.dataset. 2023-01-23 21:44:46 +00:00
weslambert
9416552338 Don't set the Kratos index explicitly 2023-01-12 15:25:35 -05:00
Wes
5062dd2873 Suricata Elasticsearch ingest node pipeline changes - set 'alert' dataset 2023-01-11 14:02:09 +00:00
Wes
2e886d0c55 Remove data_index_name processor since we are using data streams 2023-01-11 13:58:38 +00:00
Wes
c8ff2c7a06 Update RITA beacon parsing 2023-01-03 16:03:49 +00:00
doug
4e5d1d587e update sysmon ingest parser and Sysmon File dashboard 2023-01-03 09:02:17 -05:00
doug
07a4919cd3 remove old opcua files 2022-12-08 16:43:11 -05:00
Wes
14af1d36cb Ensure ICS/SCADA pipelines are present 2022-12-06 15:58:47 +00:00
Wes
7f324bc47e Remove extra space used during testing 2022-11-22 20:52:08 +00:00
Wes
a6bc5b108f Add missing OPCUA 'activate_session' pipelines 2022-11-22 20:51:44 +00:00
weslambert
356904f751 Fix spelling of 'wireguard.responses' field name 2022-11-22 13:03:04 -05:00
weslambert
6b77843e52 Fix format/speliing for 'enip.status_code' field name 2022-11-22 12:07:55 -05:00
weslambert
13faf63770 Fix spelling for 'stun.class' field name 2022-11-22 12:07:15 -05:00
Wes
a38e312df4 Add COTP and TDS ingest pipelines 2022-11-22 13:36:27 +00:00
Wes
05b9a067fd Add additional ICS/SCADA ingest node pipelines 2022-11-17 16:03:21 +00:00
Wes
638a3568b0 Update ingest node pipelines for ICS/SCADA protocols 2022-11-16 21:11:21 +00:00
doug
fdffac83e1 sysmon fix by bryant 2022-09-19 14:47:45 -04:00
Wes Lambert
b06c16f750 Add ingest node pipeline for Kratos 2022-07-08 15:53:00 +00:00
doug
025993407e FIX: Add event.category field to pfsense firewall logs #8112 2022-06-13 08:03:44 -04:00
Josh Brower
2b39570b08 Fix matching logic 2022-04-18 10:37:38 -04:00
Josh Brower
886d69fb38 Compress + Clean ES & Logstash App Logs 2022-04-11 16:09:24 -04:00
weslambert
e6599cd10e Update with changes from Abe's PR and other fixes 2022-03-25 13:57:44 -04:00
Wes Lambert
2487d468ab Add RITA Elasticsearch ingest pipeline config 2022-03-22 17:38:22 +00:00
weslambert
fc3273fa49 Change to label fields to comply with what's defined in Filebeat template 2022-03-04 16:29:01 -05:00
Wes Lambert
a290602a70 Revert syslog pipeline updates from Abe' PR for now 2022-03-01 15:31:07 +00:00
Wes Lambert
dc07adca63 Rename ingest.timestamp to event.ingested 2022-03-01 15:05:08 +00:00
Doug Burks
32b71fdcac Avoid changing _index for imported logs 2022-02-26 10:36:09 -05:00
weslambert
23fb62c0d6 Split Zeek DNS records into a separate index 2022-02-24 12:52:25 -05:00
weslambert
bc2c1b4ccc Merge pull request #6935 from abesinger/issue/6912 
Updated syslog pipeline, resolves #6912.
 2022-02-24 08:33:55 -05:00
weslambert
c5b5c5858e Rename to prevent field conflict 2022-02-02 14:31:46 -05:00
weslambert
367b59188b Revert back to dns.answers for now 2022-01-31 09:54:39 -05:00
weslambert
8f0a327cb5 Fix Zeek field name so it doesn't conflict with mapping of other dns.answers fields 2022-01-26 15:02:59 -05:00