CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
5,922 Commits 24 Branches 119 Tags
9fd2ab530e8b298df63bbf59b09eb381232ffbed
Commit Graph

316 Commits

Author SHA1 Message Date
William Wernert
142649b396 [fix] Fix comparator 2020-12-16 10:38:34 -05:00
William Wernert
e464117e8a [fix] Run so-catrust in ES state on Helix sensor install 2020-12-16 10:19:44 -05:00
William Wernert
aa0d43b1db [fix] Always define ismanager var 2020-12-16 09:55:09 -05:00
William Wernert
af149d04a9 [fix] Only run portions of ES state, do not run container 2020-12-16 09:18:40 -05:00
Doug Burks
7a314b5935 Prevent Wazuh "last -n 20" logs from going to Alerts queue #2321 2020-12-12 11:35:29 -05:00
Doug Burks
61ae187d03 revert previous commit #2321 2020-12-12 10:12:23 -05:00
Mike Reeves
b5ed973abd Merge pull request #2138 from OmerTirosh/OmerTirosh-fix-win.eventlog 
Fix Error: SO elasticsearch ingest failed to convert 'winlog.event_data.SubjectUserName' to 'user.name'
 2020-12-12 10:00:27 -05:00
Doug Burks
85aac4ad75 Prevent Wazuh "last -n 20" logs from going to Alerts queue #2321 2020-12-12 09:22:08 -05:00
Mike Reeves
cd6a945a24 Merge pull request #2298 from Security-Onion-Solutions/escluster 
Traditional ES Clustering Support
 2020-12-10 12:07:17 -05:00
TOoSmOotH
42833b2086 Make non clustered node attributes 2020-12-10 11:14:32 -05:00
TOoSmOotH
d9d7f49b96 Adjust elasticsearch.yml 2020-12-10 11:09:38 -05:00
Wes Lambert
f689722559 Add initial suricata.ftp_data pipeline 2020-12-10 14:14:50 +00:00
TOoSmOotH
af15f0eb38 remove ml node.role 2020-12-09 16:23:38 -05:00
Mike Reeves
30e69bf7b2 Merge branch 'escluster' into newescluster 2020-12-09 15:23:49 -05:00
TOoSmOotH
0a48f7d5dc Simplify logic 2020-12-09 15:22:09 -05:00
TOoSmOotH
e983322a18 Fix elastic if statement 2020-12-09 11:31:22 -05:00
TOoSmOotH
6ceecbd524 Fixing some elasticsearch logic 2020-12-09 09:42:03 -05:00
Mike Reeves
8ea088c3fc Restart Elastic on addition of node. 2020-12-07 14:09:41 -05:00
Mike Reeves
94253e92a6 Adjust the elasticsearch config 2020-12-03 10:38:18 -05:00
weslambert
95570976a8 Add indices.query.bool.max_clause_count to allow for wildcard searches targeting more than 1024 fields 2020-12-03 09:29:44 -05:00
Mike Reeves
3e322c38eb Fix config for single cluster mode 2020-12-02 15:33:35 -05:00
Mike Reeves
d004263b71 Add Elastic Clustering 2020-12-02 14:33:22 -05:00
Mike Reeves
ddca9563e5 Merge branch 'mkrmerge' into escluster 2020-11-24 10:29:57 -05:00
OmerTirosh
e2ee0db727 Ignore failure for rename processor 
Ignore failure for winlog.event_data.SubjectUserName rename processor.
For some event ids (for example 4688), this field already been added in winlogbeat JS processor.
Therefor, elastic throw [user.name] already exists error.
 2020-11-24 17:21:47 +02:00
Mike Reeves
426769588a Merge pull request #1739 from jtgreen-cse/patch-2 
fix for Windows events via osquery
 2020-11-21 13:27:05 -05:00
Josh Brower
1908a68330 Cleanup & fix sysmon pid ingest 2020-11-14 16:19:23 -05:00
Wes Lambert
fddfb8eb92 Syslog updates 2020-11-13 16:06:22 +00:00
Wes Lambert
8258b782fc Update syslog pipeline to allow for initial CEF parsing and pipeline targeting 2020-11-11 21:39:40 +00:00
weslambert
ea1f53b40c Add check for field 2020-11-11 10:29:58 -05:00
m0duspwnens
1fca5e65df redo how containers get added to so-status https://github.com/Security-Onion-Solutions/securityonion/issues/1681 2020-11-10 15:31:47 -05:00
Wes Lambert
7e578d2ce0 Pull out additional fields from Exif info 2020-11-09 16:53:53 +00:00
Wes Lambert
3113d5fbdb Format scan.exiftool as text 2020-11-02 19:31:14 +00:00
Wes Lambert
6420ee0310 Update parsing for scan.exiftool 2020-11-02 19:28:12 +00:00
jtgreen-cse
6359e03ba6 fix for Windows events via osquery 
This change was required to properly let Windows events flow through their specific pipelines. Otherwise, the `temp` field stays around and gets ingested in ES.
 2020-10-29 15:03:13 -04:00
Mike Reeves
57d8f25422 Create master node role in ES 2020-10-28 16:44:14 -04:00
William Wernert
3648e293a1 [fix] Add -L option to curl to respect redirects 2020-10-26 14:08:52 -04:00
Mike Reeves
ecfd1bbe4d Merge remote-tracking branch 'remotes/origin/dev' into escluster 2020-10-26 13:33:05 -04:00
weslambert
4765ef5f5c Change rule_ruleset to rule.ruleset 2020-10-20 22:14:23 -04:00
Mike Reeves
97a2d91d15 Re-arrange whiptail screens 2020-10-19 12:14:30 -04:00
Wes Lambert
af9daa4d71 Intel mapping enforcement and winlog.verion 2020-10-15 12:42:33 +00:00
Wes Lambert
54c4ee796f Rename file.flavors.mime to file.mime_type 2020-10-14 18:56:44 +00:00
Wes Lambert
3c820365ab Fix common pipeline field removal so won't fail for missing fields 2020-10-14 13:55:24 +00:00
Wes Lambert
14559b081d Ensure Zeek logs without ts field have an @timestamp field associated 2020-10-12 17:19:23 +00:00
Mike Reeves
f5cfd480a3 Moar encryptions 2020-10-12 09:12:36 -04:00
Mike Reeves
9695e63950 fix template statement 2020-10-11 17:21:57 -04:00
Mike Reeves
deb0f640d6 add jinja templates 2020-10-11 17:02:07 -04:00
Mike Reeves
b7c4fd94c4 get pipelines to load 2020-10-11 16:57:08 -04:00
Mike Reeves
271e40337b Enable jinja for tls 2020-10-11 10:57:04 -04:00
Mike Reeves
f6f9097cd9 Enable tls for 9200 on search capable nodes 2020-10-11 10:53:54 -04:00
Doug Burks
87574181d5 Add Community ID to pfsense filterlog #1501 2020-10-10 08:11:51 -04:00