CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,451 Commits 24 Branches 119 Tags
c4a70b540ebe17a99efd388c53094656bccf4cdf
Commit Graph

457 Commits

Author SHA1 Message Date
reyesj2
6f42ff3442 suricata capture_file 2025-11-20 14:16:49 -06:00
reyesj2
433dab7376 format json 2025-11-20 14:16:10 -06:00
reyesj2
bcec999be4 zeek.dns reduce errors 2025-11-14 15:47:29 -06:00
reyesj2
7c73b4713f update analyzer pipeline 2025-11-14 15:47:29 -06:00
reyesj2
fcfd74ec1e zeek.analyzer format json 2025-11-14 15:47:29 -06:00
reyesj2
68b0cd7549 rename zeek.dpd zeek.analyzer 2025-11-14 15:47:29 -06:00
reyesj2
715d801ce8 format json zeek.dns 2025-11-14 15:47:19 -06:00
reyesj2
211bf7e77b ignore errors on tld script 2025-11-14 09:25:19 -06:00
reyesj2
1542b74133 move dns tld fields to its own pipeline 2025-11-14 09:24:58 -06:00
reyesj2
da9717bc79 don't attempt rename if field doesn't exist -- reducing pipeline stat errors 2025-11-14 08:15:40 -06:00
reyesj2
431e0b0780 format suricata.alert json 2025-11-13 19:29:50 -06:00
reyesj2
e782266caa suricata 8 dns v3 2025-11-13 19:21:31 -06:00
reyesj2
7be70faab6 format json 2025-11-13 10:49:37 -06:00
Jorge Reyes
d2aa60b961 log4j2 settings 2025-10-17 07:40:44 -05:00
reyesj2
e910de0a06 update log4j2 policy for ES json output 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-10-16 16:19:55 -05:00
reyesj2
3e22043ea6 es logging retention 2025-10-14 15:08:51 -05:00
reyesj2
2baf2478da add additional elasticsearch log output in json format for elasticsearch log integration to parse 2025-10-14 12:47:03 -05:00
reyesj2
378d37d74e add event.module to elasticsearch server logs 2025-10-14 12:44:51 -05:00
Jorge Reyes
b35b0aaf2c Merge pull request #14941 from Security-Onion-Solutions/reyesj2/lgest 
zeek dns.resolved_ip
 2025-09-12 13:22:40 -05:00
Josh Brower
d89df5f0dd Merge pull request #15025 from Security-Onion-Solutions/2.4/fixes 
Parsing fix
 2025-09-12 13:44:03 -04:00
DefensiveDepth
f0c1922600 Support endpoint logs with no host.ip field 2025-09-12 13:31:34 -04:00
DefensiveDepth
ab2cdd18ed Support endpoint logs with no host.ip field 2025-09-12 13:29:43 -04:00
reyesj2
dfec29d18e custom kquery 2025-09-04 15:37:28 -05:00
reyesj2
a5675a79fe es 8.18.6 pipeline upd 2025-08-28 19:45:17 -05:00
reyesj2
d0ba6df2fc remove any "" from dns.resolved_ip 2025-08-19 13:44:24 -05:00
reyesj2
95bee91b12 zeek dns.resolved_ip 2025-08-19 11:20:59 -05:00
reyesj2
84b38daf62 name destination_geo & source_geo to destination.as and source.as better aligning with ECS and linking other log sources already using .as for ASN geo data. 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-07-25 16:17:22 -05:00
reyesj2
c29f11863e ja4 ignore empty strings 2025-07-17 10:47:00 -05:00
reyesj2
b3eb06f53e ja4 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-07-16 15:56:34 -05:00
reyesj2
bef2fa9e8d 8.18.3 pipeline updates 2025-07-08 16:09:16 -05:00
Josh Brower
31cd5b1365 Add support for dns.resolved_ip 2025-06-20 15:02:59 -04:00
reyesj2
fcdacc3b0d fix system integration time overwrite and delete unused ingest pipeline 2025-05-29 12:21:28 -05:00
Jorge Reyes
d3ee5ed7b8 use zeek network.community_id when available 2025-05-28 09:20:41 -05:00
Josh Brower
b753d40861 Tighten parsing 2025-05-20 17:06:11 -04:00
Josh Brower
b55cb257b6 Add parsing for Playbook 2025-05-19 13:25:27 -04:00
Josh Brower
df103b3dca Spacing 2025-05-14 16:36:59 -04:00
Josh Brower
0542c77137 Remove wip config 2025-05-14 16:35:09 -04:00
Josh Brower
9022dc24fb Add Parsing for Playbooks 2025-05-14 13:19:50 -06:00
reyesj2
e1d31c895e add null check 2025-05-07 21:25:30 -05:00
reyesj2
4d7fdd390c ldap_search include observer.name 2025-03-18 08:52:43 -05:00
reyesj2
4bd83f8983 zeek traceroute & ntp 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-03-03 10:48:06 -06:00
reyesj2
69b559fb26 ES 8.17.2 pipeline version updates 2025-02-20 17:11:28 -06:00
Jorge Reyes
a3dba9b566 Merge pull request #14255 from Security-Onion-Solutions/foxtrot 
ES 8.17.1
 2025-02-18 14:58:46 -06:00
reyesj2
1be8de7acb must use null check 2025-02-18 11:16:57 -06:00
reyesj2
c1c72ddd9b update global@custom pipeline ignore null/empty string values 2025-02-18 10:39:54 -06:00
reyesj2
12f0195f29 pfsense integration - keep suricata events 2025-02-17 12:28:23 -06:00
reyesj2
c711ffe6c5 keep pipeline "managed" metadata 2025-02-13 08:44:56 -06:00
reyesj2
09c7b31918 update pfsense pipeline version. Remove unused component templates 2025-02-12 16:33:56 -06:00
reyesj2
33f145a40b ensure network packet capture integration data has event.module:network_traffic 2025-02-10 13:16:39 -06:00
reyesj2
9bde70a8e2 zeek.software typo 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-02-07 15:19:40 -06:00