securityonion

mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 17:52:46 +01:00

Author	SHA1	Message	Date
m0duspwnens	6033e9a0de	use port_bindings from docker defaults in docker states	2023-01-13 10:15:10 -05:00
m0duspwnens	c313b19b50	Merge remote-tracking branch 'remotes/origin/2.4/dev' into 2.4/firewall	2023-01-09 11:18:08 -05:00
Doug Burks	c1dfb9f935	Add missing Zeek log to filebeat defaults.yaml	2023-01-06 14:27:40 -05:00
m0duspwnens	24876eecd9	change refs from sosnet to sosbridge	2022-12-22 14:02:40 -05:00
m0duspwnens	accc293c8a	2.4 firewall changes	2022-12-21 15:03:45 -05:00
doug	5c00ab7b7f	correct order in defaults.yaml	2022-12-08 16:50:34 -05:00
doug	7cfb688890	update defaults.yaml	2022-12-08 16:32:04 -05:00
weslambert	def0c85349	Disable Filebeat input for 'ecat_arp_info' Zeek logs	2022-12-07 08:00:21 -05:00
Wes	be5775e4a0	Ensure Filebeat defaults file is updated with ICS/SCADA log references	2022-12-06 16:15:09 +00:00
Wes	499b5d95f2	Add 'ics' tag for 'bsap'-prefixed events/logs	2022-12-06 16:01:57 +00:00
m0duspwnens	b95a83b016	Merge remote-tracking branch 'remotes/origin/2.4/dev' into dockerips	2022-11-22 14:17:19 -05:00
weslambert	d2bc1a5523	Fix syntax error for 'ics' tag logic	2022-11-22 07:24:54 -05:00
weslambert	fe180d5657	Fix indentation	2022-11-21 17:02:17 -05:00
weslambert	9994d47a43	Add 'ics' tag to events generated from ICS protocol logs	2022-11-21 16:46:47 -05:00
Doug Burks	febb781428	Add ICS/SCADA logs to filebeat defaults.yaml	2022-11-21 12:10:55 -05:00
Mike Reeves	591616fe5b	Add statics to all containers	2022-11-15 11:05:17 -05:00
m0duspwnens	b526532ab6	use global vars in states	2022-10-11 11:57:15 -04:00
Mike Reeves	37c98c14cd	Fix zeek logs in filebeat	2022-09-26 17:11:10 -04:00
Mike Reeves	aa7dd47b00	Fix zeek logs in filebeat	2022-09-26 17:01:44 -04:00
Jason Ertel	21c7f940d7	Update copyrights	2022-09-13 11:48:25 -04:00
Mike Reeves	2254512a2a	Add more logging to setup process	2022-09-12 12:48:02 -04:00
Mike Reeves	2bd9dd80e2	Move In Day	2022-09-07 09:06:25 -04:00
m0duspwnens	ec451c19f8	move port bindings back under port bindings	2022-07-12 15:17:25 -04:00
weslambert	11d3ed36b7	Specify outputs for Elasticsearch and Kibana for Eval and Import Mode Add outputs for Elasticsearch and Kibana for Eval/Import Mode, since Logstash is not used in Eval Mode or Import Mode. Otherwise, logs from these inputs end up in a filebeat-prefixed index.	2022-07-11 17:22:09 -04:00
Wes Lambert	764e8688b1	Modify Kratos input to use dedicated index and add filestream ID for all applicable inputs	2022-07-08 15:53:55 +00:00
weslambert	85f790b28a	Change type from 'log' to 'filestream' to ensure compatibility with Elastic 8	2022-06-27 10:39:58 -04:00
weslambert	adeccd0e7f	Merge pull request #8097 from Security-Onion-Solutions/dev Merge latest dev into foxtrot	2022-06-08 15:01:09 -04:00
Josh Patterson	e5c9b91529	Merge pull request #8054 from Security-Onion-Solutions/dmz_receiver Dmz receiver	2022-06-01 15:31:42 -04:00
weslambert	44622350ea	Add ID for RITA filestream inputs	2022-05-25 10:09:01 -04:00
m0duspwnens	d8abc0a195	if in dmz_nodes dont add to filebeta	2022-05-11 11:51:18 -04:00
Josh Brower	8e368bdebe	Merge in upstream dev	2022-05-06 20:01:07 -04:00
weslambert	fbc86f43ec	Add exclude filter for logs for when there are no results from analysis	2022-03-24 13:03:03 -04:00
Wes Lambert	8a56c88773	Adjust log file paths	2022-03-22 17:51:17 +00:00
Wes Lambert	57f01c70ec	Remove extra forward slash in log path	2022-03-22 17:45:23 +00:00
Wes Lambert	f613d8ad86	Add RITA Logstash config	2022-03-22 17:36:18 +00:00
weslambert	bb9d6673ec	Fix casing	2022-03-21 12:38:50 -04:00
weslambert	9afa949623	Don't rotate Filebeat log on startup	2022-03-21 12:38:12 -04:00
Wes Lambert	1a6ef0cc6b	Re-enable FB module load	2022-03-19 03:55:40 +00:00
Wes Lambert	2e7d314650	Remove Cyberark module	2022-03-19 03:43:55 +00:00
Wes Lambert	c97847f0e2	Remove Threat Intel Recored Future fileset	2022-03-19 03:43:34 +00:00
Wes Lambert	59a2ac38f5	Disable FB module load for now	2022-03-18 22:12:09 +00:00
weslambert	5ec5b9a2ee	Remove older module config files	2022-03-18 10:14:13 -04:00
weslambert	712a92aa39	Switch from log input to filestream input	2022-03-17 21:18:03 -04:00
Wes Lambert	6e2aaa0098	Clean up original map file	2022-03-17 21:08:57 +00:00
Wes Lambert	09892a815b	Add back bind mounts and remove THIRDPARTY	2022-03-17 21:06:07 +00:00
Wes Lambert	a60ef33930	Reorganize FB module management	2022-03-17 21:01:03 +00:00
m0duspwnens	d76facb1bb	add extra hosts for idh node	2022-02-25 12:21:43 -05:00
Josh Brower	df9fc807a3	IDH - restart scripts, filebeat fix	2022-02-22 08:05:53 -05:00
Josh Brower	3610b0cd30	merge in dev	2022-02-21 16:52:53 -05:00
Josh Brower	118277ebc5	Ingest Kratos logs	2022-02-18 11:49:02 -05:00

1 2 3 4 5 ...

285 Commits