fbf0803906
Update verbiage around major Elasticsearch version and not requiring Elastalert index maintenance
2022-08-18 09:16:22 -04:00
5deda45b66
Update elastalert_indices_check() function to only delete Elastalert indices if major Elasticsearch version is less than 8
...
Update elastalert_indices_check() function to only delete Elastalert indices if major Elasticsearch version is less than 8. Also clean up the output to only emit one notification regarding index deletion, and additional verbiage around function operation.
2022-08-18 09:11:38 -04:00
2dfd41bd3c
remove pipeline time panel - https://github.com/Security-Onion-Solutions/securityonion/issues/8369
2022-08-17 09:17:27 -04:00
179f669acf
FIX: so-curator-closed-delete-delete needs to reference new Elasticsearch directory #8529
2022-08-12 13:10:47 -04:00
32c29b28eb
revert to lower case #8469
2022-08-11 15:33:30 -04:00
7bf2603414
revert to lower case #8469
2022-08-11 15:32:49 -04:00
4003876465
FIX: Fix TLP options in Cases to align with TLP 2.0 #8469
2022-08-11 08:49:54 -04:00
4c677961c4
FIX: Fix TLP options in Cases to align with TLP 2.0 #8469
2022-08-11 08:49:25 -04:00
fd7a118664
Invoke check_local_mods() function earlier so we don't have to wait for Docker image downloads or OS updates before checking and potentially exiting SOUP
2022-08-08 08:58:19 -04:00
d7906945df
Add extra set of brackets for comparison of integers
2022-08-08 08:24:38 -04:00
cb384ae024
Ensure check_local_mods() runs at the beginning of SOUP, in addition to the end, and also that it prompts (forces) the user to accept/review local modifications.
2022-08-05 11:25:33 -04:00
4827c9e0d4
Merge pull request #8475 from Security-Onion-Solutions/issue/8441
...
add SYSTEMD_UNIT_FILE back to map file
2022-08-05 10:55:44 -04:00
3b62fc63c9
add SYSTEMD_UNIT_FILE back to map file
2022-08-05 10:53:07 -04:00
ad32c2b1a5
Merge pull request #8472 from Security-Onion-Solutions/issue/8441
...
ensure ExecStartPre is removed from default salt-minion service file
2022-08-04 16:36:16 -04:00
f02f431dab
ensure ExecStartPre is removed from default salt-minion service file
2022-08-04 16:34:06 -04:00
812964e4d8
Merge pull request #8460 from Security-Onion-Solutions/issue/8441
...
ensure parent dirs are created
2022-08-03 17:01:50 -04:00
99805cc326
ensure parent dirs are created
2022-08-03 16:54:22 -04:00
8d2b3f3dfe
Merge pull request #8457 from Security-Onion-Solutions/issue/8441
...
fix the requisite
2022-08-03 15:17:44 -04:00
15f7fd8920
fix the requisite
2022-08-03 15:16:12 -04:00
50460bf91e
Merge pull request #8456 from Security-Onion-Solutions/issue/8441
...
manage salt-minion start delay with systemd drop-in file
2022-08-03 13:44:09 -04:00
8c694a7ca3
Disable ingest.geoip.downloader by default
2022-08-03 09:21:40 -04:00
9ac640fa67
Remove airgap-specific logic for ingest.geoip.downloader
2022-08-03 09:21:03 -04:00
db8d9fff2c
manage salt-minion start delay with systemd drop-in file - https://github.com/Security-Onion-Solutions/securityonion/issues/8441
2022-08-02 16:22:26 -04:00
f2b10a5a86
Update Kibana version to 8.3.3
2022-08-02 11:32:01 -04:00
c69cac0e5f
Update Kibana version to 8.3.3
2022-08-02 11:31:35 -04:00
839cfcaefa
Update Elasticsearch defaults file and config.map.jinja to allow for local GeoIP database use when airgap is enabled
2022-08-02 14:32:17 +00:00
4c1585f8d8
FIX: Display PCAP menu action on Dashboards page #8343
2022-07-29 14:50:10 -04:00
2cc665bac6
https://github.com/Security-Onion-Solutions/securityonion/issues/8404
2022-07-29 09:55:20 -04:00
340dbe8547
Check to see if Elastalert is enabled before trying to run 'so-elastalert-stop'. Also suppress error output for when so-elastalert container is not present.
2022-07-19 13:25:09 -04:00
5ceff52796
Move Elastalert indices check to function and call from beginning of soup and during pre-upgrade to 2.3.140
2022-07-19 14:54:39 +00:00
f3a0ab0b2d
Perform Elastalert index check twice
2022-07-19 14:48:19 +00:00
4a7c994b66
Revise Elastalert index check deletion logic
2022-07-19 14:31:45 +00:00
07b8785f3d
Update soup
2022-07-19 10:23:10 -04:00
2914007393
Add forward slash to fix issue with missing query path
2022-07-18 09:07:34 -04:00
f5e10430ed
Add forward slash to fix issue with missing query path
2022-07-18 09:07:13 -04:00
cf8c6a6e94
Update defaults.yaml
2022-07-14 15:17:27 -04:00
2443e8b97e
Change web_response to evaluate the response from the Spaces API and the default space query
2022-07-14 12:04:56 -04:00
0fd4f34b5b
Add shebang so that so-kibana-space-defaults will work correctly on Ubuntu
2022-07-13 16:48:39 -04:00
37df49d4f3
Merge pull request #8296 from Security-Onion-Solutions/elastalert_esversion_check
...
use onlyif requisite instead
2022-07-13 15:22:40 -04:00
7d7cf42d9a
use onlyif requisite instead
2022-07-13 15:21:34 -04:00
c67a58a5b1
change hyperlink for Elastic 8 issues
2022-07-13 12:40:03 -04:00
086cf3996d
do not start elastalert if elasticsearch is not v8
2022-07-13 11:21:27 -04:00
513c7ae56c
Add missing 'fi' to if/then for unsupported indices check
2022-07-13 09:13:28 -04:00
8e92060c29
Ensure Elastalert indices are deleted before continuing with SOUP -- if they are not, generate a failure condition
2022-07-13 08:38:55 -04:00
d7eb8b9bcb
Merge pull request #8281 from Security-Onion-Solutions/fix/soup_elasticsearch8_index_compatibility
...
SOUP - Check for indices created by Elasticsearch 6
2022-07-12 16:20:47 -04:00
d0a0ca8458
Update exit code for ES checks
2022-07-12 16:15:44 -04:00
4502182b53
Typo - Ensure Elasticsearch version 6 indices are checked
2022-07-12 15:35:46 -04:00
0fc6f7b022
Add check for Elasticsearch 6 indices
2022-07-12 15:34:24 -04:00
ec451c19f8
move port bindings back under port bindings
2022-07-12 15:17:25 -04:00
11d3ed36b7
Specify outputs for Elasticsearch and Kibana for Eval and Import Mode
...
Add outputs for Elasticsearch and Kibana for Eval/Import Mode, since Logstash is not used in Eval Mode or Import Mode. Otherwise, logs from these inputs end up in a filebeat-prefixed index.
2022-07-11 17:22:09 -04:00
weslambert
m0duspwnens
Doug Burks
Mike Reeves