CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 01:32:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
9,350 Commits 24 Branches 119 Tags
a43fb293fc6dba64dbc08beece3ed093c147aa30
Commit Graph

571 Commits

Author SHA1 Message Date
m0duspwnens
dd00e3babc use .get since repo may not exist 2022-01-25 13:18:21 -05:00
m0duspwnens
5d2b3992e2 dont need to set ES_PATH_REPO 2022-01-25 13:11:53 -05:00
m0duspwnens
7b6eeac03f dnt mount under /repo in the container 2022-01-25 13:08:46 -05:00
m0duspwnens
00e17d5c78 put repos in /repo in es container 2022-01-25 13:03:54 -05:00
m0duspwnens
a17e1aa87a 930 for group 2022-01-25 13:00:04 -05:00
m0duspwnens
4423e93880 prevent path.repo from being put in elasticsearch.yml if the symlink doesnt exist 2022-01-25 12:57:05 -05:00
m0duspwnens
e62de2934c fix test for es repo 2022-01-25 12:24:03 -05:00
m0duspwnens
a92e2a917b change repos to repo 2022-01-25 10:53:28 -05:00
m0duspwnens
a72f12c4c7 add path.repo mount if symlink exists 2022-01-25 10:50:00 -05:00
Jason Ertel
4ab7a6a079 Merge pull request #6967 from Security-Onion-Solutions/kilo 
Copyright year and format update
 2022-01-24 10:39:31 -05:00
Jason Ertel
eefcc929c2 Update copyright pattern to match other repos 2022-01-24 10:09:23 -05:00
Jason Ertel
7c22f46a55 Update copyright year for 2022 2022-01-24 09:35:29 -05:00
weslambert
d1efa71c57 Remove dynamic keyword template to prevent field conflicts with mappings defined in common template 2022-01-20 12:34:32 -05:00
Josh Patterson
c57b2d005e Merge pull request #6933 from Security-Onion-Solutions/issue/6810 
quote ES_PASS in SOCtopus.conf and remove % from random pw
 2022-01-20 10:57:56 -05:00
m0duspwnens
9b2459d8ba quote ES_PASS in SOCtopus.conf and remove % from random pw 2022-01-20 10:52:48 -05:00
weslambert
e137ad60c5 Disable dynamic mapping and increase order to reduce potential field conflicts 2022-01-20 09:44:41 -05:00
m0duspwnens
fc65f7bb84 Merge remote-tracking branch 'remotes/origin/dev' into issue/6810 2022-01-19 15:35:28 -05:00
Jason Ertel
dc44a91398 Prefix all SO fields to avoid potential conflicts with future ECS changes 2022-01-19 14:26:22 -05:00
Jason Ertel
d7ba1cedff remove unused fields object from related case schema 2022-01-19 08:39:21 -05:00
m0duspwnens
87999453f2 Merge remote-tracking branch 'remotes/origin/dev' into issue/6810 2022-01-18 09:13:10 -05:00
m0duspwnens
a46a740170 account for salt 3004 adding new chars to random.get_str 2022-01-14 17:23:29 -05:00
weslambert
c512351dd6 Add mapping for scan.exiftool and scan.pe.sections.entropy 2022-01-14 17:01:13 -05:00
weslambert
a90bc9dba9 Add mapping for scan.pe.sections.entropy 2022-01-14 16:58:53 -05:00
m0duspwnens
06c0cebb26 merge with dev 2022-01-13 09:44:26 -05:00
Mike Reeves
ee44edfe75 Add additional highlander settings 2022-01-12 13:18:44 -05:00
m0duspwnens
494737549d move some es script to src elasticsearch/tools/sbin and dst /usr/sbin. set requires 2022-01-12 10:20:05 -05:00
m0duspwnens
baf297ab0a merge with dev, resolve conflict 2022-01-11 11:24:10 -05:00
Josh Brower
5083be4ce7 Merge pull request #6816 from Security-Onion-Solutions/fix/wazuh-parsing-v2 
Fix Wazuh WEL Parsing
 2022-01-11 11:17:24 -05:00
m0duspwnens
328d6cdeb4 Merge remote-tracking branch 'remotes/origin/dev' into issue/6811 2022-01-11 10:02:18 -05:00
Mike Reeves
8ad36fc7b9 Update init.sls 2022-01-11 10:01:14 -05:00
m0duspwnens
87756cdbc9 Merge remote-tracking branch 'remotes/origin/dev' into issue/6811 2022-01-11 09:57:31 -05:00
Mike Reeves
770a389410 Update init.sls 2022-01-11 09:56:22 -05:00
m0duspwnens
b5c274de10 Merge remote-tracking branch 'remotes/origin/dev' into issue/6811 2022-01-11 09:48:31 -05:00
weslambert
84f7c6b13b Add event.acknowledged and event.escalated mappings 2022-01-10 16:08:35 -05:00
m0duspwnens
716c98ec61 requires and ordering for socusersroles state 2022-01-10 14:39:00 -05:00
Josh Brower
56aa24d874 Fix Wazuh WEL Parsing 2022-01-10 13:55:38 -05:00
Mike Reeves
b7a90a88f9 Merge pull request #6815 from Security-Onion-Solutions/esbackup 
Add ability to specify local backup dir
 2022-01-10 13:31:24 -05:00
weslambert
1c3eeb5a34 Fix typo -- replace period with comma 2022-01-10 13:29:06 -05:00
m0duspwnens
beb9a33628 only include curl.config if elasticsearch:auth is enabled 2022-01-10 11:48:16 -05:00
Mike Reeves
dbba7d7226 Add ability to specify local backup dir 2022-01-10 11:31:41 -05:00
Jason Ertel
d3656a7777 Merge branch 'dev' into kilo 2022-01-07 13:41:35 -05:00
Jason Ertel
391db568b0 Update field mappings based on Wes' feedback 2022-01-07 13:28:36 -05:00
weslambert
770e53d914 Add keyword subfield for event.severity_label 2022-01-07 11:21:57 -05:00
weslambert
c69e1353d9 Add event.severity_label 2022-01-07 11:19:54 -05:00
Josh Brower
5d4ea2ba3a Revert Wazuh parser update 2022-01-07 10:51:24 -05:00
weslambert
a7e7566532 Merge pull request #6780 from Security-Onion-Solutions/feature/datatype_compliance 
Initial commit for data type compliance
 2022-01-06 16:38:17 -05:00
Josh Brower
277c7f1ef8 Uppercase first char in Wazuh WEL 2022-01-06 14:58:50 -05:00
weslambert
900d12b556 Add logger stanza to suppress deprecation warning messages for now due to current system index access warning messages flooding the ES log 2022-01-06 10:35:50 -05:00
Josh Patterson
eaa6597cd7 Merge pull request #6773 from Security-Onion-Solutions/issue/6765 
Issue/6765
 2022-01-05 18:11:06 -05:00
weslambert
c1a88977cf Disable fielddata for _id field by default (since it is deprecated and can be memory-intensive) 2022-01-05 15:23:52 -05:00