CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-01-02 06:14:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
12,464 Commits 20 Branches 120 Tags
af003cc2a1e6b55489d83c8d1f934d684e4db44b
Commit Graph

7633 Commits

Author SHA1 Message Date
Wes
af003cc2a1 Add osquery templates 2023-06-13 20:43:39 +00:00
Wes
bd7644a557 Add another template 2023-06-13 19:13:20 +00:00
Wes
5547a1b7ab Add event mappings 2023-06-13 18:23:50 +00:00
Wes
1b90fd8581 Add custom component templates 2023-06-13 18:21:45 +00:00
Wes
e43b7607bb Add more component templates 2023-06-13 17:04:03 +00:00
Wes
a265c06e31 Add other component templates 2023-06-13 15:47:25 +00:00
Wes
2aa954cb0a Add component templates 2023-06-13 15:25:23 +00:00
Wes
73812b11a3 Allow ingest node pipelines that start with a period 2023-06-13 13:37:56 +00:00
Wes
38ab426470 Add final Fleet pipeline 2023-06-13 13:36:26 +00:00
Wes
d0a6881c2c Add event mappings and remove meta information for now 2023-06-13 13:35:46 +00:00
Wes
57268ba934 Change priority of templates 2023-06-12 14:29:45 +00:00
Wes
1208915896 Remove Elastic Agent package templates 2023-06-12 14:24:59 +00:00
Wes
42f5ad9939 Add templates for system.auth and systen.syslog 2023-06-12 14:23:24 +00:00
Doug Burks
998c85e3f8 Update defaults.yaml 2023-06-12 09:31:19 -04:00
weslambert
32f3ee0b01 Merge pull request #10564 from Security-Onion-Solutions/fix/elasticsearch_templates 
Update templates for integrations
 2023-06-12 09:05:31 -04:00
Doug Burks
ae14e4870d Add ocsp to logging.zeek.exclued in defaults.yaml 2023-06-12 08:44:46 -04:00
Doug Burks
b3f8ed7dcd FIX: Suricata DHCP logs not ingesting #10565 2023-06-10 11:42:41 -04:00
Wes
ad5a424c03 Update templates for integrations 2023-06-09 18:32:50 +00:00
Jason Ertel
8a4f5d6dcb Merge branch '2.4/dev' into jertel/pcap 2023-06-09 11:51:37 -04:00
Jason Ertel
884a7041af Merge branch '2.4/dev' into jertel/pcap 2023-06-09 10:47:26 -04:00
Jason Ertel
023008c54c do not allow node_description to be set at global grid-wide level 2023-06-09 10:46:56 -04:00
Jason Ertel
6f7de954d9 Merge pull request #10559 from Security-Onion-Solutions/jertel/pcap 
Telegraf should monitor all mount points
 2023-06-09 09:18:54 -04:00
Jason Ertel
46371aaaf5 Monitor all mount points for simplicity 2023-06-09 09:14:36 -04:00
Doug Burks
e5f76a9c6e change suricata parsers from dataset to event.dataset 2023-06-08 12:31:31 -04:00
weslambert
d1c86cb9ff Merge pull request #10550 from Security-Onion-Solutions/kilo 
Elastalert and EQL
 2023-06-08 11:21:18 -04:00
Josh Brower
8b35002169 EQL Refactor 2023-06-07 13:44:37 -04:00
Wes
81e3d26540 Ignore empty list 2023-06-07 13:14:52 +00:00
weslambert
96b60fa39a Restore original URL syntax, but use data stream 2023-06-06 20:53:05 -04:00
weslambert
f172a74fbc Remove EQL setting 2023-06-06 20:51:29 -04:00
weslambert
c4be56ec7b Update host syntax 2023-06-06 20:51:03 -04:00
Wes
495a9c0783 Add mapping for event.severity_label 2023-06-05 21:19:37 +00:00
Wes
905bc564fc Change data stream name 2023-06-05 21:18:47 +00:00
Wes
f6f387428f Update Playbook alerter to write to a data stream 2023-06-05 21:17:10 +00:00
Jason Ertel
db5abcb3cf Merge pull request #10503 from Security-Onion-Solutions/jertel/pcap 
add ability to output PCAP import results in JSON format
 2023-06-05 14:32:32 -04:00
Jason Ertel
27e310c2a1 add json output option to so-import-evtx; clean up other issues 2023-06-05 13:54:44 -04:00
Wes
841d0b4b1f Update dependencies after git add 2023-06-05 15:42:55 +00:00
Wes
272f97e2d7 Update dependencies 2023-06-05 15:42:38 +00:00
Wes
eac9a3fc86 Update requests and whoisit 2023-06-05 15:41:01 +00:00
Jason Ertel
2fef1d5fa7 silence grep output 2023-06-02 15:43:48 -04:00
Jason Ertel
3bbfc3865d use proper URL spacing 2023-06-02 15:26:14 -04:00
Jason Ertel
6947fd6414 add ability to output PCAP import results in JSON format 2023-06-02 15:21:41 -04:00
Doug Burks
09e005127e Update soc_zeek.yaml 2023-06-02 07:41:55 -04:00
weslambert
3a5a59af59 Merge pull request #10485 from Security-Onion-Solutions/fix/elastic_fleet_dedicated 
Add so-fleet role logic
 2023-05-31 16:04:40 -04:00
Josh Patterson
8f3a874e61 Merge pull request #10483 from Security-Onion-Solutions/dedfleetES 
exclude elasticsearch.ca state from fleet and receiver nodes
 2023-05-31 16:02:57 -04:00
m0duspwnens
66dc6274e6 exclude elasticsearch.ca state from fleet and receiver nodes 2023-05-31 15:59:36 -04:00
Wes
302e580d8f Add so-fleet role logic 2023-05-31 19:56:17 +00:00
Wes
344e2bf1d0 Update defaults file 2023-05-31 15:30:03 +00:00
Wes
2bb77251b0 Move Elastic Fleet logging exclusions to the Fleet pillar 2023-05-31 13:38:58 +00:00
weslambert
36791665f3 Merge pull request #10462 from Security-Onion-Solutions/feature/elastic_agent_zeek_logging 
Dynamic integration configuration and Zeek log exclusions for Elastic Agent
 2023-05-30 19:27:13 -04:00
Wes
f3be63051b Remove Fleet configuration 2023-05-30 20:48:43 +00:00