CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-10 11:12:51 +01:00
Code Issues Packages Projects Releases Wiki Activity
9,813 Commits 26 Branches 119 Tags
bb9d6673ec419767fdad0e6937c818372f0c0780
Commit Graph

9813 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
weslambert
bb9d6673ec Fix casing 2022-03-21 12:38:50 -04:00
weslambert
9afa949623 Don't rotate Filebeat log on startup 2022-03-21 12:38:12 -04:00
weslambert
b2c26807a3 Add xpack.reporting.kibanaServer.hostname to defaults file 2022-03-21 09:30:25 -04:00
Wes Lambert
faeaa948c8 Remove extra Salt logic and clean up output format of resultant script 2022-03-19 04:31:48 +00:00
Wes Lambert
1a6ef0cc6b Re-enable FB module load 2022-03-19 03:55:40 +00:00
Wes Lambert
a18b38de4d Update so-filebeat-module-setup to use new load style to avoid having to explicitly enabled filesets 2022-03-19 03:54:41 +00:00
Wes Lambert
2e7d314650 Remove Cyberark module 2022-03-19 03:43:55 +00:00
Wes Lambert
c97847f0e2 Remove Threat Intel Recored Future fileset 2022-03-19 03:43:34 +00:00
Wes Lambert
59a2ac38f5 Disable FB module load for now 2022-03-18 22:12:09 +00:00
Wes Lambert
543bf9a7a7 Update Kibana version to 8 2022-03-18 22:07:21 +00:00
Wes Lambert
d111c08fb3 Update Curator commands with new Filebeat module variables 2022-03-18 21:45:33 +00:00
weslambert
a9ea99daa8 Switch from so_elastic user to so_kibana user for Elastic 8 2022-03-18 15:09:50 -04:00
weslambert
cb0d4acd57 Remove X-Pack ML entry for Elastic 8 2022-03-18 14:46:28 -04:00
weslambert
e0374be4aa Update version from 7.16.2 to 8.1.0 for Kibana config 2022-03-18 11:57:33 -04:00
weslambert
6f294cc0c2 Change Kibana user role from superuser to kibana_system for Elastic 8 2022-03-18 11:54:08 -04:00
weslambert
5ec5b9a2ee Remove older module config files 2022-03-18 10:14:13 -04:00
weslambert
c659a443b0 Update from search.remote to cluster.remote for Elastic 8 2022-03-17 21:25:10 -04:00
weslambert
99430fddeb Update from search.remote to cluster.remote for Elastic 8 2022-03-17 21:24:39 -04:00
weslambert
7128b04636 Remove indices.query.bool.max_clause_count because it is dynamically allocated in Elastic 8 2022-03-17 21:20:41 -04:00
weslambert
712a92aa39 Switch from log input to filestream input 2022-03-17 21:18:03 -04:00
Wes Lambert
6e2aaa0098 Clean up original map file 2022-03-17 21:08:57 +00:00
Wes Lambert
09892a815b Add back bind mounts and remove THIRDPARTY 2022-03-17 21:06:07 +00:00
Wes Lambert
a60ef33930 Reorganize FB module management 2022-03-17 21:01:03 +00:00
weslambert
aaded58131 Merge pull request #7565 from Security-Onion-Solutions/fix/es_template_fix 
Custom ES template fixes
 2022-03-15 11:09:46 -04:00
Doug Burks
9bf0265cea Merge pull request #7566 from Security-Onion-Solutions/feature/hunt-soc-auth 
FEATURE: Add new Hunt query for SOC logins #7327
 2022-03-15 10:58:40 -04:00
Mike Reeves
e01c1398d5 Merge pull request #7564 from Security-Onion-Solutions/removethehive 
Removethehive
 2022-03-15 10:56:08 -04:00
Wes Lambert
42d6c3a956 Replace Elastic connection check using ELASTICCURL with so-elasticsearch-query 2022-03-15 14:55:04 +00:00
Doug Burks
eec44a6b02 Add a SOC Auth query to hunt.queries.json 2022-03-15 10:38:46 -04:00
Doug Burks
d1e1887e36 Add support for Kratos audit logs in hunt.eventfields.json 2022-03-15 10:37:58 -04:00
Wes Lambert
5f56c7a261 Replace ELASTICCURL with so-elasticsearch-query 2022-03-15 14:32:00 +00:00
weslambert
d46620ea2a Merge pull request #7561 from Security-Onion-Solutions/es_template_map_fix 
Custom ES Template Fixes
 2022-03-15 10:01:42 -04:00
Jason Ertel
408f9d6695 Update .gitleaks.toml 2022-03-15 09:53:27 -04:00
Jason Ertel
b810f14428 Update .gitleaks.toml 2022-03-15 09:53:11 -04:00
Jason Ertel
cec9cba40e Create .gitleaks.toml 2022-03-15 09:47:57 -04:00
Jason Ertel
8ebeeb497f add configuration to override leak detector defaults 2022-03-15 09:43:09 -04:00
Mike Reeves
9c80ff4f65 Remove hive from more files 2022-03-15 09:37:58 -04:00
Mike Reeves
81f0aa58b8 Remove hive from more files 2022-03-15 08:28:03 -04:00
Doug Burks
63cef4daff Merge pull request #7557 from Security-Onion-Solutions/dougburks-patch-1 
FIX: surilogcompress cron job not running
 2022-03-15 07:41:05 -04:00
Doug Burks
db4f138a78 FIX: surilogcompress cron job not running 
The suricata user was originally created with `/opt/so/conf/suricata` as its home directory. I think at some point we changed permissions on `/opt/so/conf` and at that point the `surilogcompress` cron job stopped working. Changing the home directory to `/nsm/suricata` works on all of my PROD systems (including Ubuntu and CentOS).

For more information, please see:
https://github.com/Security-Onion-Solutions/securityonion/issues/7133
 2022-03-15 07:10:02 -04:00
Mike Reeves
b5b60af16f Remove hive from so-user 2022-03-14 15:06:07 -04:00
Mike Reeves
b83fec6fd2 More hive remova 2022-03-14 14:51:39 -04:00
Mike Reeves
ff30f572d7 Remove thehive from image common 2022-03-14 10:40:41 -04:00
Mike Reeves
95195c07fc Disable hive in automation files 2022-03-14 10:36:23 -04:00
Jason Ertel
16f673d956 Merge pull request #7541 from Security-Onion-Solutions/kilo 
Add assignee field to case list
 2022-03-14 08:49:46 -04:00
Jason Ertel
5a28725def Add assignee to case list 2022-03-14 08:45:28 -04:00
Wes Lambert
ba24f75893 Fix index typo 2022-03-11 18:11:16 +00:00
Wes Lambert
70ed20f691 Add new sls file for custom ES index templates 2022-03-11 18:07:23 +00:00
Wes Lambert
d12ff503c2 Chage role loading verbiage 2022-03-11 16:23:19 +00:00
Wes Lambert
dc258cf043 Load custom component templates in so-elasticsearch-templates-load 2022-03-11 16:22:55 +00:00
Wes Lambert
8e43a6e571 Don't generate index template if index_template definition is not present in pillar 2022-03-11 16:22:06 +00:00