CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-25 14:07:49 +02:00
Code Issues Packages Projects Releases Wiki Activity
6,631 Commits 40 Branches 125 Tags
80987dfd1d6275d651baf8819ae7777674b2fb2e
Commit Graph

3746 Commits

Author SHA1 Message Date
Mike Reeves 6ed1cc3875 Add Soup Functions 2021-02-22 14:02:37 -05:00
Doug Burks 84f138772f Merge pull request #3072 from Security-Onion-Solutions/kilo 
Additional fine tuning of Suricata metadata support
 2021-02-22 10:57:02 -08:00
doug 71c7ffae3e Improve support for Suricata metadata #2200 2021-02-22 13:49:29 -05:00
doug bcce205430 Improve support for Suricata metadata #2200 2021-02-22 13:00:14 -05:00
Mike Reeves d5069d12cf Merge pull request #3071 from Security-Onion-Solutions/delta 
Add acng to import installs for consistency
 2021-02-22 11:34:23 -05:00
William Wernert e65c9e5c7c Don't expect apply arg at beginning of command 2021-02-22 11:29:30 -05:00
William Wernert 4bcb7403a9 Add apply option to end of command 2021-02-22 11:27:03 -05:00
William Wernert bef3a6921c [fix] SID wildcards are not parsed by idstools, remove 2021-02-22 11:12:02 -05:00
William Wernert f7bef9200b [fix] Only look for manager-type pillars 
* SID disabling is only managed globally for now, so don't give the option to edit a different pillar
 2021-02-22 10:38:53 -05:00
William Wernert bb6f3107bc [fix] idstools can run on an import node as well 2021-02-22 10:29:40 -05:00
doug 3467f30603 Improve support for Suricata metadata #2200 2021-02-22 10:27:24 -05:00
William Wernert f2a1e89633 Merge branch 'dev' into feature/so-rules 2021-02-22 10:03:14 -05:00
William Wernert abae673568 Update help text to reflect arg requirement changes 2021-02-22 10:00:29 -05:00
Jason Ertel 747d62dae5 Add acng to import installs for consistency 2021-02-22 09:44:24 -05:00
Josh Brower 5ca3dc492c Merge pull request #3061 from Security-Onion-Solutions/foxtrot 
Fix Playbook Fields & Mappings
 2021-02-21 09:40:59 -05:00
Jason Ertel 7222f1faa5 fix merge issue 2021-02-20 16:41:12 -05:00
Mike Reeves 8ab12c71a1 Rename filter.rules to filters.rules 2021-02-19 15:34:45 -05:00
Josh Brower 046cc0fbb0 Merge pull request #3052 from Security-Onion-Solutions/feature/sigma-tweaks 
Feature/sigma tweaks
 2021-02-19 15:16:34 -05:00
Josh Brower 8c69e19419 Add sigma refresh script 2021-02-19 15:14:37 -05:00
Josh Brower 2a324eac32 Add sigma refresh script 2021-02-19 15:12:55 -05:00
Mike Reeves 08abad747d Fix name and update examples 2021-02-19 14:59:27 -05:00
William Wernert c73970620d [fix] Correct indent 2021-02-19 14:38:43 -05:00
William Wernert 34174a3290 Print relevant help if no/partial command passed 2021-02-19 14:34:32 -05:00
Mike Reeves 0ea29144a8 Merge pull request #3047 from Security-Onion-Solutions/surifile2 
Suricata as Meta Data, File Extraction, And Parsing changes
 2021-02-19 14:09:38 -05:00
Mike Reeves b4b449aa14 Pull in Suricata changes 2021-02-19 11:01:15 -05:00
William Wernert 4689e32ce4 Add sed for curly braces in minion pillars to soup 2021-02-19 10:18:06 -05:00
William Wernert 2184c6d59f [fix] Create dict value if it doesn't exist 2021-02-19 09:31:22 -05:00
William Wernert 9183c0a92c [feat] Initial so-rules script 
* Quote curly braces in minion pillar, need to add sed function in soup
 2021-02-19 09:24:12 -05:00
doug 88eb5b1d61 Update syslog ingest parser to accomodate pfSense filterlog changes #3033 2021-02-19 08:02:32 -05:00
Jason Ertel faa78c0e26 Salt doesn't like a name starting with a non alpha-numeric char. Switch back to long if/then format 2021-02-18 14:51:09 -05:00
Josh Patterson 79e7b1da4d Merge pull request #3021 from Security-Onion-Solutions/issue/2989 
change suricata clean cron to run once a day
 2021-02-18 14:07:40 -05:00
m0duspwnens 03487c2a31 change suricata clean cron to run once a day 2021-02-18 14:06:45 -05:00
Josh Patterson 0ab9577863 Merge pull request #3018 from Security-Onion-Solutions/all_rules_dont_show_changes 
dont show changes since file can be large
 2021-02-18 12:23:54 -05:00
m0duspwnens bf100a2310 dont show changes since file can be large 2021-02-18 12:23:22 -05:00
Josh Patterson 2092044335 Merge pull request #3017 from Security-Onion-Solutions/issue/1237 
load templates all the time
 2021-02-18 12:13:49 -05:00
m0duspwnens e730efb4ec load templates all the time 2021-02-18 12:12:18 -05:00
Josh Patterson 76cdc45fad Merge pull request #3016 from Security-Onion-Solutions/all_rules_dont_show_changes 
Don't show changes because all.rules can be large
 2021-02-18 12:00:08 -05:00
m0duspwnens 069997a65c Don't show changes because all.rules can be large 2021-02-18 11:56:25 -05:00
Jason Ertel 6f7bc650a0 Apply reserved ports if the existing file is 0 bytes 2021-02-18 11:20:13 -05:00
Josh Patterson a9da761fab Merge pull request #3012 from Security-Onion-Solutions/issue/2989 
Issue/2989
 2021-02-18 10:52:23 -05:00
m0duspwnens 95df18c545 limit eve logs and gz files based on days 2021-02-18 10:45:20 -05:00
m0duspwnens a4d5f58256 fix surilogcompress 2021-02-18 10:33:47 -05:00
Josh Patterson 3f7cdb933f Merge pull request #3010 from Security-Onion-Solutions/issue/2989 
Issue/2989
 2021-02-18 09:58:35 -05:00
m0duspwnens 74ca4487de ensure at least 2 eve files are kept https://github.com/Security-Onion-Solutions/securityonion/issues/2989 2021-02-18 09:51:40 -05:00
m0duspwnens 4b07d5e457 add identifier to eve clean cron 2021-02-18 09:39:54 -05:00
m0duspwnens 041d193f2d fix brackets 2021-02-18 09:37:37 -05:00
m0duspwnens 0bef8b6662 limit number of eve.json files for suricata https://github.com/Security-Onion-Solutions/securityonion/issues/2989 2021-02-18 09:26:59 -05:00
Josh Brower b5087b815a Merge pull request #3002 from Security-Onion-Solutions/feature/sigma-tweaks 
Update .security analyzer
 2021-02-17 16:38:22 -05:00
Josh Brower d2a74c80e2 Update .security analyzer 2021-02-17 16:37:31 -05:00
m0duspwnens 7a595df5b6 strelka logrotate - https://github.com/Security-Onion-Solutions/securityonion/issues/2736 2021-02-17 11:17:41 -05:00