CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
12,537 Commits 24 Branches 119 Tags
aa91c1fef2af9725bf01818936b381c1de39b940
Commit Graph

12537 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
weslambert
aa91c1fef2 Add empty object for index_settings 2023-06-23 15:57:30 -04:00
weslambert
ff7db0be63 Remove old index settings 2023-06-23 15:31:11 -04:00
Wes
b96d3473f2 Fix indentation 2023-06-23 18:38:04 +00:00
Wes
62fa15c63e Add more templates 2023-06-23 14:43:15 +00:00
weslambert
e995576b1d Remove extra templates 2023-06-23 09:41:49 -04:00
Wes
5e8748c436 Load Elasticsearch templates 2023-06-23 13:28:01 +00:00
Wes
e2cca917c1 Add package load command to Fleet setup 2023-06-23 13:26:06 +00:00
Wes
d8700137d2 Add updated so-elasticsearch-templates-load 2023-06-23 13:23:29 +00:00
Wes
2c42d4b19e Add package check to so-elasticsearch-templates-load 2023-06-23 13:22:51 +00:00
Wes
a3c7e40c40 Add package load command 2023-06-23 13:20:05 +00:00
Wes
94fe456e28 Add package functions 2023-06-23 13:19:20 +00:00
Wes
662db41857 Add default packages 2023-06-23 13:17:38 +00:00
Jason Ertel
7623dd20b9 Merge pull request #10644 from Security-Onion-Solutions/cogburn/salt-relay-fix 
WIP: Fix `salt cmd.run` commands for importing
 2023-06-22 20:31:19 -04:00
Corey Ogburn
2b323ab661 Fix salt cmd.run commands for importing 
Functional and easy to read.
 2023-06-22 17:30:56 -06:00
Jason Ertel
f4cbe20ddf Merge pull request #10641 from Security-Onion-Solutions/jertel/fix-import 
fix quotations
 2023-06-22 14:46:41 -04:00
Jason Ertel
0d92a1594a fix quotations 2023-06-22 14:41:39 -04:00
Jason Ertel
cae9e6230f Merge pull request #10638 from Security-Onion-Solutions/cogburn/import-fix 
Change upload path
 2023-06-22 13:04:22 -04:00
Corey Ogburn
6769386c86 Change upload path 2023-06-22 10:59:24 -06:00
weslambert
6b97d07a89 Merge pull request #10629 from Security-Onion-Solutions/fix/elasticsearch_ingest_suricata_xff_ip 
Parse xff
 2023-06-22 08:45:58 -04:00
coreyogburn
da82395dcf Merge pull request #10633 from Security-Onion-Solutions/cogburn/10413 
Cogburn/10413
 2023-06-21 15:48:53 -06:00
Corey Ogburn
b5e5bd57ad Fix for Upload Import 
Needed to mount /nsm/soc/uploads into soc container.

Made the upload route configurable.

Added gpg logging to salt-relay.
 2023-06-21 15:41:16 -06:00
Josh Patterson
ad4fb52b81 Merge pull request #10631 from Security-Onion-Solutions/2.4/repos 
2.4/repos
 2023-06-21 16:06:30 -04:00
m0duspwnens
4e849ecc90 issues with exclude rocky-repos 2023-06-21 15:14:53 -04:00
weslambert
7e37cd0f05 Parse xff 2023-06-21 14:29:54 -04:00
m0duspwnens
1675b787bf exclude rocky-repos and remove files 2023-06-21 13:27:34 -04:00
Josh Brower
139b36b189 Merge pull request #10627 from Security-Onion-Solutions/2.4/import-evtx 
Refactor EVTX Import
 2023-06-21 11:42:10 -04:00
Josh Brower
6ddf887342 Refactor EVTX Import 2023-06-21 09:32:42 -04:00
Josh Brower
6ba9e057a9 Merge pull request #10600 from Security-Onion-Solutions/fix/dataset_tags 
Change format of event dataset and assign dataset to tags
 2023-06-21 09:22:40 -04:00
Mike Reeves
b02c38175c Merge pull request #10624 from Security-Onion-Solutions/TOoSmOotH-patch-2 
Salt Defunct Workaround
 2023-06-20 17:44:53 -04:00
Mike Reeves
4497f6561f Salt Defunct Workaround 
This can be removed once they patch salt
 2023-06-20 17:27:02 -04:00
coreyogburn
fb81c6e2e3 Merge pull request #10601 from Security-Onion-Solutions/cogburn/10413 
Cogburn/10413
 2023-06-20 11:08:53 -06:00
Corey Ogburn
ad28ea275f Better state management 
When salt-cp runs it's course and finds it can't send a file, it outputs a report saying as much but the exit code will be zero. Now we remove the filename and node from the response and look for `True` to know if it succeeded. Also, respect the cleanup flag on success or failure.

Check the status of the decryption process before importing.

No longer decrypt locally, issue salt command for the remote client to do the decrypting.
 2023-06-20 09:41:14 -06:00
Corey Ogburn
41951659ec Use importer's new --json flag. 
Using the new --json flag is not only more reliable than using a regex, the way the import script was written even re-imports will provide a url. This means that in more cases we can provide the results to the users (even if nothing changed).
 2023-06-20 09:41:14 -06:00
Corey Ogburn
451a4784a1 send-file and import-file security 
Encrypt the file with a passphrase before sending and decrypt the file with the same passphrase before importing.
 2023-06-20 09:41:14 -06:00
Corey Ogburn
1b7095fa81 Improved import-file url regex 
sed doesn't remove ALL whitespace, only newlines. It's better to stop at the first whitespace than to stop at a particular, maybe-not-last query string parameter.
 2023-06-20 09:41:14 -06:00
Corey Ogburn
89d789fe0f New folder for salt to maintain 
This folder is where a manager will initially store uploaded PCAP/EVTX files before sending to sensors. Sensors will store uploads in this folder on their own system.
 2023-06-20 09:41:14 -06:00
Corey Ogburn
49055e260f salt-relay import-file reporting 
On successful import, return dashboard URL
 2023-06-20 09:41:14 -06:00
Corey Ogburn
a465039887 2 new capabilities: send-file and import-file 2023-06-20 09:41:14 -06:00
Doug Burks
b60cf29598 Merge pull request #10618 from Security-Onion-Solutions/dougburks-patch-1 
Resolve conflicts with dataset PR
 2023-06-20 07:42:30 -04:00
Doug Burks
0e09d73aa0 Resolve conflicts with dataset PR 2023-06-20 07:40:10 -04:00
Doug Burks
520a5671ca Merge pull request #10617 from Security-Onion-Solutions/dougburks-patch-1 
Fix SOC Auth queries in Dashboards and Hunt
 2023-06-20 07:32:46 -04:00
Doug Burks
fc824359ed Update default fields for kratos.audit 2023-06-20 07:30:56 -04:00
Doug Burks
7caa7cec6b Fix SOC Auth queries in Dashboards and Hunt 
Change `event.dataset:audit` to `event.dataset:kratos.audit`.
 2023-06-20 07:13:33 -04:00
Josh Patterson
0695140f83 Merge pull request #10611 from Security-Onion-Solutions/2.4/ubuntu 
2.4/ubuntu
 2023-06-16 14:00:52 -04:00
m0duspwnens
ed1e2c8908 ignore failure notification for Ubuntu Failed to restart snapd 2023-06-16 13:58:45 -04:00
Jason Ertel
594900a8d4 Merge pull request #10609 from Security-Onion-Solutions/kilo 
webauthn for SOC
 2023-06-16 13:15:25 -04:00
Jason Ertel
6894fa4e4d Update VERSION 2023-06-16 13:09:01 -04:00
m0duspwnens
2334d82d36 fix salt install for ubuntu 2023-06-16 11:13:34 -04:00
Wes
3a34da354f Use append instead of set 2023-06-15 16:35:43 +00:00
Wes
58a63e0765 Remove extra comma 2023-06-15 14:22:37 +00:00