CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-02-26 00:45:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,633 Commits 28 Branches 121 Tags
be35b59b8c75f977b8b836d08d84d2c44ce4ff69
Commit Graph

11356 Commits

Author SHA1 Message Date
Mike Reeves
be35b59b8c Update echo messages for PCAP engine clarity 2026-02-24 10:04:26 -05:00
Mike Reeves
7170289a5e Continue upgrade after pcapengine is changed to SURICATA 
Instead of exiting and requiring the user to rerun the script after
changing pcapengine to SURICATA, let the script continue to the
version check and upgrade.
 2026-02-23 11:35:32 -05:00
Mike Reeves
ca040044bb Use so-yaml to update pcapengine pillar and fix file path 
Replace fragile sed with so-yaml.py replace for proper YAML handling.
Also correct the pillar file path from soc_soc.sls to soc_global.sls.
 2026-02-23 11:16:30 -05:00
Mike Reeves
f17e2961ed Add PCAP orphan warning and require SURICATA before upgrade 
- Warn users that undeleted Stenographer PCAP data will be inaccessible
  and never automatically cleaned up if they switch to SURICATA without
  deleting it first
- Require pcapengine to be set to SURICATA before allowing upgrade,
  with clear messaging when the user declines to change it
 2026-02-23 11:05:30 -05:00
Mike Reeves
bbc7668786 Add version check, PCAP cleanup prompts, and SOC config references to soupto3 
- Skip upgrade if already running Security Onion 3.x.x
- Add interactive prompts to delete Stenographer PCAP data (with double confirmation) and change pcapengine to SURICATA
- Direct users to SOC Configuration UI instead of editing pillar files directly
- Consolidate TRANSITION and STENO cases to reduce repeated code
 2026-02-23 10:49:54 -05:00
Mike Reeves
1888f9e757 Soup to 3 2026-02-23 10:07:16 -05:00
Jorge Reyes
1d57c02608 Merge pull request #15436 from Security-Onion-Solutions/reyesj2-patch-13 2026-01-28 15:36:50 -06:00
reyesj2
ebeeb91297 run fleet ssl state in fleet.config to ensure all required certs are created before so-elastic-fleet-setup runs 2026-01-28 15:23:38 -06:00
reyesj2
1c06bddb09 include all so-grid-nodes_* policies in automatic EA upgrades 2026-01-28 11:01:57 -06:00
Jorge Reyes
36f8c490c8 Merge pull request #15418 from Security-Onion-Solutions/reyesj2-patch-11 
update heavynode's elastic-agent standalone policy
 2026-01-28 08:11:02 -06:00
Jorge Reyes
94c1a641d8 Merge pull request #15424 from Security-Onion-Solutions/reyesj2-patch-5 
update redis log file path
 2026-01-28 08:10:47 -06:00
reyesj2
057131dce7 disable redis on heavynodes -- no longer in use 2026-01-27 16:39:07 -06:00
reyesj2
e5226b50ed disable logstash metrics collection on nodes not running logstash + fleet nodes 2026-01-27 16:37:23 -06:00
reyesj2
ff4ec69f7c remove redis log collection on heavynodes (disabled) 2026-01-27 16:28:06 -06:00
reyesj2
4ad6136d98 update redis log file path 2026-01-27 14:23:22 -06:00
reyesj2
6b1939b827 exclude known issues with 3 integrations 2026-01-27 12:59:17 -06:00
reyesj2
2038227308 remove reference to .fleet_final_pipeline-1 
- configure global@custom ingest pipeline to run  .fleet_final_pipeline-1 when available (heavynodes do not have this pipeline).
  - Update global@custom pipeline to remove error message related to sending EA logs through logstash (https://github.com/elastic/kibana/issues/183959)
 2026-01-26 14:01:58 -06:00
reyesj2
950852d673 update heavynode standalone elastic agent policy 2026-01-26 13:57:19 -06:00
reyesj2
8900f9ade3 collect elasticsearch logs on heavynodes via fleet managed elastic agent 2026-01-26 13:51:58 -06:00
reyesj2
8cf0d59560 remove block of elasticsearch-logs integration on heavynodes 2026-01-26 12:48:15 -06:00
reyesj2
a78e0b0871 only create /opt/so/state/eaintegrations.txt when all policies have been created/updated successfully 2026-01-26 12:26:21 -06:00
reyesj2
32f030f6f6 formatting 2026-01-26 12:24:31 -06:00
reyesj2
55b3fa389e no dates 2026-01-23 16:33:22 -06:00
reyesj2
b3ae716929 ignore kratos file mapping error 2026-01-23 16:31:30 -06:00
reyesj2
5d0c187497 format json 2026-01-23 14:45:31 -06:00
Jorge Reyes
30d8cf5a6c Merge pull request #15412 from Security-Onion-Solutions/reyesj2-patch-9 
missing  updates to variables
 2026-01-22 17:01:53 -06:00
reyesj2
b4c8f7924a missing updates to variables 2026-01-22 16:49:20 -06:00
reyesj2
809422c517 add retries to so-resources repo pull 2026-01-22 16:39:19 -06:00
reyesj2
8e3ba8900f fix auto soup - check for compatible versions and fallback to a known good value as needed 2026-01-22 16:12:21 -06:00
reyesj2
4c6ff0641b fix kafka state 2026-01-21 12:47:58 -06:00
Jorge Reyes
3e242913e9 Merge pull request #15407 from Security-Onion-Solutions/reyesj2-patch-6 
more better
 2026-01-20 15:31:44 -06:00
reyesj2
ba68e3c9bd more better 2026-01-20 15:30:19 -06:00
Josh Patterson
e1199a91b9 Merge pull request #15406 from Security-Onion-Solutions/bravo 
fix include
 2026-01-20 16:29:49 -05:00
Josh Patterson
d381248e30 fix include 2026-01-20 16:27:37 -05:00
Jorge Reyes
f4f0218cae Merge pull request #15404 from Security-Onion-Solutions/reyesj2-patch-6 
reinstall agent on grid nodes when service wasn't cleanly removed. eg…
 2026-01-20 13:34:55 -06:00
Josh Patterson
959fd55e32 create dir if nonexistent 2026-01-20 14:30:11 -05:00
reyesj2
a8e218a9ff reinstall agent on grid nodes when service wasn't cleanly removed. eg. manually deleting /opt/Elastic/Agent/ 2026-01-20 12:37:06 -06:00
Josh Patterson
627f0c2bcc allow logstash.ssl state for so-import 2026-01-20 11:58:31 -05:00
Josh Patterson
f6bde3eb04 remove double logging 2026-01-20 11:56:31 -05:00
Josh Patterson
f6e95c17a0 need to create_ca_pillar for 210 not 220 2026-01-20 11:55:57 -05:00
Josh Patterson
1234cbd04b allow logstash.ssl on so-eval 2026-01-20 09:30:32 -05:00
Josh Patterson
a192455fae Merge remote-tracking branch 'origin/2.4/dev' into bravo 2026-01-19 17:17:58 -05:00
Josh Patterson
66f17e95aa Merge pull request #15397 from Security-Onion-Solutions/fstes 
Fstes
 2026-01-16 18:38:06 -05:00
Josh Patterson
6f4b96b61b removing time logging changes 2026-01-16 18:31:45 -05:00
Josh Patterson
9905d23976 inform which state is being applied 2026-01-16 18:27:24 -05:00
Josh Patterson
074158b495 discard so-elasticsearch-templates-load running again during setup 2026-01-16 17:42:00 -05:00
Josh Patterson
82d5115b3f rerun so-elasticsearch-templates-load during setup 2026-01-16 16:43:10 -05:00
Josh Patterson
5c63111002 add timing to scripts to allow for debugging delays 2026-01-16 16:42:24 -05:00
Jorge Reyes
6eda7932e8 Merge pull request #15394 from Security-Onion-Solutions/reyesj2/elastic9-filestream 
remove usage of deprecated 'logs' integration in favor of 'filestream'
 2026-01-16 13:19:15 -06:00
reyesj2
2133ada3a1 add additional retries within scripts before salt re-runs the entire script 2026-01-16 13:09:08 -06:00