CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
15,030 Commits 24 Branches 119 Tags
74dfc25376d845d042cfd1c00b57541ec40cffcc
Commit Graph

15030 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Doug Burks
5b7b6e5fb8 FEATURE: Add more fields to the SOC Dashboards URL for so-import-pcap #12972 2024-05-08 14:00:23 -04:00
Doug Burks
c7845bdf56 Merge pull request #12970 from Security-Onion-Solutions/dougburks-patch-1 
FIX: Adjust so-import-pcap so that suricata works when it is pcapengine #12969
 2024-05-08 13:28:05 -04:00
Doug Burks
5a5a1e86ac FIX: Adjust so-import-pcap so that suricata works when it is pcapengine #12969 2024-05-08 13:26:36 -04:00
Josh Patterson
796eefc2f0 Merge pull request #12965 from Security-Onion-Solutions/orchit 
searchnode installation improvements
 2024-05-08 10:24:33 -04:00
m0duspwnens
1862deaf5e add copyright 2024-05-08 10:14:08 -04:00
m0duspwnens
0d2e5e0065 need repo and docker first 2024-05-08 09:50:01 -04:00
m0duspwnens
5dc098f0fc remove test file 2024-05-08 08:54:24 -04:00
Mike Reeves
af681881e6 Merge pull request #12963 from Security-Onion-Solutions/TOoSmOotH-patch-4 
Make the url list read only
 2024-05-08 08:45:34 -04:00
Josh Brower
47dc911b79 Merge pull request #12964 from Security-Onion-Solutions/2.4/agstrelka 
remove old yara airgap code
 2024-05-08 08:45:16 -04:00
DefensiveDepth
6d2ecce9b7 remove old yara airgap code 2024-05-08 08:43:37 -04:00
Mike Reeves
326c59bb26 Update soc_idstools.yaml 2024-05-08 08:42:38 -04:00
Mike Reeves
c1257f1c13 Merge pull request #12961 from Security-Onion-Solutions/TOoSmOotH-patch-3 
Change so soc writes urls as a list
 2024-05-07 17:23:12 -04:00
Mike Reeves
2eee617788 Update soc_idstools.yaml 2024-05-07 17:21:01 -04:00
Jason Ertel
70ef8092a7 Merge pull request #12959 from Security-Onion-Solutions/jertel/testcy 
update suri regex for testing
 2024-05-07 11:37:31 -07:00
Jason Ertel
8364b2a730 update for testing 2024-05-07 14:30:52 -04:00
coreyogburn
cb7dea1295 Merge pull request #12957 from Security-Onion-Solutions/cogburn/retry-import 
Specify Error Retry Wait and Error Limit for All Detection Engines
 2024-05-07 11:20:26 -06:00
Corey Ogburn
1da88b70ac Specify Error Retry Wait and Error Limit for All Detection Engines 
If a sync errors out, the engine will wait `communityRulesImportErrorSeconds` seconds instead of the usual `communityRulesImportFrequencySeconds` seconds wait.

If `failAfterConsecutiveErrorCount` errors happen in a row when syncing detections to ElasticSearch then the sync is considered a failure and will give up and try again later. This assumes ElasticSearch is the source of the errors and backs of in hopes it'll be able to fix itself.
 2024-05-07 10:34:50 -06:00
Jason Ertel
b4817fa062 Merge pull request #12956 from Security-Onion-Solutions/jertel/testcy 
test regexes for detections
 2024-05-07 08:45:38 -07:00
weslambert
bc24227732 Merge pull request #12955 from Security-Onion-Solutions/fix/cef 
Add CEF
 2024-05-07 11:23:53 -04:00
weslambert
2e70d157e2 Add ref 2024-05-07 11:13:51 -04:00
m0duspwnens
5e2e5b2724 Merge remote-tracking branch 'origin/2.4/dev' into orchit 2024-05-07 10:44:14 -04:00
m0duspwnens
dcc1f656ee predownload logstash and elastic for new searchnode and heavynode 2024-05-07 10:13:51 -04:00
weslambert
23da1f6ee9 Merge pull request #12951 from Security-Onion-Solutions/fix/remove_watch 
Remove watch
 2024-05-07 09:23:56 -04:00
Wes
bee8c2c1ce Remove watch 2024-05-07 13:21:59 +00:00
Jason Ertel
4ebe070cd8 test regexes for detections 2024-05-06 19:03:12 -04:00
weslambert
a5e89c0854 Merge pull request #12947 from Security-Onion-Solutions/fix/strelka_yara_distributed 
Fix YARA rules for distributed deployments
 2024-05-06 15:53:08 -04:00
weslambert
a25e43db8f Merge pull request #12948 from Security-Onion-Solutions/fix/strelka_yara_watch 
Restart Strelka backend when YARA rules change
 2024-05-06 15:52:57 -04:00
Josh Brower
b997e44715 Merge pull request #12939 from Security-Onion-Solutions/2.4/detections-airgap 
Initial airgap support for detections
 2024-05-06 15:46:29 -04:00
Wes
1e48955376 Restart when rules change 2024-05-06 19:39:03 +00:00
Wes
5056ec526b Add compiled directory 2024-05-06 19:27:38 +00:00
m0duspwnens
2431d7b028 Merge branch '2.4/detections-airgap' of https://github.com/Security-Onion-Solutions/securityonion into 2.4/detections-airgap 2024-05-06 15:27:27 -04:00
Wes
d2fa77ae10 Update compile script 2024-05-06 19:10:41 +00:00
Wes
445fb31634 Add manager SLS 2024-05-06 19:09:37 +00:00
Wes
5aa611302a Handle YARA rules for distributed deployments 2024-05-06 19:08:01 +00:00
m0duspwnens
554a203541 update airgapEnabled in map file 2024-05-06 12:59:45 -04:00
DefensiveDepth
be1758aea7 Fix license and folder 2024-05-06 12:22:44 -04:00
m0duspwnens
38f74d2e9e change quotes 2024-05-06 11:38:30 -04:00
m0duspwnens
5b966b83a9 change rulesRepos for airgap or not 2024-05-06 09:26:52 -04:00
Doug Burks
a67f0d93a0 Merge pull request #12942 from Security-Onion-Solutions/dougburks-patch-1 
FEATURE: Add event.dataset to all Events table layouts #12641
 2024-05-06 09:23:09 -04:00
Doug Burks
3f73b14a6a FEATURE: Add event.dataset to all Events table layouts #12641 2024-05-06 09:20:47 -04:00
Doug Burks
e57d1a5fb5 Merge pull request #12941 from Security-Onion-Solutions/dougburks-patch-1 
FEATURE: Add Events table columns for stun logs #12940
 2024-05-06 08:57:58 -04:00
Doug Burks
f689cfcd0a FEATURE: Add Events table columns for stun logs #12940 2024-05-06 08:52:43 -04:00
DefensiveDepth
26c6a98b45 Initial airgap support for detections 2024-05-06 08:43:01 -04:00
Doug Burks
45c344e3fa Merge pull request #12938 from Security-Onion-Solutions/dougburks-patch-1 
FEATURE: Add Events table columns for tunnel logs #12937
 2024-05-06 08:40:02 -04:00
Doug Burks
7b905f5a94 FEATURE: Add Events table columns for tunnel logs #12937 2024-05-06 08:22:08 -04:00
Josh Brower
6d5ff59657 Merge pull request #12929 from Security-Onion-Solutions/2.4/verifyexclude 
Exclude new sigma rules
 2024-05-03 15:38:25 -04:00
DefensiveDepth
7f12d4c815 Exclude new sigma rules 2024-05-03 15:22:53 -04:00
Josh Patterson
b50789a77c Merge pull request #12928 from Security-Onion-Solutions/orchit 
Orchit
 2024-05-03 15:17:34 -04:00
m0duspwnens
bdf1b45a07 redirect and throw in bg 2024-05-03 14:54:44 -04:00
m0duspwnens
3d4fd59a15 orchit 2024-05-03 13:48:51 -04:00