CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-24 01:43:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
16,488 Commits 19 Branches 120 Tags
bf38055a6c20fb93a03bd57f99cb44e8374f962a
Commit Graph

862 Commits

Author SHA1 Message Date
Josh Brower
2fff6232c1 Merge pull request #14638 from Security-Onion-Solutions/2.4/playbooks-parsing 
Add parsing for Playbook
 2025-05-19 18:06:05 -04:00
Corey Ogburn
39f74fe547 Use the new JSON object editor for RulesRepos config entries 2025-05-19 15:38:45 -06:00
Corey Ogburn
11fb33fdeb Add RulesetName to Rule Repos 
Fill in `rulesetName` in the rules repos of the ElastAlert and Strelka engines. These will act as an example to anybody adding their repos to these lists. The field is not required, but helps avoid collisions when managing repos as the value is used for the folder name. When not present, the final folder of the repo url is used as the rulesetName and as the folder name on disk.

Note that rulesetNames including a `/` will create extra folders in the path but the rulesetName will contain the slash, i.e. `rulesetName="joesecurity/sigma-rules"` will create the nested structure of `reposFolder/joesecurity/sigma-rules" containing the contents of the repo. All rules imported from this repo will have the ruleset of `joesecurity/sigma-rules`.
 2025-05-19 14:19:56 -06:00
Josh Brower
58f4db95ea Create playbooks dir 2025-05-19 15:31:50 -04:00
Josh Brower
b55cb257b6 Add parsing for Playbook 2025-05-19 13:25:27 -04:00
Josh Brower
9022dc24fb Add Parsing for Playbooks 2025-05-14 13:19:50 -06:00
Corey Ogburn
78b7068638 Playbook Settings 
Map a folder from the manager's soc config folder to soc's sensoroni folder for storing the playbook repo.

Added playbook module section with default values.
 2025-05-14 13:19:49 -06:00
Doug Burks
a8cb18bb2e Update defaults.yaml to replace remaining instances of identity_id with user.name 2025-05-08 09:09:26 -04:00
Josh Brower
d47a798645 Show user.name instead of id 2025-05-07 11:17:00 -04:00
Jason Ertel
1ecf2b29fc update default actions for subgrid support 2025-05-06 13:56:16 -04:00
Jason Ertel
3b447b343f fix typo 2025-04-17 11:51:45 -04:00
Jason Ertel
d0375d3c7e fix typo 2025-04-17 11:51:21 -04:00
Jason Ertel
b607689993 improve regex 2025-04-17 11:47:52 -04:00
Jason Ertel
8f1e528f1c improve regex 2025-04-17 11:09:39 -04:00
Jason Ertel
366e39950a subord annotations; ensure node reboots occur in background 2025-04-16 15:55:16 -04:00
Jason Ertel
b99bb0b004 support options field on actions 2025-04-04 11:19:30 -04:00
Jason Ertel
9c455badb9 support background actions via config UI 2025-04-03 13:08:44 -04:00
Jason Ertel
1236c8c1f2 support pcap imports for sensors in distributed grids 2025-03-21 10:34:55 -04:00
Jason Ertel
ad8f3dfde7 use specified role on new user add 2025-03-17 14:55:40 -04:00
Jason Ertel
2af05b9a23 switch back to colon for better clarity 2025-03-07 08:24:19 -05:00
Doug Burks
3037dc7c38 Update soc_soc.yaml to fix previous change 2025-03-07 07:13:27 -05:00
Mike Reeves
14e95f4898 Update soc_soc.yaml 2025-03-06 21:01:45 -05:00
Mike Reeves
bad0031829 Update soc_soc.yaml 2025-03-06 20:58:23 -05:00
Mike Reeves
03ebc2d86e Add Actions 2025-03-05 15:58:10 -05:00
Mike Reeves
3021ed5d36 Add Actions 2025-03-05 15:56:26 -05:00
Mike Reeves
b51aa56e86 Some things I thought were bools are not bools 2025-03-05 15:15:26 -05:00
Mike Reeves
b01fb733a9 Some things I thought were bools are not bools 2025-03-05 14:56:26 -05:00
Mike Reeves
c7c6d3e556 Merge branch '2.4/dev' of github.com:Security-Onion-Solutions/securityonion into truefalse 2025-03-05 13:21:21 -05:00
Corey Ogburn
21a64b6c1d Add Client Parameter 
Add groupItemsPerPage so detections groupby tables have proper default value for page size.
 2025-03-05 09:43:21 -07:00
Doug Burks
c6c67f4d06 FEATURE: Add sankey chart to Elastic Agent API dashboard to show relationship between process.name and process.Ext.api.name #14339 2025-03-05 06:31:16 -05:00
Jason Ertel
85450693a2 Merge branch '2.4/dev' into jertel/wip 2025-03-04 10:55:29 -05:00
Jason Ertel
0047246cf2 reduce stdout verbosity 2025-03-04 10:55:12 -05:00
Doug Burks
44535cba8c FIX: Elastic Agent Security Events dashboard should reference user.effective.name #14325 2025-03-04 06:46:56 -05:00
Doug Burks
e53f4fd1f1 Update defaults.yaml to quote the process.entity_id value 2025-03-02 05:54:30 -05:00
Mike Reeves
2ffaf2f601 Add hunt queries 2025-02-27 12:42:03 -05:00
Mike Reeves
4696152f78 Add hunt queries 2025-02-27 12:31:51 -05:00
Mike Reeves
a0944f8359 Add hunt queries 2025-02-27 12:17:57 -05:00
Mike Reeves
1fdbe987b8 Add hunt queries 2025-02-27 12:15:37 -05:00
Mike Reeves
40303c2d78 Add hunt queries 2025-02-27 12:10:59 -05:00
Mike Reeves
4b5048bd80 Add hunt queries 2025-02-27 11:57:57 -05:00
Mike Reeves
9d31050907 roll back SOC changes 2025-02-27 11:32:59 -05:00
Mike Reeves
e930d1dec6 roll back SOC changes 2025-02-27 11:28:06 -05:00
Mike Reeves
1d3bae4a7a Add additional entries for actions 2025-02-27 11:15:51 -05:00
Mike Reeves
d950e4ebb3 Add additional entries for actions 2025-02-27 11:11:56 -05:00
Mike Reeves
3ba82bd5a4 Fix actions 2025-02-27 11:04:47 -05:00
Mike Reeves
6c00cdd726 Fix healthlink 2025-02-26 16:15:00 -05:00
Mike Reeves
8bc500e4da soc 2025-02-26 14:16:42 -05:00
Mike Reeves
25217c3262 soc 2025-02-26 14:14:25 -05:00
Mike Reeves
0c2797ecdc soc 2025-02-26 13:49:30 -05:00
Mike Reeves
101f6e744a sensoroni 2025-02-26 13:44:35 -05:00