CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-27 03:13:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
14,497 Commits 19 Branches 120 Tags
ba32b3e6e9d23a7c34fadef272f5bf8ec2e52ae3
Commit Graph

577 Commits

Author SHA1 Message Date
Josh Brower
378c99ae88 Fix bindings 2024-02-02 18:27:49 -05:00
Corey Ogburn
8f81c9eb68 Updating config for Detection(s) 2024-02-02 11:49:58 -07:00
Josh Brower
fe196b5661 Add SOC Config for Detections 2024-02-01 12:22:50 -05:00
Josh Brower
49b5788ac1 add bindings 2024-02-01 07:21:49 -05:00
Corey Ogburn
858166bcae WIP: Detections Changes 
Removed some strelka/yara rules from salt.

Removed yara scripts for downloading and updating rules. This will be managed by SOC.

Added a new compile_yara.py script.

Added the strelka repos folder.
 2024-01-30 15:43:51 -07:00
Corey Ogburn
0fa4d92f8f socsigmarepo 
Need write permissions on the /opt/so/rules dir so I can clone the sigma repo there.
 2024-01-30 14:49:05 -07:00
Jason Ertel
e075d07f5c show last highstate date/time on grid metrics screen; expose maxUploadSize and staleMetricsMs settings on config screen 2023-12-29 11:38:42 -05:00
Doug Burks
ab5de4c104 update soc defaults.yaml 2023-12-19 07:27:07 -05:00
Doug Burks
4d8661d2e0 FIX: Update dashboard and hunt query for firewall logs #12021 2023-12-18 13:38:04 -05:00
Doug Burks
6a1073b616 FIX: Update dashboard and hunt query for firewall logs #12021 2023-12-18 12:57:40 -05:00
Doug Burks
8779fb8cbc Update defaults.yaml 2023-12-14 13:30:52 -05:00
Doug Burks
042e5ae9f0 https://github.com/Security-Onion-Solutions/securityonion/issues/12021 2023-12-14 12:46:28 -05:00
m0duspwnens
3dbf97944d fix extra_hosts. https://github.com/Security-Onion-Solutions/securityonion/issues/12015 2023-12-14 10:26:29 -05:00
weslambert
0334ef9677 Add eml observable type 2023-12-05 19:10:16 -05:00
Jason Ertel
c09e8f0d71 improve timing of responses 2023-11-16 15:58:48 -05:00
Jason Ertel
de99cda766 improve timing of responses 2023-11-16 15:51:17 -05:00
Doug Burks
4666b993e5 Update defaults.yaml 2023-11-14 09:58:45 -05:00
Wes
bca1194a46 Sublime SOC Action 2023-11-01 14:01:55 +00:00
m0duspwnens
99662c999f log operation and minion target 2023-10-20 13:41:24 -04:00
Jason Ertel
84c39b5de7 only add heavynodes to remoteHostUrls 2023-10-16 13:01:13 -04:00
m0duspwnens
35157f2e8b add comment 2023-09-07 15:46:04 -04:00
m0duspwnens
60f1947eb4 prevent endgame_dict from being added to standard_actions if it is already present 2023-09-07 14:01:19 -04:00
m0duspwnens
ffaab4a1b4 only add endgame to action if it is populated 2023-09-06 14:19:53 -04:00
Jason Ertel
546c562ef0 expose standard relay timeout in config UI; up default to 45s to accommodate sluggish pillar.get calls 2023-09-01 10:31:02 -04:00
Doug Burks
da56a421e5 Update motd.md 2023-08-31 09:17:33 -04:00
Corey Ogburn
a615fc8e47 New Config Default: longRelayTimeoutMs 
Salt is getting a second timeout for operations known to take a long time such as sending and importing files. There's also an entry in soc_soc.yaml so the value can be changed in SOC's config page.
 2023-08-30 15:33:01 -06:00
Mike Reeves
bd61ee22be Update defaults.map.jinja 2023-08-28 14:41:06 -04:00
weslambert
563a495725 Add Playbook 2023-08-21 11:24:07 -04:00
weslambert
9e18fe64cf Remove OSSEC configuration 2023-08-21 11:20:47 -04:00
Jason Ertel
1fb3a59573 add missing annotations to avoid soc crash 2023-08-11 13:41:58 -04:00
Jason Ertel
a5e60363cf add missing annotations to avoid soc crash 2023-08-11 13:38:16 -04:00
Doug Burks
4426437ad3 Update motd.md 2023-08-10 15:04:31 -04:00
bryant-treacle
036b81707b Update defaults.yaml 2023-08-08 16:10:54 -04:00
bryant-treacle
3d4fd08547 Update defaults.yaml 2023-08-08 15:28:06 -04:00
weslambert
527a6ba454 Use asterisk when searching 'msg' since it is now a keyword 2023-07-31 23:52:38 -04:00
Corey Ogburn
aa56085758 New Action "Add to Case" 2023-07-28 09:55:44 -06:00
Josh Patterson
c1190064ad Merge pull request #10823 from Security-Onion-Solutions/2.4/dockerips 
2.4/dockerips
 2023-07-25 08:39:49 -04:00
m0duspwnens
4c9d172721 sorange to range 2023-07-21 16:21:18 -04:00
Corey Ogburn
bb7a918a16 Added ReverseLookup Option 
Defaults to false, has metadata to show up in the config section of soc.
 2023-07-21 13:18:08 -06:00
Wes
1848a835f5 Remove keyword 2023-07-19 13:52:15 +00:00
Jason Ertel
5eca1acbeb incorporate features pillar 2023-07-06 13:24:45 -04:00
Jason Ertel
951f04c265 remove use of pipe 2023-06-29 12:10:12 -04:00
Corey Ogburn
fb27e7c479 Also add to dashboard 
Duplicate new queryToggleFilter from hunt to dashboard.
 2023-06-23 11:30:26 -06:00
Corey Ogburn
261acee8a0 New Hunt queryToggleFilter 
New filter to exclude soc logs from hunt results.
 2023-06-23 11:30:26 -06:00
Jason Ertel
b21b545756 use cluster-unique password for import encryption 2023-06-23 09:37:41 -04:00
Corey Ogburn
2b323ab661 Fix salt cmd.run commands for importing 
Functional and easy to read.
 2023-06-22 17:30:56 -06:00
Jason Ertel
f4cbe20ddf Merge pull request #10641 from Security-Onion-Solutions/jertel/fix-import 
fix quotations
 2023-06-22 14:46:41 -04:00
Jason Ertel
0d92a1594a fix quotations 2023-06-22 14:41:39 -04:00
Corey Ogburn
6769386c86 Change upload path 2023-06-22 10:59:24 -06:00
Corey Ogburn
b5e5bd57ad Fix for Upload Import 
Needed to mount /nsm/soc/uploads into soc container.

Made the upload route configurable.

Added gpg logging to salt-relay.
 2023-06-21 15:41:16 -06:00