CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 17:52:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
12,293 Commits 24 Branches 119 Tags
a2e6469a38b451ff37ce2623cadf788001d4e47e
Commit Graph

231 Commits

Author SHA1 Message Date
Wes Lambert
6420ee0310 Update parsing for scan.exiftool 2020-11-02 19:28:12 +00:00
jtgreen-cse
6359e03ba6 fix for Windows events via osquery 
This change was required to properly let Windows events flow through their specific pipelines. Otherwise, the `temp` field stays around and gets ingested in ES.
 2020-10-29 15:03:13 -04:00
weslambert
4765ef5f5c Change rule_ruleset to rule.ruleset 2020-10-20 22:14:23 -04:00
Wes Lambert
54c4ee796f Rename file.flavors.mime to file.mime_type 2020-10-14 18:56:44 +00:00
Wes Lambert
3c820365ab Fix common pipeline field removal so won't fail for missing fields 2020-10-14 13:55:24 +00:00
Wes Lambert
14559b081d Ensure Zeek logs without ts field have an @timestamp field associated 2020-10-12 17:19:23 +00:00
Doug Burks
87574181d5 Add Community ID to pfsense filterlog #1501 2020-10-10 08:11:51 -04:00
Doug Burks
8d1ba1f4db fix pfsense firewall udp parsing 2020-10-10 07:38:47 -04:00
Doug Burks
9aa4112de1 Remove extra comma 2020-10-10 06:10:10 -04:00
Wes Lambert
28a1f7f88a Remove pfsense tag 2020-10-10 00:03:51 +00:00
Wes Lambert
b55ffa44f8 Fix module,dataset rename 2020-10-10 00:01:37 +00:00
Wes Lambert
69a04dedd3 Filterlog config changes 2020-10-09 23:56:52 +00:00
Wes Lambert
a6d3dcf398 More fixes for rule field 2020-10-08 13:36:47 +00:00
Wes Lambert
a2e2f23a8d Add null safe check for rule 2020-10-08 13:14:39 +00:00
weslambert
5ada85942b Lowercase network.transport 2020-10-08 07:59:57 -04:00
Wes Lambert
7543144afe Don't use regex for determining rule type 2020-10-07 16:15:43 +00:00
Wes Lambert
015a441e79 Change rule.signature_info to rule.reference and ensure common.nids exists 2020-10-07 15:20:26 +00:00
Wes Lambert
f0a1457ffd Update common.nids 2020-10-07 15:14:08 +00:00
Wes Lambert
8c07c098f6 Pipeline cleanup 2020-10-06 20:14:15 +00:00
Wes Lambert
350cc41740 Let zeek.common handle common fields for zeek.tunnels 2020-10-06 20:12:23 +00:00
Wes Lambert
019bec992d Add Strelka YARA matches as alerts 2020-10-06 12:19:44 +00:00
weslambert
bc31e19e37 Put back rule.category for Wazuh alerts 2020-10-05 11:34:29 -04:00
Wes Lambert
77d31cb289 Add event.severity and event.severity_label config for Wazuh alerts 2020-10-05 12:50:29 +00:00
Wes Lambert
02d2e5e2c6 Fix isue with null Zeek server IP 2020-09-30 17:53:30 +00:00
Wes Lambert
869767d9d9 Add initial parsing for Wazuh WEL/Sysmon 2020-09-28 19:04:21 +00:00
Doug Burks
24c325e9a1 Fix Elasticsearch parsing for Zeek Intel Indicator #1309 2020-09-10 06:41:19 -04:00
Josh Brower
c3b2d98ffb Add event.category to WEL 2020-09-10 06:15:30 -04:00
Josh Brower
a79d0319cd Initial support for evtx import 2020-09-01 13:47:27 -04:00
Josh Brower
b7dd14b8f0 Set event.code to string for WEL 2020-08-28 13:40:04 -04:00
Josh Brower
d4f7a07f85 Osquery Parsing fix 2020-08-18 15:54:11 -04:00
Josh Brower
928e5ed832 Playbook/Nav Fixes - Issue #1064 2020-08-07 17:02:48 -04:00
Josh Brower
ff209cfd65 Merge pull request #1149 from Security-Onion-Solutions/feature/wlb-parsing 
Ingest Parsing Update for Sysmon/WEL
 2020-08-07 13:37:22 -04:00
Josh Brower
a8b980b6a7 More Playbook Fixes - Issue #1064 2020-08-07 13:35:43 -04:00
Josh Brower
15efe77e06 Ingest Parsing Update for Sysmon/WEL 2020-08-06 13:11:47 -04:00
Josh Brower
d971d07720 Osquery & WLB Parsing Update for WEL & Sysmon 2020-07-31 16:06:15 -04:00
Josh Brower
55e60cb749 initial refactor - beats/sysmon parsing 2020-07-28 11:03:33 -04:00
Josh Patterson
549916306c Merge pull request #1008 from Security-Onion-Solutions/quickfix/lstoes 
Quickfix/lstoes
 2020-07-14 17:37:19 -04:00
m0duspwnens
5cf71596b2 add curlys 2020-07-14 17:36:52 -04:00
Josh Brower
8647944ae6 Parsing & Hunt query updates 2020-07-14 16:59:06 -04:00
Doug Burks
a1e6a85a68 explicitly set Suricata timestamp timezone to UTC 2020-07-14 15:49:46 -04:00
Wes Lambert
f9df39977b Add observer name for Strelka events 2020-07-14 17:38:43 +00:00
Wes Lambert
d6afde90b0 Convert message timestamp to @timestamp 2020-07-14 13:37:00 +00:00
Josh Brower
65062d93f4 Misc fixes 2020-07-10 19:43:43 -04:00
Josh Brower
206bdc60f3 Merge pull request #967 from Security-Onion-Solutions/feature/low-level-alerts 
Feature - low level alerts
 2020-07-09 13:56:31 -04:00
Josh Brower
52f7111e1d Feature - low level alerts 2020-07-09 13:53:55 -04:00
Doug Burks
8dfafffef0 remove duplicate line for message2.conn_uids 2020-07-09 06:44:08 -04:00
weslambert
4cf31e1ee7 Drop message field and original exiftool keys 2020-07-08 10:55:40 -04:00
Doug Burks
fef803a86c Add ignore_failure to geoip processor calls #942 2020-07-08 10:41:14 -04:00
weslambert
b25a3b6986 Rename uids to uid 2020-07-08 09:39:37 -04:00
Wes Lambert
3b50ce032a Add fields for exiftool keys 2020-07-07 20:02:09 +00:00