CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-09 10:42:54 +01:00
Code Issues Packages Projects Releases Wiki Activity
9,685 Commits 25 Branches 119 Tags
aae2fd1fbb82a98ed5cb95b3dba9954c543f6791
Commit Graph

88 Commits

Author SHA1 Message Date
Wes Lambert
aae2fd1fbb Update DNS mappings to include .security 2022-03-02 14:27:15 +00:00
Wes Lambert
0b45cf7ae1 Update base mappings to include .security 2022-03-02 14:25:57 +00:00
Wes Lambert
d89af5f04f Update agent mappings to include .security 2022-03-02 14:25:14 +00:00
Wes Lambert
2d2ec45029 Modify base ECS mappings to include .security where possible, as well as custom analyzer definition 2022-03-02 14:19:36 +00:00
Wes Lambert
5489b8559d Revert "Switch from .security to match_only_text" 
This reverts commit f7862af934.
 2022-03-01 18:44:00 +00:00
Wes Lambert
2a9caccc7c Revert "Add additional .text subfield mappings" 
This reverts commit 61dadc6249.
 2022-03-01 18:43:24 +00:00
weslambert
e942d81433 Ensure correct formatting for source override 2022-02-25 19:14:58 -05:00
weslambert
a511fd33e9 Ensure correct formatting for destination override 2022-02-25 19:14:21 -05:00
Wes Lambert
a8bdff89ae Move files into SO component template directory 2022-02-25 18:00:16 +00:00
Wes Lambert
61dadc6249 Add additional .text subfield mappings 2022-02-25 16:27:37 +00:00
Wes Lambert
0f8a39002f Add .text subfield mappings for DTC where fields are defined 2022-02-24 19:39:52 +00:00
Wes Lambert
f7862af934 Switch from .security to match_only_text 2022-02-22 20:33:49 +00:00
Wes Lambert
4d1533537b Remove old index templates 2022-02-18 20:08:13 +00:00
Wes Lambert
9b841fd872 Add 'event.created' and 'event.ingested' keyword mapping 2022-02-08 21:34:32 +00:00
Wes Lambert
c2c4e4df17 Add Snyk component template 2022-02-08 15:23:43 +00:00
Wes Lambert
f9a50d33c3 Add new templates 2022-02-08 13:17:23 +00:00
Wes Lambert
2951e12c96 Remove snyk component template for now and fix folder structure 2022-02-08 13:16:59 +00:00
Wes Lambert
6d0ca6fcbb Fix mangled key name/typo 2022-02-08 12:59:07 +00:00
Wes Lambert
5090854d4d Add additional component templates and index template references 2022-02-08 03:03:55 +00:00
Wes Lambert
1366e5288e Add mappings references for new component templates to index templates 2022-02-07 19:54:23 +00:00
Wes Lambert
03bfb052ed Add component templates for Elasticsearch, Kibana, Logstash, Netflow, Suricata, and Zeek 2022-02-07 19:42:24 +00:00
Wes Lambert
317f6471d8 Add additional scan and rule filset mappings 2022-02-04 19:05:09 +00:00
Wes Lambert
1ce8bb3523 Fix winlog mapping reference reversion 2022-02-04 18:14:01 +00:00
Wes Lambert
5e03b1a5de Fix reference for file mappings in template 2022-02-04 18:11:03 +00:00
weslambert
898db542bf Merge pull request #7117 from Security-Onion-Solutions/feature/winlog_dtc_mappings 
Add winlog mappings
 2022-02-04 12:16:16 -05:00
Wes Lambert
69cb83cac9 Add winlog mappings 2022-02-04 17:08:26 +00:00
Wes Lambert
f3902cf77d Fix EG template and mappings 2022-02-04 16:00:16 +00:00
Wes Lambert
a3031b2b5c Additional DTC mapping changes 2022-02-04 15:38:51 +00:00
Wes Lambert
1ce386bb7f Add more DTC transition mappings 2022-02-03 17:33:05 +00:00
Wes Lambert
9db1510b0e Initial composable template configuration and base mappings 2022-02-02 02:08:31 +00:00
weslambert
fc0a5bce86 Revert field limit from testing 2022-01-27 11:18:35 -05:00
weslambert
60a0204975 Revert changes to common template 2022-01-27 11:02:47 -05:00
weslambert
1b3e7f9d79 Temp changes while adjusting mapping 2022-01-26 14:57:16 -05:00
weslambert
e77648c475 Merge pull request #6994 from Security-Onion-Solutions/feature/dtc 
Additional DTC changes
 2022-01-26 12:22:48 -05:00
Wes Lambert
e10749a495 Additional changes to template to accomodate default fields and keyword subfield 2022-01-26 17:16:29 +00:00
Jason Ertel
ed9b74dc33 store related event data as a flattened object blob 2022-01-26 12:16:05 -05:00
weslambert
ba52bd3835 Update template with syntax fixes 2022-01-25 08:56:03 -05:00
weslambert
f7a4cc20f2 Update so-common-template.json.jinja 2022-01-21 12:36:38 -05:00
weslambert
d1efa71c57 Remove dynamic keyword template to prevent field conflicts with mappings defined in common template 2022-01-20 12:34:32 -05:00
weslambert
e137ad60c5 Disable dynamic mapping and increase order to reduce potential field conflicts 2022-01-20 09:44:41 -05:00
Jason Ertel
dc44a91398 Prefix all SO fields to avoid potential conflicts with future ECS changes 2022-01-19 14:26:22 -05:00
Jason Ertel
d7ba1cedff remove unused fields object from related case schema 2022-01-19 08:39:21 -05:00
weslambert
c512351dd6 Add mapping for scan.exiftool and scan.pe.sections.entropy 2022-01-14 17:01:13 -05:00
weslambert
a90bc9dba9 Add mapping for scan.pe.sections.entropy 2022-01-14 16:58:53 -05:00
weslambert
84f7c6b13b Add event.acknowledged and event.escalated mappings 2022-01-10 16:08:35 -05:00
weslambert
1c3eeb5a34 Fix typo -- replace period with comma 2022-01-10 13:29:06 -05:00
Jason Ertel
d3656a7777 Merge branch 'dev' into kilo 2022-01-07 13:41:35 -05:00
Jason Ertel
391db568b0 Update field mappings based on Wes' feedback 2022-01-07 13:28:36 -05:00
weslambert
770e53d914 Add keyword subfield for event.severity_label 2022-01-07 11:21:57 -05:00
weslambert
c69e1353d9 Add event.severity_label 2022-01-07 11:19:54 -05:00