CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 18:22:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
10,578 Commits 24 Branches 119 Tags
aa7c39d31224a757b9241a0b0088404578031f5c
Commit Graph

10578 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Wes Lambert
57f01c70ec Remove extra forward slash in log path 2022-03-22 17:45:23 +00:00
Wes Lambert
2487d468ab Add RITA Elasticsearch ingest pipeline config 2022-03-22 17:38:22 +00:00
Wes Lambert
f613d8ad86 Add RITA Logstash config 2022-03-22 17:36:18 +00:00
weslambert
bb9d6673ec Fix casing 2022-03-21 12:38:50 -04:00
weslambert
9afa949623 Don't rotate Filebeat log on startup 2022-03-21 12:38:12 -04:00
weslambert
b2c26807a3 Add xpack.reporting.kibanaServer.hostname to defaults file 2022-03-21 09:30:25 -04:00
Wes Lambert
faeaa948c8 Remove extra Salt logic and clean up output format of resultant script 2022-03-19 04:31:48 +00:00
Wes Lambert
1a6ef0cc6b Re-enable FB module load 2022-03-19 03:55:40 +00:00
Wes Lambert
a18b38de4d Update so-filebeat-module-setup to use new load style to avoid having to explicitly enabled filesets 2022-03-19 03:54:41 +00:00
Wes Lambert
2e7d314650 Remove Cyberark module 2022-03-19 03:43:55 +00:00
Wes Lambert
c97847f0e2 Remove Threat Intel Recored Future fileset 2022-03-19 03:43:34 +00:00
Wes Lambert
59a2ac38f5 Disable FB module load for now 2022-03-18 22:12:09 +00:00
Wes Lambert
543bf9a7a7 Update Kibana version to 8 2022-03-18 22:07:21 +00:00
Wes Lambert
d111c08fb3 Update Curator commands with new Filebeat module variables 2022-03-18 21:45:33 +00:00
Doug Burks
a3f8a10eb9 Merge pull request #7608 from Security-Onion-Solutions/fix/telegraf-non-root 
FIX: Run telegraf as non-root #7468
 2022-03-18 15:17:28 -04:00
weslambert
a9ea99daa8 Switch from so_elastic user to so_kibana user for Elastic 8 2022-03-18 15:09:50 -04:00
weslambert
cb0d4acd57 Remove X-Pack ML entry for Elastic 8 2022-03-18 14:46:28 -04:00
Doug Burks
eda7a8d7ea FIX: Update telegraf influxdbsize.sh to collect influxdb size from influxdb_size.log #7468 2022-03-18 13:15:43 -04:00
Doug Burks
f7dc5588ae FIX: Update common init.sls to create cron job to write influxdb size for telegraf #7468 2022-03-18 13:13:46 -04:00
Doug Burks
c13994994b FIX: Update telegraf init.sls to run telegraf as non-root #7468 2022-03-18 13:11:56 -04:00
weslambert
e0374be4aa Update version from 7.16.2 to 8.1.0 for Kibana config 2022-03-18 11:57:33 -04:00
weslambert
6f294cc0c2 Change Kibana user role from superuser to kibana_system for Elastic 8 2022-03-18 11:54:08 -04:00
weslambert
5ec5b9a2ee Remove older module config files 2022-03-18 10:14:13 -04:00
weslambert
c659a443b0 Update from search.remote to cluster.remote for Elastic 8 2022-03-17 21:25:10 -04:00
weslambert
99430fddeb Update from search.remote to cluster.remote for Elastic 8 2022-03-17 21:24:39 -04:00
weslambert
7128b04636 Remove indices.query.bool.max_clause_count because it is dynamically allocated in Elastic 8 2022-03-17 21:20:41 -04:00
weslambert
712a92aa39 Switch from log input to filestream input 2022-03-17 21:18:03 -04:00
Wes Lambert
6e2aaa0098 Clean up original map file 2022-03-17 21:08:57 +00:00
Wes Lambert
09892a815b Add back bind mounts and remove THIRDPARTY 2022-03-17 21:06:07 +00:00
Wes Lambert
a60ef33930 Reorganize FB module management 2022-03-17 21:01:03 +00:00
Josh Patterson
949365c636 Merge pull request #7602 from Security-Onion-Solutions/issue/7601 
prevent so-setup iso from running on ubuntu
 2022-03-17 11:37:53 -04:00
m0duspwnens
a896348743 prevent so-setup iso from running on ubuntu - https://github.com/Security-Onion-Solutions/securityonion/issues/7601 2022-03-17 11:31:16 -04:00
Josh Brower
5b9c82a434 Merge pull request #7494 from Security-Onion-Solutions/fix/fleetdm-custom-hostname 
Force regen of ssl cert
 2022-03-16 15:17:05 -04:00
Doug Burks
50477071b8 Merge pull request #7588 from Security-Onion-Solutions/fix/prevent-multiple-instances 
FIX: Prevent multiple instances of so-sensor-clean and so-playbook-sync #6622
 2022-03-16 13:54:00 -04:00
Doug Burks
e65f2a5513 FIX: Prevent multiple instances of so-sensor-clean #6622 2022-03-16 13:28:39 -04:00
Doug Burks
e56f90d83c FIX: Prevent multiple instances of so-playbook-sync #6622 2022-03-16 13:27:37 -04:00
weslambert
aaded58131 Merge pull request #7565 from Security-Onion-Solutions/fix/es_template_fix 
Custom ES template fixes
 2022-03-15 11:09:46 -04:00
Doug Burks
9bf0265cea Merge pull request #7566 from Security-Onion-Solutions/feature/hunt-soc-auth 
FEATURE: Add new Hunt query for SOC logins #7327
 2022-03-15 10:58:40 -04:00
Mike Reeves
e01c1398d5 Merge pull request #7564 from Security-Onion-Solutions/removethehive 
Removethehive
 2022-03-15 10:56:08 -04:00
Wes Lambert
42d6c3a956 Replace Elastic connection check using ELASTICCURL with so-elasticsearch-query 2022-03-15 14:55:04 +00:00
Doug Burks
eec44a6b02 Add a SOC Auth query to hunt.queries.json 2022-03-15 10:38:46 -04:00
Doug Burks
d1e1887e36 Add support for Kratos audit logs in hunt.eventfields.json 2022-03-15 10:37:58 -04:00
Wes Lambert
5f56c7a261 Replace ELASTICCURL with so-elasticsearch-query 2022-03-15 14:32:00 +00:00
weslambert
d46620ea2a Merge pull request #7561 from Security-Onion-Solutions/es_template_map_fix 
Custom ES Template Fixes
 2022-03-15 10:01:42 -04:00
Jason Ertel
408f9d6695 Update .gitleaks.toml 2022-03-15 09:53:27 -04:00
Jason Ertel
b810f14428 Update .gitleaks.toml 2022-03-15 09:53:11 -04:00
Jason Ertel
cec9cba40e Create .gitleaks.toml 2022-03-15 09:47:57 -04:00
Jason Ertel
8ebeeb497f add configuration to override leak detector defaults 2022-03-15 09:43:09 -04:00
Mike Reeves
9c80ff4f65 Remove hive from more files 2022-03-15 09:37:58 -04:00
Mike Reeves
81f0aa58b8 Remove hive from more files 2022-03-15 08:28:03 -04:00