05e271af47
update soup for 2.3.181
2022-10-21 11:52:54 -04:00
f13f05eb94
Run without needing to be attached to a TTY
2022-10-19 14:11:11 -04:00
f4042263a3
Remove destination_geo.organization_name from Sysmon Network sankey diagram
2022-10-13 08:59:10 -04:00
7401008523
Update soup for 2.3.180
2022-10-11 12:58:37 -04:00
454a7a4799
FEATURE: Add new Sysmon dashboards #8870
2022-10-07 11:52:49 -04:00
ab17cbee31
Update Elastic to 8.4.3
2022-10-07 07:03:10 -04:00
9991f0cf95
update Elastic to 8.4.3
2022-10-07 07:02:24 -04:00
b8355b3a03
Update soup
2022-09-22 09:10:12 -04:00
535b9f86db
Merge pull request #8633 from Security-Onion-Solutions/bryant-sysmon
...
Fix issues: 8591-8953
2022-09-19 11:53:34 -04:00
e171dd52b8
Upgrade Elastic to 8.4.1
2022-08-30 16:11:40 -04:00
27a837369d
Upgrade Elastic to 8.4.1
2022-08-30 16:09:57 -04:00
82dff3e9da
Fix issues: 8591-8953
2022-08-30 13:48:53 +00:00
76cca8594d
Merge pull request #8623 from Security-Onion-Solutions/TOoSmOotH-patch-6
...
Update soup
2022-08-29 09:50:06 -04:00
5c9c95ba1f
Merge pull request #8622 from Security-Onion-Solutions/fix/strelka_yara_gen_webshells_ignore
...
Ignore gen_webshells.yar
2022-08-29 09:40:51 -04:00
e62bebeafe
Update soup
2022-08-29 09:39:41 -04:00
8a0e92cc6f
Add 'gen_webshells.yar' and re-arrange to put ignored rules in alphabetical order
2022-08-29 09:37:29 -04:00
30b9868de1
Update soup
2022-08-29 09:32:46 -04:00
f00d9074ff
Allow local modification acceptance prompt to be skipped when passing 'skip-prompt' as a parameter value to check_local_mods() function
2022-08-19 16:07:14 -04:00
fea2b481e3
Update rulecat.conf
2022-08-19 13:12:49 -04:00
fbf0803906
Update verbiage around major Elasticsearch version and not requiring Elastalert index maintenance
2022-08-18 09:16:22 -04:00
5deda45b66
Update elastalert_indices_check() function to only delete Elastalert indices if major Elasticsearch version is less than 8
...
Update elastalert_indices_check() function to only delete Elastalert indices if major Elasticsearch version is less than 8. Also clean up the output to only emit one notification regarding index deletion, and additional verbiage around function operation.
2022-08-18 09:11:38 -04:00
2dfd41bd3c
remove pipeline time panel - https://github.com/Security-Onion-Solutions/securityonion/issues/8369
2022-08-17 09:17:27 -04:00
179f669acf
FIX: so-curator-closed-delete-delete needs to reference new Elasticsearch directory #8529
2022-08-12 13:10:47 -04:00
32c29b28eb
revert to lower case #8469
2022-08-11 15:33:30 -04:00
7bf2603414
revert to lower case #8469
2022-08-11 15:32:49 -04:00
4003876465
FIX: Fix TLP options in Cases to align with TLP 2.0 #8469
2022-08-11 08:49:54 -04:00
4c677961c4
FIX: Fix TLP options in Cases to align with TLP 2.0 #8469
2022-08-11 08:49:25 -04:00
fd7a118664
Invoke check_local_mods() function earlier so we don't have to wait for Docker image downloads or OS updates before checking and potentially exiting SOUP
2022-08-08 08:58:19 -04:00
d7906945df
Add extra set of brackets for comparison of integers
2022-08-08 08:24:38 -04:00
cb384ae024
Ensure check_local_mods() runs at the beginning of SOUP, in addition to the end, and also that it prompts (forces) the user to accept/review local modifications.
2022-08-05 11:25:33 -04:00
4827c9e0d4
Merge pull request #8475 from Security-Onion-Solutions/issue/8441
...
add SYSTEMD_UNIT_FILE back to map file
2022-08-05 10:55:44 -04:00
3b62fc63c9
add SYSTEMD_UNIT_FILE back to map file
2022-08-05 10:53:07 -04:00
ad32c2b1a5
Merge pull request #8472 from Security-Onion-Solutions/issue/8441
...
ensure ExecStartPre is removed from default salt-minion service file
2022-08-04 16:36:16 -04:00
f02f431dab
ensure ExecStartPre is removed from default salt-minion service file
2022-08-04 16:34:06 -04:00
812964e4d8
Merge pull request #8460 from Security-Onion-Solutions/issue/8441
...
ensure parent dirs are created
2022-08-03 17:01:50 -04:00
99805cc326
ensure parent dirs are created
2022-08-03 16:54:22 -04:00
8d2b3f3dfe
Merge pull request #8457 from Security-Onion-Solutions/issue/8441
...
fix the requisite
2022-08-03 15:17:44 -04:00
15f7fd8920
fix the requisite
2022-08-03 15:16:12 -04:00
50460bf91e
Merge pull request #8456 from Security-Onion-Solutions/issue/8441
...
manage salt-minion start delay with systemd drop-in file
2022-08-03 13:44:09 -04:00
8c694a7ca3
Disable ingest.geoip.downloader by default
2022-08-03 09:21:40 -04:00
9ac640fa67
Remove airgap-specific logic for ingest.geoip.downloader
2022-08-03 09:21:03 -04:00
db8d9fff2c
manage salt-minion start delay with systemd drop-in file - https://github.com/Security-Onion-Solutions/securityonion/issues/8441
2022-08-02 16:22:26 -04:00
f2b10a5a86
Update Kibana version to 8.3.3
2022-08-02 11:32:01 -04:00
c69cac0e5f
Update Kibana version to 8.3.3
2022-08-02 11:31:35 -04:00
839cfcaefa
Update Elasticsearch defaults file and config.map.jinja to allow for local GeoIP database use when airgap is enabled
2022-08-02 14:32:17 +00:00
4c1585f8d8
FIX: Display PCAP menu action on Dashboards page #8343
2022-07-29 14:50:10 -04:00
2cc665bac6
https://github.com/Security-Onion-Solutions/securityonion/issues/8404
2022-07-29 09:55:20 -04:00
340dbe8547
Check to see if Elastalert is enabled before trying to run 'so-elastalert-stop'. Also suppress error output for when so-elastalert container is not present.
2022-07-19 13:25:09 -04:00
5ceff52796
Move Elastalert indices check to function and call from beginning of soup and during pre-upgrade to 2.3.140
2022-07-19 14:54:39 +00:00
f3a0ab0b2d
Perform Elastalert index check twice
2022-07-19 14:48:19 +00:00
Jason Ertel
Ben Allen
Doug Burks
Mike Reeves
bryant-treacle
Josh Brower
weslambert
m0duspwnens