CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-30 12:53:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
11,206 Commits 20 Branches 120 Tags
a44d83d69b891d344ab6502645d3b0b689fe4bde
Commit Graph

6767 Commits

Author SHA1 Message Date
Doug Burks
a44d83d69b Improve Suricata DHCP parsing and dashboard 2023-01-31 08:33:38 -05:00
weslambert
0436f885b8 Set values for '@timestamp' and 'event.ingested' 2023-01-31 08:04:49 -05:00
Wes
5472f53c9f Remove bind mount and reference the correctly named entrypoint script 2023-01-30 21:24:30 +00:00
Wes
0156784687 Add EVTX integration policy for 'so-import-evtx' 2023-01-30 21:22:37 +00:00
Wes
cc100e50cd Update so-import-evtx to convert EVTX to a JSON file instead of streaming to Elasticsearch 2023-01-30 21:09:58 +00:00
weslambert
8240e5b20d Remove 'prospector.scanner' prefix from 'exclude_files' configuration 2023-01-27 16:46:43 -05:00
Doug Burks
b160d0add5 Fix typos in so-elastic-fleet-integration-policy-load 2023-01-27 15:45:58 -05:00
weslambert
68fac4488e Fix syntax for Zeek integration policies 2023-01-27 15:27:15 -05:00
weslambert
e47f64bd04 Change event.category from 'file' to 'network' 2023-01-27 12:00:30 -05:00
weslambert
f49627cec1 Update Zeek file exclusions and add a minor output formatting change 2023-01-27 11:47:14 -05:00
weslambert
6b251a2596 Change 'pipeline' to 'import.file' so that ICS tag conditional is applied to the correct field 2023-01-27 11:30:06 -05:00
weslambert
2772b03dca Change event.dataset value from 'tunnels' to 'tunnel' 2023-01-27 11:03:49 -05:00
weslambert
716ec7f936 Change event.dataset value from 'files' to 'file' 2023-01-27 11:02:44 -05:00
Doug Burks
86ca51ff99 Update to Elastic 8.6.1 2023-01-26 16:18:06 -05:00
Doug Burks
a27fc5c768 Update to Elastic 8.6.1 2023-01-26 16:17:36 -05:00
Wes
e4271043c6 Remove unnecessary Logstash pipelines 2023-01-26 18:05:14 +00:00
weslambert
a8d2631d75 Merge pull request #9650 from Security-Onion-Solutions/fix/elastic_agent_add_import_mode 
Elastic Agent - Import Mode
 2023-01-26 11:33:20 -05:00
Wes
b381c5424e Remove extra whitespace after 'so-elastic-agent-builder' line in 'so-image-common' 2023-01-26 16:13:23 +00:00
Wes
f1db1bc273 Ensure Kratos events are sent to a data stream instead of an index 2023-01-26 16:12:06 +00:00
Wes
7d68ef0e8b Add Elastic Agent and Fleet to firewall configuration for Import Mode 2023-01-26 16:07:31 +00:00
Wes
8051fc70eb Temporarily disable the loading of the RITA package policy 2023-01-26 16:03:59 +00:00
Wes
a9a119f1ab Add Elasticsearch output to 'so-elastic-fleet-setup' for Import Mode 2023-01-26 16:02:27 +00:00
Wes
6a803dfe35 Add Elastic Fleet to top file configuration for Import Mode 2023-01-26 16:01:03 +00:00
Wes
1fb6cf7bfe Add Elastic Fleet to allowed states for Import Mode 2023-01-26 15:59:49 +00:00
m0duspwnens
1d2f491084 Merge remote-tracking branch 'remotes/origin/2.4/dev' into 2.4/firewall 2023-01-26 10:49:00 -05:00
m0duspwnens
aafbdf6afc adjust retry and timeout for wait_for_influxdb 2023-01-26 10:12:37 -05:00
weslambert
6ee66a34bc Revert "Elastic Agent and Fleet - Import Mode" 2023-01-25 17:12:03 -05:00
weslambert
c73cd78f08 Merge pull request #9643 from Security-Onion-Solutions/2.4/dev 
Merge Dev
 2023-01-25 16:59:47 -05:00
m0duspwnens
790aa6b684 add logstash pillar items for minions 2023-01-25 15:18:56 -05:00
Wes
5c58cda872 Move certificate configuration outside of conditional logic 2023-01-25 19:29:50 +00:00
Mike Reeves
31f591a098 Merge pull request #9635 from Security-Onion-Solutions/mkr24 
Ubuntu support changes
 2023-01-25 13:34:44 -05:00
Wes
c3717dae67 Add Elastic Fleet firewall configuration for Import Mode 2023-01-25 18:27:00 +00:00
Mike Reeves
704d99e757 Salt for Ubuntu 2023-01-25 11:50:19 -05:00
Mike Reeves
9243b01cbb Salt for Ubuntu 2023-01-25 11:44:22 -05:00
Jason Ertel
c9f18891b2 Merge pull request #9639 from Security-Onion-Solutions/kilo 
auto extract source/dest IP on case related event attachments; improve so-verify stream to console
 2023-01-25 11:37:16 -05:00
Wes
86a925e1c7 Download Elastic Agent images for Import Mode 2023-01-25 16:09:12 +00:00
Wes
838beabae5 Add missing single quote for Elastic Agent Elasticsearch output 2023-01-25 15:58:06 +00:00
Wes
c46b5e734b Add 'elastic-fleet' to the list of allowed states for Import Mode 2023-01-25 14:38:23 +00:00
m0duspwnens
1b3f50a463 Merge remote-tracking branch 'remotes/origin/2.4/dev' into 2.4/firewall 2023-01-25 09:22:17 -05:00
Wes
1414b75e01 Allow 'elastic-fleet' state to be applied for Import Mode 2023-01-25 14:07:25 +00:00
Wes
506baa854d Configure Elasticsearch output if running Import Mode 2023-01-25 13:52:54 +00:00
weslambert
c9f458e1e2 Set event.dataset for all Kratos logs to 'access' for now 2023-01-25 08:19:50 -05:00
weslambert
7bf9d77962 Rename Kratos data stream 2023-01-25 08:18:21 -05:00
m0duspwnens
d1460ae01f add node_data.ips pillar. grab influx host ip for soc extra_hosts 2023-01-24 17:05:40 -05:00
Mike Reeves
161881efbb Salt for Ubuntu 2023-01-24 16:25:26 -05:00
Jason Ertel
7b1f867ac3 Add defaults for auto extracted observables 2023-01-24 13:17:50 -05:00
Wes
4b9c92c53d Set RITA event.dataset value explicitly 2023-01-24 18:00:34 +00:00
Wes
38ead7cb82 Remove import tag for now 2023-01-24 17:58:19 +00:00
Wes
44d149b1c3 Allow imported data to use a tag of 'import' 2023-01-24 17:01:52 +00:00
Wes
1e5377c78a Condense RITA integration policies, add ICS tags, and improve output readability 2023-01-24 16:56:20 +00:00