CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-05-23 03:25:18 +02:00
Code Issues Packages Projects Releases Wiki Activity
14,273 Commits 31 Branches 126 Tags
c933627a71559ea9beedaa8c88780060da0ab328
Commit Graph

8842 Commits

Author SHA1 Message Date
Corey Ogburn c933627a71 Merge branch 'kilo' of github.com:security-onion-solutions/securityonion into kilo 2024-02-13 12:53:29 -07:00
Corey Ogburn 0d297274c8 DetectionComment Mapping Defined 2024-02-13 12:53:18 -07:00
Josh Brower 0c6c6ba2d5 Various UI tweaks 2024-02-13 13:38:43 -05:00
Josh Brower ea80469c2d Detection Default queries 2024-02-12 19:39:55 -05:00
Josh Brower 5102269440 Update defaults 2024-02-12 16:44:54 -05:00
Corey Ogburn 64f6d0fba9 Updated Detection's ES Mappings 
Detection's now have a License field and the Comment model is defined now.
 2024-02-09 14:20:07 -07:00
Corey Ogburn 29174566f3 WIP: Updated Detection Mappings, Changed Engine to Language 
Detection mappings updated to include the removal of Note and the addition of Tags, Ruleset, and Language.

SOC defaults updated to use language based queries rather than engine and show the language column instead of the engine column in results.
 2024-02-08 09:44:56 -07:00
Josh Brower 81a3e95914 Fixup sigma pipelines 2024-02-07 16:42:16 -05:00
Josh Brower 7e3187c0b8 Fixup sigma pipelines 2024-02-07 15:35:31 -05:00
Josh Brower b7b501d289 Add Sigma pipelines 2024-02-07 15:02:52 -05:00
Josh Brower 378c99ae88 Fix bindings 2024-02-02 18:27:49 -05:00
Corey Ogburn 8f81c9eb68 Updating config for Detection(s) 2024-02-02 11:49:58 -07:00
Josh Brower fe196b5661 Add SOC Config for Detections 2024-02-01 12:22:50 -05:00
Josh Brower 49b5788ac1 add bindings 2024-02-01 07:21:49 -05:00
Corey Ogburn 585147d1de Added so-detection mapping in elasticsearch 2024-01-31 10:39:47 -07:00
Corey Ogburn 858166bcae WIP: Detections Changes 
Removed some strelka/yara rules from salt.

Removed yara scripts for downloading and updating rules. This will be managed by SOC.

Added a new compile_yara.py script.

Added the strelka repos folder.
 2024-01-30 15:43:51 -07:00
Corey Ogburn 0fa4d92f8f socsigmarepo 
Need write permissions on the /opt/so/rules dir so I can clone the sigma repo there.
 2024-01-30 14:49:05 -07:00
Jorge Reyes 4dd0b4a4fd Merge pull request #12283 from Security-Onion-Solutions/reyesj2-patch-6 
Remove remediate from initial oscap scan
 2024-01-30 15:56:13 -05:00
reyesj2 b5ffa186fb Remove remediate from initial oscap scan 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-01-30 15:54:23 -05:00
Jorge Reyes cb5e111a00 Merge pull request #12267 from Security-Onion-Solutions/reyesj2-patch-6 
Update soup
 2024-01-29 10:22:35 -05:00
reyesj2 7c08b348aa Add comment for soup update w/ STIGs enabled 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-01-29 10:16:34 -05:00
reyesj2 c4301d7cc1 Soup script update locations 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-01-26 15:51:06 -05:00
reyesj2 91c7b8144d soup logic 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-01-26 15:43:42 -05:00
reyesj2 2e026b637d Update soup to retry modified salt command on failure to update soup scripts. 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-01-26 11:36:33 -05:00
reyesj2 cd6e387bcb remove --local from soup common.soup_scripts update. 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-01-25 16:15:53 -05:00
Wes 12ab6338db Add diagnostic 2024-01-25 20:16:52 +00:00
weslambert cd54d4becb Fix indent 2024-01-25 13:57:02 -05:00
weslambert 5f1c76f6ec endpoint.diagnostic.collection 2024-01-25 09:46:25 -05:00
weslambert d2d70d1c5b Merge pull request #12250 from Security-Onion-Solutions/fix/scan_pe_flags 
Fix PE Flags
 2024-01-24 14:29:23 -05:00
Jason Ertel 9f17bd2255 lks/fps 2024-01-24 11:17:32 -05:00
Wes 8426aad56d Text mapping for scan.pe.flags 2024-01-24 15:10:42 +00:00
Wes d23d367058 Make scan.pe.flags a string 2024-01-24 15:08:38 +00:00
weslambert 4d7af21dd5 Fix quote 2024-01-23 13:55:37 -05:00
weslambert 8348506acc Merge pull request #12240 from Security-Onion-Solutions/upgrade/strelka_0.24.01.18 
UPGRADE: Strelka 0.24.01.18
 2024-01-23 13:50:15 -05:00
weslambert 1698d95efe Use PLACEHOLDER for key values 2024-01-23 13:45:26 -05:00
weslambert 72319e33db Avoid leak test triggering 2024-01-23 12:38:09 -05:00
weslambert 34bb37e415 Merge pull request #12227 from Security-Onion-Solutions/feature/rita_logs 
RITA Logs
 2024-01-23 12:32:32 -05:00
Wes 3bcb0bc132 Update defaults 2024-01-23 17:18:54 +00:00
Jorge Reyes d25a2d4c30 Merge pull request #12230 from Security-Onion-Solutions/reyesj2-patch-sl 
Handle non-zero
 2024-01-23 08:31:48 -05:00
reyesj2 350b0df3bf Handle non-zero 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-01-22 22:48:15 -05:00
Wes 5542db0aac Leave package version null 2024-01-22 21:07:46 +00:00
Wes b08db3e05a Add RITA policy 2024-01-22 20:16:43 +00:00
Wes 80a3942245 Rename RITA pipelines 2024-01-22 20:15:48 +00:00
Wes 7118cc8dee Add additional integration SOC configuration 2024-01-19 22:04:07 +00:00
Wes 05aa8b013a Add additional integration to templates 2024-01-19 22:02:39 +00:00
Wes d0457cb61e Add additional integrations to defaults 2024-01-19 22:00:38 +00:00
Jorge Reyes c2b44985c7 Merge pull request #12220 from Security-Onion-Solutions/reyesj2-patch-sl 
Disable stigs setting/verifying umask is set to 077. Known issue with …
 2024-01-19 16:06:10 -05:00
reyesj2 8f8c250ed3 Disable stigs setting/verifing umask is set to 077. Known issue with running SOUP 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-01-19 16:04:21 -05:00
Mike Reeves efe8cfda95 Update suricata.common 2024-01-19 13:39:28 -05:00
Mike Reeves 08486e279c Update suricata.common 2024-01-19 13:36:43 -05:00