CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 10:12:53 +01:00
Code Issues Packages Projects Releases Wiki Activity
4,835 Commits 24 Branches 119 Tags
94f15c63cebaf57e33e55f7ad4e10e414ad465d7
Commit Graph

4835 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
William Wernert
94f15c63ce [fix] Correct indent in common init.sls 2020-10-06 13:21:37 -04:00
William Wernert
5dfd11a018 [feat] Add wazuh archive cleanup + fix indentation 2020-10-05 13:58:49 -04:00
William Wernert
e6cb75ce7e [feat] Add common logrotate cron+config 2020-10-05 13:57:36 -04:00
Josh Patterson
f7daa391c7 Merge pull request #1453 from Security-Onion-Solutions/issue/1441 
enable suricata threshold-file and point to proper file
 2020-10-05 12:56:39 -04:00
Doug Burks
a45aa43f41 Add trailing comma to "thehive" stanza 2020-10-05 12:35:33 -04:00
m0duspwnens
63884b73e1 enable suricata threshold-file and point to proper file - https://github.com/Security-Onion-Solutions/securityonion/issues/1441 2020-10-05 12:10:52 -04:00
weslambert
9f4cb42c4f Merge pull request #1452 from Security-Onion-Solutions/fix/kibana_case_create 
Change alert to case
 2020-10-05 11:46:14 -04:00
Wes Lambert
575da0f9d3 Change alert to case 2020-10-05 15:45:10 +00:00
weslambert
f4fcc052ca Merge pull request #1451 from Security-Onion-Solutions/fix/wazuh_rule_cat 
Put back rule.category for Wazuh alerts
 2020-10-05 11:35:20 -04:00
weslambert
bc31e19e37 Put back rule.category for Wazuh alerts 2020-10-05 11:34:29 -04:00
weslambert
6e2319f6da Merge pull request #1449 from Security-Onion-Solutions/fix/wazuh_logging 
Adjust Wazuh logging so we don't log alerts to a separate file and so…
 2020-10-05 10:04:01 -04:00
weslambert
968dce0aee Adjust Wazuh logging so we don't log alerts to a separate file and so we don't write a separate log file for non-JSON for archives 2020-10-05 10:03:40 -04:00
Jason Ertel
1ebe970876 Disable escalate button if thehive is not enabled 2020-10-05 09:54:18 -04:00
weslambert
6b292ea62b Merge pull request #1448 from Security-Onion-Solutions/fix/so_elastic_clear 
Fix/so elastic clear
 2020-10-05 09:40:04 -04:00
Wes Lambert
da8957b4f4 Use Elasticsearch pillar vs manager IP for so-elastic-clear 2020-10-05 13:37:06 +00:00
Wes Lambert
1970d95d5f Make Filebeat registry persistent to avoid re-reading old data 2020-10-05 13:30:04 +00:00
Doug Burks
e7cba6ba1d Change SOC Alerts eventFetchLimit from 5000 to 500 #1447 2020-10-05 09:29:01 -04:00
Doug Burks
948e0c4c61 Add rule.name to Hunt Wazuh Alerts query #1442 2020-10-05 09:26:13 -04:00
Jason Ertel
cf5b1245ea Add configurable flags to enable/disable dismiss and escalate buttons 2020-10-05 09:16:17 -04:00
weslambert
771d091d6e Merge pull request #1446 from Security-Onion-Solutions/feature/wazuh_severity 
Add event.severity and event.severity_label config for Wazuh alerts
 2020-10-05 08:52:20 -04:00
Wes Lambert
77d31cb289 Add event.severity and event.severity_label config for Wazuh alerts 2020-10-05 12:50:29 +00:00
weslambert
203e84d2cf Update comma verbiage for HOME_NET in whiptail menu 2020-10-05 08:08:22 -04:00
Josh Brower
7b05cf4266 Merge pull request #1443 from Security-Onion-Solutions/feature/training-req 
Feature/training req
 2020-10-04 21:37:03 -04:00
Josh Brower
8a78485906 Config Playbook SOC Alerts 2020-10-04 21:35:42 -04:00
Josh Brower
c80b6ce104 Add so-allow-view and playbook event.sev.label 2020-10-04 20:39:21 -04:00
William Wernert
8310559273 Merge pull request #1440 from Security-Onion-Solutions/feature/generate-playbook-api-key 
Feature/generate playbook api key
 2020-10-02 14:37:58 -04:00
William Wernert
2a100c0dcc Add OLD_ prefix + only update rules if playbook enabled 2020-10-02 14:34:30 -04:00
William Wernert
d0c267ca90 Fix sed command to not delete lines after match 2020-10-02 14:31:16 -04:00
William Wernert
54da2b869c Add OLD_ db init files for soup compatibility 2020-10-02 14:12:23 -04:00
William Wernert
ab662e9b81 Merge branch 'dev' into feature/generate-playbook-api-key 
# Conflicts:
#	salt/common/tools/sbin/soup
 2020-10-02 13:48:52 -04:00
William Wernert
db12b6f3c6 Remove salt call to automation_user_create 2020-10-02 13:17:57 -04:00
William Wernert
96d32fda51 Add old api key to pillar during soup 2020-10-02 13:16:58 -04:00
Mike Reeves
15f0c98281 Fix Formatting 2020-10-02 13:06:03 -04:00
William Wernert
20fd757847 Run playbook-ruleupdate after soctopus is running 2020-10-02 10:05:10 -04:00
William Wernert
39e14b3910 Merge branch 'dev' into feature/generate-playbook-api-key 2020-10-02 08:39:09 -04:00
Mike Reeves
c7fcdc8084 Merge pull request #1438 from Security-Onion-Solutions/socyaml 
Socyaml
 2020-10-01 18:08:33 -04:00
Mike Reeves
4991ea8de3 Jason made me rename json 2020-10-01 18:07:06 -04:00
Mike Reeves
36ccece724 commas gone crazy 2020-10-01 18:02:06 -04:00
Mike Reeves
a0432e97b0 Python print ftl 2020-10-01 17:57:56 -04:00
Mike Reeves
490278a4c3 Add alert events filed 2020-10-01 17:49:17 -04:00
Mike Reeves
bd5efbabd9 Fix Mode 2020-10-01 17:43:43 -04:00
Mike Reeves
8fa426f265 Cleanup sync 2020-10-01 17:41:55 -04:00
Mike Reeves
9d9d3aac53 Switch to JSON from yaml 2020-10-01 17:37:57 -04:00
Mike Reeves
744a8bca73 More json for soc 2020-10-01 17:30:23 -04:00
Mike Reeves
8a41636e7f More json for soc 2020-10-01 17:28:45 -04:00
Mike Reeves
dc79dca7fe More json for soc 2020-10-01 17:25:51 -04:00
Mike Reeves
1c55f738ec More json for soc 2020-10-01 17:23:29 -04:00
William Wernert
e98012ae2c Fix jinja and change state orrder in setup 2020-10-01 17:16:26 -04:00
Mike Reeves
92fa33159e More json for soc 2020-10-01 17:12:08 -04:00
Mike Reeves
5730c85988 More json for soc 2020-10-01 17:04:15 -04:00