CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-25 22:17:49 +02:00
Code Issues Packages Projects Releases Wiki Activity
17,188 Commits 40 Branches 125 Tags
ca935e42728b585a8cc31da167fe5443bc3de4bb
Commit Graph

11019 Commits

Author SHA1 Message Date
reyesj2 29980ea958 offline threshold check 2025-09-09 15:39:55 -05:00
reyesj2 8f36d2ec00 update log file name 2025-09-09 15:38:50 -05:00
Corey Ogburn 2535ae953d Fix Index Patterns 
so-assistant-chat and so-assistant-session both had templates with a trailing dash that prevented the pattern from applying to the name of the indices.
 2025-09-09 14:00:01 -06:00
reyesj2 6655276410 force update to kafka-fleet-output-policy 2025-09-08 21:13:29 -05:00
reyesj2 9f7bcb0f7d add --force flag to so-kafka-fleet-output-policy & default to using fleet secret storage for client key 2025-09-08 21:13:11 -05:00
Corey Ogburn aa43177d8c Fix Setting Name 
enabledInSoc => enabled
 2025-09-08 09:13:25 -06:00
Matthew Wright 12959d114c added threshold config fields for assistant 2025-09-08 09:13:25 -06:00
reyesj2 855b489c4b datastream 2025-09-08 09:13:24 -06:00
Corey Ogburn 673f9cb544 Responding to Feedback 2025-09-08 09:13:24 -06:00
Corey Ogburn 0a3ff47008 Cleanup Annotations 
Removed fields no longer need annotations.
 2025-09-08 09:13:24 -06:00
Corey Ogburn 834e34128d Non-dev URL 2025-09-08 09:13:23 -06:00
Corey Ogburn 73776f8d11 Cleaning up New ES Indexes 2025-09-08 09:13:23 -06:00
Corey Ogburn 120e61e45c ClientParams 
Removed investigation prompt from module settings and moved to client settings, added enabledInSoc.
 2025-09-08 09:13:23 -06:00
Corey Ogburn fc2d450de0 Update Settings 
The apiKey will be built off of the license rather than a new setting. The model is hardcoded for now at the AI Gateway level. We're going to use the investigationPrompt as a trigger for the feature being visible in the UI but by default will be blank for now.
 2025-09-08 09:13:22 -06:00
Corey Ogburn cea4eaf081 Updated Assistant Mapping 2025-09-08 09:13:22 -06:00
Corey Ogburn b1753f86f9 New Message Structure 2025-09-08 09:13:22 -06:00
Corey Ogburn 6323fbf46b Content Object 2025-09-08 09:13:21 -06:00
Corey Ogburn ba601c39b3 Rough Go at New Mappings/Settings 2025-09-08 09:13:21 -06:00
Corey Ogburn ec27517bdd New Config Values 
New config values with annotations and defaults.

Updated Nginx config to allow streaming requests to not be buffered on the way to the client.
 2025-09-08 09:13:08 -06:00
Josh Brower f318a84c18 Update so-elastic-fleet-reset 2025-09-08 09:03:33 -04:00
Jason Ertel 6c196ea61a Merge branch '2.4/dev' into vlb2 2025-09-05 17:11:10 -04:00
Josh Patterson 4afc986f48 firewall and logstash pipeline for managerhype 2025-09-05 13:14:47 -04:00
reyesj2 348f9dcaec prevent multiple script instances using file lock 2025-09-05 10:01:24 -05:00
reyesj2 915b9e7bd7 use logrotate 2025-09-05 09:22:44 -05:00
reyesj2 dfec29d18e custom kquery 2025-09-04 15:37:28 -05:00
Josh Patterson a007fa6505 Merge remote-tracking branch 'origin/2.4/dev' into vlb2 2025-09-03 09:52:49 -04:00
reyesj2 1a32a0897c Merge remote-tracking branch 'origin/2.4/dev' into reyesj2/ea-alerter 2025-09-02 17:11:21 -05:00
reyesj2 e26310d172 elastic agent offline alerter 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-09-02 17:00:03 -05:00
Corey Ogburn df0b484b45 More Descriptive Description 
Include instructions for how to add local lookups and a help link.
 2025-09-02 15:07:13 -06:00
Corey Ogburn 2181cddf49 Move EnableReverseLookup 
Move EnableReverseLookup and it's annotation from ClientParams to ServerConfig.
 2025-09-02 14:09:55 -06:00
Jorge Reyes a2b6968cef Merge pull request #14975 from Security-Onion-Solutions/reyesj2/es8186 
ES 8.18.6 upgrade
 2025-09-02 10:14:33 -05:00
Josh Patterson 285fbc2783 Merge remote-tracking branch 'origin/2.4/dev' into vlb2 2025-09-02 09:23:24 -04:00
Mike Reeves 19362fe5e5 Update so-combine-bond 2025-08-29 11:06:25 -04:00
Josh Patterson a7a81e9825 always manage script, only run it if bond0 exists 2025-08-29 11:05:42 -04:00
Josh Patterson f51cd008f2 only manage bond script if bond0 exists 2025-08-29 10:04:56 -04:00
reyesj2 a5675a79fe es 8.18.6 pipeline upd 2025-08-28 19:45:17 -05:00
reyesj2 1ea7b3c09f es 8.18.6 2025-08-28 18:27:56 -05:00
Jorge Reyes d9127a288f Merge pull request #14957 from Security-Onion-Solutions/reyesj2-patch-6 
enable additional fleetnode state
 2025-08-28 14:19:03 -05:00
Josh Patterson ebb78bc9bd Merge remote-tracking branch 'origin/2.4/dev' into vlb2 2025-08-28 09:21:33 -04:00
Mike Reeves 153a99a002 Merge pull request #14971 from Security-Onion-Solutions/mikebond 
and nic channel customization
 2025-08-27 18:42:18 -04:00
Josh Patterson 0858160be2 support for modifying nic channels 2025-08-27 14:51:57 -04:00
Mike Reeves ccd79c814d Add script for bond0 channels 2025-08-27 09:53:37 -04:00
Josh Patterson ac2c044a94 Merge remote-tracking branch 'origin/2.4/dev' into vlb2 2025-08-26 14:55:06 -04:00
Josh Patterson e10d00d114 support for managerhype 2025-08-26 14:54:37 -04:00
Josh Patterson cbdd369a18 ensure x509 in mine 2025-08-25 08:39:55 -04:00
reyesj2 b2e7f58b3d analyzer test updates 2025-08-22 17:36:48 -05:00
reyesj2 a6600b8762 elasticsearch dep upgrades 2025-08-22 17:11:06 -05:00
reyesj2 5479d49379 greynoise breakup long line for linter 2025-08-22 16:00:05 -05:00
Jason Ertel 304985b61e Merge pull request #14959 from Security-Onion-Solutions/jertel/wip 
rpt
 2025-08-22 16:55:45 -04:00
Corey Ogburn d99857002d Improved Label 
The underlying field is called "rulesetName" but for playbook repos we're not talking about rulesets. Improved the label for user experience.
 2025-08-22 13:18:22 -06:00