CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
10,740 Commits 24 Branches 119 Tags
9f72cfa1fcdf1e837951ae989ed155874c246608
Commit Graph

10740 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jason Ertel
9f72cfa1fc roll back to grep instead of pgrep due to cron issue 2022-12-07 12:08:31 -05:00
Jason Ertel
fde33de030 Use original style due to pgrep conflict with cron 2022-12-07 11:51:49 -05:00
Jason Ertel
e849783a86 Reduce cron noise; ensure filecheck is restarted if modified 2022-12-07 08:36:56 -05:00
weslambert
2240283457 Merge pull request #9316 from Security-Onion-Solutions/fix/ics_scada_filebeat_disable_ecat_arp_info 
Disable Filebeat input for 'ecat_arp_info' Zeek logs
 2022-12-07 08:08:42 -05:00
weslambert
def0c85349 Disable Filebeat input for 'ecat_arp_info' Zeek logs 2022-12-07 08:00:21 -05:00
weslambert
31832ae150 Merge pull request #9309 from Security-Onion-Solutions/fix/ignore_additional_strelka_rules_causing_compilation_errors 
Ignore additional rules causing YARA compilation errors
 2022-12-06 14:01:14 -05:00
weslambert
7ce0924382 Ignore additional rules causing compilation errors 2022-12-06 13:59:21 -05:00
weslambert
73304e049c Merge pull request #9304 from Security-Onion-Solutions/feature/ics_scada_additions 
Port STUN, TDS, WireGuard, and ICS/SCADA Changes from 2.3 to 2.4
 2022-12-06 13:14:47 -05:00
weslambert
a626acced0 Add new ICS/SCADA event fields to the dashboards section of the configuration and remove extra space in key names. 2022-12-06 13:11:55 -05:00
Jason Ertel
6443e702a5 Merge pull request #9305 from Security-Onion-Solutions/config 
Filecheck support for Suricata
 2022-12-06 12:53:19 -05:00
Jason Ertel
88410bc8f8 Merge branch '2.4/dev' into config 2022-12-06 12:38:43 -05:00
Jason Ertel
168cd00e1b Handle suricata extracted with filecheck 2022-12-06 12:34:02 -05:00
Wes
1b5c1fecd4 Revert SOC default 'alerts' event fields and specify additional event fields for ICS/SCADA events 2022-12-06 17:28:30 +00:00
Wes
b048eec3c0 Add STUN, TDS, WireGuard, and ICS/SCADA dashboard queries 2022-12-06 17:17:49 +00:00
Wes
f44eee134a Add default queries and ICS/SCADA queries 2022-12-06 16:52:20 +00:00
Wes
c741fe6b4d Ensure ICS/SCADA plugins/scripts are enabled 2022-12-06 16:23:26 +00:00
Wes
be5775e4a0 Ensure Filebeat defaults file is updated with ICS/SCADA log references 2022-12-06 16:15:09 +00:00
Wes
499b5d95f2 Add 'ics' tag for 'bsap'-prefixed events/logs 2022-12-06 16:01:57 +00:00
Wes
14af1d36cb Ensure ICS/SCADA pipelines are present 2022-12-06 15:58:47 +00:00
Jason Ertel
fd13c7ccc0 Additional metadata for soc 2022-12-05 09:03:22 -05:00
Mike Reeves
7e102949a6 Merge pull request #9268 from Security-Onion-Solutions/TOoSmOotH-patch-5 
Update init.sls
 2022-12-02 12:58:12 -05:00
Mike Reeves
f083b3867b Update init.sls 2022-12-02 09:40:35 -05:00
Mike Reeves
55444288bc Merge pull request #9254 from Security-Onion-Solutions/TOoSmOotH-patch-3 
Update filecheck
 2022-11-30 11:04:18 -05:00
Mike Reeves
f83545c556 Update filecheck 2022-11-30 11:02:56 -05:00
weslambert
117a3d486a Merge pull request #9210 from Security-Onion-Solutions/fix/add_missing_opcua_activate_session_pipelines_2_4 
Add Missing OPCUA Activate Session Pipelines
 2022-11-22 16:01:45 -05:00
Wes
7f324bc47e Remove extra space used during testing 2022-11-22 20:52:08 +00:00
Wes
a6bc5b108f Add missing OPCUA 'activate_session' pipelines 2022-11-22 20:51:44 +00:00
weslambert
090f8309c2 Merge pull request #9207 from Security-Onion-Solutions/fix/ingest_typos_2_4 
Fix spelling of 'wireguard.responses' field name
 2022-11-22 15:36:04 -05:00
weslambert
356904f751 Fix spelling of 'wireguard.responses' field name 2022-11-22 13:03:04 -05:00
weslambert
f9cc7888f4 Merge pull request #9204 from Security-Onion-Solutions/fix/ics_ingest_field_names_2_4 
Fix ICS Ingest Field Names
 2022-11-22 12:30:17 -05:00
weslambert
6b77843e52 Fix format/speliing for 'enip.status_code' field name 2022-11-22 12:07:55 -05:00
weslambert
13faf63770 Fix spelling for 'stun.class' field name 2022-11-22 12:07:15 -05:00
weslambert
b801997709 Merge pull request #9196 from Security-Onion-Solutions/fix/missing_ics_pipelines_2_4 
Add COTP and TDS ingest pipelines
 2022-11-22 08:44:19 -05:00
Wes
a38e312df4 Add COTP and TDS ingest pipelines 2022-11-22 13:36:27 +00:00
weslambert
bde899e7cb Merge pull request #9194 from Security-Onion-Solutions/fix/ics_tag_syntax_error_2_4 
Fix syntax error for 'ics' tag logic
 2022-11-22 07:32:54 -05:00
weslambert
d2bc1a5523 Fix syntax error for 'ics' tag logic 2022-11-22 07:24:54 -05:00
weslambert
68efd817e0 Merge pull request #9189 from Security-Onion-Solutions/feature/filebeat_config_ics_event_tag_2_4 
Add 'ics' tag to events generated from ICS protocol logs
 2022-11-21 17:06:14 -05:00
weslambert
fe180d5657 Fix indentation 2022-11-21 17:02:17 -05:00
weslambert
9994d47a43 Add 'ics' tag to events generated from ICS protocol logs 2022-11-21 16:46:47 -05:00
Doug Burks
6e1e6e15e8 Merge pull request #9186 from Security-Onion-Solutions/dougburks-patch-2 
Add ICS/SCADA logs to filebeat defaults.yaml
 2022-11-21 13:30:35 -05:00
Doug Burks
febb781428 Add ICS/SCADA logs to filebeat defaults.yaml 2022-11-21 12:10:55 -05:00
weslambert
061f0b0595 Merge pull request #9159 from Security-Onion-Solutions/feature/additional_ics_scada_ingest_pipelines_2_4 
Add additional ICS/SCADA ingest node pipelines
 2022-11-21 10:32:00 -05:00
Doug Burks
5a0fe6050b Merge pull request #9179 from Security-Onion-Solutions/dougburks-patch-2 
Simplify version in README.md to just 2.4
 2022-11-21 08:46:33 -05:00
Doug Burks
778ee4b00f Simplify version in README.md to just 2.4 2022-11-21 08:39:18 -05:00
Jason Ertel
5f59ae52d5 Merge pull request #9162 from Security-Onion-Solutions/config 
Config
 2022-11-17 11:50:35 -05:00
Wes
05b9a067fd Add additional ICS/SCADA ingest node pipelines 2022-11-17 16:03:21 +00:00
Jason Ertel
ed9aa5b73f Ensure filecheck is up by checking every minute 2022-11-17 10:48:53 -05:00
Jason Ertel
7f7e5474ed Add more logging for filecheck monitoring, and ensure scripts are accessible to salt-relay 2022-11-17 10:43:05 -05:00
Jason Ertel
0ffef75d7b Move background jobs to cron 2022-11-17 09:50:41 -05:00
Jason Ertel
c572848ece temporarily remove filecheck for debug purposes 2022-11-17 08:06:24 -05:00