CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-25 14:07:49 +02:00
Code Issues Packages Projects Releases Wiki Activity
5,013 Commits 40 Branches 125 Tags
a106913d1a1cbba2889d2d5af9055802dc4a780e
Commit Graph

172 Commits

Author SHA1 Message Date
Wes Lambert 14559b081d Ensure Zeek logs without ts field have an @timestamp field associated 2020-10-12 17:19:23 +00:00
Mike Reeves f5cfd480a3 Moar encryptions 2020-10-12 09:12:36 -04:00
Mike Reeves b7c4fd94c4 get pipelines to load 2020-10-11 16:57:08 -04:00
Mike Reeves f6f9097cd9 Enable tls for 9200 on search capable nodes 2020-10-11 10:53:54 -04:00
Doug Burks 87574181d5 Add Community ID to pfsense filterlog #1501 2020-10-10 08:11:51 -04:00
Doug Burks 8d1ba1f4db fix pfsense firewall udp parsing 2020-10-10 07:38:47 -04:00
Doug Burks 9aa4112de1 Remove extra comma 2020-10-10 06:10:10 -04:00
Wes Lambert 28a1f7f88a Remove pfsense tag 2020-10-10 00:03:51 +00:00
Wes Lambert b55ffa44f8 Fix module,dataset rename 2020-10-10 00:01:37 +00:00
Wes Lambert 69a04dedd3 Filterlog config changes 2020-10-09 23:56:52 +00:00
Wes Lambert a6d3dcf398 More fixes for rule field 2020-10-08 13:36:47 +00:00
Wes Lambert a2e2f23a8d Add null safe check for rule 2020-10-08 13:14:39 +00:00
weslambert 5ada85942b Lowercase network.transport 2020-10-08 07:59:57 -04:00
Wes Lambert 7543144afe Don't use regex for determining rule type 2020-10-07 16:15:43 +00:00
Wes Lambert 015a441e79 Change rule.signature_info to rule.reference and ensure common.nids exists 2020-10-07 15:20:26 +00:00
Wes Lambert f0a1457ffd Update common.nids 2020-10-07 15:14:08 +00:00
Wes Lambert 8c07c098f6 Pipeline cleanup 2020-10-06 20:14:15 +00:00
Wes Lambert 350cc41740 Let zeek.common handle common fields for zeek.tunnels 2020-10-06 20:12:23 +00:00
Wes Lambert 019bec992d Add Strelka YARA matches as alerts 2020-10-06 12:19:44 +00:00
weslambert bc31e19e37 Put back rule.category for Wazuh alerts 2020-10-05 11:34:29 -04:00
Wes Lambert 77d31cb289 Add event.severity and event.severity_label config for Wazuh alerts 2020-10-05 12:50:29 +00:00
Wes Lambert 02d2e5e2c6 Fix isue with null Zeek server IP 2020-09-30 17:53:30 +00:00
Wes Lambert 869767d9d9 Add initial parsing for Wazuh WEL/Sysmon 2020-09-28 19:04:21 +00:00
Doug Burks 24c325e9a1 Fix Elasticsearch parsing for Zeek Intel Indicator #1309 2020-09-10 06:41:19 -04:00
Josh Brower c3b2d98ffb Add event.category to WEL 2020-09-10 06:15:30 -04:00
Josh Brower a79d0319cd Initial support for evtx import 2020-09-01 13:47:27 -04:00
Josh Brower b7dd14b8f0 Set event.code to string for WEL 2020-08-28 13:40:04 -04:00
Josh Brower d4f7a07f85 Osquery Parsing fix 2020-08-18 15:54:11 -04:00
Mike Reeves a3d8b7d0d3 Add watch statements 2020-08-14 09:40:38 -04:00
Mike Reeves 5a53194313 Update sotls.yml 2020-08-12 21:12:48 -04:00
Mike Reeves 59ddac57bf Rename sotls.yaml to sotls.yml 2020-08-12 17:48:37 -04:00
Mike Reeves 9980d02844 Elastic Transport TLSgit add . 2020-08-12 15:38:19 -04:00
Mike Reeves 69e7285e30 Fix a bug where minio passwrods cause issues 2020-08-12 12:44:55 -04:00
Mike Reeves 32083132e5 Back out some ES settings 2020-08-12 11:10:36 -04:00
Mike Reeves 0f7074a499 SSL intraca 2020-08-11 15:49:04 -04:00
Mike Reeves 65d535d893 SSL intraca 2020-08-11 15:45:17 -04:00
Mike Reeves 42c9653669 anon user hack 2020-08-11 14:45:55 -04:00
Mike Reeves f553a8e27a anon user hack 2020-08-11 14:40:34 -04:00
Mike Reeves 59292425c0 Add transport hostname 2020-08-10 23:03:54 -04:00
Mike Reeves ac3f490299 Add transport hostname 2020-08-10 23:02:03 -04:00
Mike Reeves 52cc56bebb Add transport hostname 2020-08-10 22:56:15 -04:00
Mike Reeves c3d8c599cc Turn off user auth 2020-08-10 22:13:17 -04:00
Mike Reeves 6007a6c4d8 Things like this are why I hate Java 2020-08-10 22:10:03 -04:00
Mike Reeves d00231af06 Things like this are why I hate Java 2020-08-10 22:05:46 -04:00
Mike Reeves cf5c29d01c Change certs path on elstic 2020-08-10 21:30:53 -04:00
Mike Reeves e7cd527d49 Enable SSL in elastic 2020-08-10 21:18:03 -04:00
Mike Reeves d171adb9c9 jruby ssl fun 2020-08-07 23:39:13 -04:00
Mike Reeves 64af6f99e9 jruby ssl fun 2020-08-07 23:34:55 -04:00
Mike Reeves 2705cbbf45 jruby ssl fun 2020-08-07 23:33:02 -04:00
Mike Reeves 5525e235d1 jruby ssl fun 2020-08-07 23:28:58 -04:00