2aa01280e7
Fix desktop package list
2023-06-21 13:34:47 -04:00
1675b787bf
exclude rocky-repos and remove files
2023-06-21 13:27:34 -04:00
4866eb2315
Fix desktop package list
2023-06-21 12:52:42 -04:00
f785fb2772
Fix desktop package list
2023-06-21 12:27:15 -04:00
8c9f863808
Fix desktop package list
2023-06-21 12:22:03 -04:00
1751e35121
Fix desktop package list
2023-06-21 12:20:57 -04:00
6676afc7de
Fix desktop package list
2023-06-21 12:19:48 -04:00
699ea1ac3e
Fix desktop package list
2023-06-21 11:48:37 -04:00
90fdb9c465
Update paths
2023-06-21 11:47:22 -04:00
48291f5271
Merge branch '2.4/dev' of https://github.com/Security-Onion-Solutions/securityonion into desktop
2023-06-21 11:43:05 -04:00
3a41b090c1
Update paths
2023-06-21 11:42:51 -04:00
139b36b189
Merge pull request #10627 from Security-Onion-Solutions/2.4/import-evtx
...
Refactor EVTX Import
2023-06-21 11:42:10 -04:00
6ddf887342
Refactor EVTX Import
2023-06-21 09:32:42 -04:00
6ba9e057a9
Merge pull request #10600 from Security-Onion-Solutions/fix/dataset_tags
...
Change format of event dataset and assign dataset to tags
2023-06-21 09:22:40 -04:00
6600484f8e
Update Docker
2023-06-21 09:15:31 -04:00
b02c38175c
Merge pull request #10624 from Security-Onion-Solutions/TOoSmOotH-patch-2
...
Salt Defunct Workaround
2023-06-20 17:44:53 -04:00
4497f6561f
Salt Defunct Workaround
...
This can be removed once they patch salt
2023-06-20 17:27:02 -04:00
0fc03baf58
Desktop Packages
2023-06-20 13:41:10 -04:00
fb81c6e2e3
Merge pull request #10601 from Security-Onion-Solutions/cogburn/10413
...
Cogburn/10413
2023-06-20 11:08:53 -06:00
ad28ea275f
Better state management
...
When salt-cp runs it's course and finds it can't send a file, it outputs a report saying as much but the exit code will be zero. Now we remove the filename and node from the response and look for `True` to know if it succeeded. Also, respect the cleanup flag on success or failure.
Check the status of the decryption process before importing.
No longer decrypt locally, issue salt command for the remote client to do the decrypting.
2023-06-20 09:41:14 -06:00
41951659ec
Use importer's new --json flag.
...
Using the new --json flag is not only more reliable than using a regex, the way the import script was written even re-imports will provide a url. This means that in more cases we can provide the results to the users (even if nothing changed).
2023-06-20 09:41:14 -06:00
451a4784a1
send-file and import-file security
...
Encrypt the file with a passphrase before sending and decrypt the file with the same passphrase before importing.
2023-06-20 09:41:14 -06:00
1b7095fa81
Improved import-file url regex
...
sed doesn't remove ALL whitespace, only newlines. It's better to stop at the first whitespace than to stop at a particular, maybe-not-last query string parameter.
2023-06-20 09:41:14 -06:00
89d789fe0f
New folder for salt to maintain
...
This folder is where a manager will initially store uploaded PCAP/EVTX files before sending to sensors. Sensors will store uploads in this folder on their own system.
2023-06-20 09:41:14 -06:00
49055e260f
salt-relay import-file reporting
...
On successful import, return dashboard URL
2023-06-20 09:41:14 -06:00
a465039887
2 new capabilities: send-file and import-file
2023-06-20 09:41:14 -06:00
b60cf29598
Merge pull request #10618 from Security-Onion-Solutions/dougburks-patch-1
...
Resolve conflicts with dataset PR
2023-06-20 07:42:30 -04:00
0e09d73aa0
Resolve conflicts with dataset PR
2023-06-20 07:40:10 -04:00
520a5671ca
Merge pull request #10617 from Security-Onion-Solutions/dougburks-patch-1
...
Fix SOC Auth queries in Dashboards and Hunt
2023-06-20 07:32:46 -04:00
fc824359ed
Update default fields for kratos.audit
2023-06-20 07:30:56 -04:00
7caa7cec6b
Fix SOC Auth queries in Dashboards and Hunt
...
Change `event.dataset:audit` to `event.dataset:kratos.audit`.
2023-06-20 07:13:33 -04:00
0695140f83
Merge pull request #10611 from Security-Onion-Solutions/2.4/ubuntu
...
2.4/ubuntu
2023-06-16 14:00:52 -04:00
ed1e2c8908
ignore failure notification for Ubuntu Failed to restart snapd
2023-06-16 13:58:45 -04:00
594900a8d4
Merge pull request #10609 from Security-Onion-Solutions/kilo
...
webauthn for SOC
2023-06-16 13:15:25 -04:00
6894fa4e4d
Update VERSION
2023-06-16 13:09:01 -04:00
2334d82d36
fix salt install for ubuntu
2023-06-16 11:13:34 -04:00
c0a2ea3138
Merge pull request #10604 from Security-Onion-Solutions/2.4/receiver
...
2.4/receiver
2023-06-15 15:42:34 -04:00
d4acb1a33a
Merge remote-tracking branch 'origin/2.4/dev' into 2.4/receiver
2023-06-15 15:32:49 -04:00
5de9e5baf4
allow sensor to logstash on receiver
2023-06-15 14:46:46 -04:00
3a34da354f
Use append instead of set
2023-06-15 16:35:43 +00:00
469390696e
2.4 receiver changes
2023-06-15 11:04:16 -04:00
0a4a48b61e
Remove old var
2023-06-15 10:24:50 -04:00
58a63e0765
Remove extra comma
2023-06-15 14:22:37 +00:00
251bc6f45e
Merge pull request #10597 from Security-Onion-Solutions/dougburks-patch-1
...
Update so_motd.jinja
2023-06-15 09:59:25 -04:00
b84d997f87
Update so_motd.jinja
2023-06-15 09:54:23 -04:00
b5bccc5e05
Use module in dataset name and add dataset tag
2023-06-15 13:06:57 +00:00
b4e5ac9796
Add note to advise against changing settings
2023-06-14 16:11:50 -04:00
2db95fe1b4
fw rules for receiver to managers
2023-06-14 15:24:14 -04:00
934b0f45a1
allow receiver to connect to salt manager
2023-06-14 15:08:07 -04:00
a88227d13f
Merge branch '2.4/dev' into kilo
2023-06-14 13:34:15 -04:00
Mike Reeves
m0duspwnens
Josh Brower
coreyogburn
Corey Ogburn
Doug Burks
Jason Ertel
Wes
Jason Ertel