CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
3,140 Commits 24 Branches 119 Tags
ba9ff34cff1c563022be0deb23f69ce7d52e4190
Commit Graph

49 Commits

Author SHA1 Message Date
Doug Burks
29420da565 Only process zeek.dns.tld if dns.query.name contains a dot #734 
https://github.com/Security-Onion-Solutions/securityonion-saltstack/issues/734
 2020-05-19 10:08:30 -04:00
Doug Burks
9cc750a90f fix dns tld failures 2020-05-18 08:32:37 -04:00
Wes Lambert
4b91ade2e8 fix message_types one more time :) 2020-05-16 15:03:27 +00:00
Wes Lambert
9845ee189c fix message_types for real 2020-05-16 15:02:41 +00:00
Wes Lambert
6a2ddd4ef6 move to DNS 2020-05-16 14:58:51 +00:00
Wes Lambert
66c89abbc6 Fix DHCP message types 2020-05-16 14:58:06 +00:00
Doug Burks
cc7a244d0b Create zeek.dns.tld 
https://github.com/Security-Onion-Solutions/securityonion-saltstack/issues/599
 2020-05-15 15:32:25 -04:00
Doug Burks
60d2a0818b Add to zeek.dns and have it send to zeek.dns.tld 
https://github.com/Security-Onion-Solutions/securityonion-saltstack/issues/599
 2020-05-15 15:31:17 -04:00
Josh Brower
e02bf2ebb5 Merge branch 'dev' of https://github.com/Security-Onion-Solutions/securityonion-saltstack into dev 2020-05-15 15:05:47 -04:00
Josh Brower
9d4536dcbe osquery ingest parsing update 2020-05-15 15:05:21 -04:00
Doug Burks
fc883745e5 add fields to conn log 
https://github.com/Security-Onion-Solutions/securityonion-saltstack/issues/599
 2020-05-15 15:02:02 -04:00
Doug Burks
58d59c6844 use null safe operator for source.port and destination.port 
https://github.com/Security-Onion-Solutions/securityonion-saltstack/issues/594
 2020-05-15 14:58:21 -04:00
Wes Lambert
03805bd6e2 remove type field 2020-05-15 18:29:49 +00:00
Wes Lambert
5d5f5cf105 update DCE/RPC parsing 2020-05-15 18:19:05 +00:00
Josh Brower
abd907fee1 Merge pull request #659 from Security-Onion-Solutions/bugfix/nids-parsing-alerting 
suricata parsing
 2020-05-12 14:07:51 -04:00
Josh Brower
62bec93190 suricata parsing 2020-05-12 14:04:02 -04:00
Mike Reeves
0b7568e08f Update soc.json with default search info 2020-05-12 13:57:40 -04:00
Josh Brower
6332509a33 osquery pipeline fix 2020-04-15 20:22:54 -04:00
Wes Lambert
59787a6532 update parsing for Zeek files 2020-04-14 13:08:31 +00:00
Josh Brower
634100318e osquery ingest ecs 2020-04-13 10:58:13 -04:00
Josh Brower
edae63097c fleet osquery fixes 2020-04-10 16:56:37 -04:00
Wes Lambert
9e50387eec update ingest files 2020-04-05 20:40:00 +00:00
Wes Lambert
e023aeb9be use agent name for observer name 2020-04-01 21:27:25 +00:00
weslambert
f13093dc51 Add message rename 2020-04-01 11:31:57 -04:00
Josh Brower
0e76447d11 osquery ingest - initial support 2020-04-01 10:17:36 -04:00
Wes Lambert
eacd3c9bfd update zeek.common 2020-03-31 00:36:42 +00:00
Wes Lambert
ad50093315 add community_id parsing for ingest 2020-03-30 15:49:36 +00:00
Wes Lambert
93c3c86e2f update wazuh fields and category 2020-03-30 14:24:01 +00:00
Wes Lambert
ef808875f4 fix ossec fields 2020-03-24 15:42:31 +00:00
Wes Lambert
083c588a87 add some more fields 2020-03-24 03:43:31 +00:00
Wes Lambert
a5ff21c528 remove agent field for non-Wazuh logs 2020-03-17 15:20:46 +00:00
Wes Lambert
b80e7fedcb remove agent field for non-Wazuh logs 2020-03-17 15:20:31 +00:00
Wes Lambert
488858f8bc remove beat field removal 2020-03-17 15:19:08 +00:00
Wes Lambert
c52220330b modify pipelines 2020-03-14 12:03:32 +00:00
Wes Lambert
648b0ba790 remove old config 2020-03-11 12:14:22 +00:00
Wes Lambert
9ad16e8c71 upadte ingest config 2020-03-11 12:13:53 +00:00
Wes Lambert
b1203cfb9f add initial Strelka ingest config 2020-03-03 21:20:45 +00:00
Wes Lambert
ec6638a276 src/dst ip/port fields to ECS 2020-03-02 19:10:18 +00:00
Wes Lambert
e4fee51ed6 Change Bro Files source to file_source 2020-03-02 19:09:24 +00:00
Mike Reeves
783a9cd102 Elastic Search State - Fix ingest to work with storage nodes 2019-10-25 09:51:04 -04:00
doug
cb899943aa incoming bro_tunnel logs should go to bro_tunnels 2019-09-24 14:00:22 -04:00
doug
8472b24a67 parse Bro logs using Elasticsearch ingest node 2019-09-23 16:04:23 -04:00
Wes Lambert
90e3b6912c Curator - Remove Curator files from ES module 2018-12-05 13:14:19 +00:00
Mike Reeves
8cd7278ad1 ElasticSearch Module - Fix logic for master 2018-11-02 14:16:11 -04:00
Mike Reeves
0268f98f8e Fix connectivity 2018-10-31 16:53:23 -04:00
Mike Reeves
2760012741 Elastic Rework 2018-10-10 17:02:18 -04:00
Mike Reeves
e36d2ae11f ES salt module - Add curator config 2018-02-13 15:27:52 -05:00
Mike Reeves
9c9cea62b6 ES salt module - Add curator skeleton 2018-02-13 14:57:59 -05:00
Mike Reeves
9edd987fc6 ES salt module - Rename to elasticsearch 2018-02-08 15:09:28 -05:00