CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
16,138 Commits 24 Branches 119 Tags
ab97d3b8b7c91f9c13cfd2fa265741f840c3b76b
Commit Graph

1188 Commits

Author SHA1 Message Date
reyesj2
1396083b7d use so-elasticsearch-query where possible; simplify suricata.alerts index reroute 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-01-17 13:29:46 -06:00
reyesj2
9032d7d7bc any suricata.alert with event.imported: true remains in logs-import-so 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-01-16 18:48:31 -06:00
reyesj2
45d3438d18 update ingest pipeline for imported logs 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-01-16 17:33:14 -06:00
reyesj2
b3b7fb8f29 add null check and move tag lookup to .contains() in global@custom 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-01-15 12:16:11 -06:00
reyesj2
4618256442 include okta-mappings in so-logs-okta.system index template 2025-01-13 11:32:27 -06:00
reyesj2
323ef1d5d6 add missing lifecycle name to trend_micro_vision_one indices 2025-01-13 09:29:22 -06:00
reyesj2
a5b1648b68 add missing lifecycle name to crowdstrike indices 2025-01-13 09:26:16 -06:00
reyesj2
4f92b7ced1 add support for cloudflare_logpush integration 2025-01-13 09:23:05 -06:00
reyesj2
e60a1e4357 zeek ldap & ldap_search parsing 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-01-09 16:06:10 -06:00
reyesj2
0e87351a9c add zeek.quic mappings 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-01-08 16:18:53 -06:00
reyesj2
9f83853922 Zeek QUIC support 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-12-31 13:44:20 -06:00
reyesj2
157185c370 add ti_opencti integration support 2024-12-18 11:33:49 -06:00
reyesj2
ad8b339a3b fix error due to null reference 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-12-06 09:07:16 -06:00
reyesj2
754d28e95d add openvpn & ipsec support to Zeek 2024-12-05 09:52:55 -06:00
reyesj2
993d56cb58 ti_rapid7* 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-11-25 15:51:49 -06:00
reyesj2
efa6a533c3 add missing ilm to index template 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-11-25 15:47:47 -06:00
reyesj2
44ec237447 additional integration support - cisco secure email gateway - rapid7 threat command 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-11-15 11:39:01 -06:00
Jorge Reyes
dfd9108f39 Merge pull request #13945 from Security-Onion-Solutions/2.4/dev 
2.4/dev
 2024-11-14 09:13:00 -06:00
reyesj2
1113c3924f zeek http2 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-11-14 09:09:23 -06:00
Jorge Reyes
4e0b5569dc Merge pull request #13933 from Security-Onion-Solutions/ilm-detection 
add ilm and update managed index settings
 2024-11-12 15:22:05 -06:00
reyesj2
6dbe0645e5 use auto_expand_replica, configure ilm for so-case* & so-detection* 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-11-11 13:51:48 -06:00
Jason Ertel
57a9992a3d Merge branch '2.4/dev' into jertel/wip 2024-11-11 10:06:44 -05:00
Corey Ogburn
8334fd9c46 Source Dates 2024-11-07 14:44:45 -07:00
reyesj2
80b82b0bd6 missing replica 0 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-11-06 15:24:13 -06:00
reyesj2
039d5c22ac fix: crowdstrike integration 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-11-06 14:35:41 -06:00
defensivedepth
7896f951f3 timestamp fix 2024-10-31 10:24:58 -04:00
reyesj2
36fc3bbd6d add so-ip-mappings index 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-10-30 10:24:11 -04:00
Corey Ogburn
640f53d085 Cleanup 
Fix indentation and trailing comma.
 2024-10-24 17:05:36 -06:00
Corey Ogburn
1aa9d87c5d Corrected 
Put the note on the right model this time.
 2024-10-24 17:05:36 -06:00
Corey Ogburn
e11c562022 Added Note to ES Mappings 2024-10-24 17:05:35 -06:00
Jorge Reyes
cf95af66c6 Revert "Add support for cybereason integration" 2024-10-21 15:23:05 -04:00
reyesj2
8b11019712 Add support for cybereason integration 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-10-18 11:56:47 -04:00
reyesj2
322199358d add support for trendmicro integration 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-10-16 16:45:46 -04:00
Jason Ertel
523ff66389 connect work 2024-10-16 13:44:01 -04:00
weslambert
aacd715379 Retry after 1 second 2024-09-25 13:07:01 -04:00
weslambert
50ae37c160 Check if running during soup 2024-09-25 08:25:20 -04:00
Wes
70c5a07913 Add back meta ad error.message 2024-09-23 21:36:40 +00:00
Wes
41112a59ec Add back meta 2024-09-23 20:12:14 +00:00
Wes
764eb98bc2 Add custom component for ints 2024-09-17 19:43:13 +00:00
Wes
cf0d56eee7 Fix suricata alerts for opnsense and pfsense 2024-09-17 19:24:31 +00:00
Jason Ertel
cce9e162d4 remove colon to avoid yaml parsing problems 2024-09-16 15:30:14 -04:00
Jason Ertel
217bb388a0 Clarify enabled settings 2024-09-16 10:05:17 -04:00
weslambert
24504dcc87 Fix annotations typo 2024-09-12 10:54:13 -04:00
weslambert
602158aa56 Add annotations for barracuda and imperva 2024-09-11 15:52:23 -04:00
Wes
f2bb54d993 Add barracuda and imperva integrations 2024-09-11 19:41:38 +00:00
Wes
25a9fb9b5c Add destination IP for so-system 2024-09-09 20:16:23 +00:00
m0duspwnens
5a1d61a042 ref es version 2024-09-05 08:45:44 -04:00
m0duspwnens
df14cbad44 fix calls to get_elastic_agent_vars 2024-09-04 17:43:49 -04:00
m0duspwnens
f106191e72 fix image for so-elasticsearch container 2024-09-04 16:01:24 -04:00
Josh Patterson
71f6b44c0c Merge pull request #13607 from Security-Onion-Solutions/esver 
use Elasticsearch version for some containers
 2024-09-04 13:30:07 -04:00