CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-26 14:37:49 +02:00
Code Issues Packages Projects Releases Wiki Activity
10,641 Commits 40 Branches 125 Tags
c39cd9a290913b79a22e9058ffdddcb7b2f0512a
Commit Graph

6321 Commits

Author SHA1 Message Date
Mike Reeves 4c5a2c0610 Update filecheck 2022-10-31 13:36:42 -04:00
Mike Reeves e9e7362005 Add Filechecks 2022-10-31 12:57:08 -04:00
Peter Di Giorgio b97c822800 Add zeek.bacnet_discovery and zeek.bacnet_property 2022-10-27 15:40:52 -07:00
Peter Di Giorgio 71e3b2d1fb Create zeek.bacnet 2022-10-27 15:40:07 -07:00
Peter Di Giorgio c524442172 Merge pull request #9008 from Security-Onion-Solutions/master 
Synch Foxtrot with 2.3.181 Release
 2022-10-26 13:10:01 -07:00
weslambert a170c194c8 Remove JA3er references 2022-10-26 10:18:10 -04:00
Peter Di Giorgio 2b51d72585 Rename zeek.read_write_multiple_registers to zeek.modbus_read_write_multiple_registers 2022-10-25 17:20:01 -07:00
Wes a91e3b601c Remove JA3er since it is no longer a valid service 2022-10-25 18:48:37 +00:00
Wes 4940421297 Add PyYAML .whl files back since they were 'deleted' in the previous commit 2022-10-25 18:47:51 +00:00
Wes 58b4a8fbab Change PyYAML .whl file name to comply with Joliet's 240-character limit 2022-10-25 18:47:02 +00:00
Mike Reeves bd7e12f682 Merge pull request #8952 from Njinx/dev 
FEATURE: so-pcap-export can run without needing to be attached to a TTY
 2022-10-25 14:38:48 -04:00
weslambert 0087768946 Revert "Change PyYAML .whl file name to comply with Joliet's 240-character limit/threshold" 2022-10-24 16:47:30 -04:00
Wes 1caac3f0b0 Add PyYAML .whl files back since they were 'deleted' in the previous commit. 2022-10-24 18:06:19 +00:00
Wes 54a5dd6cbd Change name of PyYAML .whl file to remain under Joliet's 240-character limit/threshold 2022-10-24 18:05:15 +00:00
Peter Di Giorgio 7a60d0987c Update zeek.conn to include client.oui 2022-10-21 13:02:01 -07:00
Peter Di Giorgio 9ac06057c1 Create zeek.read_write_multiple_registers 2022-10-21 13:00:12 -07:00
Peter Di Giorgio e5c69c3236 Create zeek.modbus_mask_write_register 2022-10-21 12:58:36 -07:00
Peter Di Giorgio 39f050c6e4 Rename modbus_detailed to zeek.modbus_detailed 2022-10-21 12:56:59 -07:00
Peter Di Giorgio 4ee083759c Rename dnp3_objects to zeek.dnp3_objects 2022-10-21 12:56:35 -07:00
Peter Di Giorgio 072bfd87b7 Create Ingest for Modbus Detailed 2022-10-21 12:53:30 -07:00
Peter Di Giorgio b7aaaa80bb Create Ingest for DNP3 Objects extension 2022-10-21 12:51:13 -07:00
Jason Ertel 05e271af47 update soup for 2.3.181 2022-10-21 11:52:54 -04:00
Ben Allen f13f05eb94 Run without needing to be attached to a TTY 2022-10-19 14:11:11 -04:00
Doug Burks f4042263a3 Remove destination_geo.organization_name from Sysmon Network sankey diagram 2022-10-13 08:59:10 -04:00
Doug Burks 7401008523 Update soup for 2.3.180 2022-10-11 12:58:37 -04:00
doug 454a7a4799 FEATURE: Add new Sysmon dashboards #8870 2022-10-07 11:52:49 -04:00
Doug Burks ab17cbee31 Update Elastic to 8.4.3 2022-10-07 07:03:10 -04:00
Doug Burks 9991f0cf95 update Elastic to 8.4.3 2022-10-07 07:02:24 -04:00
Mike Reeves b8355b3a03 Update soup 2022-09-22 09:10:12 -04:00
bryant-treacle 535b9f86db Merge pull request #8633 from Security-Onion-Solutions/bryant-sysmon 
Fix issues: 8591-8953
 2022-09-19 11:53:34 -04:00
Josh Brower e171dd52b8 Upgrade Elastic to 8.4.1 2022-08-30 16:11:40 -04:00
Josh Brower 27a837369d Upgrade Elastic to 8.4.1 2022-08-30 16:09:57 -04:00
bryant-treacle 82dff3e9da Fix issues: 8591-8953 2022-08-30 13:48:53 +00:00
Mike Reeves 76cca8594d Merge pull request #8623 from Security-Onion-Solutions/TOoSmOotH-patch-6 
Update soup
 2022-08-29 09:50:06 -04:00
weslambert 5c9c95ba1f Merge pull request #8622 from Security-Onion-Solutions/fix/strelka_yara_gen_webshells_ignore 
Ignore gen_webshells.yar
 2022-08-29 09:40:51 -04:00
Mike Reeves e62bebeafe Update soup 2022-08-29 09:39:41 -04:00
weslambert 8a0e92cc6f Add 'gen_webshells.yar' and re-arrange to put ignored rules in alphabetical order 2022-08-29 09:37:29 -04:00
Mike Reeves 30b9868de1 Update soup 2022-08-29 09:32:46 -04:00
weslambert f00d9074ff Allow local modification acceptance prompt to be skipped when passing 'skip-prompt' as a parameter value to check_local_mods() function 2022-08-19 16:07:14 -04:00
Mike Reeves fea2b481e3 Update rulecat.conf 2022-08-19 13:12:49 -04:00
weslambert fbf0803906 Update verbiage around major Elasticsearch version and not requiring Elastalert index maintenance 2022-08-18 09:16:22 -04:00
weslambert 5deda45b66 Update elastalert_indices_check() function to only delete Elastalert indices if major Elasticsearch version is less than 8 
Update elastalert_indices_check() function to only delete Elastalert indices if major Elasticsearch version is less than 8. Also clean up the output to only emit one notification regarding index deletion, and additional verbiage around function operation.
 2022-08-18 09:11:38 -04:00
m0duspwnens 2dfd41bd3c remove pipeline time panel - https://github.com/Security-Onion-Solutions/securityonion/issues/8369 2022-08-17 09:17:27 -04:00
Doug Burks 179f669acf FIX: so-curator-closed-delete-delete needs to reference new Elasticsearch directory #8529 2022-08-12 13:10:47 -04:00
Doug Burks 32c29b28eb revert to lower case #8469 2022-08-11 15:33:30 -04:00
Doug Burks 7bf2603414 revert to lower case #8469 2022-08-11 15:32:49 -04:00
Doug Burks 4003876465 FIX: Fix TLP options in Cases to align with TLP 2.0 #8469 2022-08-11 08:49:54 -04:00
Doug Burks 4c677961c4 FIX: Fix TLP options in Cases to align with TLP 2.0 #8469 2022-08-11 08:49:25 -04:00
weslambert fd7a118664 Invoke check_local_mods() function earlier so we don't have to wait for Docker image downloads or OS updates before checking and potentially exiting SOUP 2022-08-08 08:58:19 -04:00
weslambert d7906945df Add extra set of brackets for comparison of integers 2022-08-08 08:24:38 -04:00