CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-01-04 15:23:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
15,607 Commits 20 Branches 120 Tags
9eb76a95ca731af65d4f073f198b1e82f15e1ba2
Commit Graph

121 Commits

Author SHA1 Message Date
weslambert
61ab1f1ef2 Add tenable_io templates 2024-08-15 23:03:07 -04:00
weslambert
49d2ac2b13 Change name for system component 2024-07-31 16:17:57 -04:00
Wes
fb2a42a9af Use custom system component 2024-07-31 17:02:45 +00:00
weslambert
0453f51e64 Actually ignore missing templates 2024-07-30 12:54:07 -04:00
Corey Ogburn
20f915f649 so-detection refresh_interval => 1s 
Speeds up the refresh_interval so bulk indexing a single rule does not wait 30s.
 2024-07-25 12:53:04 -06:00
weslambert
fe1824aedd Revert "Elastic 8.14.2" 2024-07-15 11:28:59 -04:00
weslambert
8615e5d5ea Move enabled and index_clean back to the top 2024-07-08 16:50:06 -04:00
weslambert
745b6775f1 Change name for ILM 2024-07-02 09:05:35 -04:00
Wes
32d7927a49 Template changes for Elastic 8.14.1 2024-07-01 15:16:06 +00:00
Wes
f396247838 Add index templates and lifecycle policies 2024-05-31 17:46:19 +00:00
Wes
55c5ea5c4c Add template for Suricata alerts 2024-05-30 16:58:56 +00:00
weslambert
c8870eae65 Add detection alerts template 2024-05-13 14:23:47 -04:00
weslambert
6294f751ee Cold min_age to 60d 2024-05-01 10:59:41 -04:00
m0duspwnens
c9d9979f22 allow for enabled/disable of so-elasticsearch-indices-delete cronjob 2024-04-24 16:18:45 -04:00
reyesj2
55cf90f477 merge 2.4/dev 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-11 14:44:59 -04:00
reyesj2
4097e1d81a Create mappings for Kismet integration 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-10 16:10:27 -04:00
Wes
105eadf111 Add cef 2024-04-03 14:40:41 +00:00
reyesj2
000d15a53c Kismet integration: TODO Elasticsearch mappings 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-03-29 13:56:01 -04:00
Wes
c6df805556 Add SOC template 2024-03-18 14:53:36 +00:00
weslambert
d8e8933ea0 Add AWS Security Hub template 2024-03-05 09:25:41 -05:00
weslambert
d85ac39e28 Add AWS Inspector template 2024-03-05 09:23:17 -05:00
weslambert
1514f1291e Add AWS GuardDuty template 2024-03-05 09:21:48 -05:00
weslambert
b64d61065a Add AWS Cloudfront template 2024-03-05 09:19:43 -05:00
weslambert
df3943b465 Daily rollover 2024-02-27 17:24:27 -05:00
weslambert
1d099f97d2 Update pattern for endpoint diagnostic template 2024-02-26 11:27:56 -05:00
Josh Brower
686304f24a Merge remote-tracking branch 'origin/2.4/dev' into kilo 2024-02-15 09:47:51 -05:00
Wes
182667bafb Change numbers for Elasticsearch 2024-02-01 13:59:23 +00:00
Wes
cd4bd6460a Custom pipelines 2024-01-31 20:16:18 +00:00
Corey Ogburn
585147d1de Added so-detection mapping in elasticsearch 2024-01-31 10:39:47 -07:00
weslambert
cd54d4becb Fix indent 2024-01-25 13:57:02 -05:00
weslambert
5f1c76f6ec endpoint.diagnostic.collection 2024-01-25 09:46:25 -05:00
Wes
05aa8b013a Add additional integration to templates 2024-01-19 22:02:39 +00:00
weslambert
3f9678056d OTX pulses template 2024-01-12 16:42:32 -05:00
Wes
5eae349938 Add endpoint metrics templates 2024-01-12 13:47:35 +00:00
Wes
9b1ddcacb4 Add additional templates for integrations 2024-01-11 14:00:09 +00:00
weslambert
cdac2bfa16 Add Anomali, Cybersixgill, Snort, and ThreatQuotient 2023-12-13 11:03:25 -05:00
Wes
5bfef3f527 Add checkpoint and vsphere templates 2023-11-02 21:10:01 +00:00
weslambert
c354924b68 Add import roles 2023-10-31 10:05:29 -04:00
weslambert
ed6473a34b Add roles for eval mode 2023-10-30 20:41:49 -04:00
weslambert
76dd6f07ab Remove policy for OSQuery manager indices 2023-10-27 17:26:33 -04:00
weslambert
c955f9210a Remove policy for Cases indices 2023-10-27 17:24:27 -04:00
Mike Reeves
b37e38e3c3 Update defaults.yaml 2023-10-26 16:03:58 -04:00
Mike Reeves
2e0100fd35 Update defaults.yaml 2023-10-26 12:37:55 -04:00
Wes
891ea997e7 Add lifecycle policies and warm settings 2023-10-26 12:25:37 +00:00
Josh Patterson
5f168a33ed Update defaults.yaml 2023-10-25 16:16:01 -04:00
Josh Patterson
af4b34801f Update defaults.yaml 2023-10-25 15:48:27 -04:00
Wes
28b7a24cc1 Add templates for integrations 2023-10-18 20:36:04 +00:00
Wes
2e0ea3f374 Set final pipeline 2023-09-19 13:33:12 +00:00
weslambert
d090852895 Correct fortigate template name 2023-08-30 15:40:40 -04:00
weslambert
706a6e2d56 Make sure a data stream is created for syslog 2023-08-30 08:34:04 -04:00