CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-02-21 14:35:27 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,675 Commits 25 Branches 121 Tags
8cc8a63a4e02c6bf866fac5d20cda63aa53792cb
Commit Graph

51 Commits

Author SHA1 Message Date
reyesj2
2038227308 remove reference to .fleet_final_pipeline-1 
- configure global@custom ingest pipeline to run  .fleet_final_pipeline-1 when available (heavynodes do not have this pipeline).
  - Update global@custom pipeline to remove error message related to sending EA logs through logstash (https://github.com/elastic/kibana/issues/183959)
 2026-01-26 14:01:58 -06:00
reyesj2
e26310d172 elastic agent offline alerter 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-09-02 17:00:03 -05:00
reyesj2
58df566c79 add mapping for metadata.kafka.timestamp 2025-04-14 14:30:40 -05:00
reyesj2
4dd72ad15c fix osquery action_data mapping conflict 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-03-07 17:05:13 -06:00
reyesj2
124bf266b5 osquery v1.15.0 index templates updates 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-03-04 12:27:04 -06:00
reyesj2
e2772e899e component template missing metadata field 2025-02-24 10:24:11 -06:00
reyesj2
3f2b0973af manually create unused logs-soc@package for successful elasticsearch templates load 2025-02-24 08:59:59 -06:00
reyesj2
c9b41e2eb1 formatting 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-02-20 10:11:34 -06:00
reyesj2
499d473b9d set metrics indices to 0 replicas 2025-02-20 10:06:59 -06:00
reyesj2
09c7b31918 update pfsense pipeline version. Remove unused component templates 2025-02-12 16:33:56 -06:00
reyesj2
6331298eac remove individual <integration>@custom mappings. Moved over to so-fleet_integrations.ip_mappings-1 2025-01-21 10:49:54 -06:00
reyesj2
d35ffef503 merge 2.4/dev 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-01-17 11:23:54 -06:00
reyesj2
4f92b7ced1 add support for cloudflare_logpush integration 2025-01-13 09:23:05 -06:00
reyesj2
9fe3f6042f Remove individual integrations ip mappings component template. Replaced with global mappings 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-01-06 10:44:22 -06:00
reyesj2
157185c370 add ti_opencti integration support 2024-12-18 11:33:49 -06:00
reyesj2
44ec237447 additional integration support - cisco secure email gateway - rapid7 threat command 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-11-15 11:39:01 -06:00
reyesj2
039d5c22ac fix: crowdstrike integration 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-11-06 14:35:41 -06:00
Jorge Reyes
cf95af66c6 Revert "Add support for cybereason integration" 2024-10-21 15:23:05 -04:00
reyesj2
8b11019712 Add support for cybereason integration 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-10-18 11:56:47 -04:00
reyesj2
322199358d add support for trendmicro integration 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-10-16 16:45:46 -04:00
Wes
70c5a07913 Add back meta ad error.message 2024-09-23 21:36:40 +00:00
Wes
41112a59ec Add back meta 2024-09-23 20:12:14 +00:00
Wes
764eb98bc2 Add custom component for ints 2024-09-17 19:43:13 +00:00
weslambert
bae348bef7 Change version 2024-07-30 16:44:44 -04:00
Wes
2d0de87530 Add component templates for Fleet metrics 2024-07-17 15:19:46 +00:00
Wes
a8c231ad8c Add component templates 2024-05-31 17:47:01 +00:00
Wes
005930f7fd Add error.message mapping for system.syslog 2024-03-07 15:41:23 +00:00
Wes
12ab6338db Add diagnostic 2024-01-25 20:16:52 +00:00
weslambert
1dcca0bfd3 Change pipeline to 1.13.1 2023-11-07 12:17:51 -05:00
weslambert
cce80eb2fb Change pipeline to 1.8.0 2023-11-07 09:02:48 -05:00
Wes
cf19c8f8c2 Remove templates 2023-09-05 13:43:41 +00:00
Josh Brower
9437a47946 Fix formatting 2023-07-26 10:54:24 -04:00
Wes
4efc951eaf Add tags 2023-07-24 20:57:39 +00:00
Wes
4b7e7978ef Add final pipeline 2023-07-19 19:56:54 +00:00
Wes
a59eda319e Remove security subfield 2023-07-18 19:00:50 +00:00
Wes
48331ce35b Add system.system component templates 2023-06-14 13:29:11 +00:00
Wes
8cde05807c Remove elastic-agent dir 2023-06-13 21:33:04 +00:00
Wes
2ac0aba916 Add osquery files 2023-06-13 21:32:02 +00:00
Wes
af003cc2a1 Add osquery templates 2023-06-13 20:43:39 +00:00
Wes
bd7644a557 Add another template 2023-06-13 19:13:20 +00:00
Wes
1b90fd8581 Add custom component templates 2023-06-13 18:21:45 +00:00
Wes
e43b7607bb Add more component templates 2023-06-13 17:04:03 +00:00
Wes
a265c06e31 Add other component templates 2023-06-13 15:47:25 +00:00
Wes
2aa954cb0a Add component templates 2023-06-13 15:25:23 +00:00
Wes
1208915896 Remove Elastic Agent package templates 2023-06-12 14:24:59 +00:00
Wes
3fba27a0d4 Ensure component template files are in the correct directory 2023-03-22 20:45:33 +00:00
Wes
0fd5fee868 Fix syntax for Fleet component templates 2022-09-22 15:07:43 +00:00
Wes
46dd4c2749 Rename component mappings and references for Security Onion 2022-09-20 20:33:06 +00:00
Wes
7f2c5bc757 Add component templates for Fleet 2022-09-20 20:27:26 +00:00
Wes
eeffded248 Remove duplicate security subfield configuration from component templates 2022-09-07 21:23:04 +00:00