CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
9,696 Commits 24 Branches 119 Tags
8f97f09c9c8bccd6241782cf5c804b66a2ba154d
Commit Graph

644 Commits

Author SHA1 Message Date
Wes Lambert
8f97f09c9c Additional .keyword changes for host.hostname client.address, and event.action 2022-03-02 21:54:46 +00:00
Wes Lambert
3ee46e4c29 Add .keyword for destination/source geo.country_name 2022-03-02 21:50:03 +00:00
Wes Lambert
c5b16fdf3b Adjust field limit for now 2022-03-02 16:33:39 +00:00
Wes Lambert
ab9b81ea39 Change match_only_text to text for mac in host mappings 2022-03-02 15:01:05 +00:00
Wes Lambert
ed620b93b7 Add custom analyzer definition to all SO/DTC mappings 2022-03-02 14:43:19 +00:00
Wes Lambert
27c8eaa630 Update all other mappings for .security where applicable 2022-03-02 14:39:23 +00:00
Wes Lambert
e925d435ff Update event, file, and host mappings to include .security 2022-03-02 14:33:52 +00:00
Wes Lambert
496b161253 Update ECS mappings to include .security 2022-03-02 14:27:36 +00:00
Wes Lambert
aae2fd1fbb Update DNS mappings to include .security 2022-03-02 14:27:15 +00:00
Wes Lambert
0b45cf7ae1 Update base mappings to include .security 2022-03-02 14:25:57 +00:00
Wes Lambert
d89af5f04f Update agent mappings to include .security 2022-03-02 14:25:14 +00:00
Wes Lambert
2d2ec45029 Modify base ECS mappings to include .security where possible, as well as custom analyzer definition 2022-03-02 14:19:36 +00:00
Wes Lambert
5489b8559d Revert "Switch from .security to match_only_text" 
This reverts commit f7862af934.
 2022-03-01 18:44:00 +00:00
Wes Lambert
2a9caccc7c Revert "Add additional .text subfield mappings" 
This reverts commit 61dadc6249.
 2022-03-01 18:43:24 +00:00
Wes Lambert
a290602a70 Revert syslog pipeline updates from Abe' PR for now 2022-03-01 15:31:07 +00:00
Wes Lambert
038dc49098 Temporarily increase field limit before trimming efforts 2022-03-01 15:06:28 +00:00
Wes Lambert
dc07adca63 Rename ingest.timestamp to event.ingested 2022-03-01 15:05:08 +00:00
weslambert
414b9dcd59 Run template load first to prevent issues with pipeline changes that generate new indices 2022-02-28 12:33:18 -05:00
Doug Burks
32b71fdcac Avoid changing _index for imported logs 2022-02-26 10:36:09 -05:00
weslambert
e942d81433 Ensure correct formatting for source override 2022-02-25 19:14:58 -05:00
weslambert
a511fd33e9 Ensure correct formatting for destination override 2022-02-25 19:14:21 -05:00
Wes Lambert
a8bdff89ae Move files into SO component template directory 2022-02-25 18:00:16 +00:00
Wes Lambert
08097fe9ec Add Playbook override mappings 2022-02-25 17:58:51 +00:00
Wes Lambert
61dadc6249 Add additional .text subfield mappings 2022-02-25 16:27:37 +00:00
Wes Lambert
0f8a39002f Add .text subfield mappings for DTC where fields are defined 2022-02-24 19:39:52 +00:00
weslambert
23fb62c0d6 Split Zeek DNS records into a separate index 2022-02-24 12:52:25 -05:00
weslambert
bc2c1b4ccc Merge pull request #6935 from abesinger/issue/6912 
Updated syslog pipeline, resolves #6912.
 2022-02-24 08:33:55 -05:00
weslambert
6a0ecb9e9c Add IDH and Kratos index templates 2022-02-23 12:13:46 -05:00
Wes Lambert
f7862af934 Switch from .security to match_only_text 2022-02-22 20:33:49 +00:00
Wes Lambert
4d1533537b Remove old index templates 2022-02-18 20:08:13 +00:00
m0duspwnens
cb55af4c1c dont allow $ to be used for elasticsearch:auth or kibana:secrets - https://github.com/Security-Onion-Solutions/securityonion/issues/7233 2022-02-18 13:13:56 -05:00
weslambert
87a5e64f12 Merge pull request #7249 from Security-Onion-Solutions/fix/component_index_association 
Update component -> index association for file/scan mappings for Strelka
 2022-02-18 12:19:41 -05:00
Mike Reeves
9341669a15 Merge pull request #7244 from christopherwoodall/patch-6 
Update config.map.jinja
 2022-02-18 09:57:33 -05:00
Christopher Woodall
eaff6a12de Update config.map.jinja 
Extend the array instead of appending.
 2022-02-18 08:50:28 -05:00
weslambert
6ee3287d2d Update component -> index association for file/scan mappings for Strelka 2022-02-18 08:12:34 -05:00
weslambert
185ea2fd99 Fix indent for so-netflow component template references 2022-02-16 14:46:12 -05:00
Wes Lambert
786a189f65 Merge branch 'feature/template-reorg' of https://github.com/security-onion-solutions/securityonion into feature/template-reorg 2022-02-15 17:06:02 +00:00
Wes Lambert
3df58eadd1 Modify logic to include custom templates 2022-02-15 17:00:24 +00:00
weslambert
1a53ec4372 Fix malformed copy/paste 2022-02-15 11:14:10 -05:00
Wes Lambert
dce3b7a874 Update defaults file to include ES index templates 2022-02-15 15:53:07 +00:00
Wes Lambert
8e389bf6e5 Add ES template map file 2022-02-14 15:38:32 +00:00
Wes Lambert
ebce67060f Initial template refactor 2022-02-14 15:20:33 +00:00
Wes Lambert
9b841fd872 Add 'event.created' and 'event.ingested' keyword mapping 2022-02-08 21:34:32 +00:00
Wes Lambert
c2c4e4df17 Add Snyk component template 2022-02-08 15:23:43 +00:00
Wes Lambert
f9a50d33c3 Add new templates 2022-02-08 13:17:23 +00:00
Wes Lambert
2951e12c96 Remove snyk component template for now and fix folder structure 2022-02-08 13:16:59 +00:00
Wes Lambert
6d0ca6fcbb Fix mangled key name/typo 2022-02-08 12:59:07 +00:00
Wes Lambert
5090854d4d Add additional component templates and index template references 2022-02-08 03:03:55 +00:00
Wes Lambert
1366e5288e Add mappings references for new component templates to index templates 2022-02-07 19:54:23 +00:00
Wes Lambert
03bfb052ed Add component templates for Elasticsearch, Kibana, Logstash, Netflow, Suricata, and Zeek 2022-02-07 19:42:24 +00:00