CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-26 06:27:50 +02:00
Code Issues Packages Projects Releases Wiki Activity
4,518 Commits 40 Branches 125 Tags
870e042c4c73eeb9db52df3812205db86c00a095
Commit Graph

104 Commits

Author SHA1 Message Date
Josh Brower a79d0319cd Initial support for evtx import 2020-09-01 13:47:27 -04:00
Josh Brower b7dd14b8f0 Set event.code to string for WEL 2020-08-28 13:40:04 -04:00
Josh Brower d4f7a07f85 Osquery Parsing fix 2020-08-18 15:54:11 -04:00
Josh Brower 928e5ed832 Playbook/Nav Fixes - Issue #1064 2020-08-07 17:02:48 -04:00
Josh Brower ff209cfd65 Merge pull request #1149 from Security-Onion-Solutions/feature/wlb-parsing 
Ingest Parsing Update for Sysmon/WEL
 2020-08-07 13:37:22 -04:00
Josh Brower a8b980b6a7 More Playbook Fixes - Issue #1064 2020-08-07 13:35:43 -04:00
Josh Brower 15efe77e06 Ingest Parsing Update for Sysmon/WEL 2020-08-06 13:11:47 -04:00
Josh Brower d971d07720 Osquery & WLB Parsing Update for WEL & Sysmon 2020-07-31 16:06:15 -04:00
Josh Brower 55e60cb749 initial refactor - beats/sysmon parsing 2020-07-28 11:03:33 -04:00
Josh Patterson 549916306c Merge pull request #1008 from Security-Onion-Solutions/quickfix/lstoes 
Quickfix/lstoes
 2020-07-14 17:37:19 -04:00
m0duspwnens 5cf71596b2 add curlys 2020-07-14 17:36:52 -04:00
Josh Brower 8647944ae6 Parsing & Hunt query updates 2020-07-14 16:59:06 -04:00
Doug Burks a1e6a85a68 explicitly set Suricata timestamp timezone to UTC 2020-07-14 15:49:46 -04:00
Wes Lambert f9df39977b Add observer name for Strelka events 2020-07-14 17:38:43 +00:00
Wes Lambert d6afde90b0 Convert message timestamp to @timestamp 2020-07-14 13:37:00 +00:00
Josh Brower 65062d93f4 Misc fixes 2020-07-10 19:43:43 -04:00
Josh Brower 206bdc60f3 Merge pull request #967 from Security-Onion-Solutions/feature/low-level-alerts 
Feature - low level alerts
 2020-07-09 13:56:31 -04:00
Josh Brower 52f7111e1d Feature - low level alerts 2020-07-09 13:53:55 -04:00
Doug Burks 8dfafffef0 remove duplicate line for message2.conn_uids 2020-07-09 06:44:08 -04:00
weslambert 4cf31e1ee7 Drop message field and original exiftool keys 2020-07-08 10:55:40 -04:00
Doug Burks fef803a86c Add ignore_failure to geoip processor calls #942 2020-07-08 10:41:14 -04:00
weslambert b25a3b6986 Rename uids to uid 2020-07-08 09:39:37 -04:00
Wes Lambert 3b50ce032a Add fields for exiftool keys 2020-07-07 20:02:09 +00:00
Wes Lambert e0570e1db7 Add Zeek FUID for Strelka records 2020-07-07 15:00:01 +00:00
Doug Burks 98cfba18e9 fix zeek.ftp description 2020-07-01 20:27:40 -04:00
Doug Burks f6adf4ed56 fix zeek.smb_mapping description 2020-07-01 20:26:51 -04:00
Doug Burks 2cbd5ffe61 fix zeek.ssh description 2020-07-01 20:26:06 -04:00
Wes Lambert 84e2965fef Addl krb fix 2020-06-30 03:06:01 +00:00
Wes Lambert bf8798f1d1 Fix krb client/server cert subject parsing 2020-06-30 03:04:01 +00:00
Wes Lambert 8f5da66335 Add null safe operator for query name 2020-06-30 03:02:38 +00:00
Wes Lambert af451573eb Move dataset from files to file 2020-06-23 17:43:28 +00:00
Mike Reeves 3681f91c37 Suricata Conn 2020-06-15 21:46:04 -04:00
Wes Lambert 206261fbe6 rename id to log.id.fuid for X509 2020-06-15 16:55:14 +00:00
Wes Lambert 18547e8ea8 enforce field types 2020-06-15 16:54:33 +00:00
Mike Reeves 6058d438bf Fix Protocol 2020-06-12 12:28:29 -04:00
Mike Reeves 42938a4e67 Add the makor Suricata parsers 2020-06-12 12:14:48 -04:00
Mike Reeves c0d24d942c Merge remote-tracking branch 'remotes/origin/dev' into feature/metasuri 2020-06-09 13:31:31 -04:00
Mike Reeves 4b6af0cd81 Suricata DHCP 2020-06-08 08:58:35 -04:00
Josh Brower 4e4eeedb41 Initial support - external beats 2020-06-04 22:41:35 -04:00
Mike Reeves 33712a3409 Suricata HTTP parser 2020-06-04 16:19:22 -04:00
Mike Reeves 5c62fedd12 Suricata DNS parser 2020-06-04 15:42:51 -04:00
Mike Reeves 7043bbae9d Merge remote-tracking branch 'remotes/origin/dev' into feature/metasuri 2020-06-04 09:10:54 -04:00
TOoSmOotH 702a14e90c DNS Suricata parser 2020-06-03 20:40:10 -04:00
Mike Reeves 3211a8a5e0 SMTP from fix 2020-06-03 11:52:24 -04:00
Mike Reeves c5d6381933 SMTP for suricata 2020-06-03 11:16:43 -04:00
Mike Reeves 126d1598ee SNMP for suricata 2020-06-03 11:03:23 -04:00
weslambert c91bc0e681 Clean up some stuff 2020-06-02 15:31:48 -04:00
Mike Reeves 25aae21cf6 Trying to get decoded packet 2020-06-02 15:06:39 -04:00
Mike Reeves b507b87871 Trying to get decoded packet 2020-06-02 14:49:07 -04:00
Mike Reeves fb68506418 Add mor suricata ingest parser types 2020-06-02 14:42:15 -04:00