c950ac7370
Merge remote-tracking branch 'origin/3/dev' into soupmod
2026-06-22 09:41:16 -04:00
a769d4c680
another unneeded default
2026-06-16 09:32:37 -05:00
f68e3e47a1
remove pillar merge
2026-06-16 09:19:10 -05:00
95cae4c734
remove so-elasticsearch-indices-delete cron when using DLM
2026-06-15 13:32:45 -05:00
596471e140
using new annotation config
2026-06-15 13:31:53 -05:00
d10f21399c
remove comments
2026-06-15 13:31:23 -05:00
c505160480
set default DLM retention 90d
2026-06-11 15:13:28 -05:00
d9f6cde4e1
remove global setting from data_retention annotation
2026-06-11 15:11:29 -05:00
0a69833669
Merge remote-tracking branch 'origin/3/dev' into soupmod
2026-06-10 16:19:17 -04:00
cf456dc58c
reuse existing index templates
2026-06-09 23:21:43 -05:00
9aa9ea3255
Iniitial DLM support
2026-06-09 23:19:26 -05:00
ac907ba45f
fix elasticsearch template generation issue
2026-06-05 16:42:08 -05:00
b4e5171415
Merge remote-tracking branch 'origin/3/dev' into saltthangs
2026-05-14 08:03:45 -04:00
638aca97c8
Merge pull request #15877 from Security-Onion-Solutions/reyesj2-patch-1
...
update redis index template
2026-05-13 13:44:04 -05:00
84decc1db6
Merge remote-tracking branch 'origin/3/dev' into saltthangs
2026-05-13 14:09:15 -04:00
d56bf01823
add zeek.ja4d ingest pipeline
2026-05-13 12:32:54 -05:00
492ae80da7
add ingest latency metrics
2026-05-11 16:51:38 -05:00
4a2177c827
update redis index template
...
missing redis integration component templates
2026-05-11 16:15:56 -05:00
499f7102bd
cleanup status code
2026-05-07 11:27:49 -04:00
f774334b6c
Merge remote-tracking branch 'origin/3/dev' into saltthangs
2026-05-06 08:16:41 -04:00
dceed421ae
update grok type conversion to convert processor
2026-05-05 13:41:00 -05:00
034711d148
Merge remote-tracking branch 'origin/3/dev' into saltthangs
2026-04-28 10:47:29 -04:00
b6acf3b522
typo
2026-04-24 09:24:58 -05:00
fdfca469cc
prevent non-manager nodes from running elasticsearch.cluster state manually
2026-04-23 09:53:07 -05:00
22f869734e
add check for files before attempting to use file pattern to load templates
2026-04-22 23:11:31 -05:00
72dbb69a1c
fix searchnodes running elasticsearch/cluster state
2026-04-22 20:37:48 -05:00
ebb93b4fa7
add wait_for_so-elasticsearch state and split elasticsearch cluster configuration out of enabled.sls
2026-04-17 14:43:07 -05:00
ba00ae8a7b
supress noisy warning from ES 9.3.3
2026-04-16 14:41:25 -05:00
16a4a42faf
check for addon-index templates dir before attempting to load addon index templates
2026-04-14 19:26:37 -05:00
a232cd89cc
ES 9.3.3
2026-04-13 13:36:51 -05:00
dd40e44530
show when addon integrations are already loaded
2026-04-13 12:36:42 -05:00
29e13b2c0b
elasticsearch ilm policy load script
2026-04-13 10:00:17 -05:00
abcad9fde0
addon statefile
2026-04-12 00:36:30 -05:00
a43947cca5
elasticsearch template load script -- for addon index templates
2026-04-12 00:23:26 -05:00
b0584a4dc5
only append "-mappings" to component template names as needed
2026-04-11 15:22:50 -05:00
6298397534
rework elasticsearch template load script -- for core templates
2026-04-11 04:40:47 -05:00
a0cf0489d6
reduce highstate frequency with active push for rules and pillars
...
- schedule highstate every 2 hours (was 15 minutes); interval lives in
global:push:highstate_interval_hours so the SOC admin UI can tune it and
so-salt-minion-check derives its threshold as (interval + 1) * 3600
- add inotify beacon on the manager + master reactor + orch.push_batch that
writes per-app intent files, with a so-push-drainer schedule on the manager
that debounces, dedupes, and dispatches a single orchestration
- pillar_push_map.yaml allowlists the apps whose pillar changes trigger an
immediate targeted state.apply (targets verified against salt/top.sls);
edits under pillar/minions/ trigger a state.highstate on that one minion
- host-batch every push orchestration (batch: 25%, batch_wait: 15) so rule
changes don't thundering-herd large fleets
- new global:push:enabled kill-switch tears down the beacon, reactor config,
and drainer schedule on the next highstate for operators who want to keep
highstate-only behavior
- set restart_policy: unless-stopped on 23 container states so docker
recovers crashes without waiting for the next highstate; leave registry
(always), strelka/backend (on-failure), kratos, and hydra alone with
inline comments explaining why
2026-04-10 15:43:16 -04:00
378d1ec81b
initialize vars
2026-04-09 18:41:40 -05:00
89e49d0bf3
rework elasticsearch index template generation
2026-04-09 16:44:51 -05:00
8101bc4941
ES 9.3.2
2026-04-06 15:08:30 -05:00
1f9bf45b66
Lowercase network transport
2026-03-24 11:24:59 -04:00
165e69cd11
Add support for websockets
2026-03-23 07:52:36 -04:00
20bf88b338
ensure bool sliders for elasticsearch
2026-03-19 13:52:40 -04:00
c2c5aea244
ensure bool sliders for each state:enabled annotation
2026-03-19 12:35:38 -04:00
a982056363
Merge remote-tracking branch 'origin/3/dev' into delta
2026-03-18 15:45:15 -04:00
c16ff2bd99
so-idh and so-redis datastream config
2026-03-18 14:31:23 -05:00
74ad2990a7
Merge remote-tracking branch 'origin/3/dev' into delta
2026-03-18 13:05:02 -04:00
20c4da50b1
Merge pull request #15632 from Security-Onion-Solutions/reyesj2-15601
...
fix global override settings affecting non-data stream indices
2026-03-18 10:51:17 -05:00
e19e83bebb
allow user defined ulimits
2026-03-18 10:38:15 -04:00
930985b770
update helpLink references for new documentation
2026-03-18 09:46:45 -04:00
Josh Patterson
reyesj2
Josh Brower
Mike Reeves
Doug Burks