CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-26 19:03:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
14,772 Commits 19 Branches 120 Tags
a6ff92b099faa1c1a43def5e85331d084e18edc8
Commit Graph

630 Commits

Author SHA1 Message Date
DefensiveDepth
376efab40c Ship Defender logs 2024-04-08 14:01:38 -04:00
Josh Brower
8e38c3763e Merge pull request #12756 from Security-Onion-Solutions/2.4/detections-defaults 
Use list not string
 2024-04-04 17:00:38 -04:00
DefensiveDepth
ca807bd6bd Use list not string 2024-04-04 16:58:39 -04:00
Josh Brower
f72cbd5f23 Merge pull request #12755 from Security-Onion-Solutions/2.4/detections-defaults 
2.4/detections defaults
 2024-04-04 11:33:59 -04:00
DefensiveDepth
49d5fa95a2 Detections tweaks 2024-04-04 11:26:44 -04:00
Doug Burks
d8ac3f1292 FEATURE: Add dashboards specific to Elastic Agent #12746 2024-04-04 09:30:05 -04:00
Doug Burks
5ec3b834fb FEATURE: Add Events table columns for event.module sigma #12743 2024-04-04 09:11:41 -04:00
Jason Ertel
a7fab380b4 clarify telemetry annotation 2024-04-04 07:51:23 -04:00
Jason Ertel
a9517e1291 clarify telemetry annotation 2024-04-04 07:49:30 -04:00
DefensiveDepth
f66cca96ce YARA casing 2024-04-03 16:17:29 -04:00
Corey Ogburn
0f50a265cf Update SOC Config with State File Paths 
Each detection engine is getting a state file to help manage the timer over restarts. By default, the files will go in soc's config folder inside a fingerprints folder.
 2024-04-03 13:12:18 -06:00
Jason Ertel
3e05c04aa1 Merge pull request #12731 from Security-Onion-Solutions/jertel/ana 
SOC Telemetry
 2024-04-03 14:51:41 -04:00
Doug Burks
9078b2bad2 FEATURE: Add Events table columns for event.module kratos #12740 2024-04-03 12:46:29 -04:00
Doug Burks
66844af1c2 FEATURE: Add dashboard for SOC Login Failures #12738 2024-04-03 11:54:53 -04:00
Josh Brower
fbdcc53fe0 Merge pull request #12732 from Security-Onion-Solutions/2.4/detections-defaults 
Feature - auto-enabled Sigma rules
 2024-04-03 09:01:09 -04:00
DefensiveDepth
a8f25150f6 Feature - auto-enabled Sigma rules 2024-04-03 08:21:50 -04:00
Doug Burks
2f03cbf115 FEATURE: Add Events table columns for event.module strelka #12716 2024-04-02 10:42:20 -04:00
Doug Burks
b2b54ccf60 FEATURE: Add Events table columns for event.module strelka #12716 2024-04-02 10:11:16 -04:00
Doug Burks
6c2437f8ef FEATURE: Add Events table columns for event.module playbook #12703 2024-04-02 09:55:56 -04:00
Doug Burks
505eeea66a Update defaults.yaml 2024-04-02 09:39:54 -04:00
DefensiveDepth
7f488422b0 Add default columns 2024-04-02 09:13:27 -04:00
Jason Ertel
9d2b40f366 Merge branch '2.4/dev' into jertel/ana 2024-04-01 09:50:38 -04:00
Jason Ertel
3aea2dec85 analytics 2024-04-01 09:50:18 -04:00
Corey Ogburn
e5a3a54aea Proper YAML 2024-03-29 14:31:43 -06:00
Doug Burks
b64ed5535e FEATURE: Add individual dashboards for Zeek SSL and Suricata SSL logs #12699 2024-03-29 15:29:38 -04:00
Doug Burks
5be56703e9 Merge pull request #12698 from Security-Onion-Solutions/dougburks-patch-1 
FEATURE: Add Events table columns for zeek ssl and suricata ssl #12697
 2024-03-29 14:46:39 -04:00
Doug Burks
0c7ba62867 FEATURE: Add Events table columns for zeek ssl and suricata ssl #12697 2024-03-29 14:44:29 -04:00
Corey Ogburn
e747a4e3fe New Settings for Manual Sync in Detections 2024-03-29 12:25:03 -06:00
Doug Burks
102c3271d1 FEATURE: Add process.command_line to Process Info and Process Ancestry dashboards #12694 2024-03-29 12:04:47 -04:00
Doug Burks
e2caf4668e FEATURE: Add Events table columns for event.module elastic_agent #12666 2024-03-26 16:08:41 -04:00
Josh Brower
63a58efba4 Merge pull request #12656 from Security-Onion-Solutions/2.4/detections-fixes 
Add bindings for sigma repos
 2024-03-26 09:33:38 -04:00
DefensiveDepth
bbcd3116f7 Fixes 2024-03-26 09:31:46 -04:00
Josh Brower
9c12aa261e Merge pull request #12660 from Security-Onion-Solutions/kilo 
Initial cut to remove Playbook and deps
 2024-03-26 08:31:11 -04:00
DefensiveDepth
cc0f4847ba Casing and validation 2024-03-26 08:10:57 -04:00
DefensiveDepth
7c4ea8a58e Add Detections SOC Config 2024-03-26 07:39:39 -04:00
Doug Burks
20bd9a9701 FEATURE: Include additional groupby fields in Dashboards relating to sankey diagrams #12657 2024-03-26 07:39:24 -04:00
DefensiveDepth
94ee761207 Remove Playbook ref 2024-03-25 21:11:47 -04:00
DefensiveDepth
d7ecad4333 Initial cut to remove Playbook and deps 2024-03-25 19:42:31 -04:00
DefensiveDepth
49fa800b2b Add bindings for sigma repos 2024-03-25 14:45:50 -04:00
Josh Brower
b8d33ab983 Merge pull request #12639 from Security-Onion-Solutions/2.4/enable-detections 
Enable Detections
 2024-03-25 09:30:01 -04:00
Corey Ogburn
237946e916 Specify Folder in Rule Repo 2024-03-22 13:52:20 -06:00
Corey Ogburn
3d04d37030 Update ElastAlert Config with Default Repos 2024-03-22 13:52:20 -06:00
Doug Burks
a78a304d4f FEATURE: Add event.dataset to all Events column layouts #12641 2024-03-22 13:19:31 -04:00
DefensiveDepth
5ca9ec4b17 Enable Detections 2024-03-22 10:12:26 -04:00
Doug Burks
2b019ec8fe Merge pull request #12634 from Security-Onion-Solutions/dougburks-patch-1 
FEATURE: Add Events column layout for event.module system #12628
 2024-03-22 05:52:23 -04:00
DefensiveDepth
4a33234c34 Default update to 24 hours 2024-03-21 07:26:19 -04:00
Doug Burks
778997bed4 FEATURE: Add Events column layout for event.module system #12628 2024-03-20 17:07:37 -04:00
DefensiveDepth
d84af803a6 Enable Autoupdates 2024-03-20 08:48:31 -04:00
DefensiveDepth
020eb47026 Change Detections defaults 2024-03-19 13:53:37 -04:00
Jason Ertel
844cfe55cd handle airgap when detections not enabled 2024-03-13 20:52:17 -04:00