CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-25 14:07:49 +02:00
Code Issues Packages Projects Releases Wiki Activity
16,486 Commits 40 Branches 125 Tags
7aad2987207c51f727e726c9817bc85bd0cf9ffd
Commit Graph

178 Commits

Author SHA1 Message Date
reyesj2 4dd72ad15c fix osquery action_data mapping conflict 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-03-07 17:05:13 -06:00
reyesj2 124bf266b5 osquery v1.15.0 index templates updates 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-03-04 12:27:04 -06:00
reyesj2 e2772e899e component template missing metadata field 2025-02-24 10:24:11 -06:00
reyesj2 3f2b0973af manually create unused logs-soc@package for successful elasticsearch templates load 2025-02-24 08:59:59 -06:00
reyesj2 c9b41e2eb1 formatting 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-02-20 10:11:34 -06:00
reyesj2 499d473b9d set metrics indices to 0 replicas 2025-02-20 10:06:59 -06:00
reyesj2 09c7b31918 update pfsense pipeline version. Remove unused component templates 2025-02-12 16:33:56 -06:00
reyesj2 6331298eac remove individual <integration>@custom mappings. Moved over to so-fleet_integrations.ip_mappings-1 2025-01-21 10:49:54 -06:00
reyesj2 d35ffef503 merge 2.4/dev 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-01-17 11:23:54 -06:00
reyesj2 4f92b7ced1 add support for cloudflare_logpush integration 2025-01-13 09:23:05 -06:00
reyesj2 e60a1e4357 zeek ldap & ldap_search parsing 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-01-09 16:06:10 -06:00
reyesj2 0e87351a9c add zeek.quic mappings 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-01-08 16:18:53 -06:00
reyesj2 9fe3f6042f Remove individual integrations ip mappings component template. Replaced with global mappings 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-01-06 10:44:22 -06:00
reyesj2 157185c370 add ti_opencti integration support 2024-12-18 11:33:49 -06:00
reyesj2 754d28e95d add openvpn & ipsec support to Zeek 2024-12-05 09:52:55 -06:00
reyesj2 44ec237447 additional integration support - cisco secure email gateway - rapid7 threat command 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-11-15 11:39:01 -06:00
Corey Ogburn 8334fd9c46 Source Dates 2024-11-07 14:44:45 -07:00
reyesj2 039d5c22ac fix: crowdstrike integration 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-11-06 14:35:41 -06:00
defensivedepth 7896f951f3 timestamp fix 2024-10-31 10:24:58 -04:00
reyesj2 36fc3bbd6d add so-ip-mappings index 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-10-30 10:24:11 -04:00
Corey Ogburn 640f53d085 Cleanup 
Fix indentation and trailing comma.
 2024-10-24 17:05:36 -06:00
Corey Ogburn 1aa9d87c5d Corrected 
Put the note on the right model this time.
 2024-10-24 17:05:36 -06:00
Corey Ogburn e11c562022 Added Note to ES Mappings 2024-10-24 17:05:35 -06:00
Jorge Reyes cf95af66c6 Revert "Add support for cybereason integration" 2024-10-21 15:23:05 -04:00
reyesj2 8b11019712 Add support for cybereason integration 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-10-18 11:56:47 -04:00
reyesj2 322199358d add support for trendmicro integration 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-10-16 16:45:46 -04:00
Wes 70c5a07913 Add back meta ad error.message 2024-09-23 21:36:40 +00:00
Wes 41112a59ec Add back meta 2024-09-23 20:12:14 +00:00
Wes 764eb98bc2 Add custom component for ints 2024-09-17 19:43:13 +00:00
Wes 25a9fb9b5c Add destination IP for so-system 2024-09-09 20:16:23 +00:00
Wes 9264a03dbc Add custom system component 2024-07-31 17:03:26 +00:00
weslambert bae348bef7 Change version 2024-07-30 16:44:44 -04:00
Wes 2d0de87530 Add component templates for Fleet metrics 2024-07-17 15:19:46 +00:00
Wes a8c231ad8c Add component templates 2024-05-31 17:47:01 +00:00
Wes 3285ae9366 Update mappings for detection fields 2024-05-01 20:11:56 +00:00
reyesj2 55cf90f477 merge 2.4/dev 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-11 14:44:59 -04:00
reyesj2 68e016090b Fix network.wireless.ssid not parsing 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-11 13:21:54 -04:00
reyesj2 4097e1d81a Create mappings for Kismet integration 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-10 16:10:27 -04:00
Corey Ogburn 00cea6fb80 Detection Author as a Keyword instead of Text 
With Quick Actions added to Detections, as many fields should be usable as possible.
 2024-04-05 11:22:47 -06:00
reyesj2 000d15a53c Kismet integration: TODO Elasticsearch mappings 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-03-29 13:56:01 -04:00
Wes 005930f7fd Add error.message mapping for system.syslog 2024-03-07 15:41:23 +00:00
Corey Ogburn 0d297274c8 DetectionComment Mapping Defined 2024-02-13 12:53:18 -07:00
Corey Ogburn 64f6d0fba9 Updated Detection's ES Mappings 
Detection's now have a License field and the Comment model is defined now.
 2024-02-09 14:20:07 -07:00
Corey Ogburn 29174566f3 WIP: Updated Detection Mappings, Changed Engine to Language 
Detection mappings updated to include the removal of Note and the addition of Tags, Ruleset, and Language.

SOC defaults updated to use language based queries rather than engine and show the language column instead of the engine column in results.
 2024-02-08 09:44:56 -07:00
Corey Ogburn 585147d1de Added so-detection mapping in elasticsearch 2024-01-31 10:39:47 -07:00
Wes 12ab6338db Add diagnostic 2024-01-25 20:16:52 +00:00
Wes 8426aad56d Text mapping for scan.pe.flags 2024-01-24 15:10:42 +00:00
weslambert 1dcca0bfd3 Change pipeline to 1.13.1 2023-11-07 12:17:51 -05:00
weslambert cce80eb2fb Change pipeline to 1.8.0 2023-11-07 09:02:48 -05:00
Wes 0bba68769b Make scan.pe.image_version type of 'float' 2023-09-26 14:05:12 +00:00