CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
9,818 Commits 24 Branches 119 Tags
cb491630ae7b4393b38c1c2c539e02f044feaf85
Commit Graph

9818 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jason Ertel
cb491630ae Analyzer CI 2022-03-29 13:40:56 -04:00
Jason Ertel
0a8d24a225 Add automated CI for analyzers 2022-03-29 13:10:04 -04:00
Jason Ertel
c23b87965f Merge branch 'dev' into kilo 2022-03-28 15:53:33 -04:00
Jason Ertel
deb9b0e5ef Add analyze feature 2022-03-28 15:53:24 -04:00
weslambert
fb7160cba5 Merge pull request #7644 from Security-Onion-Solutions/fix/syslog_pr_adjustment 
Update with changes from Abe's PR and other fixes
 2022-03-25 13:59:20 -04:00
weslambert
e6599cd10e Update with changes from Abe's PR and other fixes 2022-03-25 13:57:44 -04:00
weslambert
c02d7fab50 Merge pull request #7636 from Security-Onion-Solutions/feature/rita 
Parsing of RITA Logs
 2022-03-24 13:05:22 -04:00
weslambert
fbc86f43ec Add exclude filter for logs for when there are no results from analysis 2022-03-24 13:03:03 -04:00
weslambert
4c93217aac Merge pull request #7635 from Security-Onion-Solutions/fix/process_mappings_keyword 
Additional .keyword shims for process mappings
 2022-03-24 12:53:16 -04:00
Wes Lambert
fe1b72655b Additional .keyword shims for process mappings 2022-03-24 16:45:06 +00:00
weslambert
5160a55dcf Merge pull request #7629 from Security-Onion-Solutions/fix/roles_load_check_cluster_health 
Check ES cluster health before trying to load roles
 2022-03-23 11:07:24 -04:00
weslambert
1f2bca599f Check cluster health before trying to load roles for ES 2022-03-23 11:00:26 -04:00
Wes Lambert
8a56c88773 Adjust log file paths 2022-03-22 17:51:17 +00:00
Wes Lambert
57f01c70ec Remove extra forward slash in log path 2022-03-22 17:45:23 +00:00
Wes Lambert
2487d468ab Add RITA Elasticsearch ingest pipeline config 2022-03-22 17:38:22 +00:00
Wes Lambert
f613d8ad86 Add RITA Logstash config 2022-03-22 17:36:18 +00:00
Doug Burks
a3f8a10eb9 Merge pull request #7608 from Security-Onion-Solutions/fix/telegraf-non-root 
FIX: Run telegraf as non-root #7468
 2022-03-18 15:17:28 -04:00
Doug Burks
eda7a8d7ea FIX: Update telegraf influxdbsize.sh to collect influxdb size from influxdb_size.log #7468 2022-03-18 13:15:43 -04:00
Doug Burks
f7dc5588ae FIX: Update common init.sls to create cron job to write influxdb size for telegraf #7468 2022-03-18 13:13:46 -04:00
Doug Burks
c13994994b FIX: Update telegraf init.sls to run telegraf as non-root #7468 2022-03-18 13:11:56 -04:00
Josh Patterson
949365c636 Merge pull request #7602 from Security-Onion-Solutions/issue/7601 
prevent so-setup iso from running on ubuntu
 2022-03-17 11:37:53 -04:00
m0duspwnens
a896348743 prevent so-setup iso from running on ubuntu - https://github.com/Security-Onion-Solutions/securityonion/issues/7601 2022-03-17 11:31:16 -04:00
Josh Brower
5b9c82a434 Merge pull request #7494 from Security-Onion-Solutions/fix/fleetdm-custom-hostname 
Force regen of ssl cert
 2022-03-16 15:17:05 -04:00
Doug Burks
50477071b8 Merge pull request #7588 from Security-Onion-Solutions/fix/prevent-multiple-instances 
FIX: Prevent multiple instances of so-sensor-clean and so-playbook-sync #6622
 2022-03-16 13:54:00 -04:00
Doug Burks
e65f2a5513 FIX: Prevent multiple instances of so-sensor-clean #6622 2022-03-16 13:28:39 -04:00
Doug Burks
e56f90d83c FIX: Prevent multiple instances of so-playbook-sync #6622 2022-03-16 13:27:37 -04:00
weslambert
aaded58131 Merge pull request #7565 from Security-Onion-Solutions/fix/es_template_fix 
Custom ES template fixes
 2022-03-15 11:09:46 -04:00
Doug Burks
9bf0265cea Merge pull request #7566 from Security-Onion-Solutions/feature/hunt-soc-auth 
FEATURE: Add new Hunt query for SOC logins #7327
 2022-03-15 10:58:40 -04:00
Mike Reeves
e01c1398d5 Merge pull request #7564 from Security-Onion-Solutions/removethehive 
Removethehive
 2022-03-15 10:56:08 -04:00
Wes Lambert
42d6c3a956 Replace Elastic connection check using ELASTICCURL with so-elasticsearch-query 2022-03-15 14:55:04 +00:00
Doug Burks
eec44a6b02 Add a SOC Auth query to hunt.queries.json 2022-03-15 10:38:46 -04:00
Doug Burks
d1e1887e36 Add support for Kratos audit logs in hunt.eventfields.json 2022-03-15 10:37:58 -04:00
Wes Lambert
5f56c7a261 Replace ELASTICCURL with so-elasticsearch-query 2022-03-15 14:32:00 +00:00
weslambert
d46620ea2a Merge pull request #7561 from Security-Onion-Solutions/es_template_map_fix 
Custom ES Template Fixes
 2022-03-15 10:01:42 -04:00
Jason Ertel
408f9d6695 Update .gitleaks.toml 2022-03-15 09:53:27 -04:00
Jason Ertel
b810f14428 Update .gitleaks.toml 2022-03-15 09:53:11 -04:00
Jason Ertel
cec9cba40e Create .gitleaks.toml 2022-03-15 09:47:57 -04:00
Jason Ertel
8ebeeb497f add configuration to override leak detector defaults 2022-03-15 09:43:09 -04:00
Mike Reeves
9c80ff4f65 Remove hive from more files 2022-03-15 09:37:58 -04:00
Mike Reeves
81f0aa58b8 Remove hive from more files 2022-03-15 08:28:03 -04:00
Doug Burks
63cef4daff Merge pull request #7557 from Security-Onion-Solutions/dougburks-patch-1 
FIX: surilogcompress cron job not running
 2022-03-15 07:41:05 -04:00
Doug Burks
db4f138a78 FIX: surilogcompress cron job not running 
The suricata user was originally created with `/opt/so/conf/suricata` as its home directory. I think at some point we changed permissions on `/opt/so/conf` and at that point the `surilogcompress` cron job stopped working. Changing the home directory to `/nsm/suricata` works on all of my PROD systems (including Ubuntu and CentOS).

For more information, please see:
https://github.com/Security-Onion-Solutions/securityonion/issues/7133
 2022-03-15 07:10:02 -04:00
Mike Reeves
b5b60af16f Remove hive from so-user 2022-03-14 15:06:07 -04:00
Mike Reeves
b83fec6fd2 More hive remova 2022-03-14 14:51:39 -04:00
Mike Reeves
ff30f572d7 Remove thehive from image common 2022-03-14 10:40:41 -04:00
Mike Reeves
95195c07fc Disable hive in automation files 2022-03-14 10:36:23 -04:00
Jason Ertel
16f673d956 Merge pull request #7541 from Security-Onion-Solutions/kilo 
Add assignee field to case list
 2022-03-14 08:49:46 -04:00
Jason Ertel
5a28725def Add assignee to case list 2022-03-14 08:45:28 -04:00
Wes Lambert
ba24f75893 Fix index typo 2022-03-11 18:11:16 +00:00
Wes Lambert
70ed20f691 Add new sls file for custom ES index templates 2022-03-11 18:07:23 +00:00