CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
9,001 Commits 24 Branches 119 Tags
8365b5f140b17e92215f2704841502c9b1a5e46f
Commit Graph

385 Commits

Author SHA1 Message Date
Jason Ertel
8365b5f140 Strip JndiLookup.class from log4j-core jars, to match Elastic's mitigation approach 2021-12-13 09:02:41 -05:00
Mike Reeves
09253b637e Create jvm.options 2021-12-10 14:12:43 -05:00
Mike Reeves
c81ce48bff Update log4j2.properties 2021-12-10 14:10:35 -05:00
Mike Reeves
73ec595baa Update init.sls 2021-12-10 14:10:05 -05:00
Mike Reeves
45346b6318 Update log4j2.properties 2021-12-10 12:01:39 -05:00
Mike Reeves
e48de18480 Update init.sls 2021-12-10 12:00:12 -05:00
m0duspwnens
e7f43cff5e limit nodes that bind filebeat certs in so-logstash 2021-10-27 10:45:10 -04:00
m0duspwnens
0c679b62b2 Merge remote-tracking branch 'remotes/origin/dev' into issue/5955 2021-10-25 16:29:41 -04:00
weslambert
3be0d05eea Update field removal based on HTTP input changes 2021-10-25 13:16:30 -04:00
weslambert
7fa43a276a Rename default headers and host for HTTP input 2021-10-25 13:15:20 -04:00
m0duspwnens
9f6407fcb0 fix dupe ids 2021-10-22 14:26:04 -04:00
m0duspwnens
f61400680d fix dupe ids 2021-10-22 14:22:15 -04:00
m0duspwnens
fed8bfac67 more requires on docker containers 2021-10-22 14:10:59 -04:00
Wes Lambert
e1629d7ec4 Initial EG stuff 2021-10-13 17:13:07 +00:00
William Wernert
33bd6aed20 Fix logscan pipeline on eval 
* Rename logscan pipeline to logscan.alert
* Add module to indices array in filebeat.yml
 2021-07-30 14:41:15 -04:00
William Wernert
b9980c9d30 Fix pipeline name 2021-07-30 13:09:09 -04:00
William Wernert
df6d1d72e2 Merge branch 'dev' into feature/logscan 2021-07-19 15:19:59 -04:00
weslambert
fea4f3f973 Check if Filebeat modules are being used for incoming Beats 2021-07-19 12:57:42 -04:00
William Wernert
9bf1d3e0c6 Misc fixes 2021-07-16 14:59:44 -04:00
William Wernert
3a12d28d20 Merge branch 'dev' into feature/logscan 2021-07-16 14:13:19 -04:00
William Wernert
e8ba4bdc6c Add quotes to string 2021-07-16 14:07:23 -04:00
weslambert
7cdb967810 Only route to FB module pipeline if filebeat in metadata 2021-07-13 11:36:18 -04:00
William Wernert
80525ee736 [wip] Add logscan pipeline 2021-07-08 12:29:50 -04:00
m0duspwnens
0627ca2fc2 use heavynode hostname for certs if heavynode. changes to logstash pipeline for redis if heavynode 2021-07-06 15:32:39 -04:00
weslambert
2f3f04e4ca Change from nodename to host 2021-07-06 14:18:39 -04:00
weslambert
2e91f27336 Add conditional for heavynode 2021-07-06 14:17:49 -04:00
weslambert
10b1829830 Add conditional for heavynode 2021-07-06 14:16:34 -04:00
weslambert
4946f32d88 Add extra_hosts entry for local instance when running as heavy node 2021-07-06 14:14:58 -04:00
Jason Ertel
2d34208269 Elastic auth: Fun with Salt 2021-06-16 17:52:22 -04:00
Jason Ertel
09fbb045a1 If ES auth disabled ensure user/pass are blank 2021-06-16 09:59:57 -04:00
Jason Ertel
dd8eb29a18 Continue merge of ECS into Elastic Auth 2021-06-15 09:11:58 -04:00
Jason Ertel
fca1c6e957 Merge branch 'dev' into kilo 2021-06-14 10:40:04 -04:00
Mike Reeves
12d4d4a4f7 Dynamix Pipelines take 2 2021-06-10 09:19:15 -04:00
Mike Reeves
7fba904f75 Dynamix Pipelines take 1 2021-06-09 15:32:39 -04:00
Mike Reeves
4c90a0ed7e Add templates for SO logs 2021-06-09 12:04:32 -04:00
Mike Reeves
a959ec1eb1 Revert to SO taxonomy for zeek and suricata 2021-06-08 13:23:31 -04:00
Mike Reeves
3e138cbc6d Revert to SO taxonomy for zeek and suricata 2021-06-08 13:14:46 -04:00
Jason Ertel
e22421ec99 Refactor users/roles management via salt due to Salt's clobbering of the inode which breaks Docker mounts 2021-06-04 20:01:30 -04:00
Jason Ertel
5c527b2c48 Rename username param to user since logstash is 'unique' 2021-06-03 07:51:43 -04:00
Jason Ertel
901242f7e9 remove extra parenthesis 2021-06-02 16:23:45 -04:00
weslambert
a1b34e7a88 Fix Suricata index name 2021-06-02 15:30:14 -04:00
Jason Ertel
20e896cacf Update all configs to pass user/pass to ES 2021-06-02 12:17:15 -04:00
Mike Reeves
bfcde15a24 elastic pipeline test 2021-05-26 14:22:14 -04:00
Mike Reeves
1e564c2140 Fix zeek jinja 2021-05-25 10:22:36 -04:00
Wes Lambert
37929dbd7d Add additional config for Filebeat modules 2021-05-06 13:54:28 +00:00
Mike Reeves
2e01330e1b Update 9101_output_osquery_livequery.conf.jinja 2021-03-09 13:15:04 -05:00
Josh Brower
00da549430 Merge pull request #3358 from Security-Onion-Solutions/delta 
FEATURE: Initial support for viewing Osquery Live Query results in Hunt
 2021-03-09 09:18:57 -05:00
Josh Brower
fe8788c09a Merge remote-tracking branch 'remotes/origin/dev' into delta 2021-03-08 12:56:47 -05:00
Josh Brower
548f67ca6f Initial support for Live Queries in Hunt 2021-03-04 18:21:13 -05:00
Mike Reeves
a0a8d12526 Enable SSL and Features 2021-03-04 10:08:28 -05:00