CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-24 18:03:10 +01:00
Code Issues Packages Projects Releases Wiki Activity
10,410 Commits 19 Branches 120 Tags
b13eedfbc2743535ef188d8496710ddf45839683
Commit Graph

6188 Commits

Author SHA1 Message Date
Mike Reeves
76cca8594d Merge pull request #8623 from Security-Onion-Solutions/TOoSmOotH-patch-6 
Update soup
 2022-08-29 09:50:06 -04:00
weslambert
5c9c95ba1f Merge pull request #8622 from Security-Onion-Solutions/fix/strelka_yara_gen_webshells_ignore 
Ignore gen_webshells.yar
 2022-08-29 09:40:51 -04:00
Mike Reeves
e62bebeafe Update soup 2022-08-29 09:39:41 -04:00
weslambert
8a0e92cc6f Add 'gen_webshells.yar' and re-arrange to put ignored rules in alphabetical order 2022-08-29 09:37:29 -04:00
Mike Reeves
30b9868de1 Update soup 2022-08-29 09:32:46 -04:00
weslambert
f00d9074ff Allow local modification acceptance prompt to be skipped when passing 'skip-prompt' as a parameter value to check_local_mods() function 2022-08-19 16:07:14 -04:00
Mike Reeves
fea2b481e3 Update rulecat.conf 2022-08-19 13:12:49 -04:00
weslambert
fbf0803906 Update verbiage around major Elasticsearch version and not requiring Elastalert index maintenance 2022-08-18 09:16:22 -04:00
weslambert
5deda45b66 Update elastalert_indices_check() function to only delete Elastalert indices if major Elasticsearch version is less than 8 
Update elastalert_indices_check() function to only delete Elastalert indices if major Elasticsearch version is less than 8. Also clean up the output to only emit one notification regarding index deletion, and additional verbiage around function operation.
 2022-08-18 09:11:38 -04:00
m0duspwnens
2dfd41bd3c remove pipeline time panel - https://github.com/Security-Onion-Solutions/securityonion/issues/8369 2022-08-17 09:17:27 -04:00
Doug Burks
179f669acf FIX: so-curator-closed-delete-delete needs to reference new Elasticsearch directory #8529 2022-08-12 13:10:47 -04:00
Doug Burks
32c29b28eb revert to lower case #8469 2022-08-11 15:33:30 -04:00
Doug Burks
7bf2603414 revert to lower case #8469 2022-08-11 15:32:49 -04:00
Doug Burks
4003876465 FIX: Fix TLP options in Cases to align with TLP 2.0 #8469 2022-08-11 08:49:54 -04:00
Doug Burks
4c677961c4 FIX: Fix TLP options in Cases to align with TLP 2.0 #8469 2022-08-11 08:49:25 -04:00
weslambert
fd7a118664 Invoke check_local_mods() function earlier so we don't have to wait for Docker image downloads or OS updates before checking and potentially exiting SOUP 2022-08-08 08:58:19 -04:00
weslambert
d7906945df Add extra set of brackets for comparison of integers 2022-08-08 08:24:38 -04:00
weslambert
cb384ae024 Ensure check_local_mods() runs at the beginning of SOUP, in addition to the end, and also that it prompts (forces) the user to accept/review local modifications. 2022-08-05 11:25:33 -04:00
Josh Patterson
4827c9e0d4 Merge pull request #8475 from Security-Onion-Solutions/issue/8441 
add SYSTEMD_UNIT_FILE back to map file
 2022-08-05 10:55:44 -04:00
m0duspwnens
3b62fc63c9 add SYSTEMD_UNIT_FILE back to map file 2022-08-05 10:53:07 -04:00
Josh Patterson
ad32c2b1a5 Merge pull request #8472 from Security-Onion-Solutions/issue/8441 
ensure ExecStartPre is removed from default salt-minion service file
 2022-08-04 16:36:16 -04:00
m0duspwnens
f02f431dab ensure ExecStartPre is removed from default salt-minion service file 2022-08-04 16:34:06 -04:00
Josh Patterson
812964e4d8 Merge pull request #8460 from Security-Onion-Solutions/issue/8441 
ensure parent dirs are created
 2022-08-03 17:01:50 -04:00
m0duspwnens
99805cc326 ensure parent dirs are created 2022-08-03 16:54:22 -04:00
Josh Patterson
8d2b3f3dfe Merge pull request #8457 from Security-Onion-Solutions/issue/8441 
fix the requisite
 2022-08-03 15:17:44 -04:00
m0duspwnens
15f7fd8920 fix the requisite 2022-08-03 15:16:12 -04:00
Josh Patterson
50460bf91e Merge pull request #8456 from Security-Onion-Solutions/issue/8441 
manage salt-minion start delay with systemd drop-in file
 2022-08-03 13:44:09 -04:00
weslambert
8c694a7ca3 Disable ingest.geoip.downloader by default 2022-08-03 09:21:40 -04:00
weslambert
9ac640fa67 Remove airgap-specific logic for ingest.geoip.downloader 2022-08-03 09:21:03 -04:00
m0duspwnens
db8d9fff2c manage salt-minion start delay with systemd drop-in file - https://github.com/Security-Onion-Solutions/securityonion/issues/8441 2022-08-02 16:22:26 -04:00
weslambert
f2b10a5a86 Update Kibana version to 8.3.3 2022-08-02 11:32:01 -04:00
weslambert
c69cac0e5f Update Kibana version to 8.3.3 2022-08-02 11:31:35 -04:00
Wes Lambert
839cfcaefa Update Elasticsearch defaults file and config.map.jinja to allow for local GeoIP database use when airgap is enabled 2022-08-02 14:32:17 +00:00
Doug Burks
4c1585f8d8 FIX: Display PCAP menu action on Dashboards page #8343 2022-07-29 14:50:10 -04:00
m0duspwnens
2cc665bac6 https://github.com/Security-Onion-Solutions/securityonion/issues/8404 2022-07-29 09:55:20 -04:00
weslambert
340dbe8547 Check to see if Elastalert is enabled before trying to run 'so-elastalert-stop'. Also suppress error output for when so-elastalert container is not present. 2022-07-19 13:25:09 -04:00
Wes Lambert
5ceff52796 Move Elastalert indices check to function and call from beginning of soup and during pre-upgrade to 2.3.140 2022-07-19 14:54:39 +00:00
Wes Lambert
f3a0ab0b2d Perform Elastalert index check twice 2022-07-19 14:48:19 +00:00
Wes Lambert
4a7c994b66 Revise Elastalert index check deletion logic 2022-07-19 14:31:45 +00:00
Mike Reeves
07b8785f3d Update soup 2022-07-19 10:23:10 -04:00
weslambert
2914007393 Add forward slash to fix issue with missing query path 2022-07-18 09:07:34 -04:00
weslambert
f5e10430ed Add forward slash to fix issue with missing query path 2022-07-18 09:07:13 -04:00
Mike Reeves
cf8c6a6e94 Update defaults.yaml 2022-07-14 15:17:27 -04:00
weslambert
2443e8b97e Change web_response to evaluate the response from the Spaces API and the default space query 2022-07-14 12:04:56 -04:00
weslambert
0fd4f34b5b Add shebang so that so-kibana-space-defaults will work correctly on Ubuntu 2022-07-13 16:48:39 -04:00
Josh Patterson
37df49d4f3 Merge pull request #8296 from Security-Onion-Solutions/elastalert_esversion_check 
use onlyif requisite instead
 2022-07-13 15:22:40 -04:00
m0duspwnens
7d7cf42d9a use onlyif requisite instead 2022-07-13 15:21:34 -04:00
Doug Burks
c67a58a5b1 change hyperlink for Elastic 8 issues 2022-07-13 12:40:03 -04:00
m0duspwnens
086cf3996d do not start elastalert if elasticsearch is not v8 2022-07-13 11:21:27 -04:00
weslambert
513c7ae56c Add missing 'fi' to if/then for unsupported indices check 2022-07-13 09:13:28 -04:00