CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-10 11:12:51 +01:00
Code Issues Packages Projects Releases Wiki Activity
8,417 Commits 26 Branches 119 Tags
a3f62c81c39c9c362cff637e0cc2d9e246cd82d8
Commit Graph

8417 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jason Ertel
a3f62c81c3 Merge pull request #5577 from Security-Onion-Solutions/kilo 
Continuation of auth enhancements
 2021-09-20 06:30:36 -04:00
Jason Ertel
730503b69c Ensure highstate migrates user roles 2021-09-18 23:17:49 -04:00
Jason Ertel
3508f3d8c1 Ensure ES user/role files are generated even if the primary admin user isn't yet created, since the system users are necessary for other installation functions 2021-09-18 19:20:43 -04:00
Jason Ertel
5704906b11 Create empty files for Docker to mount while installation continues 2021-09-18 15:49:05 -04:00
Jason Ertel
357c1db445 Recover from situation where roles file is corrupted 2021-09-18 11:08:35 -04:00
Jason Ertel
5377a1a85e Recover from situation where roles file is corrupted 2021-09-18 11:06:54 -04:00
Jason Ertel
7f2d7eb038 Continue migration of user emails to IDs 2021-09-18 07:20:34 -04:00
Jason Ertel
30e781d076 Use user ID instead of email as role master 2021-09-17 17:54:38 -04:00
Josh Brower
22eb82e950 Merge pull request #5566 from Security-Onion-Solutions/feature/disable_services 
Add support for disabling Zeek and Suricata
 2021-09-17 14:18:03 -04:00
Josh Brower
4d307c53e8 Add support for disabling Zeek and Suricata 2021-09-17 13:01:50 -04:00
Jason Ertel
fbd9bab2f1 Split apart roles and users into separate maps 2021-09-16 16:08:55 -04:00
weslambert
18d81352c6 Merge pull request #5537 from Security-Onion-Solutions/delta 
Add improved ignore functionality for YARA rules used by Strelka and add default ignored rules that break compilation
 2021-09-16 10:38:49 -04:00
Jason Ertel
3fc26312e0 Remove x-user-id header from unauthenticated proxied requests 2021-09-16 08:52:31 -04:00
Jason Ertel
b81d38e392 Merge branch 'dev' into kilo 2021-09-16 07:44:35 -04:00
Jason Ertel
82da0041a4 Add limited roles with restricted visibility 2021-09-16 07:44:15 -04:00
Josh Brower
c06668c68e Merge pull request #5527 from Security-Onion-Solutions/feature/so-import-evtx 
Feature/so import evtx
 2021-09-15 14:17:15 -04:00
Josh Brower
a75238bc3f so-import-evtx - fix ingest formatting 2021-09-15 14:13:16 -04:00
Josh Brower
ac417867ed so-import-evtx - final fixes 2021-09-15 14:06:08 -04:00
Mike Reeves
0882158e03 Merge pull request #5525 from Security-Onion-Solutions/soup80 
soup changes 2.3.80
 2021-09-15 13:44:54 -04:00
Mike Reeves
aff571faf2 soup changes 2.3.80 2021-09-15 13:32:52 -04:00
weslambert
2affaf07a2 Merge pull request #5521 from Security-Onion-Solutions/fix/strelka-yara 
Fix/strelka yara
 2021-09-15 11:33:44 -04:00
weslambert
39e5ded58d Refactor ignore list and only ignore for signature-base for now 2021-09-15 11:32:29 -04:00
weslambert
4d41d3aee1 Ignore these rules by default because they are causing issues with YARA compilation with Strelka 2021-09-15 10:29:11 -04:00
weslambert
5c8067728e Remove unnecessary logic 2021-09-15 10:22:17 -04:00
Josh Brower
1d905124d3 Merge pull request #5519 from Security-Onion-Solutions/fix/fleet-link 
Fix Fleet Link Logic
 2021-09-15 09:30:21 -04:00
Josh Brower
e0a289182f Fix Fleet Link Logic 2021-09-15 09:28:23 -04:00
Jason Ertel
9970e54081 Adjust custom_role examples to be more realistic 2021-09-14 14:03:22 -04:00
Jason Ertel
ff989b1c73 Include wording in so-user relating to optional role parameter 2021-09-14 14:03:00 -04:00
Josh Brower
4b7667d87f Merge pull request #5508 from Security-Onion-Solutions/fix/fleet-link 
Fleet SA - SOC Link Fix
 2021-09-14 13:29:20 -04:00
Josh Brower
74b0b365bd Fleet SA - SOC Link Fix 2021-09-14 13:23:07 -04:00
Josh Brower
0b0d508585 so-import-evtx - tweaks 2021-09-14 12:01:14 -04:00
Mike Reeves
332c4dda22 Merge pull request #5469 from Security-Onion-Solutions/fix/idstools-rule-clear 
Allow so-rule-update to accept any number of args
 2021-09-10 14:41:55 -04:00
William Wernert
679faddd52 Update so-rule-update to pass all args to docker exec 
Instead of passing $1, build a string from all args and add that to the command string for the docker exec statement
 2021-09-10 13:44:37 -04:00
William Wernert
0b42b19763 Update so-rule-update to source so-common 2021-09-10 13:41:58 -04:00
William Wernert
943bd3e902 Merge pull request #5468 from Security-Onion-Solutions/fix/idstools-rule-clear 
Add `--force` flag to idstools-rulecat under so-rule-update
 2021-09-10 13:17:16 -04:00
Mike Reeves
4af6a901a1 Merge pull request #5461 from Security-Onion-Solutions/truclusterrator 
Add new hunt fields
 2021-09-10 13:17:01 -04:00
William Wernert
9c310de459 Add --force flag to idstools-rulecat under so-rule-update 
This forces idstools to pull from the url each time, which prevents it from clearing all.rules if idstools-rulecat is run twice within 15 minutes by any method (either restarting the container or running so-rule-update)
 2021-09-10 13:15:09 -04:00
Mike Reeves
4f6a3269cb Add more detail to syscollector 2021-09-10 09:59:47 -04:00
Doug Burks
6a2e1df7d4 Merge pull request #5460 from Security-Onion-Solutions/feature/welcome-link-docs 
FEATURE: Add docs link to Setup #5459
 2021-09-10 07:27:48 -04:00
doug
db50ef71b4 FEATURE: Add docs link to Setup #5459 2021-09-10 06:19:16 -04:00
Jason Ertel
4e2d5018a2 Merge pull request #5455 from Security-Onion-Solutions/kilo 
Consolidate whiptail screens
 2021-09-09 14:57:28 -04:00
Jason Ertel
94688a9adb Eliminate adv component popup 2021-09-09 14:29:09 -04:00
Jason Ertel
63f67b3500 Rephrase screen that warns about more RAM requirements 2021-09-09 14:16:05 -04:00
Mike Reeves
eaa5e41651 Merge pull request #5450 from Security-Onion-Solutions/TOoSmOotH-patch-1 
Fix Raid Status for cloud
 2021-09-09 11:09:49 -04:00
Mike Reeves
c83f119cc0 Update so-raid-status 2021-09-09 10:59:35 -04:00
Mike Reeves
5d235e932c Fix Raid Status for cloud 2021-09-09 10:46:28 -04:00
weslambert
03b45512fa Merge pull request #5436 from Security-Onion-Solutions/fix/kibana_server_url 
Incude server.publicBaseUrl
 2021-09-08 12:13:48 -04:00
weslambert
b8600be0f1 Incude server.publicBaseUrl 2021-09-08 12:12:09 -04:00
Jason Ertel
19a02baa7c Merge pull request #5425 from Security-Onion-Solutions/kilo 
Auth enhancements
 2021-09-07 13:10:36 -04:00
Jason Ertel
3c59579f99 Add maintenance privilege for analysts to refresh indices 2021-09-07 13:03:30 -04:00