securityonion

mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00

Author	SHA1	Message	Date
doug	a67a254edc	update Copyright year	2023-01-04 12:44:18 -05:00
Wes Lambert	26698cfd07	Add Logstash output for dedicated Kratos index	2022-07-08 15:55:55 +00:00
m0duspwnens	d8abc0a195	if in dmz_nodes dont add to filebeta	2022-05-11 11:51:18 -04:00
Josh Brower	b35b505f0a	Fix pattern matching	2022-04-18 10:39:04 -04:00
Josh Brower	886d69fb38	Compress + Clean ES & Logstash App Logs	2022-04-11 16:09:24 -04:00
Wes Lambert	f613d8ad86	Add RITA Logstash config	2022-03-22 17:36:18 +00:00
Wes Lambert	4fa3749418	Remove bind or ES templates	2022-02-15 18:08:03 +00:00
Wes Lambert	9db1510b0e	Initial composable template configuration and base mappings	2022-02-02 02:08:31 +00:00
Jason Ertel	eefcc929c2	Update copyright pattern to match other repos	2022-01-24 10:09:23 -05:00
m0duspwnens	7ebba1f325	use show_changes: False to prevent es pw from being shown when running the state	2022-01-19 12:11:38 -05:00
weslambert	8e2f500b9c	Add config option for ECS compatibility (default of disabled)	2022-01-06 11:24:04 -05:00
m0duspwnens	2e4ed8062e	simplify wazuh agent ip logic	2021-12-16 11:11:01 -05:00
m0duspwnens	d0b0970353	Merge remote-tracking branch 'remotes/origin/dev' into issue/6469	2021-12-15 17:08:56 -05:00
m0duspwnens	cf2f4bad09	have standalone and managersearch pull from redis nodes	2021-12-15 15:27:23 -05:00
Mike Reeves	7cd1b1c482	Remove some previous hotfix code	2021-12-15 12:26:53 -05:00
m0duspwnens	ce0a39db4b	remove old EXTRAHOSTNAME EXTRAHOSTIP from being set for logstash	2021-12-15 09:43:46 -05:00
m0duspwnens	024860d0ae	rename EXTRA_NODES to LOGSTASH_NODES AND REDIS_NODES	2021-12-14 23:43:06 -05:00
m0duspwnens	0c6aba16ec	fix redis input	2021-12-14 23:42:37 -05:00
m0duspwnens	15b8d80b71	fix host for input_redis	2021-12-14 18:51:43 -05:00
m0duspwnens	55b74abcc5	extra_hosts and redis_input for logstash	2021-12-14 18:49:30 -05:00
m0duspwnens	4da017d61c	change extra_hosts for docker container	2021-12-14 17:05:30 -05:00
m0duspwnens	d0b6d5bba6	remove so-eval from lists since it doesnt run logstash	2021-12-14 15:33:06 -05:00
m0duspwnens	a31f034f2e	remove receiver add node for cacerts and tls-ca-bundle for logstash bind	2021-12-14 15:02:59 -05:00
m0duspwnens	6962e3f9b3	fix logstash certs mapped into container	2021-12-14 14:52:15 -05:00
Mike Reeves	30344ba0ef	Fix conflicts	2021-12-14 10:55:19 -05:00
Jason Ertel	c94d5fa9dc	Strip JndiLookup.class from log4j-core jars, to match Elastic's mitigation approach	2021-12-13 09:27:13 -05:00
Jason Ertel	8365b5f140	Strip JndiLookup.class from log4j-core jars, to match Elastic's mitigation approach	2021-12-13 09:02:41 -05:00
Mike Reeves	09253b637e	Create jvm.options	2021-12-10 14:12:43 -05:00
Mike Reeves	c81ce48bff	Update log4j2.properties	2021-12-10 14:10:35 -05:00
Mike Reeves	73ec595baa	Update init.sls	2021-12-10 14:10:05 -05:00
Mike Reeves	45346b6318	Update log4j2.properties	2021-12-10 12:01:39 -05:00
Mike Reeves	e48de18480	Update init.sls	2021-12-10 12:00:12 -05:00
Josh Brower	656ea974dc	Use id for doc id if it exists	2021-12-09 09:16:58 -05:00
m0duspwnens	59464af10c	filebeat certs for logstash on so-receiver	2021-12-08 09:41:17 -05:00
m0duspwnens	1ef63f3a23	ssl things for so-receiver	2021-12-08 09:08:46 -05:00
m0duspwnens	96666ab307	add receiver node	2021-12-07 10:19:32 -05:00
m0duspwnens	e7f43cff5e	limit nodes that bind filebeat certs in so-logstash	2021-10-27 10:45:10 -04:00
m0duspwnens	0c679b62b2	Merge remote-tracking branch 'remotes/origin/dev' into issue/5955	2021-10-25 16:29:41 -04:00
weslambert	3be0d05eea	Update field removal based on HTTP input changes	2021-10-25 13:16:30 -04:00
weslambert	7fa43a276a	Rename default headers and host for HTTP input	2021-10-25 13:15:20 -04:00
m0duspwnens	9f6407fcb0	fix dupe ids	2021-10-22 14:26:04 -04:00
m0duspwnens	f61400680d	fix dupe ids	2021-10-22 14:22:15 -04:00
m0duspwnens	fed8bfac67	more requires on docker containers	2021-10-22 14:10:59 -04:00
Wes Lambert	e1629d7ec4	Initial EG stuff	2021-10-13 17:13:07 +00:00
William Wernert	33bd6aed20	Fix logscan pipeline on eval * Rename logscan pipeline to logscan.alert * Add module to indices array in filebeat.yml	2021-07-30 14:41:15 -04:00
William Wernert	b9980c9d30	Fix pipeline name	2021-07-30 13:09:09 -04:00
William Wernert	df6d1d72e2	Merge branch 'dev' into feature/logscan	2021-07-19 15:19:59 -04:00
weslambert	fea4f3f973	Check if Filebeat modules are being used for incoming Beats	2021-07-19 12:57:42 -04:00
William Wernert	9bf1d3e0c6	Misc fixes	2021-07-16 14:59:44 -04:00
William Wernert	3a12d28d20	Merge branch 'dev' into feature/logscan	2021-07-16 14:13:19 -04:00

1 2 3 4 5 ...

415 Commits