CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-28 20:03:44 +01:00
Code Issues Packages Projects Releases Wiki Activity
8,417 Commits 19 Branches 120 Tags
a3f62c81c39c9c362cff637e0cc2d9e246cd82d8
Commit Graph

4941 Commits

Author SHA1 Message Date
Jason Ertel
a3f62c81c3 Merge pull request #5577 from Security-Onion-Solutions/kilo 
Continuation of auth enhancements
 2021-09-20 06:30:36 -04:00
Jason Ertel
730503b69c Ensure highstate migrates user roles 2021-09-18 23:17:49 -04:00
Jason Ertel
3508f3d8c1 Ensure ES user/role files are generated even if the primary admin user isn't yet created, since the system users are necessary for other installation functions 2021-09-18 19:20:43 -04:00
Jason Ertel
5704906b11 Create empty files for Docker to mount while installation continues 2021-09-18 15:49:05 -04:00
Jason Ertel
357c1db445 Recover from situation where roles file is corrupted 2021-09-18 11:08:35 -04:00
Jason Ertel
5377a1a85e Recover from situation where roles file is corrupted 2021-09-18 11:06:54 -04:00
Jason Ertel
7f2d7eb038 Continue migration of user emails to IDs 2021-09-18 07:20:34 -04:00
Jason Ertel
30e781d076 Use user ID instead of email as role master 2021-09-17 17:54:38 -04:00
Josh Brower
22eb82e950 Merge pull request #5566 from Security-Onion-Solutions/feature/disable_services 
Add support for disabling Zeek and Suricata
 2021-09-17 14:18:03 -04:00
Josh Brower
4d307c53e8 Add support for disabling Zeek and Suricata 2021-09-17 13:01:50 -04:00
Jason Ertel
fbd9bab2f1 Split apart roles and users into separate maps 2021-09-16 16:08:55 -04:00
weslambert
18d81352c6 Merge pull request #5537 from Security-Onion-Solutions/delta 
Add improved ignore functionality for YARA rules used by Strelka and add default ignored rules that break compilation
 2021-09-16 10:38:49 -04:00
Jason Ertel
3fc26312e0 Remove x-user-id header from unauthenticated proxied requests 2021-09-16 08:52:31 -04:00
Jason Ertel
b81d38e392 Merge branch 'dev' into kilo 2021-09-16 07:44:35 -04:00
Jason Ertel
82da0041a4 Add limited roles with restricted visibility 2021-09-16 07:44:15 -04:00
Josh Brower
c06668c68e Merge pull request #5527 from Security-Onion-Solutions/feature/so-import-evtx 
Feature/so import evtx
 2021-09-15 14:17:15 -04:00
Josh Brower
a75238bc3f so-import-evtx - fix ingest formatting 2021-09-15 14:13:16 -04:00
Josh Brower
ac417867ed so-import-evtx - final fixes 2021-09-15 14:06:08 -04:00
Mike Reeves
aff571faf2 soup changes 2.3.80 2021-09-15 13:32:52 -04:00
weslambert
39e5ded58d Refactor ignore list and only ignore for signature-base for now 2021-09-15 11:32:29 -04:00
weslambert
4d41d3aee1 Ignore these rules by default because they are causing issues with YARA compilation with Strelka 2021-09-15 10:29:11 -04:00
weslambert
5c8067728e Remove unnecessary logic 2021-09-15 10:22:17 -04:00
Josh Brower
e0a289182f Fix Fleet Link Logic 2021-09-15 09:28:23 -04:00
Jason Ertel
9970e54081 Adjust custom_role examples to be more realistic 2021-09-14 14:03:22 -04:00
Jason Ertel
ff989b1c73 Include wording in so-user relating to optional role parameter 2021-09-14 14:03:00 -04:00
Josh Brower
74b0b365bd Fleet SA - SOC Link Fix 2021-09-14 13:23:07 -04:00
Josh Brower
0b0d508585 so-import-evtx - tweaks 2021-09-14 12:01:14 -04:00
Mike Reeves
332c4dda22 Merge pull request #5469 from Security-Onion-Solutions/fix/idstools-rule-clear 
Allow so-rule-update to accept any number of args
 2021-09-10 14:41:55 -04:00
William Wernert
679faddd52 Update so-rule-update to pass all args to docker exec 
Instead of passing $1, build a string from all args and add that to the command string for the docker exec statement
 2021-09-10 13:44:37 -04:00
William Wernert
0b42b19763 Update so-rule-update to source so-common 2021-09-10 13:41:58 -04:00
William Wernert
943bd3e902 Merge pull request #5468 from Security-Onion-Solutions/fix/idstools-rule-clear 
Add `--force` flag to idstools-rulecat under so-rule-update
 2021-09-10 13:17:16 -04:00
Mike Reeves
4af6a901a1 Merge pull request #5461 from Security-Onion-Solutions/truclusterrator 
Add new hunt fields
 2021-09-10 13:17:01 -04:00
William Wernert
9c310de459 Add --force flag to idstools-rulecat under so-rule-update 
This forces idstools to pull from the url each time, which prevents it from clearing all.rules if idstools-rulecat is run twice within 15 minutes by any method (either restarting the container or running so-rule-update)
 2021-09-10 13:15:09 -04:00
Mike Reeves
4f6a3269cb Add more detail to syscollector 2021-09-10 09:59:47 -04:00
Mike Reeves
c83f119cc0 Update so-raid-status 2021-09-09 10:59:35 -04:00
Mike Reeves
5d235e932c Fix Raid Status for cloud 2021-09-09 10:46:28 -04:00
weslambert
b8600be0f1 Incude server.publicBaseUrl 2021-09-08 12:12:09 -04:00
Jason Ertel
19a02baa7c Merge pull request #5425 from Security-Onion-Solutions/kilo 
Auth enhancements
 2021-09-07 13:10:36 -04:00
Jason Ertel
3c59579f99 Add maintenance privilege for analysts to refresh indices 2021-09-07 13:03:30 -04:00
Jason Ertel
72cff7ec7a Merge branch 'dev' into kilo 2021-09-07 10:49:08 -04:00
Mike Reeves
e3900606dc Enable index sorting by default but allow it to be disabled 2021-09-04 10:42:18 -04:00
Rob Waight
b7591093cf Add index sorting to so-common-template.json 
Add index sorting to so-common-template.json
 2021-09-04 09:45:03 -04:00
Jason Ertel
94ea1f856b Add auditor role; update analyst role with correct syntax 2021-09-03 15:59:48 -04:00
Jason Ertel
fbbb7f4e85 Add auditor role; update analyst role with correct syntax 2021-09-03 15:54:05 -04:00
Mike Reeves
9fb28709d5 Add maxfiles to the steno config 2021-09-03 10:47:00 -04:00
Jason Ertel
649f339934 Correct typo 2021-09-02 20:30:48 -04:00
Jason Ertel
f659079542 Consolidate password validation messaging 2021-09-02 19:12:32 -04:00
Jason Ertel
ce70380f0f resolve so-user errors from recent auth changes 2021-09-02 17:59:33 -04:00
Jason Ertel
c4d402d8b4 Ensure role file exists before ES state is run 2021-09-02 15:45:47 -04:00
Mike Reeves
9f5dafd560 More Event Fields 2021-09-02 13:48:18 -04:00