1b89cc6818
so-elasticsearch-index-growth script
2025-06-02 15:41:03 -05:00
6e1e617124
Merge remote-tracking branch 'origin/2.4/dev' into vlb2
2025-06-02 14:06:00 -04:00
7f8bf850a2
Merge pull request #14697 from Security-Onion-Solutions/2.4/playbook-updates
...
Use Stable branch
2025-06-02 13:13:43 -04:00
0277891392
Use Stable branch
2025-06-02 13:10:13 -04:00
08d99a3890
remove unneeded files
2025-05-30 12:50:59 -04:00
773606d876
Merge pull request #14691 from Security-Onion-Solutions/dougburks-patch-1
...
add echo to end of so-elasticsearch-ilm-start and so-elasticsearch-ilm-stop
2025-05-30 12:03:32 -04:00
bf38055a6c
add echo to end of so-elasticsearch-ilm-stop
2025-05-30 11:41:50 -04:00
90b8d6b2f7
add echo to end of so-elasticsearch-ilm-start
2025-05-30 11:41:11 -04:00
2d78fa1a41
Merge pull request #14689 from Security-Onion-Solutions/dougburks-patch-1
...
FIX: so-elasticsearch-ilm-start needs shebang #14688
2025-05-30 09:58:18 -04:00
45d541d4f2
FIX: so-elasticsearch-ilm-start needs shebang #14688
2025-05-30 09:55:53 -04:00
b3c48674c5
Merge remote-tracking branch 'origin/2.4/dev' into vlb2
2025-05-30 09:52:14 -04:00
8d42739030
Merge pull request #14687 from Security-Onion-Solutions/dougburks-patch-1
...
FIX: so-suricata-testrule should disable pcap logging #14685
2025-05-30 09:26:37 -04:00
27358137f2
FIX: so-suricata-testrule should disable pcap logging #14685
2025-05-30 09:24:41 -04:00
a54b9ddbe4
Merge pull request #14683 from Security-Onion-Solutions/dougburks-patch-1
...
FIX: Improve annotation for Elasticsearch index deletion #14682
2025-05-29 15:26:35 -04:00
58936b31d5
FIX: Improve annotation for Elasticsearch index deletion #14682
2025-05-29 15:19:21 -04:00
fcdacc3b0d
fix system integration time overwrite and delete unused ingest pipeline
2025-05-29 12:21:28 -05:00
40531dd919
add LSHOSTNAME option to so-minion. use -L in sominion_setup reactor
2025-05-29 12:22:52 -04:00
05dfce62fb
corrections to allowed_states
2025-05-28 13:34:17 -04:00
9df9cc2247
Merge pull request #14668 from Security-Onion-Solutions/reyesj2-patch-1
...
use zeek network.community_id when available
2025-05-28 12:15:18 -05:00
d3ee5ed7b8
use zeek network.community_id when available
2025-05-28 09:20:41 -05:00
502e1e1f1b
Merge remote-tracking branch 'origin/2.4/dev' into vlb2
2025-05-23 15:55:21 -04:00
e5b12ecdb9
need to allow for pw removal
2025-05-23 12:44:42 -04:00
be5e41227f
rename step
2025-05-23 11:41:45 -04:00
08f208cd38
ensure bootstrap-salt is updated for salt-cloud installs
2025-05-22 15:37:34 -04:00
db08ac9022
Merge pull request #14651 from Security-Onion-Solutions/jertel/mhf
...
Backport Hotfix to dev
2025-05-22 13:44:36 -04:00
ad5a27f991
clear out hf
2025-05-22 13:39:59 -04:00
07ec302267
Merge pull request #14650 from Security-Onion-Solutions/hotfix/2.4.150
...
Hotfix 2.4.150
2025-05-22 13:35:33 -04:00
112704e340
Merge pull request #14649 from Security-Onion-Solutions/hf24150
...
2.4.150 Hotfix
2025-05-22 13:25:50 -04:00
e6753440f8
2.4.150 Hotfix
2025-05-22 13:18:13 -04:00
18d899a7f9
add so-docker-prune from hotfix/2.4.150
2025-05-22 09:29:51 -04:00
b2650da057
Merge remote-tracking branch 'origin/2.4/dev' into vlb2
2025-05-22 09:10:20 -04:00
31df0b5d7d
create vm pillar files
2025-05-22 09:10:09 -04:00
a430a47a30
fix allowed_states check
2025-05-21 14:45:34 -04:00
00f811ce31
Merge pull request #14646 from Security-Onion-Solutions/hotfix4150
...
Update HOTFIX
2025-05-21 14:38:00 -04:00
ddd023c69a
Update so-docker-prune
2025-05-21 13:47:45 -04:00
2911025c0c
Update HOTFIX
2025-05-21 13:45:32 -04:00
2e8ab648fd
Merge pull request #14643 from Security-Onion-Solutions/2.4/parsingfix
...
Tighten parsing
2025-05-21 12:08:10 -04:00
b753d40861
Tighten parsing
2025-05-20 17:06:11 -04:00
a32aac7111
apply salt.cloud.config when hypervisor joins
2025-05-20 13:38:24 -04:00
2fff6232c1
Merge pull request #14638 from Security-Onion-Solutions/2.4/playbooks-parsing
...
Add parsing for Playbook
2025-05-19 18:06:05 -04:00
f751c82e1c
Merge pull request #14639 from Security-Onion-Solutions/cogburn/ruleset-name
...
Add RulesetName to Rule Repos
2025-05-19 15:40:02 -06:00
39f74fe547
Use the new JSON object editor for RulesRepos config entries
2025-05-19 15:38:45 -06:00
11fb33fdeb
Add RulesetName to Rule Repos
...
Fill in `rulesetName` in the rules repos of the ElastAlert and Strelka engines. These will act as an example to anybody adding their repos to these lists. The field is not required, but helps avoid collisions when managing repos as the value is used for the folder name. When not present, the final folder of the repo url is used as the rulesetName and as the folder name on disk.
Note that rulesetNames including a `/` will create extra folders in the path but the rulesetName will contain the slash, i.e. `rulesetName="joesecurity/sigma-rules"` will create the nested structure of `reposFolder/joesecurity/sigma-rules" containing the contents of the repo. All rules imported from this repo will have the ruleset of `joesecurity/sigma-rules`.
2025-05-19 14:19:56 -06:00
58f4db95ea
Create playbooks dir
2025-05-19 15:31:50 -04:00
b55cb257b6
Add parsing for Playbook
2025-05-19 13:25:27 -04:00
b0a8191f59
Merge remote-tracking branch 'origin/2.4/dev' into vlb2
2025-05-19 10:02:26 -04:00
28aedcf50b
remove vm map example
2025-05-19 09:58:43 -04:00
6988f03ebc
setup bridge and fix salt before first highstate for hypervisors
2025-05-16 14:24:07 -04:00
2948577b0e
Merge pull request #14629 from Security-Onion-Solutions/reyesj2-wt2
...
logstash isn't running on receivers or manager when kafka is the glob…
2025-05-16 10:27:18 -05:00
870a9ff80c
dedup
2025-05-16 10:24:09 -05:00
reyesj2
Josh Patterson
Josh Brower
Doug Burks
Jason Ertel
Jason Ertel
Mike Reeves
Mike Reeves
coreyogburn
Corey Ogburn