487 Commits

Author	SHA1	Message	Date
Jason Ertel	5eca1acbeb	incorporate features pillar	2023-07-06 13:24:45 -04:00
Jason Ertel	951f04c265	remove use of pipe	2023-06-29 12:10:12 -04:00
Corey Ogburn	fb27e7c479	Also add to dashboard ... Duplicate new queryToggleFilter from hunt to dashboard.	2023-06-23 11:30:26 -06:00
Corey Ogburn	261acee8a0	New Hunt queryToggleFilter ... New filter to exclude soc logs from hunt results.	2023-06-23 11:30:26 -06:00
Jason Ertel	b21b545756	use cluster-unique password for import encryption	2023-06-23 09:37:41 -04:00
Corey Ogburn	2b323ab661	Fix salt cmd.run commands for importing ... Functional and easy to read.	2023-06-22 17:30:56 -06:00
Jason Ertel	f4cbe20ddf	Merge pull request #10641 from Security-Onion-Solutions/jertel/fix-import ... fix quotations	2023-06-22 14:46:41 -04:00
Jason Ertel	0d92a1594a	fix quotations	2023-06-22 14:41:39 -04:00
Corey Ogburn	6769386c86	Change upload path	2023-06-22 10:59:24 -06:00
Corey Ogburn	b5e5bd57ad	Fix for Upload Import ... Needed to mount /nsm/soc/uploads into soc container. Made the upload route configurable. Added gpg logging to salt-relay.	2023-06-21 15:41:16 -06:00
Josh Brower	6ba9e057a9	Merge pull request #10600 from Security-Onion-Solutions/fix/dataset_tags ... Change format of event dataset and assign dataset to tags	2023-06-21 09:22:40 -04:00
Corey Ogburn	ad28ea275f	Better state management ... When salt-cp runs it's course and finds it can't send a file, it outputs a report saying as much but the exit code will be zero. Now we remove the filename and node from the response and look for `True` to know if it succeeded. Also, respect the cleanup flag on success or failure. Check the status of the decryption process before importing. No longer decrypt locally, issue salt command for the remote client to do the decrypting.	2023-06-20 09:41:14 -06:00
Corey Ogburn	41951659ec	Use importer's new --json flag. ... Using the new --json flag is not only more reliable than using a regex, the way the import script was written even re-imports will provide a url. This means that in more cases we can provide the results to the users (even if nothing changed).	2023-06-20 09:41:14 -06:00
Corey Ogburn	451a4784a1	send-file and import-file security ... Encrypt the file with a passphrase before sending and decrypt the file with the same passphrase before importing.	2023-06-20 09:41:14 -06:00
Corey Ogburn	1b7095fa81	Improved import-file url regex ... sed doesn't remove ALL whitespace, only newlines. It's better to stop at the first whitespace than to stop at a particular, maybe-not-last query string parameter.	2023-06-20 09:41:14 -06:00
Corey Ogburn	89d789fe0f	New folder for salt to maintain ... This folder is where a manager will initially store uploaded PCAP/EVTX files before sending to sensors. Sensors will store uploads in this folder on their own system.	2023-06-20 09:41:14 -06:00
Corey Ogburn	49055e260f	salt-relay import-file reporting ... On successful import, return dashboard URL	2023-06-20 09:41:14 -06:00
Corey Ogburn	a465039887	2 new capabilities: send-file and import-file	2023-06-20 09:41:14 -06:00
Doug Burks	0e09d73aa0	Resolve conflicts with dataset PR	2023-06-20 07:40:10 -04:00
Doug Burks	fc824359ed	Update default fields for kratos.audit	2023-06-20 07:30:56 -04:00
Doug Burks	7caa7cec6b	Fix SOC Auth queries in Dashboards and Hunt ... Change `event.dataset:audit` to `event.dataset:kratos.audit`.	2023-06-20 07:13:33 -04:00
Wes	b5bccc5e05	Use module in dataset name and add dataset tag	2023-06-15 13:06:57 +00:00
Mike Reeves	cace817c79	Merge branch '2.4/dev' of https://github.com/Security-Onion-Solutions/securityonion into airgaps	2023-05-24 08:43:03 -04:00
Jason Ertel	ba0ec18a33	Ignore Synchronize button clicks when an active salt job is running and another is already in queue	2023-05-22 14:52:07 -04:00
Mike Reeves	5315c51197	Allow additional docker parameters	2023-05-18 16:52:38 -04:00
Mike Reeves	7ab31e36af	Merge branch '2.4/dev' of https://github.com/Security-Onion-Solutions/securityonion into airgaps	2023-05-18 15:19:15 -04:00
Mike Reeves	0fd9fb9294	Allow additional docker parameters	2023-05-18 15:19:09 -04:00
Jason Ertel	4930ae4ba6	add missing var for local dev	2023-05-17 18:14:21 -04:00
m0duspwnens	e15c14cc2e	fix indent	2023-05-17 15:50:31 -04:00
m0duspwnens	f7ddf57f39	move files out of config	2023-05-17 15:49:22 -04:00
m0duspwnens	05a81596e5	place and access sensoronikey from sensoroni.config	2023-05-12 14:38:39 -04:00
m0duspwnens	fa1a428133	fix import	2023-05-11 15:36:20 -04:00
m0duspwnens	8e18986671	enabled/disable soc in ui	2023-05-11 15:33:16 -04:00
Mike Reeves	cbd1c05929	Sbin Changes	2023-05-04 10:36:03 -04:00
Mike Reeves	2d4f4791e0	Move files out of common	2023-05-01 15:21:31 -04:00
Doug Burks	4dcc79d245	FIX: Overview Customization link #10173	2023-04-20 16:26:51 -04:00
m0duspwnens	1047462898	add identifiers for all cron.present	2023-04-13 16:25:47 -04:00
Jason Ertel	7f28cdd2a3	provide means for using salt-relay with local development against remove VMs	2023-04-10 14:04:03 -04:00
Doug Burks	5be5466efe	fix GeoIP queries	2023-03-24 14:03:12 -04:00
Doug Burks	a9dc7a14cb	fix GeoIP queries	2023-03-24 13:56:51 -04:00
Doug Burks	aa9d44ab09	Add four new GeoIP dashboards	2023-03-24 13:51:13 -04:00
Josh Brower	bad905f54c	SOC Logs & Hunt Query	2023-03-23 16:22:59 -04:00
Josh Brower	2fe8668f1b	Merge pull request #9891 from Security-Onion-Solutions/2.4/huntqueries ... Initial updates for 2.4 fieldnames	2023-03-09 14:37:50 -05:00
Josh Brower	73abf8dbfd	Generic host dashboard	2023-03-09 14:32:52 -05:00
Josh Brower	1493806040	Change host dashboard titles	2023-03-08 17:03:02 -05:00
Josh Brower	a5c89bfaa1	update sysmon dashboards	2023-03-08 16:49:34 -05:00
m0duspwnens	0f9803120e	Merge remote-tracking branch 'remotes/origin/2.4/dev' into 2.4/heavynode	2023-03-06 13:55:09 -05:00
m0duspwnens	b6d55bedc8	make influxdb token accessible to all nodes	2023-03-06 13:50:17 -05:00
Doug Burks	a2bda07820	add VLAN dashboard	2023-03-05 15:24:11 -05:00
Josh Brower	9db6df0f14	Initial updates for 2.4 fieldnames	2023-03-04 15:19:19 -05:00