securityonion

mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00

Author	SHA1	Message	Date
Wes Lambert	b55ffa44f8	Fix module,dataset rename	2020-10-10 00:01:37 +00:00
Wes Lambert	69a04dedd3	Filterlog config changes	2020-10-09 23:56:52 +00:00
Wes Lambert	a6d3dcf398	More fixes for rule field	2020-10-08 13:36:47 +00:00
Wes Lambert	a2e2f23a8d	Add null safe check for rule	2020-10-08 13:14:39 +00:00
weslambert	5ada85942b	Lowercase network.transport	2020-10-08 07:59:57 -04:00
Wes Lambert	7543144afe	Don't use regex for determining rule type	2020-10-07 16:15:43 +00:00
Wes Lambert	015a441e79	Change rule.signature_info to rule.reference and ensure common.nids exists	2020-10-07 15:20:26 +00:00
Wes Lambert	f0a1457ffd	Update common.nids	2020-10-07 15:14:08 +00:00
Wes Lambert	8c07c098f6	Pipeline cleanup	2020-10-06 20:14:15 +00:00
Wes Lambert	350cc41740	Let zeek.common handle common fields for zeek.tunnels	2020-10-06 20:12:23 +00:00
Wes Lambert	019bec992d	Add Strelka YARA matches as alerts	2020-10-06 12:19:44 +00:00
weslambert	bc31e19e37	Put back rule.category for Wazuh alerts	2020-10-05 11:34:29 -04:00
Wes Lambert	77d31cb289	Add event.severity and event.severity_label config for Wazuh alerts	2020-10-05 12:50:29 +00:00
Wes Lambert	02d2e5e2c6	Fix isue with null Zeek server IP	2020-09-30 17:53:30 +00:00
Wes Lambert	869767d9d9	Add initial parsing for Wazuh WEL/Sysmon	2020-09-28 19:04:21 +00:00
Doug Burks	24c325e9a1	Fix Elasticsearch parsing for Zeek Intel Indicator #1309	2020-09-10 06:41:19 -04:00
Josh Brower	c3b2d98ffb	Add event.category to WEL	2020-09-10 06:15:30 -04:00
Josh Brower	a79d0319cd	Initial support for evtx import	2020-09-01 13:47:27 -04:00
Josh Brower	b7dd14b8f0	Set event.code to string for WEL	2020-08-28 13:40:04 -04:00
Josh Brower	d4f7a07f85	Osquery Parsing fix	2020-08-18 15:54:11 -04:00
Mike Reeves	a3d8b7d0d3	Add watch statements	2020-08-14 09:40:38 -04:00
Mike Reeves	5a53194313	Update sotls.yml	2020-08-12 21:12:48 -04:00
Mike Reeves	59ddac57bf	Rename sotls.yaml to sotls.yml	2020-08-12 17:48:37 -04:00
Mike Reeves	9980d02844	Elastic Transport TLSgit add .	2020-08-12 15:38:19 -04:00
Mike Reeves	69e7285e30	Fix a bug where minio passwrods cause issues	2020-08-12 12:44:55 -04:00
Mike Reeves	32083132e5	Back out some ES settings	2020-08-12 11:10:36 -04:00
Mike Reeves	0f7074a499	SSL intraca	2020-08-11 15:49:04 -04:00
Mike Reeves	65d535d893	SSL intraca	2020-08-11 15:45:17 -04:00
Mike Reeves	42c9653669	anon user hack	2020-08-11 14:45:55 -04:00
Mike Reeves	f553a8e27a	anon user hack	2020-08-11 14:40:34 -04:00
Mike Reeves	59292425c0	Add transport hostname	2020-08-10 23:03:54 -04:00
Mike Reeves	ac3f490299	Add transport hostname	2020-08-10 23:02:03 -04:00
Mike Reeves	52cc56bebb	Add transport hostname	2020-08-10 22:56:15 -04:00
Mike Reeves	c3d8c599cc	Turn off user auth	2020-08-10 22:13:17 -04:00
Mike Reeves	6007a6c4d8	Things like this are why I hate Java	2020-08-10 22:10:03 -04:00
Mike Reeves	d00231af06	Things like this are why I hate Java	2020-08-10 22:05:46 -04:00
Mike Reeves	cf5c29d01c	Change certs path on elstic	2020-08-10 21:30:53 -04:00
Mike Reeves	e7cd527d49	Enable SSL in elastic	2020-08-10 21:18:03 -04:00
Mike Reeves	d171adb9c9	jruby ssl fun	2020-08-07 23:39:13 -04:00
Mike Reeves	64af6f99e9	jruby ssl fun	2020-08-07 23:34:55 -04:00
Mike Reeves	2705cbbf45	jruby ssl fun	2020-08-07 23:33:02 -04:00
Mike Reeves	5525e235d1	jruby ssl fun	2020-08-07 23:28:58 -04:00
Mike Reeves	1b0f90b7e4	sync script	2020-08-07 22:12:47 -04:00
Mike Reeves	d15d53bcdc	Add script to extract cacerts	2020-08-07 22:04:30 -04:00
Josh Brower	928e5ed832	Playbook/Nav Fixes - Issue #1064	2020-08-07 17:02:48 -04:00
Josh Brower	ff209cfd65	Merge pull request #1149 from Security-Onion-Solutions/feature/wlb-parsing Ingest Parsing Update for Sysmon/WEL	2020-08-07 13:37:22 -04:00
Josh Brower	a8b980b6a7	More Playbook Fixes - Issue #1064	2020-08-07 13:35:43 -04:00
Josh Brower	15efe77e06	Ingest Parsing Update for Sysmon/WEL	2020-08-06 13:11:47 -04:00
Josh Brower	d971d07720	Osquery & WLB Parsing Update for WEL & Sysmon	2020-07-31 16:06:15 -04:00
Josh Brower	55e60cb749	initial refactor - beats/sysmon parsing	2020-07-28 11:03:33 -04:00

1 2 3 4

164 Commits