CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-09 10:42:54 +01:00
Code Issues Packages Projects Releases Wiki Activity
14,989 Commits 25 Branches 119 Tags
91f8b1fef7d0bfc8059abd29e3a77103cb08076c
Commit Graph

14989 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jason Ertel
66563a4da0 zeek networks will only ever have one HOME_NETWORKS setting 2024-05-01 09:31:11 -04:00
Jason Ertel
d0e140cf7b zeek networks will only ever have one HOME_NETWORKS setting 2024-05-01 09:30:52 -04:00
Jason Ertel
87c6d0a820 zeek networks will only ever have one HOME_NETWORKS setting 2024-05-01 09:29:36 -04:00
reyesj2
eb1249618b Update soup for Kafka 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-01 09:27:01 -04:00
reyesj2
cef9bb1487 Dynamically create Kafka topics based on event.module from elastic agent logs eg. zeek-topic. Depends on Kafka brokers having auto.create.topics.enable set to true 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-01 09:16:13 -04:00
Doug Burks
9a25d3c30f Merge pull request #12897 from Security-Onion-Solutions/dougburks-patch-1 
FEATURE: Lower EVAL memory requirement to 8GB RAM #12896
 2024-05-01 08:01:20 -04:00
Doug Burks
9a4a85e3ae FEATURE: Lower EVAL memory requirement to 8GB RAM #12896 2024-05-01 07:54:38 -04:00
reyesj2
bb49944b96 Setup elastic fleet rollover from logstash -> kafka output policy 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-30 16:47:40 -04:00
Jason Ertel
72db369fbb Merge branch '2.4/dev' into jertel/wf 2024-04-30 15:16:41 -04:00
Jason Ertel
84db82852c annotation updates for custom settings 2024-04-30 15:14:56 -04:00
reyesj2
fcc4050f86 Add id to grid-kafka fleet output policy 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-30 12:59:53 -04:00
reyesj2
9c83a52c6d Add Kafka output to elastic-fleet setup. Includes separating topics by event.module with fallback to default-logs if no event.module is specified or doesn't match processors 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-30 12:01:31 -04:00
coreyogburn
ea4750d8ad Merge pull request #12882 from Security-Onion-Solutions/cogburn/community-repos 
Mark Repos as Community
 2024-04-30 09:12:25 -06:00
Doug Burks
e9944796c8 Merge pull request #12886 from Security-Onion-Solutions/dougburks-patch-1 
FIX: Elasticsearch min_age regex #12885
 2024-04-30 10:26:04 -04:00
Doug Burks
4d6124f982 FIX: Elasticsearch min_age regex #12885 2024-04-30 10:18:34 -04:00
Jorge Reyes
dd168e1cca Merge pull request #12881 from Security-Onion-Solutions/2.4/finalpipefix 
Update expected timestamp format in final pipeline for system events
 2024-04-30 09:39:18 -04:00
Corey Ogburn
ddf662bdb4 Mark Repos as Community 
Indicate that detection rules pulled from configured repos should be marked as Community rules.
 2024-04-29 16:22:30 -06:00
reyesj2
fadb6e2aa9 Re-add original timestamp format + ignore failures with this processor 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-29 16:57:48 -04:00
reyesj2
192d91565d Update final pipeline timestamp format for event.module system events 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-29 16:34:29 -04:00
Josh Patterson
82ef4c96c3 Merge pull request #12880 from Security-Onion-Solutions/issue/12878 
set Suricata as default pcap engine for eval
 2024-04-29 15:54:25 -04:00
reyesj2
a6e8b25969 Add Kafka connectivity between manager - > receiver nodes. 
Add connectivity to Kafka between other node types that may need to publish to Kafka.

Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-29 15:48:57 -04:00
reyesj2
529bc01d69 Add missing configuration for nodes running Kafka broker role only 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-29 14:53:52 -04:00
m0duspwnens
a663bf63c6 set Suricata as default pcap engine for eval 2024-04-29 14:22:04 -04:00
reyesj2
11055b1d32 Rename kafkapass -> kafka_pass 
Run so-kafka-clusterid within nodes.sls state so switchover is consistent

Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-29 14:09:09 -04:00
reyesj2
fd9a91420d Use SOC UI to configure list of KRaft (Kafka) controllers for cluster 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-29 11:37:24 -04:00
reyesj2
529c8d7cf2 Remove salt reactor for Kafka 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-29 11:35:46 -04:00
Josh Brower
13ccb58f84 Merge pull request #12876 from Security-Onion-Solutions/2.4/sigmafix 
Sigma pivot fix and cleanup
 2024-04-29 09:12:09 -04:00
reyesj2
086ebe1a7c Split kafka defaults between broker / controller 
Setup config.map.jinja to update broker / controller / combined node types

Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-29 09:08:14 -04:00
reyesj2
29c964cca1 Set kafka.nodes state to run first to populate kafka.nodes pillar 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-29 09:04:52 -04:00
DefensiveDepth
f2c3c928fc Sigma pivot fix and cleanup 2024-04-29 08:49:05 -04:00
Jason Ertel
3cbc29e767 Merge pull request #12875 from Security-Onion-Solutions/jertel/wf 
restrict workflows to so
 2024-04-29 05:16:07 -07:00
Jason Ertel
89cb8b79fd restrict workflows to so 2024-04-29 08:07:19 -04:00
Mike Reeves
b5c5c7857b Merge pull request #12846 from petiepooo/fix/check-srvc-status 
check status before stopping service
 2024-04-25 15:10:42 -04:00
Josh Patterson
ed05d51969 Merge pull request #12865 from Security-Onion-Solutions/issue/12637 
only apply ulimits to suricata container if user enable mmap-locked
 2024-04-25 10:08:05 -04:00
m0duspwnens
2c7eb3c755 only apply ulimits to suricata container if user enable mmap-locked 2024-04-25 10:05:59 -04:00
weslambert
cc17de2184 Merge pull request #12864 from Security-Onion-Solutions/fix/exclude_suricata 
Exclude suricata from disk space-based index deletion
 2024-04-25 09:23:38 -04:00
weslambert
b424426298 Exclude suricata 2024-04-25 09:14:18 -04:00
Josh Patterson
03f9160fcc Merge pull request #12860 from Security-Onion-Solutions/issue/12856 
allow for enabled/disable of so-elasticsearch-indices-delete cronjob
 2024-04-25 09:07:44 -04:00
m0duspwnens
d50de804a8 update annotation 2024-04-25 09:04:34 -04:00
weslambert
983ef362e9 Merge pull request #12858 from Security-Onion-Solutions/fix/index_sorting 
Change index sorting to account for older so-prefixed indices
 2024-04-25 08:54:22 -04:00
Josh Brower
d88c1a5e0a Merge pull request #12861 from Security-Onion-Solutions/2.4/detectionlogs 
Add runtime status logs
 2024-04-24 20:07:32 -04:00
weslambert
44afa55274 Fix comments about deletion 2024-04-24 17:41:37 -04:00
weslambert
ab832e4bb2 Include logstash-prefixed indices 2024-04-24 17:17:53 -04:00
DefensiveDepth
3c3ed8b5c5 Add runtime status logs 2024-04-24 16:33:47 -04:00
m0duspwnens
c9d9979f22 allow for enabled/disable of so-elasticsearch-indices-delete cronjob 2024-04-24 16:18:45 -04:00
Josh Patterson
383420b554 Merge pull request #12859 from Security-Onion-Solutions/issue/12637 
Issue/12637
 2024-04-24 15:44:37 -04:00
m0duspwnens
73b5bb1a75 add memlock to so-suricata container 2024-04-24 15:35:17 -04:00
weslambert
59a02635ed Change index sorting 2024-04-24 15:18:49 -04:00
m0duspwnens
13a6520a8c mmap-locked default no 2024-04-24 13:50:12 -04:00
m0duspwnens
4b7f826a2a quote is so true becomes yes 2024-04-24 13:29:55 -04:00