CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
11,209 Commits 24 Branches 119 Tags
98bea0322e11446ef12b597e0d2bbf6104b86d5f
Commit Graph

11209 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
weslambert
98bea0322e Merge pull request #9688 from Security-Onion-Solutions/fix/elastic_agent_elasticsearch_output_typo_fix 
Fix Elastic Agent Elasticsearch output typo
 2023-01-31 12:57:38 -05:00
weslambert
74eed31eec Change Elasticsearch output name from 'so-manager_elasticsearch2' to 'so-manager_elasticsearch' 2023-01-31 12:55:03 -05:00
Doug Burks
acffc5ee07 Merge pull request #9682 from Security-Onion-Solutions/fix/suricata-dhcp-parsing-2.4 
2.4: Improve Suricata DHCP parsing and dashboard
 2023-01-31 10:18:41 -05:00
Doug Burks
a44d83d69b Improve Suricata DHCP parsing and dashboard 2023-01-31 08:33:38 -05:00
weslambert
bde828cd4f Merge pull request #9676 from Security-Onion-Solutions/fix/so-import-evtx_updates 
Updates to so-import-evtx
 2023-01-31 08:17:02 -05:00
weslambert
0436f885b8 Set values for '@timestamp' and 'event.ingested' 2023-01-31 08:04:49 -05:00
Wes
5472f53c9f Remove bind mount and reference the correctly named entrypoint script 2023-01-30 21:24:30 +00:00
Wes
0156784687 Add EVTX integration policy for 'so-import-evtx' 2023-01-30 21:22:37 +00:00
Wes
cc100e50cd Update so-import-evtx to convert EVTX to a JSON file instead of streaming to Elasticsearch 2023-01-30 21:09:58 +00:00
weslambert
b1eb16d3a2 Merge pull request #9670 from Security-Onion-Solutions/fix/elastic_agent_integration_policies_zeek_exclude_files 
Remove 'prospector.scanner' prefix from 'exclude_files' configuration
 2023-01-27 16:53:02 -05:00
weslambert
8240e5b20d Remove 'prospector.scanner' prefix from 'exclude_files' configuration 2023-01-27 16:46:43 -05:00
Doug Burks
a13baf7bb8 Merge pull request #9669 from Security-Onion-Solutions/dougburks-patch-1 
Fix typos in so-elastic-fleet-integration-policy-load
 2023-01-27 15:52:47 -05:00
Doug Burks
b160d0add5 Fix typos in so-elastic-fleet-integration-policy-load 2023-01-27 15:45:58 -05:00
Doug Burks
209f732176 Merge pull request #9668 from Security-Onion-Solutions/fix/elastic_agent_integration_policies_zeek 
Fix syntax for Zeek Elastic Agent integration policies
 2023-01-27 15:30:50 -05:00
weslambert
68fac4488e Fix syntax for Zeek integration policies 2023-01-27 15:27:15 -05:00
weslambert
fa9e62a816 Merge pull request #9665 from Security-Onion-Solutions/fix/elastic_agent_integration_policy_import_suricata_event.category 
Change event.category from 'file' to 'network' in Import Suricata integration policy
 2023-01-27 12:03:34 -05:00
weslambert
e47f64bd04 Change event.category from 'file' to 'network' 2023-01-27 12:00:30 -05:00
weslambert
6d2f379ba5 Merge pull request #9664 from Security-Onion-Solutions/fix/elastic_agent_integration_policies_zeek_exclude_files 
Update Zeek file exclusions and add a minor output formatting change
 2023-01-27 11:58:19 -05:00
weslambert
f49627cec1 Update Zeek file exclusions and add a minor output formatting change 2023-01-27 11:47:14 -05:00
weslambert
5ab3d1e8f1 Merge pull request #9663 from Security-Onion-Solutions/fix/elastic_agent_integration_policy_zeek_import_ics_tag 
Change 'pipeline' to 'import.file' so that ICS tag conditional is applied to the correct field
 2023-01-27 11:34:28 -05:00
weslambert
6b251a2596 Change 'pipeline' to 'import.file' so that ICS tag conditional is applied to the correct field 2023-01-27 11:30:06 -05:00
weslambert
5468aa82b0 Merge pull request #9662 from Security-Onion-Solutions/fix/elasticsearch_ingest_pipeline_event.dataset_rename 
Change event.dataset value for zeek.files and zeek.tunnels ingest pipelines
 2023-01-27 11:19:45 -05:00
weslambert
2772b03dca Change event.dataset value from 'tunnels' to 'tunnel' 2023-01-27 11:03:49 -05:00
weslambert
716ec7f936 Change event.dataset value from 'files' to 'file' 2023-01-27 11:02:44 -05:00
Doug Burks
83aad48e3a Merge pull request #9657 from Security-Onion-Solutions/2.4/elastic-8.6.1 
UPGRADE: Elastic 8.6.1 #9594 (2.4)
 2023-01-26 16:24:42 -05:00
Doug Burks
86ca51ff99 Update to Elastic 8.6.1 2023-01-26 16:18:06 -05:00
Doug Burks
a27fc5c768 Update to Elastic 8.6.1 2023-01-26 16:17:36 -05:00
weslambert
27b1f1bd07 Merge pull request #9654 from Security-Onion-Solutions/fix/logstash_cleanup 
FIX: Logstash Pipeline Cleanup
 2023-01-26 13:19:50 -05:00
Wes
e4271043c6 Remove unnecessary Logstash pipelines 2023-01-26 18:05:14 +00:00
Wes
b3123f7895 Remove unnecessary Logstash pipelines from the pillar 2023-01-26 17:57:07 +00:00
Mike Reeves
282d0f88db Merge pull request #9652 from Security-Onion-Solutions/TOoSmOotH-patch-2 
Update so-verify
 2023-01-26 12:33:46 -05:00
Mike Reeves
25a6eba166 Update so-verify 2023-01-26 12:30:35 -05:00
weslambert
a8d2631d75 Merge pull request #9650 from Security-Onion-Solutions/fix/elastic_agent_add_import_mode 
Elastic Agent - Import Mode
 2023-01-26 11:33:20 -05:00
Josh Patterson
881c8337a3 Merge pull request #9641 from Security-Onion-Solutions/2.4/firewall 
2.4/firewall
 2023-01-26 11:21:30 -05:00
Wes
b381c5424e Remove extra whitespace after 'so-elastic-agent-builder' line in 'so-image-common' 2023-01-26 16:13:23 +00:00
Mike Reeves
a9919e7547 Merge pull request #9648 from Security-Onion-Solutions/mkr24 
Enable Proxy Support
 2023-01-26 11:12:35 -05:00
Wes
f1db1bc273 Ensure Kratos events are sent to a data stream instead of an index 2023-01-26 16:12:06 +00:00
Wes
7d68ef0e8b Add Elastic Agent and Fleet to firewall configuration for Import Mode 2023-01-26 16:07:31 +00:00
Wes
43ffcb1d63 Allow setup to set up Elastic Fleet for Import Mode 2023-01-26 16:05:16 +00:00
Wes
8051fc70eb Temporarily disable the loading of the RITA package policy 2023-01-26 16:03:59 +00:00
Wes
a9a119f1ab Add Elasticsearch output to 'so-elastic-fleet-setup' for Import Mode 2023-01-26 16:02:27 +00:00
Wes
6a803dfe35 Add Elastic Fleet to top file configuration for Import Mode 2023-01-26 16:01:03 +00:00
Wes
1fb6cf7bfe Add Elastic Fleet to allowed states for Import Mode 2023-01-26 15:59:49 +00:00
m0duspwnens
1d2f491084 Merge remote-tracking branch 'remotes/origin/2.4/dev' into 2.4/firewall 2023-01-26 10:49:00 -05:00
m0duspwnens
aafbdf6afc adjust retry and timeout for wait_for_influxdb 2023-01-26 10:12:37 -05:00
Mike Reeves
2456aac311 Proxy Stuff 2023-01-26 09:57:44 -05:00
m0duspwnens
08750154b4 add missing quotes in check_web_pass 2023-01-26 09:11:28 -05:00
Mike Reeves
9e146184d6 Proxy Stuff 2023-01-25 17:43:02 -05:00
Mike Reeves
c57d390bac Proxy Stuff 2023-01-25 17:40:40 -05:00
weslambert
211b87e7ae Merge pull request #9644 from Security-Onion-Solutions/revert-9640-fix/elastic_agent_import_mode 
Revert "Elastic Agent and Fleet - Import Mode"
 2023-01-25 17:23:27 -05:00