CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 17:52:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
14,642 Commits 24 Branches 119 Tags
8889c974b85e42f47706d6ec37aa2b3cef7935cb
Commit Graph

76 Commits

Author SHA1 Message Date
Wes
005930f7fd Add error.message mapping for system.syslog 2024-03-07 15:41:23 +00:00
Corey Ogburn
0d297274c8 DetectionComment Mapping Defined 2024-02-13 12:53:18 -07:00
Corey Ogburn
64f6d0fba9 Updated Detection's ES Mappings 
Detection's now have a License field and the Comment model is defined now.
 2024-02-09 14:20:07 -07:00
Corey Ogburn
29174566f3 WIP: Updated Detection Mappings, Changed Engine to Language 
Detection mappings updated to include the removal of Note and the addition of Tags, Ruleset, and Language.

SOC defaults updated to use language based queries rather than engine and show the language column instead of the engine column in results.
 2024-02-08 09:44:56 -07:00
Corey Ogburn
585147d1de Added so-detection mapping in elasticsearch 2024-01-31 10:39:47 -07:00
Wes
12ab6338db Add diagnostic 2024-01-25 20:16:52 +00:00
Wes
8426aad56d Text mapping for scan.pe.flags 2024-01-24 15:10:42 +00:00
weslambert
1dcca0bfd3 Change pipeline to 1.13.1 2023-11-07 12:17:51 -05:00
weslambert
cce80eb2fb Change pipeline to 1.8.0 2023-11-07 09:02:48 -05:00
Wes
0bba68769b Make scan.pe.image_version type of 'float' 2023-09-26 14:05:12 +00:00
Wes
cf19c8f8c2 Remove templates 2023-09-05 13:43:41 +00:00
Wes
0fed757b11 Add entropy mapping 2023-08-31 15:10:27 +00:00
Josh Brower
9437a47946 Fix formatting 2023-07-26 10:54:24 -04:00
Wes
4efc951eaf Add tags 2023-07-24 20:57:39 +00:00
Wes
4b7e7978ef Add final pipeline 2023-07-19 19:56:54 +00:00
Wes
a59eda319e Remove security subfield 2023-07-18 19:00:50 +00:00
Wes
1d3e39b6bd Map user name to keyword and remove security subfield generation 2023-07-18 14:46:47 +00:00
Wes
48331ce35b Add system.system component templates 2023-06-14 13:29:11 +00:00
Wes
8cde05807c Remove elastic-agent dir 2023-06-13 21:33:04 +00:00
Wes
2ac0aba916 Add osquery files 2023-06-13 21:32:02 +00:00
Wes
af003cc2a1 Add osquery templates 2023-06-13 20:43:39 +00:00
Wes
bd7644a557 Add another template 2023-06-13 19:13:20 +00:00
Wes
1b90fd8581 Add custom component templates 2023-06-13 18:21:45 +00:00
Wes
e43b7607bb Add more component templates 2023-06-13 17:04:03 +00:00
Wes
a265c06e31 Add other component templates 2023-06-13 15:47:25 +00:00
Wes
2aa954cb0a Add component templates 2023-06-13 15:25:23 +00:00
Wes
1208915896 Remove Elastic Agent package templates 2023-06-12 14:24:59 +00:00
Wes
495a9c0783 Add mapping for event.severity_label 2023-06-05 21:19:37 +00:00
Wes
3fba27a0d4 Ensure component template files are in the correct directory 2023-03-22 20:45:33 +00:00
Wes
28f5dcd43b Add managed generic Elastic Agent log component templates 2023-03-22 19:57:46 +00:00
Mike Reeves
5fc297b8c1 Change Elastic Logic 2023-03-21 16:52:08 -04:00
Wes
0fd5fee868 Fix syntax for Fleet component templates 2022-09-22 15:07:43 +00:00
Wes
46dd4c2749 Rename component mappings and references for Security Onion 2022-09-20 20:33:06 +00:00
Wes
7f2c5bc757 Add component templates for Fleet 2022-09-20 20:27:26 +00:00
doug
fdffac83e1 sysmon fix by bryant 2022-09-19 14:47:45 -04:00
Wes
eeffded248 Remove duplicate security subfield configuration from component templates 2022-09-07 21:23:04 +00:00
Wes
3c50072690 Add Elastic Agent component templates 2022-09-07 18:51:57 +00:00
Wes Lambert
fe1b72655b Additional .keyword shims for process mappings 2022-03-24 16:45:06 +00:00
weslambert
406267a892 Add process.name.keyword 2022-03-08 12:42:34 -05:00
Wes Lambert
ffae22beef Add DTC syslog mappings for .keyword and add refs to defaults.yml 2022-03-04 13:04:11 +00:00
Wes Lambert
1f71816ad7 Add keyword subfield for DTC winlog mappings 2022-03-03 14:54:30 +00:00
Wes Lambert
1c086e36da Add missing comma for file mappings 2022-03-03 13:49:54 +00:00
Wes Lambert
85979cbce8 Add file, process, and winlog mapping changes 2022-03-03 13:37:27 +00:00
Wes Lambert
8f97f09c9c Additional .keyword changes for host.hostname client.address, and event.action 2022-03-02 21:54:46 +00:00
Wes Lambert
3ee46e4c29 Add .keyword for destination/source geo.country_name 2022-03-02 21:50:03 +00:00
Wes Lambert
ab9b81ea39 Change match_only_text to text for mac in host mappings 2022-03-02 15:01:05 +00:00
Wes Lambert
ed620b93b7 Add custom analyzer definition to all SO/DTC mappings 2022-03-02 14:43:19 +00:00
Wes Lambert
27c8eaa630 Update all other mappings for .security where applicable 2022-03-02 14:39:23 +00:00
Wes Lambert
e925d435ff Update event, file, and host mappings to include .security 2022-03-02 14:33:52 +00:00
Wes Lambert
496b161253 Update ECS mappings to include .security 2022-03-02 14:27:36 +00:00