CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 18:22:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
15,664 Commits 24 Branches 119 Tags
b150969986b8c8ddfd9d02d285ab59d44691f12c
Commit Graph

15664 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
m0duspwnens
dcc1f656ee predownload logstash and elastic for new searchnode and heavynode 2024-05-07 10:13:51 -04:00
weslambert
23da1f6ee9 Merge pull request #12951 from Security-Onion-Solutions/fix/remove_watch 
Remove watch
 2024-05-07 09:23:56 -04:00
Wes
bee8c2c1ce Remove watch 2024-05-07 13:21:59 +00:00
Jason Ertel
4ebe070cd8 test regexes for detections 2024-05-06 19:03:12 -04:00
weslambert
a5e89c0854 Merge pull request #12947 from Security-Onion-Solutions/fix/strelka_yara_distributed 
Fix YARA rules for distributed deployments
 2024-05-06 15:53:08 -04:00
weslambert
a25e43db8f Merge pull request #12948 from Security-Onion-Solutions/fix/strelka_yara_watch 
Restart Strelka backend when YARA rules change
 2024-05-06 15:52:57 -04:00
Josh Brower
b997e44715 Merge pull request #12939 from Security-Onion-Solutions/2.4/detections-airgap 
Initial airgap support for detections
 2024-05-06 15:46:29 -04:00
Wes
1e48955376 Restart when rules change 2024-05-06 19:39:03 +00:00
Wes
5056ec526b Add compiled directory 2024-05-06 19:27:38 +00:00
m0duspwnens
2431d7b028 Merge branch '2.4/detections-airgap' of https://github.com/Security-Onion-Solutions/securityonion into 2.4/detections-airgap 2024-05-06 15:27:27 -04:00
Wes
d2fa77ae10 Update compile script 2024-05-06 19:10:41 +00:00
Wes
445fb31634 Add manager SLS 2024-05-06 19:09:37 +00:00
Wes
5aa611302a Handle YARA rules for distributed deployments 2024-05-06 19:08:01 +00:00
m0duspwnens
554a203541 update airgapEnabled in map file 2024-05-06 12:59:45 -04:00
DefensiveDepth
be1758aea7 Fix license and folder 2024-05-06 12:22:44 -04:00
m0duspwnens
38f74d2e9e change quotes 2024-05-06 11:38:30 -04:00
m0duspwnens
5b966b83a9 change rulesRepos for airgap or not 2024-05-06 09:26:52 -04:00
Doug Burks
a67f0d93a0 Merge pull request #12942 from Security-Onion-Solutions/dougburks-patch-1 
FEATURE: Add event.dataset to all Events table layouts #12641
 2024-05-06 09:23:09 -04:00
Doug Burks
3f73b14a6a FEATURE: Add event.dataset to all Events table layouts #12641 2024-05-06 09:20:47 -04:00
Doug Burks
e57d1a5fb5 Merge pull request #12941 from Security-Onion-Solutions/dougburks-patch-1 
FEATURE: Add Events table columns for stun logs #12940
 2024-05-06 08:57:58 -04:00
Doug Burks
f689cfcd0a FEATURE: Add Events table columns for stun logs #12940 2024-05-06 08:52:43 -04:00
DefensiveDepth
26c6a98b45 Initial airgap support for detections 2024-05-06 08:43:01 -04:00
Doug Burks
45c344e3fa Merge pull request #12938 from Security-Onion-Solutions/dougburks-patch-1 
FEATURE: Add Events table columns for tunnel logs #12937
 2024-05-06 08:40:02 -04:00
Doug Burks
7b905f5a94 FEATURE: Add Events table columns for tunnel logs #12937 2024-05-06 08:22:08 -04:00
Josh Brower
6d5ff59657 Merge pull request #12929 from Security-Onion-Solutions/2.4/verifyexclude 
Exclude new sigma rules
 2024-05-03 15:38:25 -04:00
DefensiveDepth
7f12d4c815 Exclude new sigma rules 2024-05-03 15:22:53 -04:00
Josh Patterson
b50789a77c Merge pull request #12928 from Security-Onion-Solutions/orchit 
Orchit
 2024-05-03 15:17:34 -04:00
m0duspwnens
bdf1b45a07 redirect and throw in bg 2024-05-03 14:54:44 -04:00
m0duspwnens
3d4fd59a15 orchit 2024-05-03 13:48:51 -04:00
Doug Burks
91c9f26a0c Merge pull request #12926 from Security-Onion-Solutions/dougburks-patch-1 
FEATURE: Add hyperlink to airgap screen in setup #12925
 2024-05-03 13:02:30 -04:00
Doug Burks
6cbbb81cad FEATURE: Add hyperlink to airgap screen in setup #12925 2024-05-03 12:59:41 -04:00
m0duspwnens
442a717d75 orchit 2024-05-03 12:08:57 -04:00
m0duspwnens
fa3522a233 fix requirement 2024-05-03 11:10:21 -04:00
m0duspwnens
bbc374b56e add logic in orch 2024-05-03 09:56:52 -04:00
Doug Burks
9ae6fc5666 Merge pull request #12922 from Security-Onion-Solutions/dougburks-patch-1 
FIX: Update so-whiptail to make installation screen more consistent #12921
 2024-05-03 09:43:59 -04:00
Doug Burks
5fe8c6a95f Update so-whiptail to make installation screen more consistent 2024-05-03 09:38:34 -04:00
m0duspwnens
2929877042 fix var 2024-05-02 16:37:54 -04:00
m0duspwnens
8035740d2b Merge remote-tracking branch 'origin/2.4/dev' into orchit 2024-05-02 16:34:24 -04:00
Josh Patterson
4f8aaba6c6 Merge pull request #12918 from Security-Onion-Solutions/pw 
run so-rule-update if ruleset or code changes for idstools
 2024-05-02 16:33:24 -04:00
m0duspwnens
e9b1263249 orchestate searchnode deployment 2024-05-02 16:32:43 -04:00
Josh Patterson
3b2d3573d8 Update pillarWatch.py 2024-05-02 16:06:04 -04:00
reyesj2
e960ae66a3 Merge remote-tracking branch 'remotes/origin/2.4/dev' into reyesj2/kafka 2024-05-02 15:12:27 -04:00
reyesj2
093cbc5ebc Reconfigure Kafka defaults 
- Set default number of partitions per topic -> 3. Helps ensure that out of the box we can take advantage of multi-node Kafka clusters via load balancing across atleast 3 brokers. Also multiple searchnodes will be able to pull from each topic. In this case 3 searchnodes (consumers) would be able to pull from all topics concurrently.
- Set default replication factor -> 2. This is the minimum value required for redundancy. Every partition will have 1 replica. In this case if we have 2 brokers each topic will have 3 partitions (load balanced across brokers) and each partition will have a replica on separate broker for redundancy

Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-02 15:10:13 -04:00
reyesj2
f663ef8c16 Setup Kafka to use PKCS12 and remove need for converting to JKS 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-02 14:53:28 -04:00
reyesj2
de9f6425f9 Automatically switch between Kafka output policy and logstash output policy when globals.pipeline changes 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-02 12:13:46 -04:00
m0duspwnens
33d1170a91 add default pillar value for pillarWatch 2024-05-02 11:58:39 -04:00
Doug Burks
240ffc0862 Merge pull request #12915 from Security-Onion-Solutions/dougburks-patch-1 
FIX: Improve File dashboard #12914
 2024-05-02 10:44:58 -04:00
Doug Burks
0822a46e94 FIX: Improve File dashboard #12914 2024-05-02 10:42:34 -04:00
Doug Burks
1be3e6204d FIX: Improve File dashboard #12914 2024-05-02 10:38:56 -04:00
weslambert
956ae7a7ae Merge pull request #12909 from Security-Onion-Solutions/fix/detection_mappings 
Update mappings for detection fields
 2024-05-01 16:15:40 -04:00