CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-11 03:32:53 +01:00
Code Issues Packages Projects Releases Wiki Activity
10,206 Commits 26 Branches 119 Tags
b8ee896f8aee15f15d1b234c899a7eedf12a1e1b
Commit Graph

259 Commits

Author SHA1 Message Date
weslambert
adeccd0e7f Merge pull request #8097 from Security-Onion-Solutions/dev 
Merge latest dev into foxtrot
 2022-06-08 15:01:09 -04:00
Josh Patterson
e5c9b91529 Merge pull request #8054 from Security-Onion-Solutions/dmz_receiver 
Dmz receiver
 2022-06-01 15:31:42 -04:00
weslambert
44622350ea Add ID for RITA filestream inputs 2022-05-25 10:09:01 -04:00
m0duspwnens
d8abc0a195 if in dmz_nodes dont add to filebeta 2022-05-11 11:51:18 -04:00
Josh Brower
8e368bdebe Merge in upstream dev 2022-05-06 20:01:07 -04:00
weslambert
fbc86f43ec Add exclude filter for logs for when there are no results from analysis 2022-03-24 13:03:03 -04:00
Wes Lambert
8a56c88773 Adjust log file paths 2022-03-22 17:51:17 +00:00
Wes Lambert
57f01c70ec Remove extra forward slash in log path 2022-03-22 17:45:23 +00:00
Wes Lambert
f613d8ad86 Add RITA Logstash config 2022-03-22 17:36:18 +00:00
weslambert
bb9d6673ec Fix casing 2022-03-21 12:38:50 -04:00
weslambert
9afa949623 Don't rotate Filebeat log on startup 2022-03-21 12:38:12 -04:00
Wes Lambert
1a6ef0cc6b Re-enable FB module load 2022-03-19 03:55:40 +00:00
Wes Lambert
2e7d314650 Remove Cyberark module 2022-03-19 03:43:55 +00:00
Wes Lambert
c97847f0e2 Remove Threat Intel Recored Future fileset 2022-03-19 03:43:34 +00:00
Wes Lambert
59a2ac38f5 Disable FB module load for now 2022-03-18 22:12:09 +00:00
weslambert
5ec5b9a2ee Remove older module config files 2022-03-18 10:14:13 -04:00
weslambert
712a92aa39 Switch from log input to filestream input 2022-03-17 21:18:03 -04:00
Wes Lambert
6e2aaa0098 Clean up original map file 2022-03-17 21:08:57 +00:00
Wes Lambert
09892a815b Add back bind mounts and remove THIRDPARTY 2022-03-17 21:06:07 +00:00
Wes Lambert
a60ef33930 Reorganize FB module management 2022-03-17 21:01:03 +00:00
m0duspwnens
d76facb1bb add extra hosts for idh node 2022-02-25 12:21:43 -05:00
Josh Brower
df9fc807a3 IDH - restart scripts, filebeat fix 2022-02-22 08:05:53 -05:00
Josh Brower
3610b0cd30 merge in dev 2022-02-21 16:52:53 -05:00
Josh Brower
118277ebc5 Ingest Kratos logs 2022-02-18 11:49:02 -05:00
Josh Brower
1e5b9ef0bf IDH - Enable Filebeat 2022-02-10 11:37:10 -05:00
Jason Ertel
eefcc929c2 Update copyright pattern to match other repos 2022-01-24 10:09:23 -05:00
Jason Ertel
7c22f46a55 Update copyright year for 2022 2022-01-24 09:35:29 -05:00
m0duspwnens
bd7ef1cc59 fix whitespace control 2021-12-16 09:19:20 -05:00
m0duspwnens
f9b04ab96a add node's own ip to FILEBEAT_EXTRA_HOSTS 2021-12-15 16:53:22 -05:00
m0duspwnens
522bc1d2b8 fix loadbalance logic and whitespace for filebeat.yml 2021-12-15 16:21:08 -05:00
m0duspwnens
024860d0ae rename EXTRA_NODES to LOGSTASH_NODES AND REDIS_NODES 2021-12-14 23:43:06 -05:00
m0duspwnens
c490a3be36 move node_data pillar to logstash:nodes, set extra hosts for filebeat docker 2021-12-14 13:32:42 -05:00
m0duspwnens
6518691c55 sort the items 2021-12-13 18:16:25 -05:00
m0duspwnens
067e79894f fix loop for node_data 2021-12-13 16:26:38 -05:00
m0duspwnens
6de2f5bd03 fix node_data 2021-12-13 15:55:09 -05:00
m0duspwnens
8d0872bce5 create node_data pillar from mine data, use node_data pillar for filebeat config 2021-12-13 15:48:30 -05:00
m0duspwnens
86f67198bf loadbalance filebeat if across managers and receivers 2021-12-10 17:43:06 -05:00
m0duspwnens
6bf4d5a576 https://github.com/Security-Onion-Solutions/securityonion/issues/6206 2021-11-12 11:37:55 -05:00
m0duspwnens
283f7296bc fix require 2021-10-22 14:45:22 -04:00
m0duspwnens
9f6407fcb0 fix dupe ids 2021-10-22 14:26:04 -04:00
m0duspwnens
f61400680d fix dupe ids 2021-10-22 14:22:15 -04:00
m0duspwnens
fed8bfac67 more requires on docker containers 2021-10-22 14:10:59 -04:00
weslambert
bb36fc1ed8 Add TI module defaults 2021-10-15 17:16:38 -04:00
William Wernert
dd1769fbef Only check for logscan on manager-type and import 2021-08-05 11:02:09 -04:00
William Wernert
33bd6aed20 Fix logscan pipeline on eval 
* Rename logscan pipeline to logscan.alert
* Add module to indices array in filebeat.yml
 2021-07-30 14:41:15 -04:00
William Wernert
9bf1d3e0c6 Misc fixes 2021-07-16 14:59:44 -04:00
William Wernert
818f912a90 [fix] Remove indent 2021-07-14 10:13:14 -04:00
William Wernert
2b0bca8e55 Merge branch 'dev' into feature/logscan 2021-07-12 14:58:30 -04:00
weslambert
a895270bc8 Allow setting Filebeat logging level in pillar 2021-07-12 10:27:43 -04:00
William Wernert
80525ee736 [wip] Add logscan pipeline 2021-07-08 12:29:50 -04:00