CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 18:22:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
12,898 Commits 24 Branches 119 Tags
a892adb66f7100e0973889ae35c63ef092d9277c
Commit Graph

12898 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Corey Ogburn
6769386c86 Change upload path 2023-06-22 10:59:24 -06:00
m0duspwnens
36272efda7 create ES_LOGSTASH_NODES which removes heavynodes 2023-06-22 09:46:42 -04:00
weslambert
6b97d07a89 Merge pull request #10629 from Security-Onion-Solutions/fix/elasticsearch_ingest_suricata_xff_ip 
Parse xff
 2023-06-22 08:45:58 -04:00
coreyogburn
da82395dcf Merge pull request #10633 from Security-Onion-Solutions/cogburn/10413 
Cogburn/10413
 2023-06-21 15:48:53 -06:00
Corey Ogburn
b5e5bd57ad Fix for Upload Import 
Needed to mount /nsm/soc/uploads into soc container.

Made the upload route configurable.

Added gpg logging to salt-relay.
 2023-06-21 15:41:16 -06:00
Josh Patterson
ad4fb52b81 Merge pull request #10631 from Security-Onion-Solutions/2.4/repos 
2.4/repos
 2023-06-21 16:06:30 -04:00
m0duspwnens
4e849ecc90 issues with exclude rocky-repos 2023-06-21 15:14:53 -04:00
weslambert
7e37cd0f05 Parse xff 2023-06-21 14:29:54 -04:00
Mike Reeves
3952c1a9b7 Fix desktop state 2023-06-21 13:52:10 -04:00
Mike Reeves
c13c37f406 Fix desktop state 2023-06-21 13:49:01 -04:00
Mike Reeves
9240c3c6f0 Fix desktop package list 2023-06-21 13:42:51 -04:00
Mike Reeves
2aa01280e7 Fix desktop package list 2023-06-21 13:34:47 -04:00
m0duspwnens
1675b787bf exclude rocky-repos and remove files 2023-06-21 13:27:34 -04:00
Mike Reeves
4866eb2315 Fix desktop package list 2023-06-21 12:52:42 -04:00
Mike Reeves
f785fb2772 Fix desktop package list 2023-06-21 12:27:15 -04:00
Mike Reeves
8c9f863808 Fix desktop package list 2023-06-21 12:22:03 -04:00
Mike Reeves
1751e35121 Fix desktop package list 2023-06-21 12:20:57 -04:00
Mike Reeves
6676afc7de Fix desktop package list 2023-06-21 12:19:48 -04:00
Mike Reeves
699ea1ac3e Fix desktop package list 2023-06-21 11:48:37 -04:00
Mike Reeves
90fdb9c465 Update paths 2023-06-21 11:47:22 -04:00
Mike Reeves
48291f5271 Merge branch '2.4/dev' of https://github.com/Security-Onion-Solutions/securityonion into desktop 2023-06-21 11:43:05 -04:00
Mike Reeves
3a41b090c1 Update paths 2023-06-21 11:42:51 -04:00
Josh Brower
139b36b189 Merge pull request #10627 from Security-Onion-Solutions/2.4/import-evtx 
Refactor EVTX Import
 2023-06-21 11:42:10 -04:00
Josh Brower
6ddf887342 Refactor EVTX Import 2023-06-21 09:32:42 -04:00
Josh Brower
6ba9e057a9 Merge pull request #10600 from Security-Onion-Solutions/fix/dataset_tags 
Change format of event dataset and assign dataset to tags
 2023-06-21 09:22:40 -04:00
Mike Reeves
6600484f8e Update Docker 2023-06-21 09:15:31 -04:00
Mike Reeves
b02c38175c Merge pull request #10624 from Security-Onion-Solutions/TOoSmOotH-patch-2 
Salt Defunct Workaround
 2023-06-20 17:44:53 -04:00
Mike Reeves
4497f6561f Salt Defunct Workaround 
This can be removed once they patch salt
 2023-06-20 17:27:02 -04:00
Mike Reeves
0fc03baf58 Desktop Packages 2023-06-20 13:41:10 -04:00
coreyogburn
fb81c6e2e3 Merge pull request #10601 from Security-Onion-Solutions/cogburn/10413 
Cogburn/10413
 2023-06-20 11:08:53 -06:00
Corey Ogburn
ad28ea275f Better state management 
When salt-cp runs it's course and finds it can't send a file, it outputs a report saying as much but the exit code will be zero. Now we remove the filename and node from the response and look for `True` to know if it succeeded. Also, respect the cleanup flag on success or failure.

Check the status of the decryption process before importing.

No longer decrypt locally, issue salt command for the remote client to do the decrypting.
 2023-06-20 09:41:14 -06:00
Corey Ogburn
41951659ec Use importer's new --json flag. 
Using the new --json flag is not only more reliable than using a regex, the way the import script was written even re-imports will provide a url. This means that in more cases we can provide the results to the users (even if nothing changed).
 2023-06-20 09:41:14 -06:00
Corey Ogburn
451a4784a1 send-file and import-file security 
Encrypt the file with a passphrase before sending and decrypt the file with the same passphrase before importing.
 2023-06-20 09:41:14 -06:00
Corey Ogburn
1b7095fa81 Improved import-file url regex 
sed doesn't remove ALL whitespace, only newlines. It's better to stop at the first whitespace than to stop at a particular, maybe-not-last query string parameter.
 2023-06-20 09:41:14 -06:00
Corey Ogburn
89d789fe0f New folder for salt to maintain 
This folder is where a manager will initially store uploaded PCAP/EVTX files before sending to sensors. Sensors will store uploads in this folder on their own system.
 2023-06-20 09:41:14 -06:00
Corey Ogburn
49055e260f salt-relay import-file reporting 
On successful import, return dashboard URL
 2023-06-20 09:41:14 -06:00
Corey Ogburn
a465039887 2 new capabilities: send-file and import-file 2023-06-20 09:41:14 -06:00
Doug Burks
b60cf29598 Merge pull request #10618 from Security-Onion-Solutions/dougburks-patch-1 
Resolve conflicts with dataset PR
 2023-06-20 07:42:30 -04:00
Doug Burks
0e09d73aa0 Resolve conflicts with dataset PR 2023-06-20 07:40:10 -04:00
Doug Burks
520a5671ca Merge pull request #10617 from Security-Onion-Solutions/dougburks-patch-1 
Fix SOC Auth queries in Dashboards and Hunt
 2023-06-20 07:32:46 -04:00
Doug Burks
fc824359ed Update default fields for kratos.audit 2023-06-20 07:30:56 -04:00
Doug Burks
7caa7cec6b Fix SOC Auth queries in Dashboards and Hunt 
Change `event.dataset:audit` to `event.dataset:kratos.audit`.
 2023-06-20 07:13:33 -04:00
Josh Patterson
0695140f83 Merge pull request #10611 from Security-Onion-Solutions/2.4/ubuntu 
2.4/ubuntu
 2023-06-16 14:00:52 -04:00
m0duspwnens
ed1e2c8908 ignore failure notification for Ubuntu Failed to restart snapd 2023-06-16 13:58:45 -04:00
Jason Ertel
594900a8d4 Merge pull request #10609 from Security-Onion-Solutions/kilo 
webauthn for SOC
 2023-06-16 13:15:25 -04:00
Jason Ertel
6894fa4e4d Update VERSION 2023-06-16 13:09:01 -04:00
m0duspwnens
2334d82d36 fix salt install for ubuntu 2023-06-16 11:13:34 -04:00
Josh Patterson
c0a2ea3138 Merge pull request #10604 from Security-Onion-Solutions/2.4/receiver 
2.4/receiver
 2023-06-15 15:42:34 -04:00
m0duspwnens
d4acb1a33a Merge remote-tracking branch 'origin/2.4/dev' into 2.4/receiver 2023-06-15 15:32:49 -04:00
m0duspwnens
5de9e5baf4 allow sensor to logstash on receiver 2023-06-15 14:46:46 -04:00