CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,361 Commits 24 Branches 119 Tags
90638f7a434f6a23d99bc544109d6c1b57746bf4
Commit Graph

1343 Commits

Author SHA1 Message Date
reyesj2
90638f7a43 Merge branch 'reyesj2/advea' into reyesj2/advilm 2025-11-21 14:25:28 -06:00
reyesj2
b52dd53e29 advanced ilm actions 2025-11-19 13:24:55 -06:00
reyesj2
de4424fab0 remove typos 2025-11-14 19:15:51 -06:00
reyesj2
bcec999be4 zeek.dns reduce errors 2025-11-14 15:47:29 -06:00
reyesj2
7c73b4713f update analyzer pipeline 2025-11-14 15:47:29 -06:00
reyesj2
fcfd74ec1e zeek.analyzer format json 2025-11-14 15:47:29 -06:00
reyesj2
68b0cd7549 rename zeek.dpd zeek.analyzer 2025-11-14 15:47:29 -06:00
reyesj2
715d801ce8 format json zeek.dns 2025-11-14 15:47:19 -06:00
Jorge Reyes
a5d8385f07 Merge pull request #15230 from Security-Onion-Solutions/reyesj2/pipeline-upd 
suricata pipeline updates
 2025-11-14 10:43:33 -06:00
reyesj2
211bf7e77b ignore errors on tld script 2025-11-14 09:25:19 -06:00
reyesj2
1542b74133 move dns tld fields to its own pipeline 2025-11-14 09:24:58 -06:00
reyesj2
da9717bc79 don't attempt rename if field doesn't exist -- reducing pipeline stat errors 2025-11-14 08:15:40 -06:00
reyesj2
431e0b0780 format suricata.alert json 2025-11-13 19:29:50 -06:00
reyesj2
e782266caa suricata 8 dns v3 2025-11-13 19:21:31 -06:00
reyesj2
7be70faab6 format json 2025-11-13 10:49:37 -06:00
Jorge Reyes
4a49f9d004 Merge branch '2.4/dev' into reyesj2/retention 2025-11-06 14:29:08 -06:00
reyesj2
1eb4b5379a show 30d scheduled deletions or 7d scheduled deletions depending on what historical data is available 2025-11-06 14:25:25 -06:00
reyesj2
35c7fc06d7 fix bug showing duplicate backing indices in recommendations 2025-11-06 14:24:58 -06:00
reyesj2
b69d453a68 typo 2025-11-06 14:24:29 -06:00
reyesj2
1aa871ec94 small fixes 2025-11-05 17:55:57 -06:00
Jorge Reyes
9359fbbad6 Merge pull request #15176 from Security-Onion-Solutions/reyesj2/ilmpolicyhelp 2025-10-29 16:49:07 -05:00
reyesj2
2fb41c8d65 elasticsearch retention estimate 2025-10-29 14:24:43 -05:00
Jorge Reyes
d2aa60b961 log4j2 settings 2025-10-17 07:40:44 -05:00
reyesj2
e910de0a06 update log4j2 policy for ES json output 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-10-16 16:19:55 -05:00
reyesj2
3e22043ea6 es logging retention 2025-10-14 15:08:51 -05:00
reyesj2
2baf2478da add additional elasticsearch log output in json format for elasticsearch log integration to parse 2025-10-14 12:47:03 -05:00
reyesj2
378d37d74e add event.module to elasticsearch server logs 2025-10-14 12:44:51 -05:00
reyesj2
8675193d1f elasticsearch upgrade 8.18.8 2025-10-06 12:56:31 -05:00
Jorge Reyes
4d24c57903 Merge pull request #15028 from Security-Onion-Solutions/reyesj2/ea-alerter 
agent monitor template & dataset name update
 2025-09-12 14:45:20 -05:00
reyesj2
0606c0a454 agent monitor template & dataset name update 2025-09-12 14:26:22 -05:00
Jorge Reyes
b35b0aaf2c Merge pull request #14941 from Security-Onion-Solutions/reyesj2/lgest 
zeek dns.resolved_ip
 2025-09-12 13:22:40 -05:00
Josh Brower
d89df5f0dd Merge pull request #15025 from Security-Onion-Solutions/2.4/fixes 
Parsing fix
 2025-09-12 13:44:03 -04:00
DefensiveDepth
f0c1922600 Support endpoint logs with no host.ip field 2025-09-12 13:31:34 -04:00
DefensiveDepth
ab2cdd18ed Support endpoint logs with no host.ip field 2025-09-12 13:29:43 -04:00
reyesj2
588a1b86d1 suricata metadata index rollover 1d -> 30d 2025-09-11 15:46:45 -05:00
Corey Ogburn
2535ae953d Fix Index Patterns 
so-assistant-chat and so-assistant-session both had templates with a trailing dash that prevented the pattern from applying to the name of the indices.
 2025-09-09 14:00:01 -06:00
reyesj2
855b489c4b datastream 2025-09-08 09:13:24 -06:00
Corey Ogburn
673f9cb544 Responding to Feedback 2025-09-08 09:13:24 -06:00
Corey Ogburn
73776f8d11 Cleaning up New ES Indexes 2025-09-08 09:13:23 -06:00
Corey Ogburn
cea4eaf081 Updated Assistant Mapping 2025-09-08 09:13:22 -06:00
Corey Ogburn
b1753f86f9 New Message Structure 2025-09-08 09:13:22 -06:00
Corey Ogburn
6323fbf46b Content Object 2025-09-08 09:13:21 -06:00
Corey Ogburn
ba601c39b3 Rough Go at New Mappings/Settings 2025-09-08 09:13:21 -06:00
reyesj2
dfec29d18e custom kquery 2025-09-04 15:37:28 -05:00
reyesj2
1a32a0897c Merge remote-tracking branch 'origin/2.4/dev' into reyesj2/ea-alerter 2025-09-02 17:11:21 -05:00
reyesj2
e26310d172 elastic agent offline alerter 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-09-02 17:00:03 -05:00
reyesj2
a5675a79fe es 8.18.6 pipeline upd 2025-08-28 19:45:17 -05:00
reyesj2
1ea7b3c09f es 8.18.6 2025-08-28 18:27:56 -05:00
reyesj2
d0ba6df2fc remove any "" from dns.resolved_ip 2025-08-19 13:44:24 -05:00
reyesj2
95bee91b12 zeek dns.resolved_ip 2025-08-19 11:20:59 -05:00