CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-25 14:07:49 +02:00
Code Issues Packages Projects Releases Wiki Activity
15,919 Commits 40 Branches 125 Tags
a84a32c075059ffaace45a6c407cf67e492ce804
Commit Graph

773 Commits

Author SHA1 Message Date
m0duspwnens 5649986834 Merge branch '2.4/dev' into vlb2 2024-12-09 15:35:57 -05:00
defensivedepth dcbb0e48d4 make sure its owned by socore 2024-11-08 14:34:29 -05:00
defensivedepth 8b70aa9f0e Fix socore permissions 2024-11-08 09:19:41 -05:00
defensivedepth f5bd8ab585 Rewrite docs 2024-11-07 15:33:47 -05:00
defensivedepth 28d468dd41 Merge remote-tracking branch 'origin/2.4/dev' into 2.4/templaterepos 2024-11-07 07:25:01 -05:00
Corey Ogburn 52a144c052 Added Help Link to Annotation for IgnoredSidRanges 2024-11-05 12:11:17 -07:00
Corey Ogburn 25d55feeef More Detailed Description 2024-11-05 11:41:14 -07:00
Corey Ogburn 5e48ccafce Update Default Value 2024-11-05 11:11:34 -07:00
Corey Ogburn 69dd35c30a Add Option for Ignoring Ranges of SIDs in Suricata Integrity Check 2024-11-04 14:31:53 -07:00
m0duspwnens efbf62f56a adding beacon 2024-11-04 08:30:40 -05:00
defensivedepth 5406a263d5 Add local custom template 2024-10-29 19:42:06 -04:00
m0duspwnens c64a05f2ff dynamic annotations 2024-10-29 10:20:31 -04:00
m0duspwnens 0c4426a55e Merge branch '2.4/dev' into vertlybimp 2024-10-29 08:32:39 -04:00
Josh Brower 6a3e5415cf Merge pull request #13832 from Security-Onion-Solutions/2.4/sigmapipelines 
Add process and file creation mappings
 2024-10-28 18:30:21 -04:00
defensivedepth f3ca5b1c42 Remove OS-specific mappings 2024-10-28 09:19:51 -04:00
m0duspwnens feb700393e merge with 2.4.120, fix merge conflicts 2024-10-25 15:09:38 -04:00
Corey Ogburn 6ce52bf9ab Specify Defaults for detectionEngineStatusQueries 
Specify the defaults as an example to the user.
 2024-10-24 13:11:49 -06:00
Corey Ogburn f67fcecc6e Clean up StatusQueries String 2024-10-24 11:18:48 -06:00
Corey Ogburn b7c392a244 Corrected a misspelling 2024-10-24 11:18:48 -06:00
Corey Ogburn ad0b0a5e95 Refactor to String 
To accomodate the config screen, the annotation now specifies it as a multiline string with a yaml syntax. The user can edit the yaml to add or remove queries. The UI will parse the YAML before use.

Also updated the IntegrityFailure queries to specify table columns more relevant to a sync failure than the default ones.
 2024-10-24 11:18:47 -06:00
Corey Ogburn c77b0afd8e Move to Client/Detections 
Added a basic annotation.
 2024-10-24 11:18:47 -06:00
Corey Ogburn 04ebe4efea Array to Dictionary 2024-10-24 11:18:46 -06:00
Corey Ogburn cbb4d6846f Detection Engine Status Queries 
A few for testing
 2024-10-24 11:18:45 -06:00
m0duspwnens 0476585370 dynamic annotations 2024-10-22 09:03:02 -04:00
defensivedepth dcdfaf66f4 Add process and file creation mappings 2024-10-16 15:20:52 -04:00
m0duspwnens dcc1738978 dynamic annotations 2024-10-11 10:46:07 -04:00
Corey Ogburn d2bd9c0e26 Changes to allow reviews to start showing 2024-10-10 09:48:59 -06:00
defensivedepth 778d5be407 Change summaries branch 2024-09-25 15:35:08 -04:00
Jason Ertel cce9e162d4 remove colon to avoid yaml parsing problems 2024-09-16 15:30:14 -04:00
Jason Ertel 217bb388a0 Clarify enabled settings 2024-09-16 10:05:17 -04:00
Jason Ertel 8b8737221d mark specific settings as allowed to include Jinja 2024-09-11 09:28:17 -04:00
Jason Ertel f19a35ff06 move custom alerters to subgroup; avoid false positives on log check 2024-08-28 09:32:25 -04:00
Jason Ertel 6043da4424 annotation updates 2024-08-27 13:04:43 -04:00
Jason Ertel 48f1e24bf5 notification updates 2024-08-22 09:04:43 -04:00
Jason Ertel cf47508185 notification updates 2024-08-22 09:02:32 -04:00
Jason Ertel caa8d9ecb0 fix repo path 2024-08-09 06:58:40 -04:00
Corey Ogburn c71b9f6e8f Fix CopyPasta 
Strelka annotations referenced ElastAlert. Fixed.
 2024-08-08 13:31:08 -06:00
Corey Ogburn 8c1feccbe0 Tweak value 2024-08-08 12:53:51 -06:00
Corey Ogburn 5ee15c8b41 Tweak value 2024-08-08 12:00:07 -06:00
Corey Ogburn 5328f55322 Remove new config value 2024-08-08 11:43:15 -06:00
Corey Ogburn 712f904c43 Config for Repo Folder 
The folder we checkout the AI Summary repo into should definitely exist.
 2024-08-08 10:57:07 -06:00
Corey Ogburn ccd7d86302 More AI Summaries Config/Annotations 
Added aiRepoBranch to all 3 detection engines.

Added showUnreviewedAiSummaries to client parameters.

Added annotations.
 2024-08-08 10:46:41 -06:00
Corey Ogburn fc89604982 New Config Values/Annotations for Ai Summaries 
Each engine pulls the same repo into the same location and shows the summaries.

Which repo and where to keep them is advanced, but turning AI summaries on or off is not.
 2024-08-06 13:55:54 -06:00
Jason Ertel 3130b56d58 Provide new setting to require OTP 2024-07-30 10:39:57 -04:00
Corey Ogburn 45b2413175 Removed Allow/Deny Regexes, Added Enable/Disable Regex 
Update config and annotations for new regex support for suricata.
 2024-07-19 12:45:24 -06:00
Corey Ogburn 022df966c7 Remove Allow/Deny Regex, Add Suricata Enable/Disable Regex 2024-07-19 12:28:04 -06:00
Corey Ogburn d0565baaa3 New Config Values for Detections Bulk Indexer 
`maxScrollSize` defines the "page size" of each scroll request.

`bulkIndexerWorkerCount` defines how many worker threads a bulk indexer should use. 0 or fewer indicates that 1 thread per CPU core should be used.
 2024-07-15 14:43:47 -06:00
Doug Burks 3991c7b5fe FEATURE: Add new action to SOC Actions list to allow users to more easily add their own actions #13346 2024-07-15 15:52:00 -04:00
Doug Burks dfd8ac3626 FIX: Update SOC MOTD #13320 2024-07-09 12:55:58 -04:00
m0duspwnens 50f0c43212 merge dev 2024-06-26 12:33:32 -04:00