CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 01:32:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,174 Commits 24 Branches 119 Tags
bad9a16ebbca0308f99f6eaa6a0c7d1649e4a85b
Commit Graph

371 Commits

Author SHA1 Message Date
Jason Ertel
bad9a16ebb support non-async state apply 2025-10-08 13:02:44 -04:00
reyesj2
84b38daf62 name destination_geo & source_geo to destination.as and source.as better aligning with ECS and linking other log sources already using .as for ASN geo data. 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-07-25 16:17:22 -05:00
Josh Brower
31cd5b1365 Add support for dns.resolved_ip 2025-06-20 15:02:59 -04:00
Josh Brower
b55cb257b6 Add parsing for Playbook 2025-05-19 13:25:27 -04:00
Josh Brower
9022dc24fb Add Parsing for Playbooks 2025-05-14 13:19:50 -06:00
Jason Ertel
1236c8c1f2 support pcap imports for sensors in distributed grids 2025-03-21 10:34:55 -04:00
Jason Ertel
ad8f3dfde7 use specified role on new user add 2025-03-17 14:55:40 -04:00
defensivedepth
7237b8971e Refactor pipeline for hash changes 2024-12-23 15:41:13 -05:00
Jason Ertel
57a9992a3d Merge branch '2.4/dev' into jertel/wip 2024-11-11 10:06:44 -05:00
defensivedepth
f5bd8ab585 Rewrite docs 2024-11-07 15:33:47 -05:00
Jason Ertel
c9f6b5206a connect 2024-11-01 16:18:40 -04:00
Jason Ertel
825dbb36dd connect 2024-11-01 15:37:59 -04:00
Jason Ertel
cd2e5bf2d0 rename role 2024-10-31 17:20:44 -04:00
Jason Ertel
a146153ee9 switch to json 2024-10-30 12:44:01 -04:00
defensivedepth
5406a263d5 Add local custom template 2024-10-29 19:42:06 -04:00
Jason Ertel
3f3ac21f50 connect 2024-10-29 12:28:24 -04:00
Jason Ertel
11820a16f0 connect 2024-10-29 12:04:38 -04:00
Jason Ertel
1243c7588b connect 2024-10-28 19:42:01 -04:00
Jason Ertel
624c4855c8 connect 2024-10-28 19:25:20 -04:00
Jason Ertel
12a76a9d35 connect 2024-10-28 19:11:26 -04:00
defensivedepth
f3ca5b1c42 Remove OS-specific mappings 2024-10-28 09:19:51 -04:00
Jason Ertel
5e6dd2e8b3 connect 2024-10-23 16:49:02 -04:00
defensivedepth
dcdfaf66f4 Add process and file creation mappings 2024-10-16 15:20:52 -04:00
Doug Burks
dfd8ac3626 FIX: Update SOC MOTD #13320 2024-07-09 12:55:58 -04:00
Doug Burks
93ced0959c FEATURE: Add more links and descriptions to SOC MOTD #13216 2024-06-17 09:25:01 -04:00
Doug Burks
6f13fa50bf FEATURE: Add more links and descriptions to SOC MOTD #13216 2024-06-17 09:24:32 -04:00
Doug Burks
3bface12e0 FEATURE: Add more links and descriptions to SOC MOTD #13216 2024-06-17 09:23:14 -04:00
Doug Burks
b584c8e353 FEATURE: Add more links and descriptions to SOC MOTD #13216 2024-06-17 09:13:17 -04:00
Josh Brower
185fb38b2d Merge pull request #13079 from Security-Onion-Solutions/2.4/sigmapipelineupdates 
Add IDH mappings
 2024-05-24 14:48:22 -04:00
DefensiveDepth
550b3ee92d Add IDH mappings 2024-05-24 14:46:24 -04:00
DefensiveDepth
66725b11b3 Added unit tests 2024-05-24 09:55:10 -04:00
DefensiveDepth
d19c1a514b Detections backup script 2024-05-22 15:12:23 -04:00
DefensiveDepth
8cc4d2668e Move compile_yara 2024-04-16 12:52:14 -04:00
DefensiveDepth
376efab40c Ship Defender logs 2024-04-08 14:01:38 -04:00
Jason Ertel
3aea2dec85 analytics 2024-04-01 09:50:18 -04:00
Josh Brower
d832158cc5 Drop Hashes field 2024-03-01 15:26:02 -05:00
Josh Brower
b017157d21 Add antivirus mapping 2024-03-01 14:04:56 -05:00
Josh Brower
d04aa06455 Fix source.ip 2024-02-22 14:01:02 -05:00
Josh Brower
c886e72793 Imphash mappings 2024-02-22 08:59:33 -05:00
Josh Brower
0a9022ba6a Add hash mappings 2024-02-21 17:07:08 -05:00
Josh Brower
81a3e95914 Fixup sigma pipelines 2024-02-07 16:42:16 -05:00
Josh Brower
7e3187c0b8 Fixup sigma pipelines 2024-02-07 15:35:31 -05:00
Corey Ogburn
858166bcae WIP: Detections Changes 
Removed some strelka/yara rules from salt.

Removed yara scripts for downloading and updating rules. This will be managed by SOC.

Added a new compile_yara.py script.

Added the strelka repos folder.
 2024-01-30 15:43:51 -07:00
Jason Ertel
c09e8f0d71 improve timing of responses 2023-11-16 15:58:48 -05:00
Jason Ertel
de99cda766 improve timing of responses 2023-11-16 15:51:17 -05:00
m0duspwnens
99662c999f log operation and minion target 2023-10-20 13:41:24 -04:00
Doug Burks
da56a421e5 Update motd.md 2023-08-31 09:17:33 -04:00
Doug Burks
4426437ad3 Update motd.md 2023-08-10 15:04:31 -04:00
Jason Ertel
951f04c265 remove use of pipe 2023-06-29 12:10:12 -04:00
Jason Ertel
b21b545756 use cluster-unique password for import encryption 2023-06-23 09:37:41 -04:00