CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
13,778 Commits 24 Branches 119 Tags
ae45d40eca779ebb06403b3ce5ffabc1572f32e9
Commit Graph

252 Commits

Author SHA1 Message Date
Wes
ae45d40eca Add Sublime Platform ingest pipeline 2023-11-01 13:34:30 +00:00
weslambert
660020cc76 Parse pkt_src for Suricata logs 2023-10-23 15:45:41 -04:00
Wes
508260bd46 Use event.created for timestamp 2023-09-19 13:32:03 +00:00
Wes
1a3b3b21fb Change entropy value syntax 2023-08-31 15:09:19 +00:00
Wes
7971d9749a Assign pipeline to import 2023-08-17 14:08:48 +00:00
Josh Brower
dd1fa51eb5 Generate community_id for defend endpoint logs 2023-08-04 09:03:17 -04:00
weslambert
f102351052 Add event 2023-08-02 13:25:44 -04:00
weslambert
ac28f90af3 Remove override 2023-08-02 13:15:11 -04:00
Josh Brower
4f94d953c9 Merge remote-tracking branch 'origin/2.4/dev' into fix/elasticsearch_endpoint 2023-07-25 07:42:59 -04:00
Wes
5553be02ac Change how tags are added 2023-07-24 21:31:28 +00:00
Josh Brower
741e6039c1 Cleanup for Sigma Rules 2023-07-24 09:25:58 -04:00
Wes
e3249c8e4c Wrap values in quotes for proper conversion 2023-07-13 14:18:57 +00:00
weslambert
85bb5a327c Fix long vs float for pe version 2023-07-13 09:38:09 -04:00
Wes
577bfac886 Update logic for YARA matches 2023-07-11 17:00:13 +00:00
weslambert
7e37cd0f05 Parse xff 2023-06-21 14:29:54 -04:00
Wes
3a34da354f Use append instead of set 2023-06-15 16:35:43 +00:00
Wes
58a63e0765 Remove extra comma 2023-06-15 14:22:37 +00:00
Wes
b5bccc5e05 Use module in dataset name and add dataset tag 2023-06-15 13:06:57 +00:00
Wes
38ab426470 Add final Fleet pipeline 2023-06-13 13:36:26 +00:00
Doug Burks
b3f8ed7dcd FIX: Suricata DHCP logs not ingesting #10565 2023-06-10 11:42:41 -04:00
Doug Burks
e5f76a9c6e change suricata parsers from dataset to event.dataset 2023-06-08 12:31:31 -04:00
weslambert
2c10ad7eec Check if 'dns.query' is null 2023-05-19 15:50:33 -04:00
Doug Burks
a67cbb3276 FIX: Suricata DNS A and CNAME parsing #10117 2023-04-13 10:56:17 -04:00
weslambert
6d87620c6a Explicitly set 'event.dataset' as 'file' 2023-03-22 11:04:18 -04:00
Josh Brower
df036206a8 Fix Kratos parsing 2023-03-20 16:53:25 -04:00
Josh Brower
f7be4ba31c Remove host field from NIDS logs 2023-03-13 14:07:17 -04:00
Doug Burks
19ab2a5a46 rename suricata vlan field to network.vlan.id 2023-03-05 05:57:52 -05:00
Doug Burks
9940a36722 update Elasticsearch ingest for Zeek conn vlan field 2023-03-03 15:22:43 -05:00
Doug Burks
a44d83d69b Improve Suricata DHCP parsing and dashboard 2023-01-31 08:33:38 -05:00
weslambert
0436f885b8 Set values for '@timestamp' and 'event.ingested' 2023-01-31 08:04:49 -05:00
weslambert
2772b03dca Change event.dataset value from 'tunnels' to 'tunnel' 2023-01-27 11:03:49 -05:00
weslambert
716ec7f936 Change event.dataset value from 'files' to 'file' 2023-01-27 11:02:44 -05:00
weslambert
c9f458e1e2 Set event.dataset for all Kratos logs to 'access' for now 2023-01-25 08:19:50 -05:00
Wes
4b9c92c53d Set RITA event.dataset value explicitly 2023-01-24 18:00:34 +00:00
Wes
f19cf75311 Change how event.dataset is determined for Suricata events 2023-01-24 14:45:00 +00:00
Wes
40c6b380df Update Import and Zeek integration policies; also update Zeek ingest node pipelines to set event.dataset. 2023-01-23 21:44:46 +00:00
weslambert
9416552338 Don't set the Kratos index explicitly 2023-01-12 15:25:35 -05:00
Wes
5062dd2873 Suricata Elasticsearch ingest node pipeline changes - set 'alert' dataset 2023-01-11 14:02:09 +00:00
Wes
c8ff2c7a06 Update RITA beacon parsing 2023-01-03 16:03:49 +00:00
doug
4e5d1d587e update sysmon ingest parser and Sysmon File dashboard 2023-01-03 09:02:17 -05:00
doug
07a4919cd3 remove old opcua files 2022-12-08 16:43:11 -05:00
Wes
14af1d36cb Ensure ICS/SCADA pipelines are present 2022-12-06 15:58:47 +00:00
Wes
7f324bc47e Remove extra space used during testing 2022-11-22 20:52:08 +00:00
Wes
a6bc5b108f Add missing OPCUA 'activate_session' pipelines 2022-11-22 20:51:44 +00:00
weslambert
356904f751 Fix spelling of 'wireguard.responses' field name 2022-11-22 13:03:04 -05:00
weslambert
6b77843e52 Fix format/speliing for 'enip.status_code' field name 2022-11-22 12:07:55 -05:00
weslambert
13faf63770 Fix spelling for 'stun.class' field name 2022-11-22 12:07:15 -05:00
Wes
a38e312df4 Add COTP and TDS ingest pipelines 2022-11-22 13:36:27 +00:00
Wes
05b9a067fd Add additional ICS/SCADA ingest node pipelines 2022-11-17 16:03:21 +00:00
Wes
638a3568b0 Update ingest node pipelines for ICS/SCADA protocols 2022-11-16 21:11:21 +00:00