CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-09 18:52:52 +01:00
Code Issues Packages Projects Releases Wiki Activity
14,989 Commits 26 Branches 119 Tags
91f8b1fef7d0bfc8059abd29e3a77103cb08076c
Commit Graph

14989 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Doug Burks
7b905f5a94 FEATURE: Add Events table columns for tunnel logs #12937 2024-05-06 08:22:08 -04:00
Josh Brower
6d5ff59657 Merge pull request #12929 from Security-Onion-Solutions/2.4/verifyexclude 
Exclude new sigma rules
 2024-05-03 15:38:25 -04:00
DefensiveDepth
7f12d4c815 Exclude new sigma rules 2024-05-03 15:22:53 -04:00
Josh Patterson
b50789a77c Merge pull request #12928 from Security-Onion-Solutions/orchit 
Orchit
 2024-05-03 15:17:34 -04:00
m0duspwnens
bdf1b45a07 redirect and throw in bg 2024-05-03 14:54:44 -04:00
m0duspwnens
3d4fd59a15 orchit 2024-05-03 13:48:51 -04:00
Doug Burks
91c9f26a0c Merge pull request #12926 from Security-Onion-Solutions/dougburks-patch-1 
FEATURE: Add hyperlink to airgap screen in setup #12925
 2024-05-03 13:02:30 -04:00
Doug Burks
6cbbb81cad FEATURE: Add hyperlink to airgap screen in setup #12925 2024-05-03 12:59:41 -04:00
m0duspwnens
442a717d75 orchit 2024-05-03 12:08:57 -04:00
m0duspwnens
fa3522a233 fix requirement 2024-05-03 11:10:21 -04:00
m0duspwnens
bbc374b56e add logic in orch 2024-05-03 09:56:52 -04:00
Doug Burks
9ae6fc5666 Merge pull request #12922 from Security-Onion-Solutions/dougburks-patch-1 
FIX: Update so-whiptail to make installation screen more consistent #12921
 2024-05-03 09:43:59 -04:00
Doug Burks
5fe8c6a95f Update so-whiptail to make installation screen more consistent 2024-05-03 09:38:34 -04:00
m0duspwnens
2929877042 fix var 2024-05-02 16:37:54 -04:00
m0duspwnens
8035740d2b Merge remote-tracking branch 'origin/2.4/dev' into orchit 2024-05-02 16:34:24 -04:00
Josh Patterson
4f8aaba6c6 Merge pull request #12918 from Security-Onion-Solutions/pw 
run so-rule-update if ruleset or code changes for idstools
 2024-05-02 16:33:24 -04:00
m0duspwnens
e9b1263249 orchestate searchnode deployment 2024-05-02 16:32:43 -04:00
Josh Patterson
3b2d3573d8 Update pillarWatch.py 2024-05-02 16:06:04 -04:00
reyesj2
e960ae66a3 Merge remote-tracking branch 'remotes/origin/2.4/dev' into reyesj2/kafka 2024-05-02 15:12:27 -04:00
reyesj2
093cbc5ebc Reconfigure Kafka defaults 
- Set default number of partitions per topic -> 3. Helps ensure that out of the box we can take advantage of multi-node Kafka clusters via load balancing across atleast 3 brokers. Also multiple searchnodes will be able to pull from each topic. In this case 3 searchnodes (consumers) would be able to pull from all topics concurrently.
- Set default replication factor -> 2. This is the minimum value required for redundancy. Every partition will have 1 replica. In this case if we have 2 brokers each topic will have 3 partitions (load balanced across brokers) and each partition will have a replica on separate broker for redundancy

Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-02 15:10:13 -04:00
reyesj2
f663ef8c16 Setup Kafka to use PKCS12 and remove need for converting to JKS 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-02 14:53:28 -04:00
reyesj2
de9f6425f9 Automatically switch between Kafka output policy and logstash output policy when globals.pipeline changes 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-02 12:13:46 -04:00
m0duspwnens
33d1170a91 add default pillar value for pillarWatch 2024-05-02 11:58:39 -04:00
Doug Burks
240ffc0862 Merge pull request #12915 from Security-Onion-Solutions/dougburks-patch-1 
FIX: Improve File dashboard #12914
 2024-05-02 10:44:58 -04:00
Doug Burks
0822a46e94 FIX: Improve File dashboard #12914 2024-05-02 10:42:34 -04:00
Doug Burks
1be3e6204d FIX: Improve File dashboard #12914 2024-05-02 10:38:56 -04:00
weslambert
956ae7a7ae Merge pull request #12909 from Security-Onion-Solutions/fix/detection_mappings 
Update mappings for detection fields
 2024-05-01 16:15:40 -04:00
Wes
3285ae9366 Update mappings for detection fields 2024-05-01 20:11:56 +00:00
reyesj2
47ced60243 Create new Kafka output policy using salt 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-01 14:49:51 -04:00
Josh Patterson
72b2503b49 Merge pull request #12906 from Security-Onion-Solutions/det_easr 
Apply autoEnabledSigmaRules based on role if defined and default if not
 2024-05-01 13:05:36 -04:00
reyesj2
58ebbfba20 Add kafka state to standalone highstate 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-01 13:03:14 -04:00
reyesj2
e164d15ec6 Generate different Kafka certs for different SO nodetypes 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-01 13:02:47 -04:00
reyesj2
3efdb4e532 Reconfigure logstash Kafka input 
- TODO: Configure what topics are pulled to searchnodes via the SOC UI

Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-01 13:01:29 -04:00
Mike Reeves
854799fabb Merge pull request #12902 from Security-Onion-Solutions/TOoSmOotH-patch-2 
Update config.sls
 2024-05-01 12:56:04 -04:00
m0duspwnens
47ba4c0f57 add new annotation for soc autoEnabledSigmaRules 2024-05-01 12:55:29 -04:00
Mike Reeves
10c8e4203c Update config.sls 2024-05-01 12:54:21 -04:00
Jason Ertel
05c69925c9 Merge pull request #12904 from Security-Onion-Solutions/jertel/wf 
mark detections settings as read-only via the UI
 2024-05-01 09:54:03 -07:00
Jason Ertel
252d9a5320 make rule settings advanced 2024-05-01 12:51:04 -04:00
m0duspwnens
7122709bbf set Sigma rules based on role if defined and default if not 2024-05-01 12:25:34 -04:00
Mike Reeves
f7223f132a Update config.sls 2024-05-01 12:00:39 -04:00
Mike Reeves
8cd75902f2 Update config.sls 2024-05-01 11:47:51 -04:00
Jason Ertel
c71af9127b mark detections settings as read-only via the UI 2024-05-01 11:47:38 -04:00
weslambert
e6f45161c1 Merge pull request #12900 from Security-Onion-Solutions/fix/cold_min_age 
Cold min_age to 60d
 2024-05-01 11:24:48 -04:00
weslambert
fe2edeb2fb 30d to 60d 2024-05-01 11:01:59 -04:00
weslambert
6294f751ee Cold min_age to 60d 2024-05-01 10:59:41 -04:00
reyesj2
de0af58cf8 Write out Kafka pillar path 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-01 10:45:46 -04:00
reyesj2
84abfa6881 Remove check for existing value since Kafka pillar is made empty on upgrade 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-01 10:45:05 -04:00
reyesj2
6b60e85a33 Make kafka configuration changes prior to 2.4.70 upgrade 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-01 10:15:26 -04:00
reyesj2
63f3e23e2b soup typo 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-01 09:54:19 -04:00
Jason Ertel
ad1cda1746 Merge pull request #12893 from Security-Onion-Solutions/jertel/wf 
update annotations for duplication
 2024-05-01 06:32:13 -07:00