CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-26 14:37:49 +02:00
Code Issues Packages Projects Releases Wiki Activity
15,324 Commits 40 Branches 125 Tags
cb727bf48d14243f4e0d20ab674f63bf2c156ca8
Commit Graph

9658 Commits

Author SHA1 Message Date
reyesj2 c4723263a4 Remove unused kafka reactor 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-06 08:59:17 -04:00
reyesj2 4581a46529 Merge remote-tracking branch 'remotes/origin/2.4/dev' into reyesj2/kafka 2024-06-05 20:47:41 -04:00
m0duspwnens f6a8a21f94 remove space 2024-06-05 08:58:46 -04:00
m0duspwnens ff5773c837 move so-tcpreplay back to common. return empty string if no sensor.interface pillar 2024-06-05 08:56:32 -04:00
m0duspwnens 66f8084916 Merge remote-tracking branch 'origin/2.4/dev' into sotcprp 2024-06-05 08:32:54 -04:00
m0duspwnens a2467d0418 move so-tcpreplay to sensor state 2024-06-05 08:24:57 -04:00
reyesj2 3b0339a9b3 create kafka.id from kafka {partition}-{offset}-{timestamp} for tracking event 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-04 14:27:52 -04:00
reyesj2 fb1d4fdd3c update license 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-04 12:33:51 -04:00
Josh Patterson 56a16539ae Merge pull request #13134 from Security-Onion-Solutions/sotcprp 
so-tcpreplay now runs if manager is offline
 2024-06-04 10:43:33 -04:00
m0duspwnens c0b2cf7388 add the curlys 2024-06-04 10:28:21 -04:00
Josh Patterson ef3a52468f Merge pull request #13129 from Security-Onion-Solutions/salt3006.8 
salt 3006.6
 2024-06-03 15:29:19 -04:00
m0duspwnens c88b731793 revert to 3006.6 2024-06-03 15:27:08 -04:00
reyesj2 2e85a28c02 Remove so-kafka-clusterid script, created during soup 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-02 18:25:59 -04:00
reyesj2 1a832fa0a5 Move soup kafka needfuls to up_to_2.4.80 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-31 14:04:46 -04:00
reyesj2 75bdc92bbf Merge remote-tracking branch 'remotes/origin/2.4/dev' into reyesj2/kafka 2024-05-31 14:02:43 -04:00
Wes a8c231ad8c Add component templates 2024-05-31 17:47:01 +00:00
Wes f396247838 Add index templates and lifecycle policies 2024-05-31 17:46:19 +00:00
reyesj2 e3ea4776c7 Update kafka nodes pillar before running highstate with pillarwatch engine. This allows configuring your Kafka controllers before cluster comes up for the first time 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-31 13:34:28 -04:00
Corey Ogburn 85c269e697 Added TemplateDetections To Detection ClientParams 
The UI can now insert templates when you select a Detection language. These are those templates, annotated.
 2024-05-30 15:59:03 -06:00
m0duspwnens 6e70268ab9 Merge remote-tracking branch 'origin/2.4/dev' into sotcprp 2024-05-30 16:34:37 -04:00
Josh Patterson fb8929ea37 Merge pull request #13103 from Security-Onion-Solutions/salt3006.8 
Salt3006.8
 2024-05-30 16:32:05 -04:00
m0duspwnens debf093c54 Merge remote-tracking branch 'origin/2.4/dev' into salt3006.8 2024-05-30 15:58:10 -04:00
reyesj2 dbb99d0367 Remove bad config 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-30 15:10:15 -04:00
m0duspwnens 7702f05756 upgrade salt 3006.8. soup for 2.4.80 2024-05-30 15:00:32 -04:00
Wes 2c635bce62 Set index for Suricata alerts 2024-05-30 17:02:31 +00:00
Wes e831354401 Add Suricata alerts setting for configuration 2024-05-30 17:00:11 +00:00
Wes 55c5ea5c4c Add template for Suricata alerts 2024-05-30 16:58:56 +00:00
reyesj2 1fd5165079 Merge remote-tracking branch 'origin/2.4/dev' into reyesj2/kafka 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-29 23:37:40 -04:00
reyesj2 949cea95f4 Update pillarWatch config for global.pipeline 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-29 23:19:44 -04:00
reyesj2 386be4e746 WIP: Manage Kafka nodes pillar role value 
This way when kafka_controllers is updated the pillar value gets updated and any non-controllers get updated to revert to 'broker' only role.
 Needs more testing when a new controller joins in this manner Kafka errors due to cluster metadata being out of sync. One solution is to remove /nsm/kafka/data/__cluster_metadata-0/quorum-state and restart cluster. Alternative is working with Kafka cli tools to inform cluster of new voter, likely best option but requires a wrapper script of some sort to be created for updating cluster in-place.
Easiest option is to have all receivers join grid and then configure Kafka with specific controllers via SOC UI prior to enabling Kafka. This way Kafka cluster comes up in the desired configuration with no need for immediately modifying cluster

Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-29 16:48:39 -04:00
reyesj2 d9ec556061 Update some annotations and defaults 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-29 16:41:02 -04:00
reyesj2 876d860488 elastic agent should be able to communicate over 9092 for sending logs to kafka brokers 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-29 16:40:15 -04:00
DefensiveDepth 0d034e7adc fix rsync 2024-05-29 10:55:56 -04:00
reyesj2 59097070ef Revert "Remove unneeded jolokia aggregate metrics to reduce data ingested to influx" 
This reverts commit 1c1a1a1d3f.
 2024-05-28 12:17:43 -04:00
reyesj2 77b5aa4369 Correct dashboard name 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-28 11:34:35 -04:00
reyesj2 0d7c331ff0 only show specific fields when hovering over Kafka influxdb panels 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-28 11:29:38 -04:00
reyesj2 1c1a1a1d3f Remove unneeded jolokia aggregate metrics to reduce data ingested to influx 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-28 11:14:19 -04:00
reyesj2 47efcfd6e2 Add basic Kafka metrics to 'Security Onion Performance' influxdb dashboard 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-28 10:55:11 -04:00
reyesj2 15a0b959aa Add jolokia metrics for influxdb dashboard 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-28 10:51:39 -04:00
DefensiveDepth ee4ca0d7a2 Check to see if local exists 2024-05-28 10:24:09 -04:00
DefensiveDepth f68ac23f0e Fix fi 
Signed-off-by: DefensiveDepth <Josh@defensivedepth.com>
 2024-05-28 10:03:31 -04:00
DefensiveDepth 2a2b86ebe6 Dont overwrite 2024-05-28 09:43:45 -04:00
DefensiveDepth 74dfc25376 backup local rules 2024-05-28 09:29:10 -04:00
DefensiveDepth 81ee60e658 Backup .yml files too 2024-05-28 06:42:18 -04:00
reyesj2 fcb6a47e8c Remove redis.sh telegraf script when Kafka is global pipeline 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-26 21:10:41 -04:00
DefensiveDepth 58b565558d Dont bail - just wait for enter 2024-05-24 16:21:59 -04:00
Josh Brower 185fb38b2d Merge pull request #13079 from Security-Onion-Solutions/2.4/sigmapipelineupdates 
Add IDH mappings
 2024-05-24 14:48:22 -04:00
DefensiveDepth 550b3ee92d Add IDH mappings 2024-05-24 14:46:24 -04:00
DefensiveDepth f90d40b471 Fix typo 2024-05-24 12:56:17 -04:00
DefensiveDepth 4344988abe Add instructions for sigma and yara repos 2024-05-24 12:54:36 -04:00