CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 17:52:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
12,616 Commits 24 Branches 119 Tags
be028aa23e96f61854a3d02b51cc15f8c0aa4097
Commit Graph

1658 Commits

Author SHA1 Message Date
Wes
91d24d36f9 Add initial ILM lifecycle status explanation script 2023-02-08 21:34:15 +00:00
Wes
3e31bda285 Fix typo in Elasticsearch portion of script names 2023-02-08 21:32:17 +00:00
Wes
1de3871ee9 Add initial ILM service restart script 2023-02-08 21:30:25 +00:00
Wes
03849b0659 Add initial ILM service start script 2023-02-08 21:29:38 +00:00
Wes
b38f4ca766 Add initial ILM service stop script 2023-02-08 21:29:16 +00:00
Wes
8027055086 Add initial ILM policy delete script 2023-02-08 21:09:42 +00:00
Wes
d6d01f8542 Add initial ILM policy view script 2023-02-08 21:01:02 +00:00
Wes
713e9ee215 Create initial template for ILM policy load script 2023-02-08 20:10:41 +00:00
Jason Ertel
51674b3a5b upgrade influx 2023-02-08 13:50:32 -05:00
Jason Ertel
a1ac1785d3 upgrade influx 2023-02-08 13:40:27 -05:00
Jason Ertel
ea0c3db8e1 upgrade influxdb 2023-02-08 13:23:45 -05:00
m0duspwnens
6e45f1b6e1 Merge remote-tracking branch 'remotes/origin/2.4/dev' into 2.4/firewall 2023-02-03 09:55:50 -05:00
Wes
bc082dff99 Only run Zeek if it is defined as 'mdengine' 2023-02-02 16:22:42 +00:00
m0duspwnens
9eae31e488 add managersearch to allowed roles for so-firewall. fix setup error from so-firewall "Please specify a role with --role=" 2023-02-02 10:03:22 -05:00
weslambert
d242050627 Disable loading of Kibana and Logstash logs for now since there are issues with the packages from the registry 2023-02-01 15:59:35 -05:00
Josh Brower
e4b10aa28c Remove endif 2023-02-01 15:47:26 -05:00
Josh Brower
1c1b079058 Change default output 2023-02-01 15:42:05 -05:00
Josh Brower
967a0807ad Fix typo 2023-02-01 09:16:34 -05:00
Josh Brower
b8d8a5fd6b Remove default outputs 2023-01-31 17:02:41 -05:00
Josh Brower
18a54b86f4 More fixes 2023-01-31 14:57:39 -05:00
weslambert
74eed31eec Change Elasticsearch output name from 'so-manager_elasticsearch2' to 'so-manager_elasticsearch' 2023-01-31 12:55:03 -05:00
Wes
5472f53c9f Remove bind mount and reference the correctly named entrypoint script 2023-01-30 21:24:30 +00:00
Wes
0156784687 Add EVTX integration policy for 'so-import-evtx' 2023-01-30 21:22:37 +00:00
Wes
cc100e50cd Update so-import-evtx to convert EVTX to a JSON file instead of streaming to Elasticsearch 2023-01-30 21:09:58 +00:00
weslambert
8240e5b20d Remove 'prospector.scanner' prefix from 'exclude_files' configuration 2023-01-27 16:46:43 -05:00
Doug Burks
b160d0add5 Fix typos in so-elastic-fleet-integration-policy-load 2023-01-27 15:45:58 -05:00
weslambert
68fac4488e Fix syntax for Zeek integration policies 2023-01-27 15:27:15 -05:00
weslambert
e47f64bd04 Change event.category from 'file' to 'network' 2023-01-27 12:00:30 -05:00
weslambert
f49627cec1 Update Zeek file exclusions and add a minor output formatting change 2023-01-27 11:47:14 -05:00
weslambert
6b251a2596 Change 'pipeline' to 'import.file' so that ICS tag conditional is applied to the correct field 2023-01-27 11:30:06 -05:00
Josh Brower
a71cbcfc9b Pull in upstream changes 2023-01-27 07:53:53 -05:00
Josh Brower
29aa6dceed Add logstash 2023-01-27 07:49:21 -05:00
weslambert
a8d2631d75 Merge pull request #9650 from Security-Onion-Solutions/fix/elastic_agent_add_import_mode 
Elastic Agent - Import Mode
 2023-01-26 11:33:20 -05:00
Wes
b381c5424e Remove extra whitespace after 'so-elastic-agent-builder' line in 'so-image-common' 2023-01-26 16:13:23 +00:00
Wes
f1db1bc273 Ensure Kratos events are sent to a data stream instead of an index 2023-01-26 16:12:06 +00:00
Wes
8051fc70eb Temporarily disable the loading of the RITA package policy 2023-01-26 16:03:59 +00:00
Wes
a9a119f1ab Add Elasticsearch output to 'so-elastic-fleet-setup' for Import Mode 2023-01-26 16:02:27 +00:00
weslambert
6ee66a34bc Revert "Elastic Agent and Fleet - Import Mode" 2023-01-25 17:12:03 -05:00
m0duspwnens
790aa6b684 add logstash pillar items for minions 2023-01-25 15:18:56 -05:00
Wes
5c58cda872 Move certificate configuration outside of conditional logic 2023-01-25 19:29:50 +00:00
Wes
86a925e1c7 Download Elastic Agent images for Import Mode 2023-01-25 16:09:12 +00:00
Wes
838beabae5 Add missing single quote for Elastic Agent Elasticsearch output 2023-01-25 15:58:06 +00:00
Wes
506baa854d Configure Elasticsearch output if running Import Mode 2023-01-25 13:52:54 +00:00
weslambert
7bf9d77962 Rename Kratos data stream 2023-01-25 08:18:21 -05:00
Wes
38ead7cb82 Remove import tag for now 2023-01-24 17:58:19 +00:00
Wes
1e5377c78a Condense RITA integration policies, add ICS tags, and improve output readability 2023-01-24 16:56:20 +00:00
weslambert
7e0e5071d9 Merge pull request #9627 from Security-Onion-Solutions/fix/elastic_agent_integration_improvements 
Elastic Agent Integration Improvements
 2023-01-24 10:10:01 -05:00
Wes
7b4d8a47f0 Add copyright header to 'so-elastic-fleet-*' scripts 2023-01-24 15:07:00 +00:00
m0duspwnens
ee98e0684e change MASTER to MANAGER 2023-01-24 09:44:01 -05:00
Wes
40c6b380df Update Import and Zeek integration policies; also update Zeek ingest node pipelines to set event.dataset. 2023-01-23 21:44:46 +00:00