CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
10,073 Commits 24 Branches 119 Tags
ccac71f6495ebf00053bcdccba84c0ba6d4222b1
Commit Graph

304 Commits

Author SHA1 Message Date
Josh Brower
2b39570b08 Fix matching logic 2022-04-18 10:37:38 -04:00
Josh Brower
886d69fb38 Compress + Clean ES & Logstash App Logs 2022-04-11 16:09:24 -04:00
weslambert
e6599cd10e Update with changes from Abe's PR and other fixes 2022-03-25 13:57:44 -04:00
Wes Lambert
2487d468ab Add RITA Elasticsearch ingest pipeline config 2022-03-22 17:38:22 +00:00
weslambert
fc3273fa49 Change to label fields to comply with what's defined in Filebeat template 2022-03-04 16:29:01 -05:00
Wes Lambert
a290602a70 Revert syslog pipeline updates from Abe' PR for now 2022-03-01 15:31:07 +00:00
Wes Lambert
dc07adca63 Rename ingest.timestamp to event.ingested 2022-03-01 15:05:08 +00:00
Doug Burks
32b71fdcac Avoid changing _index for imported logs 2022-02-26 10:36:09 -05:00
weslambert
23fb62c0d6 Split Zeek DNS records into a separate index 2022-02-24 12:52:25 -05:00
weslambert
bc2c1b4ccc Merge pull request #6935 from abesinger/issue/6912 
Updated syslog pipeline, resolves #6912.
 2022-02-24 08:33:55 -05:00
weslambert
c5b5c5858e Rename to prevent field conflict 2022-02-02 14:31:46 -05:00
weslambert
367b59188b Revert back to dns.answers for now 2022-01-31 09:54:39 -05:00
weslambert
8f0a327cb5 Fix Zeek field name so it doesn't conflict with mapping of other dns.answers fields 2022-01-26 15:02:59 -05:00
abesinger
31d22e717d Updated syslog pipeline, resolves #6912. Also cleaned up formatting to make it more readable. 2022-01-19 18:45:26 -06:00
m0duspwnens
494737549d move some es script to src elasticsearch/tools/sbin and dst /usr/sbin. set requires 2022-01-12 10:20:05 -05:00
m0duspwnens
baf297ab0a merge with dev, resolve conflict 2022-01-11 11:24:10 -05:00
m0duspwnens
716c98ec61 requires and ordering for socusersroles state 2022-01-10 14:39:00 -05:00
Josh Brower
56aa24d874 Fix Wazuh WEL Parsing 2022-01-10 13:55:38 -05:00
m0duspwnens
beb9a33628 only include curl.config if elasticsearch:auth is enabled 2022-01-10 11:48:16 -05:00
Josh Brower
5d4ea2ba3a Revert Wazuh parser update 2022-01-07 10:51:24 -05:00
Josh Brower
277c7f1ef8 Uppercase first char in Wazuh WEL 2022-01-06 14:58:50 -05:00
Jason Ertel
2c9062efb7 resolved merge conflicts 2021-12-21 09:34:39 -05:00
Jason Ertel
35617acaeb Update cacerts to reflect new path; this changed due to ES 7.16.2 2021-12-20 12:12:00 -05:00
Jason Ertel
6f116a2d01 Switch to new Ubuntu SSL dir 2021-12-20 09:43:59 -05:00
Mike Reeves
465ba1b7d3 Change CA certs location 2021-12-15 17:08:36 -05:00
Wes Lambert
f80b70e008 Add config for dynamically formatted ingest pipelines 2021-11-09 20:07:53 +00:00
Wes Lambert
46d3eb452d Add ECS testing pipeline 2021-11-08 20:08:56 +00:00
Josh Brower
2ba619144c Support non-WEL Beats 2021-11-02 08:23:29 -04:00
Mike Reeves
a3e0fb127a Merge pull request #5069 from datlife/datlife/asn-annotation 
Add ASN annotation for IP
 2021-10-05 06:50:31 -04:00
Dat
9569e73bd0 Added ASN annotation for IP 2021-10-04 12:41:20 -07:00
m0duspwnens
aed73511e4 file cleanup, comment cleanup 2021-09-20 09:24:03 -04:00
m0duspwnens
5b77dc109f Merge remote-tracking branch 'remotes/origin/dev' into issue/1257 2021-09-16 16:54:23 -04:00
Josh Brower
a75238bc3f so-import-evtx - fix ingest formatting 2021-09-15 14:13:16 -04:00
m0duspwnens
93f2cd75a4 add the jinja template 2021-09-09 10:19:46 -04:00
Josh Brower
7b93f355e2 so-import-evtx - timestamp extraction 2021-08-25 15:17:19 -04:00
Mike Reeves
71bbb41b5f Merge branch 'dev' into bravo 2021-08-04 10:57:10 -04:00
William Wernert
8a49039b85 Only append source.ip to logscan.source.ips if it's been created 2021-08-02 09:50:49 -04:00
William Wernert
2a6277c0c3 Fix field names in logscan pipeline 2021-07-30 15:46:39 -04:00
William Wernert
33bd6aed20 Fix logscan pipeline on eval 
* Rename logscan pipeline to logscan.alert
* Add module to indices array in filebeat.yml
 2021-07-30 14:41:15 -04:00
William Wernert
0b06d0bfdb Merge branch 'dev' into foxtrot 2021-07-29 15:15:25 -04:00
Jason Ertel
4c6447a3da merge 2.3.61 MSEARCH hotfix into dev 2021-07-29 15:00:58 -04:00
Mike Reeves
a42d8c9229 Fix Manager Search 2021-07-28 17:03:14 -04:00
doug
3d3593a1a9 FIX: Suricata dns.response.code needs to be renamed to dns.response.code_name #4770 2021-07-22 09:50:21 -04:00
Mike Reeves
09165daab8 Several Suricata things 2021-07-21 09:10:33 -04:00
William Wernert
9bf1d3e0c6 Misc fixes 2021-07-16 14:59:44 -04:00
William Wernert
3a12d28d20 Merge branch 'dev' into feature/logscan 2021-07-16 14:13:19 -04:00
Wes Lambert
05aad07bfc Replace staging path with processed path for analyzed files 2021-07-14 15:04:46 +00:00
Wes Lambert
441cd3fc59 Move Wazuh-specific data to wazuh.data 2021-07-14 13:42:51 +00:00
William Wernert
e7a6172d7e [fix] Add single quotes to strings 2021-07-13 14:07:27 -04:00
William Wernert
115e0a6fee [fix] Add missing comma 2021-07-13 12:04:10 -04:00