e105bd12e6
Fix custom name
2025-12-09 09:49:27 -05:00
72a4ba405f
match correct custom ruleset name
2025-12-08 16:45:40 -05:00
271f545f4f
Fixup Airgap
2025-12-06 15:26:44 -05:00
89a9106d79
Add context
2025-11-29 15:17:28 -05:00
ced3af818c
Refactor for Airgap
2025-11-25 13:51:50 -05:00
a77157391c
remove idstools
2025-09-17 10:42:05 -04:00
33c23c30d3
Refactors playbook repo configuration
...
Replaces individual playbook repo fields with an array of repos to support multiple playbook sources. Refactor Jinja.
2025-06-30 11:43:02 -06:00
a3b5db5945
Add support for Airgap for Playbooks
2025-06-06 16:17:14 -04:00
8958da83b3
Deprecate instead
2024-11-20 18:00:26 -05:00
469ca44016
fix maps
2024-06-20 16:53:12 -04:00
81fcd68e9b
create and use redis:nodes and elasticsearch:nodes pillars
2024-06-20 16:42:11 -04:00
5d3fd3d389
AdditionalCA and InsecureSkipVerify
...
New fields have been added to manager and then duplicated over to SOC's config in the same vein as how proxy was updated earlier this week.
AdditionalCA holds the PEM formatted public keys that should be trusted when making requests. It has been implemented for both Sigma's zip downloads and Sigma and Suricata's repository clones and pulls.
InsecureSkipVerify has been added to help our users troubleshoot their configuration. Setting it to true will not verify the cert on outgoing requests. Self signed, missing, or invalid certs will not throw an error.
2024-06-07 12:47:09 -06:00
e85c3e5b27
SOC Proxy Setting
...
The so_proxy value we build during install is now copied to SOC's config.
2024-06-06 11:55:27 -06:00
45fd07cdf8
Merge pull request #12987 from Security-Onion-Solutions/jertel/testcy
...
Add quick action to find related alerts for a detection
2024-05-09 18:08:08 -04:00
fecd674fdb
Add quick action to find related alerts for a detection
2024-05-09 17:55:41 -04:00
554a203541
update airgapEnabled in map file
2024-05-06 12:59:45 -04:00
5b966b83a9
change rulesRepos for airgap or not
2024-05-06 09:26:52 -04:00
7122709bbf
set Sigma rules based on role if defined and default if not
2024-05-01 12:25:34 -04:00
ca807bd6bd
Use list not string
2024-04-04 16:58:39 -04:00
49d5fa95a2
Detections tweaks
2024-04-04 11:26:44 -04:00
94ee761207
Remove Playbook ref
2024-03-25 21:11:47 -04:00
844cfe55cd
handle airgap when detections not enabled
2024-03-13 20:52:17 -04:00
927fe9039d
handle airgap when detections not enabled
2024-03-13 20:50:03 -04:00
1a829190ac
remove modules if detections disabled
2024-03-13 09:46:44 -04:00
c6baa4be1b
Airgap Support - Detections module
2024-02-26 16:19:32 -05:00
daf96d7934
fix new eventFields in merged.map.jinja
2024-02-23 17:07:48 -05:00
7da0ccf5a6
add more endpoint.events.x entries to merged.map.jinja
2024-02-23 15:35:53 -05:00
573d565976
convert _x_ to . for soc ui to config
2024-02-23 15:03:44 -05:00
35157f2e8b
add comment
2023-09-07 15:46:04 -04:00
60f1947eb4
prevent endgame_dict from being added to standard_actions if it is already present
2023-09-07 14:01:19 -04:00
ffaab4a1b4
only add endgame to action if it is populated
2023-09-06 14:19:53 -04:00
8e18986671
enabled/disable soc in ui
2023-05-11 15:33:16 -04:00
aed41404fc
Merge pull request #9852 from Security-Onion-Solutions/kilo
...
Remove FleetDM tool from SOC instead of deactivating it; generate SRV key during setup
2023-02-24 13:05:58 -05:00
d3c5d0569a
Remove FleetDM tool instead of deactivating it
2023-02-24 10:20:02 -05:00
8f46e4aa30
set docker extra_hosts for soc
2023-02-23 12:26:58 -05:00
ea0c3db8e1
upgrade influxdb
2023-02-08 13:23:45 -05:00
f84ceca03e
consolidate eventFields from hunt and dashbaords into a single setting
2022-12-15 14:22:23 -05:00
deb19d24b8
Always use local docs
2022-09-13 14:24:35 -04:00
5ccc103083
fix soc dashboards and things
2022-09-09 14:31:04 -04:00
5bb001281b
soc defaults changes - client child of server
2022-09-08 15:57:18 -04:00
2bd9dd80e2
Move In Day
2022-09-07 09:06:25 -04:00
DefensiveDepth
Corey Ogburn
m0duspwnens
Jason Ertel
Jason Ertel
Doug Burks
Mike Reeves