CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 17:52:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
9,350 Commits 24 Branches 119 Tags
a43fb293fc6dba64dbc08beece3ed093c147aa30
Commit Graph

50 Commits

Author SHA1 Message Date
weslambert
d1efa71c57 Remove dynamic keyword template to prevent field conflicts with mappings defined in common template 2022-01-20 12:34:32 -05:00
weslambert
e137ad60c5 Disable dynamic mapping and increase order to reduce potential field conflicts 2022-01-20 09:44:41 -05:00
Jason Ertel
dc44a91398 Prefix all SO fields to avoid potential conflicts with future ECS changes 2022-01-19 14:26:22 -05:00
Jason Ertel
d7ba1cedff remove unused fields object from related case schema 2022-01-19 08:39:21 -05:00
weslambert
c512351dd6 Add mapping for scan.exiftool and scan.pe.sections.entropy 2022-01-14 17:01:13 -05:00
weslambert
a90bc9dba9 Add mapping for scan.pe.sections.entropy 2022-01-14 16:58:53 -05:00
weslambert
84f7c6b13b Add event.acknowledged and event.escalated mappings 2022-01-10 16:08:35 -05:00
weslambert
1c3eeb5a34 Fix typo -- replace period with comma 2022-01-10 13:29:06 -05:00
Jason Ertel
d3656a7777 Merge branch 'dev' into kilo 2022-01-07 13:41:35 -05:00
Jason Ertel
391db568b0 Update field mappings based on Wes' feedback 2022-01-07 13:28:36 -05:00
weslambert
770e53d914 Add keyword subfield for event.severity_label 2022-01-07 11:21:57 -05:00
weslambert
c69e1353d9 Add event.severity_label 2022-01-07 11:19:54 -05:00
Wes Lambert
b60837e71a Initial commit for data type compliance 2022-01-05 16:38:56 +00:00
Jason Ertel
e87cbc37a4 Add case template 2021-12-28 19:17:15 -05:00
Mike Reeves
dc07aba63d Update so-common-template.json.jinja 2021-11-03 13:50:31 -04:00
Mike Reeves
747f14d60e Make common template honor replicas 2021-11-03 13:11:38 -04:00
weslambert
77ee1db44c Add .keyword subfield for conflict fields 2021-10-21 12:56:03 -04:00
weslambert
59852841ff Add keyword subfield for event.module 2021-10-15 13:29:50 -04:00
Wes Lambert
e1629d7ec4 Initial EG stuff 2021-10-13 17:13:07 +00:00
Mike Reeves
2ffb723bbd Rename so-common-template.json to so-common-template.json.jinja 2021-09-14 13:58:45 -04:00
Mike Reeves
e3900606dc Enable index sorting by default but allow it to be disabled 2021-09-04 10:42:18 -04:00
Rob Waight
b7591093cf Add index sorting to so-common-template.json 
Add index sorting to so-common-template.json
 2021-09-04 09:45:03 -04:00
Mike Reeves
a27263435a Add Templates for all filebeat modules 2021-08-27 14:41:04 -04:00
Mike Reeves
f8cdf5bca3 Add Templates for all filebeat modules 2021-08-27 14:39:02 -04:00
William Wernert
4f39cd1d7f Add logscan dynamic object to so-common template mappings 2021-07-30 16:02:02 -04:00
Wes Lambert
723172bc1f Add path_unmatch for data.port so it is not mapped as integer 2021-07-14 13:45:09 +00:00
Wes Lambert
323b5d6694 Add dynamic mapping for wazuh 2021-07-14 13:43:34 +00:00
weslambert
fcbacd473d Add ELK, redis 2021-06-30 09:34:56 -04:00
weslambert
06d77d9972 Update so-common-template.json 2021-06-30 09:31:32 -04:00
Mike Reeves
12d4d4a4f7 Dynamix Pipelines take 2 2021-06-10 09:19:15 -04:00
Mike Reeves
1c7741fdbe Add templates for SO logs 2021-06-09 12:38:19 -04:00
weslambert
cba719b3a0 Remove extra comma 2021-06-02 16:42:09 -04:00
weslambert
4241bb08b8 Add suricata/zeek until we migrate templates 2021-06-02 16:37:43 -04:00
Wes Lambert
a1a79719fc Add ignore above for message keyword field 2021-05-05 12:07:30 +00:00
Wes Lambert
619402cc67 Add event_data to common template so elastalert/playbook event_data fields can be indexed and searchable 2021-05-03 17:03:30 +00:00
Wes Lambert
942de130ca Enforce date type for ingest.timestamp 2021-03-31 12:24:51 +00:00
Josh Brower
71ae5b60ea Update Sigmac mappings and config for IPs and ports 2021-03-16 09:32:40 -04:00
Josh Brower
5fe025318b Update Sigmac mappings and config for IPs and ports 2021-03-15 15:53:00 -04:00
Josh Brower
548f67ca6f Initial support for Live Queries in Hunt 2021-03-04 18:21:13 -05:00
Josh Brower
d2a74c80e2 Update .security analyzer 2021-02-17 16:37:31 -05:00
Wes Lambert
3113d5fbdb Format scan.exiftool as text 2020-11-02 19:31:14 +00:00
Wes Lambert
af9daa4d71 Intel mapping enforcement and winlog.verion 2020-10-15 12:42:33 +00:00
Wes Lambert
b55ffa44f8 Fix module,dataset rename 2020-10-10 00:01:37 +00:00
Wes Lambert
019bec992d Add Strelka YARA matches as alerts 2020-10-06 12:19:44 +00:00
Josh Brower
8a78485906 Config Playbook SOC Alerts 2020-10-04 21:35:42 -04:00
Wes Lambert
36019727b3 Ensure IPs are typed as IP and ports as integer 2020-09-29 18:20:15 +00:00
Josh Brower
1cf7301db4 Adds new .security analyzed subfield 2020-08-26 05:11:42 -04:00
Josh Brower
15efe77e06 Ingest Parsing Update for Sysmon/WEL 2020-08-06 13:11:47 -04:00
Jason Ertel
d2df405cf0 so-import-pcap improvements: Ensure PCAP filenames with spaces are handled properly; Provide link directly to the imported logs, filtered by import ID; Require sudo access to run so-import-pcap 2020-07-21 11:07:09 -04:00
m0duspwnens
57bf23d83c move templates from logstash to elasticsearch 2020-07-14 16:07:46 -04:00