28d468dd41
Merge remote-tracking branch 'origin/2.4/dev' into 2.4/templaterepos
2024-11-07 07:25:01 -05:00
5e48ccafce
Update Default Value
2024-11-05 11:11:34 -07:00
69dd35c30a
Add Option for Ignoring Ranges of SIDs in Suricata Integrity Check
2024-11-04 14:31:53 -07:00
5406a263d5
Add local custom template
2024-10-29 19:42:06 -04:00
6ce52bf9ab
Specify Defaults for detectionEngineStatusQueries
...
Specify the defaults as an example to the user.
2024-10-24 13:11:49 -06:00
f67fcecc6e
Clean up StatusQueries String
2024-10-24 11:18:48 -06:00
b7c392a244
Corrected a misspelling
2024-10-24 11:18:48 -06:00
ad0b0a5e95
Refactor to String
...
To accomodate the config screen, the annotation now specifies it as a multiline string with a yaml syntax. The user can edit the yaml to add or remove queries. The UI will parse the YAML before use.
Also updated the IntegrityFailure queries to specify table columns more relevant to a sync failure than the default ones.
2024-10-24 11:18:47 -06:00
c77b0afd8e
Move to Client/Detections
...
Added a basic annotation.
2024-10-24 11:18:47 -06:00
04ebe4efea
Array to Dictionary
2024-10-24 11:18:46 -06:00
cbb4d6846f
Detection Engine Status Queries
...
A few for testing
2024-10-24 11:18:45 -06:00
d2bd9c0e26
Changes to allow reviews to start showing
2024-10-10 09:48:59 -06:00
778d5be407
Change summaries branch
2024-09-25 15:35:08 -04:00
caa8d9ecb0
fix repo path
2024-08-09 06:58:40 -04:00
8c1feccbe0
Tweak value
2024-08-08 12:53:51 -06:00
5ee15c8b41
Tweak value
2024-08-08 12:00:07 -06:00
5328f55322
Remove new config value
2024-08-08 11:43:15 -06:00
ccd7d86302
More AI Summaries Config/Annotations
...
Added aiRepoBranch to all 3 detection engines.
Added showUnreviewedAiSummaries to client parameters.
Added annotations.
2024-08-08 10:46:41 -06:00
fc89604982
New Config Values/Annotations for Ai Summaries
...
Each engine pulls the same repo into the same location and shows the summaries.
Which repo and where to keep them is advanced, but turning AI summaries on or off is not.
2024-08-06 13:55:54 -06:00
3130b56d58
Provide new setting to require OTP
2024-07-30 10:39:57 -04:00
45b2413175
Removed Allow/Deny Regexes, Added Enable/Disable Regex
...
Update config and annotations for new regex support for suricata.
2024-07-19 12:45:24 -06:00
d0565baaa3
New Config Values for Detections Bulk Indexer
...
`maxScrollSize` defines the "page size" of each scroll request.
`bulkIndexerWorkerCount` defines how many worker threads a bulk indexer should use. 0 or fewer indicates that 1 thread per CPU core should be used.
2024-07-15 14:43:47 -06:00
3991c7b5fe
FEATURE: Add new action to SOC Actions list to allow users to more easily add their own actions #13346
2024-07-15 15:52:00 -04:00
bf91030204
Add option for detections without license
2024-06-21 15:33:11 -04:00
07b9011636
Update defaults.yaml to put Process actions in logical order
2024-06-20 10:09:27 -04:00
bc2b3b7f8f
Merge pull request #13236 from Security-Onion-Solutions/mwright/licenseDropdown
...
Added license presets to defaults.yaml file
2024-06-18 18:05:15 -04:00
ea02a2b868
Added license presets to defaults.yaml file
2024-06-18 16:52:00 -04:00
de18bf06c3
FEATURE: Add new Process actions #13226
2024-06-18 10:36:41 -04:00
521cccaed6
Update defaults
2024-06-18 08:43:00 -04:00
7af94c172f
Change spelling
2024-06-14 16:00:22 -04:00
7556587e35
Update rule templates
2024-06-14 15:47:57 -04:00
b7ac599a42
set to empty
2024-06-14 13:21:36 -04:00
68302e14b9
add to defaults and tweaks
2024-06-14 09:28:23 -04:00
d5ef0e5744
Fix unnecessary escaping
2024-06-11 12:34:32 -06:00
85c269e697
Added TemplateDetections To Detection ClientParams
...
The UI can now insert templates when you select a Detection language. These are those templates, annotated.
2024-05-30 15:59:03 -06:00
bd11d59c15
add event.dataset since there are other datasets in soc logs
2024-05-24 08:38:12 -04:00
15155613c3
provide default columns when viewing SOC logs
2024-05-24 08:23:45 -04:00
1e6161f89c
Update defaults.yaml
2024-05-23 08:19:43 -04:00
3d4f3a04a3
Update defaults.yaml to fix order of groupby tables and eliminate duplicate
2024-05-23 05:56:18 -04:00
f9e9b825cf
Removed unneeded groupby
2024-05-21 17:53:20 -04:00
3992ef1082
Add rule.uuid to default groupbys
2024-05-21 17:45:56 -04:00
fcc72a4f4e
Add Default IntegrityCheck Frequency Values
2024-05-20 11:23:25 -06:00
b4aec9a9d0
alphabetical order
2024-05-15 16:29:21 -04:00
67645a662d
FEATURE: Add NetFlow dashboard #13009
2024-05-14 10:14:16 -04:00
5b45c80a62
FEATURE: Add NetFlow dashboard #13009
2024-05-14 10:01:18 -04:00
e430de88d3
Change rule updates to 24h
2024-05-13 13:15:06 -04:00
45fd07cdf8
Merge pull request #12987 from Security-Onion-Solutions/jertel/testcy
...
Add quick action to find related alerts for a detection
2024-05-09 18:08:08 -04:00
fecd674fdb
Add quick action to find related alerts for a detection
2024-05-09 17:55:41 -04:00
1da88b70ac
Specify Error Retry Wait and Error Limit for All Detection Engines
...
If a sync errors out, the engine will wait `communityRulesImportErrorSeconds` seconds instead of the usual `communityRulesImportFrequencySeconds` seconds wait.
If `failAfterConsecutiveErrorCount` errors happen in a row when syncing detections to ElasticSearch then the sync is considered a failure and will give up and try again later. This assumes ElasticSearch is the source of the errors and backs of in hopes it'll be able to fix itself.
2024-05-07 10:34:50 -06:00
b997e44715
Merge pull request #12939 from Security-Onion-Solutions/2.4/detections-airgap
...
Initial airgap support for detections
2024-05-06 15:46:29 -04:00
defensivedepth
Corey Ogburn
Jason Ertel
Doug Burks
weslambert
Matthew Wright
unknown
Mike Reeves
Jason Ertel