CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-25 14:07:49 +02:00
Code Issues Packages Projects Releases Wiki Activity
16,523 Commits 40 Branches 125 Tags
83ecc025898840f9796ac53a6ae9d11f668e8d27
Commit Graph

867 Commits

Author SHA1 Message Date
Josh Brower 31cd5b1365 Add support for dns.resolved_ip 2025-06-20 15:02:59 -04:00
Josh Brower dbdbffa4b0 Add nsm bind 2025-06-08 08:23:09 -04:00
Josh Brower a3b5db5945 Add support for Airgap for Playbooks 2025-06-06 16:17:14 -04:00
Corey Ogburn fc9107f129 Updated Playbook Repo Config 
The repo and folder have changed. We're splitting out playbooks into their own repo: github.com/security-onion-solutions/securityonion-resources-playbooks.
 2025-06-03 13:33:30 -06:00
Josh Brower 0277891392 Use Stable branch 2025-06-02 13:10:13 -04:00
Josh Brower 2fff6232c1 Merge pull request #14638 from Security-Onion-Solutions/2.4/playbooks-parsing 
Add parsing for Playbook
 2025-05-19 18:06:05 -04:00
Corey Ogburn 39f74fe547 Use the new JSON object editor for RulesRepos config entries 2025-05-19 15:38:45 -06:00
Corey Ogburn 11fb33fdeb Add RulesetName to Rule Repos 
Fill in `rulesetName` in the rules repos of the ElastAlert and Strelka engines. These will act as an example to anybody adding their repos to these lists. The field is not required, but helps avoid collisions when managing repos as the value is used for the folder name. When not present, the final folder of the repo url is used as the rulesetName and as the folder name on disk.

Note that rulesetNames including a `/` will create extra folders in the path but the rulesetName will contain the slash, i.e. `rulesetName="joesecurity/sigma-rules"` will create the nested structure of `reposFolder/joesecurity/sigma-rules" containing the contents of the repo. All rules imported from this repo will have the ruleset of `joesecurity/sigma-rules`.
 2025-05-19 14:19:56 -06:00
Josh Brower 58f4db95ea Create playbooks dir 2025-05-19 15:31:50 -04:00
Josh Brower b55cb257b6 Add parsing for Playbook 2025-05-19 13:25:27 -04:00
Josh Brower 9022dc24fb Add Parsing for Playbooks 2025-05-14 13:19:50 -06:00
Corey Ogburn 78b7068638 Playbook Settings 
Map a folder from the manager's soc config folder to soc's sensoroni folder for storing the playbook repo.

Added playbook module section with default values.
 2025-05-14 13:19:49 -06:00
Doug Burks a8cb18bb2e Update defaults.yaml to replace remaining instances of identity_id with user.name 2025-05-08 09:09:26 -04:00
Josh Brower d47a798645 Show user.name instead of id 2025-05-07 11:17:00 -04:00
Jason Ertel 1ecf2b29fc update default actions for subgrid support 2025-05-06 13:56:16 -04:00
Jason Ertel 3b447b343f fix typo 2025-04-17 11:51:45 -04:00
Jason Ertel d0375d3c7e fix typo 2025-04-17 11:51:21 -04:00
Jason Ertel b607689993 improve regex 2025-04-17 11:47:52 -04:00
Jason Ertel 8f1e528f1c improve regex 2025-04-17 11:09:39 -04:00
Jason Ertel 366e39950a subord annotations; ensure node reboots occur in background 2025-04-16 15:55:16 -04:00
Jason Ertel b99bb0b004 support options field on actions 2025-04-04 11:19:30 -04:00
Jason Ertel 9c455badb9 support background actions via config UI 2025-04-03 13:08:44 -04:00
Jason Ertel 1236c8c1f2 support pcap imports for sensors in distributed grids 2025-03-21 10:34:55 -04:00
Jason Ertel ad8f3dfde7 use specified role on new user add 2025-03-17 14:55:40 -04:00
Jason Ertel 2af05b9a23 switch back to colon for better clarity 2025-03-07 08:24:19 -05:00
Doug Burks 3037dc7c38 Update soc_soc.yaml to fix previous change 2025-03-07 07:13:27 -05:00
Mike Reeves 14e95f4898 Update soc_soc.yaml 2025-03-06 21:01:45 -05:00
Mike Reeves bad0031829 Update soc_soc.yaml 2025-03-06 20:58:23 -05:00
Mike Reeves 03ebc2d86e Add Actions 2025-03-05 15:58:10 -05:00
Mike Reeves 3021ed5d36 Add Actions 2025-03-05 15:56:26 -05:00
Mike Reeves b51aa56e86 Some things I thought were bools are not bools 2025-03-05 15:15:26 -05:00
Mike Reeves b01fb733a9 Some things I thought were bools are not bools 2025-03-05 14:56:26 -05:00
Mike Reeves c7c6d3e556 Merge branch '2.4/dev' of github.com:Security-Onion-Solutions/securityonion into truefalse 2025-03-05 13:21:21 -05:00
Corey Ogburn 21a64b6c1d Add Client Parameter 
Add groupItemsPerPage so detections groupby tables have proper default value for page size.
 2025-03-05 09:43:21 -07:00
Doug Burks c6c67f4d06 FEATURE: Add sankey chart to Elastic Agent API dashboard to show relationship between process.name and process.Ext.api.name #14339 2025-03-05 06:31:16 -05:00
Jason Ertel 85450693a2 Merge branch '2.4/dev' into jertel/wip 2025-03-04 10:55:29 -05:00
Jason Ertel 0047246cf2 reduce stdout verbosity 2025-03-04 10:55:12 -05:00
Doug Burks 44535cba8c FIX: Elastic Agent Security Events dashboard should reference user.effective.name #14325 2025-03-04 06:46:56 -05:00
Doug Burks e53f4fd1f1 Update defaults.yaml to quote the process.entity_id value 2025-03-02 05:54:30 -05:00
Mike Reeves 2ffaf2f601 Add hunt queries 2025-02-27 12:42:03 -05:00
Mike Reeves 4696152f78 Add hunt queries 2025-02-27 12:31:51 -05:00
Mike Reeves a0944f8359 Add hunt queries 2025-02-27 12:17:57 -05:00
Mike Reeves 1fdbe987b8 Add hunt queries 2025-02-27 12:15:37 -05:00
Mike Reeves 40303c2d78 Add hunt queries 2025-02-27 12:10:59 -05:00
Mike Reeves 4b5048bd80 Add hunt queries 2025-02-27 11:57:57 -05:00
Mike Reeves 9d31050907 roll back SOC changes 2025-02-27 11:32:59 -05:00
Mike Reeves e930d1dec6 roll back SOC changes 2025-02-27 11:28:06 -05:00
Mike Reeves 1d3bae4a7a Add additional entries for actions 2025-02-27 11:15:51 -05:00
Mike Reeves d950e4ebb3 Add additional entries for actions 2025-02-27 11:11:56 -05:00
Mike Reeves 3ba82bd5a4 Fix actions 2025-02-27 11:04:47 -05:00