CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-23 17:33:10 +01:00
Code Issues Packages Projects Releases Wiki Activity
9,730 Commits 18 Branches 120 Tags
86e228b20045f1eb119aa76e128f7da11a8a0191
Commit Graph

5817 Commits

Author SHA1 Message Date
m0duspwnens
beb9a33628 only include curl.config if elasticsearch:auth is enabled 2022-01-10 11:48:16 -05:00
Mike Reeves
dbba7d7226 Add ability to specify local backup dir 2022-01-10 11:31:41 -05:00
m0duspwnens
291ac7d361 https://github.com/Security-Onion-Solutions/securityonion/issues/6811 2022-01-10 10:36:42 -05:00
Josh Patterson
43eda0c5a3 Merge pull request #6796 from Security-Onion-Solutions/fix/wazuh_register_agent 
dont try to register if state file exists
 2022-01-07 16:07:56 -05:00
m0duspwnens
715d3f0e7e dont try to register if state file exists 2022-01-07 16:05:55 -05:00
Jason Ertel
db04646735 Merge pull request #6794 from Security-Onion-Solutions/kilo 
Update field mappings based on Wes' feedback
 2022-01-07 16:03:05 -05:00
Jason Ertel
66c9e20c6a Add wilcards for CCS compatibility 2022-01-07 15:57:08 -05:00
m0duspwnens
3a86af8de2 quote $API_RESULT 2022-01-07 15:49:53 -05:00
m0duspwnens
7ee913eb1f if /opt/so/conf/wazuh/initial_agent_registration.log doesnt exist, and agent is already registered, touch file and exit 0 to prevent salt error 2022-01-07 15:46:47 -05:00
Jason Ertel
d3656a7777 Merge branch 'dev' into kilo 2022-01-07 13:41:35 -05:00
Josh Patterson
3c44f6fd41 Merge pull request #6793 from Security-Onion-Solutions/23100soup_jpp 
23100soup
 2022-01-07 13:32:33 -05:00
Jason Ertel
391db568b0 Update field mappings based on Wes' feedback 2022-01-07 13:28:36 -05:00
Jason Ertel
a4f01d4412 Merge pull request #6792 from Security-Onion-Solutions/kilo 
Add case exclusion toggle to Hunt to avoid hunt results getting case …
 2022-01-07 13:02:27 -05:00
Jason Ertel
9ef83da23f Add case exclusion toggle to Hunt to avoid hunt results getting case data hits unintentionally 2022-01-07 12:58:35 -05:00
m0duspwnens
871fd115ae put so-firewalll in /usr/sbin since salt-master isnt running at this time 2022-01-07 12:04:19 -05:00
weslambert
770e53d914 Add keyword subfield for event.severity_label 2022-01-07 11:21:57 -05:00
weslambert
c69e1353d9 Add event.severity_label 2022-01-07 11:19:54 -05:00
m0duspwnens
fd0e5d7d29 make sure so-firewall is up to date 2022-01-07 11:10:48 -05:00
Josh Brower
5d4ea2ba3a Revert Wazuh parser update 2022-01-07 10:51:24 -05:00
weslambert
a7e7566532 Merge pull request #6780 from Security-Onion-Solutions/feature/datatype_compliance 
Initial commit for data type compliance
 2022-01-06 16:38:17 -05:00
m0duspwnens
5ecb63f5cf prevent exit if minion doesnt respond 2022-01-06 16:17:51 -05:00
Josh Brower
277c7f1ef8 Uppercase first char in Wazuh WEL 2022-01-06 14:58:50 -05:00
m0duspwnens
cd590b894a check that ossec.conf exists 2022-01-06 12:39:48 -05:00
weslambert
8e2f500b9c Add config option for ECS compatibility (default of disabled) 2022-01-06 11:24:04 -05:00
weslambert
900d12b556 Add logger stanza to suppress deprecation warning messages for now due to current system index access warning messages flooding the ES log 2022-01-06 10:35:50 -05:00
Jason Ertel
8cf7ea8b87 Merge pull request #6772 from Security-Onion-Solutions/kilo 
Prevent PCAP action from showing up outside of hunt/alerts
 2022-01-05 19:15:02 -05:00
Josh Patterson
eaa6597cd7 Merge pull request #6773 from Security-Onion-Solutions/issue/6765 
Issue/6765
 2022-01-05 18:11:06 -05:00
Wes Lambert
1cafacfa51 Update saved objects to reflect removal of TheHive scripted field and replacement of PCAP pivot with Hunt pivot 2022-01-05 20:36:23 +00:00
weslambert
c1a88977cf Disable fielddata for _id field by default (since it is deprecated and can be memory-intensive) 2022-01-05 15:23:52 -05:00
m0duspwnens
0ff5e3cf6f require so-elasticsearch container to be running to run the scripts 2022-01-05 14:48:41 -05:00
Wes Lambert
b60837e71a Initial commit for data type compliance 2022-01-05 16:38:56 +00:00
Jason Ertel
4f8524e0ac Prevent PCAP action from showing up outside of hunt/alerts 2022-01-05 11:13:12 -05:00
weslambert
db43e21378 Fix indentation 2022-01-05 10:46:41 -05:00
weslambert
4d8b417fc9 Denote which branch is being used in SOUP if BRANCH is specified 2022-01-05 10:41:27 -05:00
Jason Ertel
89415b12ce Merge pull request #6762 from Security-Onion-Solutions/kilo 
Switch soc.json to use lowercase labels in default queries; Also enab…
 2022-01-05 09:59:39 -05:00
Jason Ertel
4bfdfffe21 Switch soc.json to use lowercase labels in default queries; Also enable the 'Add Case' feature 2022-01-05 09:54:13 -05:00
m0duspwnens
7bb9b6efa9 populate mine with network.ip_addrs pillar.host.mainint for each host prior to highstate 2022-01-04 10:27:45 -05:00
Mike Reeves
288389c93e Soup changes for 2.3.100 2022-01-04 08:38:14 -05:00
Josh Patterson
4247a3a816 Merge pull request #6730 from Security-Onion-Solutions/fix/ub1804ssl 
more detailed logging for the retry command
 2021-12-30 13:19:58 -05:00
m0duspwnens
cc2f6e23ca more detailed logging for the retry command 2021-12-30 13:09:29 -05:00
Josh Patterson
064355dfb5 Merge pull request #6729 from Security-Onion-Solutions/fix/ub1804ssl 
change exitCode to exitcode. set exitcode to 1 if failed output found
 2021-12-30 11:38:32 -05:00
m0duspwnens
d274615376 change exitCode to exitcode. set exitcode to 1 if failed output found 2021-12-30 10:45:30 -05:00
Josh Patterson
78eda75c0f Merge pull request #6725 from Security-Onion-Solutions/fix/ub1804ssl 
add option to look for failed outout in retry function in so-common. …
 2021-12-29 18:18:12 -05:00
m0duspwnens
200736a118 add option to look for failed outout in retry function in so-common. look for Err: when running soapt-get update in setup 2021-12-29 18:15:16 -05:00
Jason Ertel
1d136b611a Merge pull request #6723 from Security-Onion-Solutions/kilo 
Uniform presets
 2021-12-29 16:49:41 -05:00
Jason Ertel
e6051cb653 Switch all presets to lowercase for uniformity 2021-12-29 16:42:34 -05:00
Jason Ertel
74dbc4bf67 Merge pull request #6720 from Security-Onion-Solutions/kilo 
Add case template to eval install types; also improve clarity of case queries
 2021-12-29 11:41:06 -05:00
Jason Ertel
fb02d0d35c clarify case filters 2021-12-29 11:07:36 -05:00
Jason Ertel
d4f3615cae Merge pull request #6717 from Security-Onion-Solutions/kilo 
Support CCS in CM
 2021-12-29 09:12:13 -05:00
Jason Ertel
e5110ac4e8 Use CCS compatible index 2021-12-29 09:08:10 -05:00