CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-17 14:33:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
12,503 Commits 18 Branches 120 Tags
ad28ea275ff60530c63d57beb83df1cdc12c89a8
Commit Graph

7660 Commits

Author SHA1 Message Date
Corey Ogburn
ad28ea275f Better state management 
When salt-cp runs it's course and finds it can't send a file, it outputs a report saying as much but the exit code will be zero. Now we remove the filename and node from the response and look for `True` to know if it succeeded. Also, respect the cleanup flag on success or failure.

Check the status of the decryption process before importing.

No longer decrypt locally, issue salt command for the remote client to do the decrypting.
 2023-06-20 09:41:14 -06:00
Corey Ogburn
41951659ec Use importer's new --json flag. 
Using the new --json flag is not only more reliable than using a regex, the way the import script was written even re-imports will provide a url. This means that in more cases we can provide the results to the users (even if nothing changed).
 2023-06-20 09:41:14 -06:00
Corey Ogburn
451a4784a1 send-file and import-file security 
Encrypt the file with a passphrase before sending and decrypt the file with the same passphrase before importing.
 2023-06-20 09:41:14 -06:00
Corey Ogburn
1b7095fa81 Improved import-file url regex 
sed doesn't remove ALL whitespace, only newlines. It's better to stop at the first whitespace than to stop at a particular, maybe-not-last query string parameter.
 2023-06-20 09:41:14 -06:00
Corey Ogburn
89d789fe0f New folder for salt to maintain 
This folder is where a manager will initially store uploaded PCAP/EVTX files before sending to sensors. Sensors will store uploads in this folder on their own system.
 2023-06-20 09:41:14 -06:00
Corey Ogburn
49055e260f salt-relay import-file reporting 
On successful import, return dashboard URL
 2023-06-20 09:41:14 -06:00
Corey Ogburn
a465039887 2 new capabilities: send-file and import-file 2023-06-20 09:41:14 -06:00
Doug Burks
0e09d73aa0 Resolve conflicts with dataset PR 2023-06-20 07:40:10 -04:00
Doug Burks
fc824359ed Update default fields for kratos.audit 2023-06-20 07:30:56 -04:00
Doug Burks
7caa7cec6b Fix SOC Auth queries in Dashboards and Hunt 
Change `event.dataset:audit` to `event.dataset:kratos.audit`.
 2023-06-20 07:13:33 -04:00
Jason Ertel
594900a8d4 Merge pull request #10609 from Security-Onion-Solutions/kilo 
webauthn for SOC
 2023-06-16 13:15:25 -04:00
Doug Burks
b84d997f87 Update so_motd.jinja 2023-06-15 09:54:23 -04:00
Jason Ertel
b4e5ac9796 Add note to advise against changing settings 2023-06-14 16:11:50 -04:00
Jason Ertel
a88227d13f Merge branch '2.4/dev' into kilo 2023-06-14 13:34:15 -04:00
Jason Ertel
21a7b76352 webauthn 2023-06-14 13:33:31 -04:00
weslambert
03082339ca Merge pull request #10592 from Security-Onion-Solutions/fix/analyzer_dependencies 
Update analyzer dependencies
 2023-06-14 12:22:06 -04:00
Josh Brower
fa57494694 Merge pull request #10584 from Security-Onion-Solutions/2.4/elasticagent-renaming 
Change Elastic Fleet Tarball naming
 2023-06-14 09:42:57 -04:00
weslambert
3f1741e75a Merge pull request #10585 from Security-Onion-Solutions/fix/elasticsearch_templates 
Update Elasticsearch templates for Fleet
 2023-06-14 09:33:23 -04:00
Wes
48331ce35b Add system.system component templates 2023-06-14 13:29:11 +00:00
Wes
c2ac60b82e Add system.system template and add event-mappings 2023-06-14 13:28:00 +00:00
Josh Brower
9947f9def4 Rework tarball naming schema 2023-06-14 07:38:03 -04:00
Wes
c205438771 Update dependencies 2023-06-14 02:35:29 +00:00
Wes
8cde05807c Remove elastic-agent dir 2023-06-13 21:33:04 +00:00
Wes
2ac0aba916 Add osquery files 2023-06-13 21:32:02 +00:00
Wes
af003cc2a1 Add osquery templates 2023-06-13 20:43:39 +00:00
Josh Brower
0d4f6b4fe6 Change Elastic Fleet Tarball naming 2023-06-13 16:32:19 -04:00
Wes
bd7644a557 Add another template 2023-06-13 19:13:20 +00:00
Jason Ertel
90b740a997 ensure status line shows dates for new and existing imports 2023-06-13 15:11:13 -04:00
Wes
5547a1b7ab Add event mappings 2023-06-13 18:23:50 +00:00
Wes
1b90fd8581 Add custom component templates 2023-06-13 18:21:45 +00:00
Doug Burks
fb8ad71b27 Set START and END variables earlier in so-import-pcap 2023-06-13 13:19:18 -04:00
Wes
e43b7607bb Add more component templates 2023-06-13 17:04:03 +00:00
Wes
a265c06e31 Add other component templates 2023-06-13 15:47:25 +00:00
Wes
2aa954cb0a Add component templates 2023-06-13 15:25:23 +00:00
Wes
73812b11a3 Allow ingest node pipelines that start with a period 2023-06-13 13:37:56 +00:00
Wes
38ab426470 Add final Fleet pipeline 2023-06-13 13:36:26 +00:00
Wes
d0a6881c2c Add event mappings and remove meta information for now 2023-06-13 13:35:46 +00:00
Wes
57268ba934 Change priority of templates 2023-06-12 14:29:45 +00:00
Wes
1208915896 Remove Elastic Agent package templates 2023-06-12 14:24:59 +00:00
Wes
42f5ad9939 Add templates for system.auth and systen.syslog 2023-06-12 14:23:24 +00:00
Doug Burks
998c85e3f8 Update defaults.yaml 2023-06-12 09:31:19 -04:00
weslambert
32f3ee0b01 Merge pull request #10564 from Security-Onion-Solutions/fix/elasticsearch_templates 
Update templates for integrations
 2023-06-12 09:05:31 -04:00
Doug Burks
ae14e4870d Add ocsp to logging.zeek.exclued in defaults.yaml 2023-06-12 08:44:46 -04:00
Doug Burks
b3f8ed7dcd FIX: Suricata DHCP logs not ingesting #10565 2023-06-10 11:42:41 -04:00
Wes
ad5a424c03 Update templates for integrations 2023-06-09 18:32:50 +00:00
Jason Ertel
8a4f5d6dcb Merge branch '2.4/dev' into jertel/pcap 2023-06-09 11:51:37 -04:00
Jason Ertel
884a7041af Merge branch '2.4/dev' into jertel/pcap 2023-06-09 10:47:26 -04:00
Jason Ertel
023008c54c do not allow node_description to be set at global grid-wide level 2023-06-09 10:46:56 -04:00
Jason Ertel
6f7de954d9 Merge pull request #10559 from Security-Onion-Solutions/jertel/pcap 
Telegraf should monitor all mount points
 2023-06-09 09:18:54 -04:00
Jason Ertel
46371aaaf5 Monitor all mount points for simplicity 2023-06-09 09:14:36 -04:00