CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 09:42:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
16,023 Commits 24 Branches 119 Tags
b3b7fb8f29a8045505abbd815b91ef5ef2b2a3a5
Commit Graph

10139 Commits

Author SHA1 Message Date
reyesj2
b3b7fb8f29 add null check and move tag lookup to .contains() in global@custom 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-01-15 12:16:11 -06:00
Jorge Reyes
107ca38268 fix http query for "includes" function 2025-01-14 08:24:07 -06:00
Jorge Reyes
35547b476f update http query 2025-01-14 08:13:27 -06:00
Jorge Reyes
ad765200c3 Merge pull request #14105 from Security-Onion-Solutions/reyesj2/moarzeekparse 
Additional Zeek parsing & cloudflare_logpush integration
 2025-01-13 11:37:21 -06:00
reyesj2
4618256442 include okta-mappings in so-logs-okta.system index template 2025-01-13 11:32:27 -06:00
reyesj2
323ef1d5d6 add missing lifecycle name to trend_micro_vision_one indices 2025-01-13 09:29:22 -06:00
reyesj2
a5b1648b68 add missing lifecycle name to crowdstrike indices 2025-01-13 09:26:16 -06:00
reyesj2
14c920a258 fix hidden ldap menu subtitle 2025-01-13 09:23:32 -06:00
reyesj2
4f92b7ced1 add support for cloudflare_logpush integration 2025-01-13 09:23:05 -06:00
Joshua Brower
dcdf31eee8 Fix folder perm 2025-01-10 16:15:17 -05:00
reyesj2
e60a1e4357 zeek ldap & ldap_search parsing 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-01-09 16:06:10 -06:00
Joshua Brower
bcb92b63e3 Move json files to container image 2025-01-09 10:58:40 -05:00
Jorge Reyes
412397fa7b Merge pull request #14089 from Security-Onion-Solutions/reyesj2/moarzeekparse 2025-01-08 17:45:14 -06:00
reyesj2
0e87351a9c add zeek.quic mappings 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-01-08 16:18:53 -06:00
Joshua Brower
a2caf7425d Add config options 2025-01-07 13:22:14 -05:00
Joshua Brower
6fa11a38ef Update defaults 2025-01-07 13:14:50 -05:00
Joshua Brower
e3f75215b6 Merge remote-tracking branch 'origin/2.4/dev' into 2.4/navigator 2025-01-07 13:06:49 -05:00
Jason Ertel
bd96b5d722 invalidate user sessions when an admin changes the user's password 2025-01-06 17:23:10 -05:00
Josh Brower
8408a53b82 Merge remote-tracking branch 'origin/2.4/dev' into 2.4/navigator 2025-01-02 16:13:34 -05:00
Doug Burks
927b618ec9 Update Zeek QUIC dashboard, add Hunt query, add quic.server.name as column in Events table 2025-01-02 06:57:56 -05:00
reyesj2
9f83853922 Zeek QUIC support 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-12-31 13:44:20 -06:00
Josh Brower
8f5634d958 Merge pull request #14048 from Security-Onion-Solutions/2.4/sigmaHashes 
Refactor pipeline for hash changes
 2024-12-23 15:49:35 -05:00
defensivedepth
7237b8971e Refactor pipeline for hash changes 2024-12-23 15:41:13 -05:00
Mike Reeves
09ef096620 Update soup 2024-12-23 08:27:45 -05:00
reyesj2
157185c370 add ti_opencti integration support 2024-12-18 11:33:49 -06:00
Mike Reeves
9c10094914 Fix conflict 2024-12-18 10:19:40 -05:00
defensivedepth
17405b849a Delete uneeded files 2024-12-17 16:01:31 -05:00
Mike Reeves
e4db2f4819 Update defaults.yaml 2024-12-10 17:19:15 -05:00
defensivedepth
9475211417 Refactor Navigator for Detections 2024-12-09 16:31:51 -05:00
Jorge Reyes
14cb41ea87 Merge pull request #14001 from Security-Onion-Solutions/reyesj2/zeekvpn 
add openvpn & ipsec support to Zeek
 2024-12-06 12:06:02 -06:00
reyesj2
1de20e9d43 fix zeek file extract 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-12-06 09:55:56 -06:00
reyesj2
ad8b339a3b fix error due to null reference 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-12-06 09:07:16 -06:00
reyesj2
9532f21c7b check zeek reporter.log 2024-12-05 13:49:44 -06:00
reyesj2
754d28e95d add openvpn & ipsec support to Zeek 2024-12-05 09:52:55 -06:00
defensivedepth
5b9f6b2d52 fix path 2024-12-02 14:42:56 -05:00
defensivedepth
aade3db80d Generate MSI 2024-11-28 07:00:23 -05:00
Jorge Reyes
129c10dde5 Merge pull request #13981 from Security-Onion-Solutions/reyesj2/integ 2024-11-26 00:55:31 -06:00
reyesj2
993d56cb58 ti_rapid7* 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-11-25 15:51:49 -06:00
reyesj2
efa6a533c3 add missing ilm to index template 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-11-25 15:47:47 -06:00
Josh Brower
04ffdf9b15 Merge pull request #13958 from Security-Onion-Solutions/2.4/autoenablesigma 
More flexibility for AutoEnable Sigma rules
 2024-11-21 09:47:49 -05:00
defensivedepth
f61bf1bd67 Remove adv 2024-11-21 09:15:29 -05:00
defensivedepth
b1c4e32123 Remove duplicate option 2024-11-21 09:11:44 -05:00
defensivedepth
8958da83b3 Deprecate instead 2024-11-20 18:00:26 -05:00
defensivedepth
3fcf197bc1 Tweak structure 2024-11-19 11:54:15 -05:00
Jason Ertel
532dfd7f5a Merge pull request #13966 from Security-Onion-Solutions/jertel/wip 
MFA issuer name shouldn't be an advanced setting
 2024-11-19 09:35:26 -05:00
Jason Ertel
92ddf2ec6c MFA issuer name shouldn't be an advanced setting 2024-11-19 09:27:26 -05:00
Corey Ogburn
d86c009f55 Add Annotations to Existing Detections Options 
The autoUpdateEnabled setting has been present for awhile and now have annotations.
 2024-11-18 14:35:55 -07:00
defensivedepth
56d6857cd6 Addl customization for autoenable sigma 2024-11-18 09:03:17 -05:00
Jason Ertel
52bc9be6b6 Merge pull request #13956 from Security-Onion-Solutions/jertel/wip 
ignore fp from hydra
 2024-11-17 18:23:54 -05:00
Jason Ertel
918f26962a ignore fp from hydra 2024-11-17 12:21:06 -05:00