CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-05-10 21:30:30 +02:00
Code Issues Packages Projects Releases Wiki Activity
18,045 Commits 53 Branches 125 Tags
759880a800ae2c2d4fc25a5a4efa5ad4a6dd4f87
Commit Graph

18045 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mike Reeves 55be1f1119 Only add postgres module config on manager nodes 
Removed postgres from soc/defaults.yaml (shared by all nodes)
and moved it entirely into defaults.map.jinja, which only injects
the config when postgres auth pillar exists (manager-type nodes).
Sensors and other non-manager nodes will not have a postgres module
section in their sensoroni.json, so sensoroni won't try to connect.
 2026-04-09 21:09:43 -04:00
Jorge Reyes 9272afa9e5 Merge pull request #15754 from Security-Onion-Solutions/reyesj2-es932 
initialize vars
 2026-04-09 18:42:14 -05:00
reyesj2 378d1ec81b initialize vars 2026-04-09 18:41:40 -05:00
Mike Reeves c1b1452bd9 Use manager IP for postgres hostUrl instead of container hostname 
SOC connects to postgres via the host network, not the Docker
bridge network, so it needs the manager's IP address rather than
the container hostname.
 2026-04-09 19:34:14 -04:00
Jorge Reyes cdbacdcd7e Merge pull request #15751 from Security-Onion-Solutions/reyesj2-es932 
rework elasticsearch index template generation
 2026-04-09 16:46:56 -05:00
reyesj2 6b8a6267da remove unused elasticsearch:index_template pillar references 2026-04-09 16:45:26 -05:00
reyesj2 89e49d0bf3 rework elasticsearch index template generation 2026-04-09 16:44:51 -05:00
Mike Reeves 2dfa83dd7d Wire postgres credentials into SOC module config 
- Create vars/postgres.map.jinja for postgres auth globals
- Add POSTGRES_GLOBALS to all manager-type role vars
  (manager, eval, standalone, managersearch, import)
- Add postgres module config to soc/defaults.yaml
- Inject so_postgres credentials from auth pillar into
  soc/defaults.map.jinja (conditional on auth pillar existing)
 2026-04-09 14:09:32 -04:00
reyesj2 f0b67a415a more filestream integration policy updates 2026-04-09 12:40:55 -05:00
Mike Reeves b87af8ea3d Add postgres.auth to allowed_states 
Matches the elasticsearch.auth pattern where auth states use
the full sls path check and are explicitly listed.
 2026-04-09 12:39:46 -04:00
Mike Reeves 46e38d39bb Enable postgres by default 
Safe because postgres states are only applied to manager-type
nodes via top.sls and allowed_states.map.jinja.
 2026-04-09 12:23:47 -04:00
Matthew Wright 81afbd32d4 Merge pull request #15742 from Security-Onion-Solutions/mwright/ai-query-length 
Assistant: charsPerTokenEstimate
 2026-04-09 11:28:37 -04:00
Josh Patterson e9c4f40735 Merge pull request #15745 from Security-Onion-Solutions/delta 
define options in annotation files
 2026-04-09 10:39:13 -04:00
Mike Reeves 61bdfb1a4b Add daily PostgreSQL database backup 
- pg_dumpall piped through gzip, stored in /nsm/backup/
- Runs daily at 00:05 (4 minutes after config backup)
- 7-day retention matching existing config backup policy
- Skips gracefully if container isn't running
 2026-04-09 10:29:10 -04:00
Josh Patterson 9ec4a26f97 define options in annotation files 2026-04-09 10:18:36 -04:00
Mike Reeves 358a2e6d3f Add so-postgres to container image pull list 
Add to both the import and default manager container lists so
the image gets downloaded during installation.
 2026-04-09 10:02:41 -04:00
Mike Reeves 762e73faf5 Add so-postgres host management scripts 
- so-postgres-manage: wraps docker exec for psql operations
  (sql, sqlfile, shell, dblist, userlist)
- so-postgres-start/stop/restart: standard container lifecycle
- Scripts installed to /usr/sbin via file.recurse in config.sls
 2026-04-09 09:55:42 -04:00
Josh Patterson ef3cfc8722 Merge pull request #15741 from Security-Onion-Solutions/fix/suricata-pcap-log-max-files 
ensure max-files is 1 at minimum
 2026-04-08 16:00:26 -04:00
Matthew Wright 28d31f4840 add charsPerTokenEstimate 2026-04-08 15:25:51 -04:00
Josh Patterson 2166bb749a ensure max-files is 1 at minimum 2026-04-08 14:59:05 -04:00
Mike Reeves 868cd11874 Add so-postgres Salt states and integration wiring 
Phase 1 of the PostgreSQL central data platform:
- Salt states: init, enabled, disabled, config, ssl, auth, sostatus
- TLS via SO CA-signed certs with postgresql.conf template
- Two-tier auth: postgres superuser + so_postgres application user
- Firewall restricts port 5432 to manager-only (HA-ready)
- Wired into top.sls, pillar/top.sls, allowed_states, firewall
  containers map, docker defaults, CA signing policies, and setup
  scripts for all manager-type roles
 2026-04-08 10:58:52 -04:00
Jorge Reyes 7356f3affd Merge pull request #15733 from Security-Onion-Solutions/reyesj2-es932 
filestream integration policy updates
 2026-04-07 11:14:10 -05:00
reyesj2 dd56e7f1ac filestream integration policy updates 2026-04-07 11:08:10 -05:00
Jorge Reyes 075b592471 Merge pull request #15728 from Security-Onion-Solutions/reyesj2-es932 
foxtrot version
 2026-04-06 17:36:08 -05:00
reyesj2 51a3c04c3d foxtrot version 2026-04-06 17:35:08 -05:00
Jorge Reyes 1a8aae3039 Merge pull request #15727 from Security-Onion-Solutions/reyesj2-es932 
ES 9.3.2
 2026-04-06 15:09:45 -05:00
reyesj2 8101bc4941 ES 9.3.2 2026-04-06 15:08:30 -05:00
Mike Reeves 88de246ce3 Merge pull request #15725 from Security-Onion-Solutions/3/main 
License Link to dev
 2026-04-06 10:59:22 -04:00
Mike Reeves 3643b57167 Merge pull request #15724 from Security-Onion-Solutions/TOoSmOotH-patch-2 
Fix JA4+ license link in soc_zeek.yaml
 2026-04-06 10:24:04 -04:00
Mike Reeves 5b3ca98b80 Fix JA4+ license link in soc_zeek.yaml 
Updated the license link in the JA4+ fingerprinting description.
 2026-04-06 10:12:37 -04:00
reyesj2 51e0ca2602 Merge branch '3/main' of github.com:Security-Onion-Solutions/securityonion into reyesj2-es932 2026-04-01 14:46:05 -05:00
Jason Ertel 76f4ccf8c8 Merge pull request #15705 from Security-Onion-Solutions/3/main 
Merge pr/workflow changes back to dev
 2026-04-01 10:57:34 -04:00
Jason Ertel 2a37ad82b2 Merge pull request #15704 from Security-Onion-Solutions/jertel/mainpr 
pr/workflow changes
 2026-04-01 10:55:57 -04:00
Jason Ertel 80540da52f pr/workflow changes 2026-04-01 10:48:47 -04:00
Jason Ertel e4ba3d6a2a pr/workflow changes 2026-04-01 10:47:59 -04:00
Mike Reeves 3dec6986b6 Merge pull request #15702 from Security-Onion-Solutions/3/main 
soup fix
 2026-03-31 15:12:01 -04:00
Mike Reeves bbfb58ea4e Merge pull request #15701 from Security-Onion-Solutions/TOoSmOotH-patch-1 
Update SOUP_BRANCH to use 3/main instead of 2.4/main
 2026-03-31 15:09:34 -04:00
Mike Reeves c91deb97b1 Update SOUP_BRANCH to use 3/main instead of 2.4/main 2026-03-31 15:07:23 -04:00
reyesj2 dc2598d5cf Merge branch '3/main' of github.com:Security-Onion-Solutions/securityonion into HEAD 2026-03-31 14:01:58 -05:00
Mike Reeves ff45e5ebc6 Merge pull request #15699 from Security-Onion-Solutions/TOoSmOotH-patch-4 
Version Bump
 2026-03-31 13:55:55 -04:00
Mike Reeves 1e2b51eae6 Add version 3.1.0 to discussion template options 2026-03-31 13:53:00 -04:00
Mike Reeves 58d332ea94 Bump version from 3.0.0 to 3.1.0 2026-03-31 13:52:07 -04:00
Mike Reeves dcc67b9b8f Merge pull request #15696 from Security-Onion-Solutions/3/dev 
3.0.0
3.0.0-20260331 		2026-03-31 13:47:03 -04:00
Mike Reeves cd886dd0f9 Merge pull request #15698 from Security-Onion-Solutions/merge-main-into-dev 
Merge 3/main into 3/dev
 2026-03-31 09:49:36 -04:00
Mike Reeves 37a6e28a6c Merge remote-tracking branch 'origin/3/dev' into merge-main-into-dev 2026-03-31 09:48:06 -04:00
Mike Reeves 434a2e7866 Merge pull request #15695 from Security-Onion-Solutions/3.0.0 
3.0.0
 2026-03-31 09:33:34 -04:00
Mike Reeves 79707db6ee 3.0.0 2026-03-31 09:17:08 -04:00
Josh Brower 0707507412 Merge pull request #15694 from Security-Onion-Solutions/fixpath 
Remove hardcoded index
 2026-03-30 12:47:55 -04:00
Josh Brower c7e865aa1c Remove hardcoded index 2026-03-30 12:42:48 -04:00
Josh Brower a89db79854 Merge pull request #15691 from Security-Onion-Solutions/jertel/wip 
revisit workflows
 2026-03-27 16:24:30 -04:00