21a64b6c1d
Add Client Parameter
...
Add groupItemsPerPage so detections groupby tables have proper default value for page size.
2025-03-05 09:43:21 -07:00
c6c67f4d06
FEATURE: Add sankey chart to Elastic Agent API dashboard to show relationship between process.name and process.Ext.api.name #14339
2025-03-05 06:31:16 -05:00
44535cba8c
FIX: Elastic Agent Security Events dashboard should reference user.effective.name #14325
2025-03-04 06:46:56 -05:00
e53f4fd1f1
Update defaults.yaml to quote the process.entity_id value
2025-03-02 05:54:30 -05:00
d0fa6eaf83
New Limit on Bulk Creating Related Events
...
Used by the UI and API to hint at a user that not every event will be attached to a case. Supports values up to 10,000 (the default limit on the number of documents returned by a single ES search).
2025-02-03 14:20:33 -07:00
107ca38268
fix http query for "includes" function
2025-01-14 08:24:07 -06:00
35547b476f
update http query
2025-01-14 08:13:27 -06:00
ad765200c3
Merge pull request #14105 from Security-Onion-Solutions/reyesj2/moarzeekparse
...
Additional Zeek parsing & cloudflare_logpush integration
2025-01-13 11:37:21 -06:00
14c920a258
fix hidden ldap menu subtitle
2025-01-13 09:23:32 -06:00
e60a1e4357
zeek ldap & ldap_search parsing
...
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com >
2025-01-09 16:06:10 -06:00
6fa11a38ef
Update defaults
2025-01-07 13:14:50 -05:00
927b618ec9
Update Zeek QUIC dashboard, add Hunt query, add quic.server.name as column in Events table
2025-01-02 06:57:56 -05:00
9f83853922
Zeek QUIC support
...
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com >
2024-12-31 13:44:20 -06:00
754d28e95d
add openvpn & ipsec support to Zeek
2024-12-05 09:52:55 -06:00
04ffdf9b15
Merge pull request #13958 from Security-Onion-Solutions/2.4/autoenablesigma
...
More flexibility for AutoEnable Sigma rules
2024-11-21 09:47:49 -05:00
8958da83b3
Deprecate instead
2024-11-20 18:00:26 -05:00
3fcf197bc1
Tweak structure
2024-11-19 11:54:15 -05:00
56d6857cd6
Addl customization for autoenable sigma
2024-11-18 09:03:17 -05:00
1113c3924f
zeek http2
...
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com >
2024-11-14 09:09:23 -06:00
57a9992a3d
Merge branch '2.4/dev' into jertel/wip
2024-11-11 10:06:44 -05:00
28d468dd41
Merge remote-tracking branch 'origin/2.4/dev' into 2.4/templaterepos
2024-11-07 07:25:01 -05:00
5e48ccafce
Update Default Value
2024-11-05 11:11:34 -07:00
69dd35c30a
Add Option for Ignoring Ranges of SIDs in Suricata Integrity Check
2024-11-04 14:31:53 -07:00
5406a263d5
Add local custom template
2024-10-29 19:42:06 -04:00
6ce52bf9ab
Specify Defaults for detectionEngineStatusQueries
...
Specify the defaults as an example to the user.
2024-10-24 13:11:49 -06:00
f67fcecc6e
Clean up StatusQueries String
2024-10-24 11:18:48 -06:00
b7c392a244
Corrected a misspelling
2024-10-24 11:18:48 -06:00
ad0b0a5e95
Refactor to String
...
To accomodate the config screen, the annotation now specifies it as a multiline string with a yaml syntax. The user can edit the yaml to add or remove queries. The UI will parse the YAML before use.
Also updated the IntegrityFailure queries to specify table columns more relevant to a sync failure than the default ones.
2024-10-24 11:18:47 -06:00
c77b0afd8e
Move to Client/Detections
...
Added a basic annotation.
2024-10-24 11:18:47 -06:00
04ebe4efea
Array to Dictionary
2024-10-24 11:18:46 -06:00
cbb4d6846f
Detection Engine Status Queries
...
A few for testing
2024-10-24 11:18:45 -06:00
7c405ff9d7
connect
2024-10-24 08:47:52 -04:00
5e6dd2e8b3
connect
2024-10-23 16:49:02 -04:00
f713dbacf8
connect
2024-10-16 17:53:57 -04:00
647f057714
Merge branch '2.4/dev' into jertel/wip
2024-10-16 13:44:20 -04:00
523ff66389
connect work
2024-10-16 13:44:01 -04:00
d2bd9c0e26
Changes to allow reviews to start showing
2024-10-10 09:48:59 -06:00
778d5be407
Change summaries branch
2024-09-25 15:35:08 -04:00
caa8d9ecb0
fix repo path
2024-08-09 06:58:40 -04:00
8c1feccbe0
Tweak value
2024-08-08 12:53:51 -06:00
5ee15c8b41
Tweak value
2024-08-08 12:00:07 -06:00
5328f55322
Remove new config value
2024-08-08 11:43:15 -06:00
ccd7d86302
More AI Summaries Config/Annotations
...
Added aiRepoBranch to all 3 detection engines.
Added showUnreviewedAiSummaries to client parameters.
Added annotations.
2024-08-08 10:46:41 -06:00
fc89604982
New Config Values/Annotations for Ai Summaries
...
Each engine pulls the same repo into the same location and shows the summaries.
Which repo and where to keep them is advanced, but turning AI summaries on or off is not.
2024-08-06 13:55:54 -06:00
3130b56d58
Provide new setting to require OTP
2024-07-30 10:39:57 -04:00
45b2413175
Removed Allow/Deny Regexes, Added Enable/Disable Regex
...
Update config and annotations for new regex support for suricata.
2024-07-19 12:45:24 -06:00
d0565baaa3
New Config Values for Detections Bulk Indexer
...
`maxScrollSize` defines the "page size" of each scroll request.
`bulkIndexerWorkerCount` defines how many worker threads a bulk indexer should use. 0 or fewer indicates that 1 thread per CPU core should be used.
2024-07-15 14:43:47 -06:00
3991c7b5fe
FEATURE: Add new action to SOC Actions list to allow users to more easily add their own actions #13346
2024-07-15 15:52:00 -04:00
bf91030204
Add option for detections without license
2024-06-21 15:33:11 -04:00
07b9011636
Update defaults.yaml to put Process actions in logical order
2024-06-20 10:09:27 -04:00
Corey Ogburn
Doug Burks
Jorge Reyes
Joshua Brower
Jason Ertel
weslambert