securityonion

mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-17 14:33:11 +01:00

Author	SHA1	Message	Date
Wes	499b5d95f2	Add 'ics' tag for 'bsap'-prefixed events/logs	2022-12-06 16:01:57 +00:00
weslambert	d2bc1a5523	Fix syntax error for 'ics' tag logic	2022-11-22 07:24:54 -05:00
weslambert	fe180d5657	Fix indentation	2022-11-21 17:02:17 -05:00
weslambert	9994d47a43	Add 'ics' tag to events generated from ICS protocol logs	2022-11-21 16:46:47 -05:00
Mike Reeves	37c98c14cd	Fix zeek logs in filebeat	2022-09-26 17:11:10 -04:00
Mike Reeves	aa7dd47b00	Fix zeek logs in filebeat	2022-09-26 17:01:44 -04:00
Mike Reeves	2bd9dd80e2	Move In Day	2022-09-07 09:06:25 -04:00
weslambert	11d3ed36b7	Specify outputs for Elasticsearch and Kibana for Eval and Import Mode Add outputs for Elasticsearch and Kibana for Eval/Import Mode, since Logstash is not used in Eval Mode or Import Mode. Otherwise, logs from these inputs end up in a filebeat-prefixed index.	2022-07-11 17:22:09 -04:00
Wes Lambert	764e8688b1	Modify Kratos input to use dedicated index and add filestream ID for all applicable inputs	2022-07-08 15:53:55 +00:00
weslambert	adeccd0e7f	Merge pull request #8097 from Security-Onion-Solutions/dev Merge latest dev into foxtrot	2022-06-08 15:01:09 -04:00
Josh Patterson	e5c9b91529	Merge pull request #8054 from Security-Onion-Solutions/dmz_receiver Dmz receiver	2022-06-01 15:31:42 -04:00
weslambert	44622350ea	Add ID for RITA filestream inputs	2022-05-25 10:09:01 -04:00
m0duspwnens	d8abc0a195	if in dmz_nodes dont add to filebeta	2022-05-11 11:51:18 -04:00
Josh Brower	8e368bdebe	Merge in upstream dev	2022-05-06 20:01:07 -04:00
weslambert	fbc86f43ec	Add exclude filter for logs for when there are no results from analysis	2022-03-24 13:03:03 -04:00
Wes Lambert	8a56c88773	Adjust log file paths	2022-03-22 17:51:17 +00:00
Wes Lambert	57f01c70ec	Remove extra forward slash in log path	2022-03-22 17:45:23 +00:00
Wes Lambert	f613d8ad86	Add RITA Logstash config	2022-03-22 17:36:18 +00:00
weslambert	bb9d6673ec	Fix casing	2022-03-21 12:38:50 -04:00
weslambert	9afa949623	Don't rotate Filebeat log on startup	2022-03-21 12:38:12 -04:00
weslambert	712a92aa39	Switch from log input to filestream input	2022-03-17 21:18:03 -04:00
Wes Lambert	a60ef33930	Reorganize FB module management	2022-03-17 21:01:03 +00:00
Josh Brower	df9fc807a3	IDH - restart scripts, filebeat fix	2022-02-22 08:05:53 -05:00
Josh Brower	3610b0cd30	merge in dev	2022-02-21 16:52:53 -05:00
Josh Brower	118277ebc5	Ingest Kratos logs	2022-02-18 11:49:02 -05:00
Josh Brower	1e5b9ef0bf	IDH - Enable Filebeat	2022-02-10 11:37:10 -05:00
m0duspwnens	bd7ef1cc59	fix whitespace control	2021-12-16 09:19:20 -05:00
m0duspwnens	522bc1d2b8	fix loadbalance logic and whitespace for filebeat.yml	2021-12-15 16:21:08 -05:00
m0duspwnens	c490a3be36	move node_data pillar to logstash:nodes, set extra hosts for filebeat docker	2021-12-14 13:32:42 -05:00
m0duspwnens	6518691c55	sort the items	2021-12-13 18:16:25 -05:00
m0duspwnens	067e79894f	fix loop for node_data	2021-12-13 16:26:38 -05:00
m0duspwnens	6de2f5bd03	fix node_data	2021-12-13 15:55:09 -05:00
m0duspwnens	8d0872bce5	create node_data pillar from mine data, use node_data pillar for filebeat config	2021-12-13 15:48:30 -05:00
m0duspwnens	86f67198bf	loadbalance filebeat if across managers and receivers	2021-12-10 17:43:06 -05:00
William Wernert	dd1769fbef	Only check for logscan on manager-type and import	2021-08-05 11:02:09 -04:00
William Wernert	33bd6aed20	Fix logscan pipeline on eval * Rename logscan pipeline to logscan.alert * Add module to indices array in filebeat.yml	2021-07-30 14:41:15 -04:00
William Wernert	9bf1d3e0c6	Misc fixes	2021-07-16 14:59:44 -04:00
William Wernert	818f912a90	[fix] Remove indent	2021-07-14 10:13:14 -04:00
William Wernert	2b0bca8e55	Merge branch 'dev' into feature/logscan	2021-07-12 14:58:30 -04:00
weslambert	a895270bc8	Allow setting Filebeat logging level in pillar	2021-07-12 10:27:43 -04:00
William Wernert	80525ee736	[wip] Add logscan pipeline	2021-07-08 12:29:50 -04:00
Jason Ertel	2d34208269	Elastic auth: Fun with Salt	2021-06-16 17:52:22 -04:00
Jason Ertel	09fbb045a1	If ES auth disabled ensure user/pass are blank	2021-06-16 09:59:57 -04:00
Jason Ertel	37f4caf536	Make new ECS changes Elastic-auth compatible	2021-06-14 12:13:50 -04:00
Jason Ertel	fca1c6e957	Merge branch 'dev' into kilo	2021-06-14 10:40:04 -04:00
m0duspwnens	f7600af89b	dont loop if modules arent defined for the node	2021-06-11 13:52:33 -04:00
Mike Reeves	56eb220ed6	Revert to SO taxonomy for zeek and suricata	2021-06-08 09:52:05 -04:00
Jason Ertel	901242f7e9	remove extra parenthesis	2021-06-02 16:23:45 -04:00
Jason Ertel	20e896cacf	Update all configs to pass user/pass to ES	2021-06-02 12:17:15 -04:00
Mike Reeves	34d4eedf67	Remove old modules	2021-05-26 10:11:47 -04:00

1 2 3

150 Commits