CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-25 14:07:49 +02:00
Code Issues Packages Projects Releases Wiki Activity
14,863 Commits 40 Branches 125 Tags
cb7dea12955327538be61cdf693d8ff4d818d29a
Commit Graph

1057 Commits

Author SHA1 Message Date
Wes 3285ae9366 Update mappings for detection fields 2024-05-01 20:11:56 +00:00
weslambert fe2edeb2fb 30d to 60d 2024-05-01 11:01:59 -04:00
weslambert 6294f751ee Cold min_age to 60d 2024-05-01 10:59:41 -04:00
Doug Burks 4d6124f982 FIX: Elasticsearch min_age regex #12885 2024-04-30 10:18:34 -04:00
reyesj2 fadb6e2aa9 Re-add original timestamp format + ignore failures with this processor 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-29 16:57:48 -04:00
reyesj2 192d91565d Update final pipeline timestamp format for event.module system events 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-29 16:34:29 -04:00
weslambert b424426298 Exclude suricata 2024-04-25 09:14:18 -04:00
Josh Patterson 03f9160fcc Merge pull request #12860 from Security-Onion-Solutions/issue/12856 
allow for enabled/disable of so-elasticsearch-indices-delete cronjob
 2024-04-25 09:07:44 -04:00
m0duspwnens d50de804a8 update annotation 2024-04-25 09:04:34 -04:00
weslambert 44afa55274 Fix comments about deletion 2024-04-24 17:41:37 -04:00
weslambert ab832e4bb2 Include logstash-prefixed indices 2024-04-24 17:17:53 -04:00
m0duspwnens c9d9979f22 allow for enabled/disable of so-elasticsearch-indices-delete cronjob 2024-04-24 16:18:45 -04:00
weslambert 59a02635ed Change index sorting 2024-04-24 15:18:49 -04:00
weslambert 1b3a0a3de8 Remove hot max_age 2024-04-24 10:11:02 -04:00
weslambert 75b5e16696 Update description, type, and regex 2024-04-24 09:14:39 -04:00
weslambert 8a0a435700 Fix warm description 2024-04-24 08:35:19 -04:00
weslambert 691b02a15e Fix warm description 2024-04-23 10:40:09 -04:00
Jorge Reyes d402943403 Merge pull request #12773 from Security-Onion-Solutions/reyesj2/kismet 
Kismet integration for WiFi devices
 2024-04-22 15:59:22 -04:00
Doug Burks 406dda6051 Update so-elasticsearch-cluster-space-used 2024-04-18 11:48:15 -04:00
Doug Burks 229a989914 Update so-elasticsearch-cluster-space-total 2024-04-18 11:47:01 -04:00
Mike Reeves 67a57e9df7 Update limited-analyst.json 2024-04-17 13:14:45 -04:00
reyesj2 55cf90f477 merge 2.4/dev 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-11 14:44:59 -04:00
reyesj2 68e016090b Fix network.wireless.ssid not parsing 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-11 13:21:54 -04:00
reyesj2 fd689a4607 Fix typo in ingest pipeline 
Test to fix duplicate events in SOC, by removing conflicting field event.created

Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-11 11:18:04 -04:00
reyesj2 7124f04138 Update ingest pipelines to match updated mappings 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-10 16:13:06 -04:00
reyesj2 4097e1d81a Create mappings for Kismet integration 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-10 16:10:27 -04:00
Mike Reeves 2206553e03 Update analyst.json 2024-04-10 09:49:21 -04:00
DefensiveDepth 376efab40c Ship Defender logs 2024-04-08 14:01:38 -04:00
Corey Ogburn 00cea6fb80 Detection Author as a Keyword instead of Text 
With Quick Actions added to Detections, as many fields should be usable as possible.
 2024-04-05 11:22:47 -06:00
Wes 105eadf111 Add cef 2024-04-03 14:40:41 +00:00
reyesj2 000d15a53c Kismet integration: TODO Elasticsearch mappings 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-03-29 13:56:01 -04:00
weslambert df058b3f4a Merge branch '2.4/dev' into feature/pfsense_suricata 2024-03-25 10:08:03 -04:00
Wes 5e21da443f Minor verbiage updates 2024-03-25 13:58:32 +00:00
weslambert 4e1543b6a8 Get only code 2024-03-22 09:56:21 -04:00
Wes 5934829e0d Include pfsense config 2024-03-21 20:08:33 +00:00
Wes 486a633dfe Add pfsense Suricata config 2024-03-21 20:07:59 +00:00
Wes c6df805556 Add SOC template 2024-03-18 14:53:36 +00:00
Wes 005930f7fd Add error.message mapping for system.syslog 2024-03-07 15:41:23 +00:00
weslambert d8e8933ea0 Add AWS Security Hub template 2024-03-05 09:25:41 -05:00
weslambert d85ac39e28 Add AWS Inspector template 2024-03-05 09:23:17 -05:00
weslambert 1514f1291e Add AWS GuardDuty template 2024-03-05 09:21:48 -05:00
weslambert b64d61065a Add AWS Cloudfront template 2024-03-05 09:19:43 -05:00
weslambert df3943b465 Daily rollover 2024-02-27 17:24:27 -05:00
weslambert 1d099f97d2 Update pattern for endpoint diagnostic template 2024-02-26 11:27:56 -05:00
Josh Patterson d2f7946377 Merge pull request #12411 from Security-Onion-Solutions/issue/12382 
nest under policy
 2024-02-21 16:28:04 -05:00
m0duspwnens 162785575c nest under policy 2024-02-21 15:28:24 -05:00
Josh Brower 686304f24a Merge remote-tracking branch 'origin/2.4/dev' into kilo 2024-02-15 09:47:51 -05:00
Corey Ogburn 0d297274c8 DetectionComment Mapping Defined 2024-02-13 12:53:18 -07:00
Corey Ogburn 64f6d0fba9 Updated Detection's ES Mappings 
Detection's now have a License field and the Comment model is defined now.
 2024-02-09 14:20:07 -07:00
Corey Ogburn 29174566f3 WIP: Updated Detection Mappings, Changed Engine to Language 
Detection mappings updated to include the removal of Note and the addition of Tags, Ruleset, and Language.

SOC defaults updated to use language based queries rather than engine and show the language column instead of the engine column in results.
 2024-02-08 09:44:56 -07:00