e2cca917c1
Add package load command to Fleet setup
2023-06-23 13:26:06 +00:00
d8700137d2
Add updated so-elasticsearch-templates-load
2023-06-23 13:23:29 +00:00
2c42d4b19e
Add package check to so-elasticsearch-templates-load
2023-06-23 13:22:51 +00:00
a3c7e40c40
Add package load command
2023-06-23 13:20:05 +00:00
94fe456e28
Add package functions
2023-06-23 13:19:20 +00:00
662db41857
Add default packages
2023-06-23 13:17:38 +00:00
7623dd20b9
Merge pull request #10644 from Security-Onion-Solutions/cogburn/salt-relay-fix
...
WIP: Fix `salt cmd.run` commands for importing
2023-06-22 20:31:19 -04:00
2b323ab661
Fix salt cmd.run commands for importing
...
Functional and easy to read.
2023-06-22 17:30:56 -06:00
8de01625a8
Add Elastic Agent container for Heavy Nodes
2023-06-22 16:02:42 -04:00
d0d7ab57ca
Add Elastic Agent container for Heavy Nodes
2023-06-22 16:02:17 -04:00
f4cbe20ddf
Merge pull request #10641 from Security-Onion-Solutions/jertel/fix-import
...
fix quotations
2023-06-22 14:46:41 -04:00
0d92a1594a
fix quotations
2023-06-22 14:41:39 -04:00
daaead618e
Merge remote-tracking branch 'origin/2.4/dev' into 2.4/heavynode
2023-06-22 13:26:56 -04:00
19469205e1
include eval and import in so-elasticsearch-cluster-settings
2023-06-22 13:12:47 -04:00
cae9e6230f
Merge pull request #10638 from Security-Onion-Solutions/cogburn/import-fix
...
Change upload path
2023-06-22 13:04:22 -04:00
6c4c815683
change so-elasticsearch-cluster settings to include heavynode, and only run on managers
2023-06-22 13:04:20 -04:00
6769386c86
Change upload path
2023-06-22 10:59:24 -06:00
36272efda7
create ES_LOGSTASH_NODES which removes heavynodes
2023-06-22 09:46:42 -04:00
6b97d07a89
Merge pull request #10629 from Security-Onion-Solutions/fix/elasticsearch_ingest_suricata_xff_ip
...
Parse xff
2023-06-22 08:45:58 -04:00
da82395dcf
Merge pull request #10633 from Security-Onion-Solutions/cogburn/10413
...
Cogburn/10413
2023-06-21 15:48:53 -06:00
b5e5bd57ad
Fix for Upload Import
...
Needed to mount /nsm/soc/uploads into soc container.
Made the upload route configurable.
Added gpg logging to salt-relay.
2023-06-21 15:41:16 -06:00
ad4fb52b81
Merge pull request #10631 from Security-Onion-Solutions/2.4/repos
...
2.4/repos
2023-06-21 16:06:30 -04:00
4e849ecc90
issues with exclude rocky-repos
2023-06-21 15:14:53 -04:00
7e37cd0f05
Parse xff
2023-06-21 14:29:54 -04:00
3952c1a9b7
Fix desktop state
2023-06-21 13:52:10 -04:00
c13c37f406
Fix desktop state
2023-06-21 13:49:01 -04:00
9240c3c6f0
Fix desktop package list
2023-06-21 13:42:51 -04:00
2aa01280e7
Fix desktop package list
2023-06-21 13:34:47 -04:00
1675b787bf
exclude rocky-repos and remove files
2023-06-21 13:27:34 -04:00
4866eb2315
Fix desktop package list
2023-06-21 12:52:42 -04:00
f785fb2772
Fix desktop package list
2023-06-21 12:27:15 -04:00
8c9f863808
Fix desktop package list
2023-06-21 12:22:03 -04:00
1751e35121
Fix desktop package list
2023-06-21 12:20:57 -04:00
6676afc7de
Fix desktop package list
2023-06-21 12:19:48 -04:00
699ea1ac3e
Fix desktop package list
2023-06-21 11:48:37 -04:00
90fdb9c465
Update paths
2023-06-21 11:47:22 -04:00
48291f5271
Merge branch '2.4/dev' of https://github.com/Security-Onion-Solutions/securityonion into desktop
2023-06-21 11:43:05 -04:00
3a41b090c1
Update paths
2023-06-21 11:42:51 -04:00
139b36b189
Merge pull request #10627 from Security-Onion-Solutions/2.4/import-evtx
...
Refactor EVTX Import
2023-06-21 11:42:10 -04:00
6ddf887342
Refactor EVTX Import
2023-06-21 09:32:42 -04:00
6ba9e057a9
Merge pull request #10600 from Security-Onion-Solutions/fix/dataset_tags
...
Change format of event dataset and assign dataset to tags
2023-06-21 09:22:40 -04:00
6600484f8e
Update Docker
2023-06-21 09:15:31 -04:00
b02c38175c
Merge pull request #10624 from Security-Onion-Solutions/TOoSmOotH-patch-2
...
Salt Defunct Workaround
2023-06-20 17:44:53 -04:00
4497f6561f
Salt Defunct Workaround
...
This can be removed once they patch salt
2023-06-20 17:27:02 -04:00
0fc03baf58
Desktop Packages
2023-06-20 13:41:10 -04:00
fb81c6e2e3
Merge pull request #10601 from Security-Onion-Solutions/cogburn/10413
...
Cogburn/10413
2023-06-20 11:08:53 -06:00
ad28ea275f
Better state management
...
When salt-cp runs it's course and finds it can't send a file, it outputs a report saying as much but the exit code will be zero. Now we remove the filename and node from the response and look for `True` to know if it succeeded. Also, respect the cleanup flag on success or failure.
Check the status of the decryption process before importing.
No longer decrypt locally, issue salt command for the remote client to do the decrypting.
2023-06-20 09:41:14 -06:00
41951659ec
Use importer's new --json flag.
...
Using the new --json flag is not only more reliable than using a regex, the way the import script was written even re-imports will provide a url. This means that in more cases we can provide the results to the users (even if nothing changed).
2023-06-20 09:41:14 -06:00
451a4784a1
send-file and import-file security
...
Encrypt the file with a passphrase before sending and decrypt the file with the same passphrase before importing.
2023-06-20 09:41:14 -06:00
1b7095fa81
Improved import-file url regex
...
sed doesn't remove ALL whitespace, only newlines. It's better to stop at the first whitespace than to stop at a particular, maybe-not-last query string parameter.
2023-06-20 09:41:14 -06:00
Wes
Jason Ertel
Corey Ogburn
Josh Brower
Jason Ertel
m0duspwnens
coreyogburn
Mike Reeves