securityonion

mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 02:02:50 +01:00

Author	SHA1	Message	Date
William Wernert	96d32fda51	Add old api key to pillar during soup	2020-10-02 13:16:58 -04:00
William Wernert	20fd757847	Run playbook-ruleupdate after soctopus is running	2020-10-02 10:05:10 -04:00
William Wernert	39e14b3910	Merge branch 'dev' into feature/generate-playbook-api-key	2020-10-02 08:39:09 -04:00
Mike Reeves	c7fcdc8084	Merge pull request #1438 from Security-Onion-Solutions/socyaml Socyaml	2020-10-01 18:08:33 -04:00
Mike Reeves	4991ea8de3	Jason made me rename json	2020-10-01 18:07:06 -04:00
Mike Reeves	36ccece724	commas gone crazy	2020-10-01 18:02:06 -04:00
Mike Reeves	a0432e97b0	Python print ftl	2020-10-01 17:57:56 -04:00
Mike Reeves	490278a4c3	Add alert events filed	2020-10-01 17:49:17 -04:00
Mike Reeves	bd5efbabd9	Fix Mode	2020-10-01 17:43:43 -04:00
Mike Reeves	8fa426f265	Cleanup sync	2020-10-01 17:41:55 -04:00
Mike Reeves	9d9d3aac53	Switch to JSON from yaml	2020-10-01 17:37:57 -04:00
Mike Reeves	744a8bca73	More json for soc	2020-10-01 17:30:23 -04:00
Mike Reeves	8a41636e7f	More json for soc	2020-10-01 17:28:45 -04:00
Mike Reeves	dc79dca7fe	More json for soc	2020-10-01 17:25:51 -04:00
Mike Reeves	1c55f738ec	More json for soc	2020-10-01 17:23:29 -04:00
William Wernert	e98012ae2c	Fix jinja and change state orrder in setup	2020-10-01 17:16:26 -04:00
Mike Reeves	92fa33159e	More json for soc	2020-10-01 17:12:08 -04:00
Mike Reeves	5730c85988	More json for soc	2020-10-01 17:04:15 -04:00
Mike Reeves	63be0734c9	More json for soc	2020-10-01 17:00:25 -04:00
Mike Reeves	5653828154	More json for soc	2020-10-01 16:57:04 -04:00
weslambert	2d2f4de337	Merge pull request #1437 from Security-Onion-Solutions/fix/kib_scripted_thehive Update scripted field for TheHive case	2020-10-01 16:54:02 -04:00
Wes Lambert	8a81a5148b	Update scripted field for TheHive case	2020-10-01 20:52:57 +00:00
weslambert	98bef8fb9d	Merge pull request #1436 from Security-Onion-Solutions/fix/kibana_soc_thehive_case Add SOC url for api integration	2020-10-01 16:47:11 -04:00
Wes Lambert	eced18c3cc	Add SOC url for api integration	2020-10-01 20:29:28 +00:00
Jason Ertel	8e15ed56d6	'Escalated' filter toggle will auto-enable 'acknowledged' filter toggle	2020-10-01 16:23:47 -04:00
Mike Reeves	cc2f2de5b5	soc.json stuff	2020-10-01 15:23:07 -04:00
Mike Reeves	b423e8d22a	soc.json stuff	2020-10-01 15:20:13 -04:00
Mike Reeves	1a561f6b12	soc.json stuff	2020-10-01 15:18:34 -04:00
William Wernert	a5bf4bbb35	Fix test for key in global.sls	2020-10-01 14:47:18 -04:00
Doug Burks	e836f96c65	move rule.uuid after rule.name	2020-10-01 12:09:52 -04:00
Doug Burks	4851069a10	remove rule.gid from Alerts groupby since Wazuh and Playbook may not have that field	2020-10-01 11:51:40 -04:00
William Wernert	040730e8f5	Rename script for consistent naming	2020-10-01 11:22:11 -04:00
William Wernert	afb777fc8f	Add automation user creation to soup when resetting playbook db	2020-10-01 11:13:24 -04:00
Doug Burks	bc19cce4c2	Acknowledging an alert may acknowledge more alerts than intended #1426	2020-10-01 10:00:54 -04:00
Doug Burks	26781de244	Add Strelka query to Hunt #1433	2020-10-01 06:59:36 -04:00
William Wernert	2264b6e51c	Add comments to shell code explaining curl statements	2020-09-30 19:54:34 -04:00
William Wernert	03b97cce75	Fix comment in new state + remove useless sleep command	2020-09-30 19:49:13 -04:00
William Wernert	11ae904100	Quiet script output + fix pillar value	2020-09-30 19:46:18 -04:00
weslambert	6818de9e64	Merge pull request #1431 from Security-Onion-Solutions/fix/elastlert_rules Remove rule sync, since we don't have any rules to sync	2020-09-30 18:36:11 -04:00
weslambert	887937a75d	Remove rule sync, since we don't have any rules to sync	2020-09-30 18:35:35 -04:00
William Wernert	596f2d31e4	Automation -> automation	2020-09-30 17:04:24 -04:00
William Wernert	3ec255ecee	Remove old api token from sql	2020-09-30 17:03:35 -04:00
William Wernert	6361c790e9	Move automation user create to separate script to run after playbook state	2020-09-30 17:02:02 -04:00
William Wernert	8e80b41ca9	Remove Automation user from sql, gen user + store api key	2020-09-30 16:32:43 -04:00
Jason Ertel	1454201505	Disable thehivealerter	2020-09-30 15:26:29 -04:00
Jason Ertel	3af6e9e1fe	Remove mount point for SOCtopus generated playbook rules to avoid them activating and sending alerts to TheHive	2020-09-30 15:14:45 -04:00
Mike Reeves	8b5ff31351	Merge pull request #1430 from Security-Onion-Solutions/redis Add Redis pillar and fix idstools	2020-09-30 15:09:59 -04:00
Mike Reeves	7314e2dea8	Add Redis pillar and fix idstools	2020-09-30 15:08:44 -04:00
Jason Ertel	ff04bb507a	Remove default Elastalert rules to stop automated alerts from being sent to thehive	2020-09-30 15:06:54 -04:00
weslambert	5b16a65422	Merge pull request #1429 from Security-Onion-Solutions/fix/zeek_server_ip Fix issue with null Zeek server IP	2020-09-30 13:54:50 -04:00

1 2 3 4 5 ...

4803 Commits