CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-25 22:17:49 +02:00
Code Issues Packages Projects Releases Wiki Activity
15,419 Commits 40 Branches 125 Tags
cdbffa23239b9553fee76bde8208216698383fc3
Commit Graph

15419 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Corey Ogburn 5d3fd3d389 AdditionalCA and InsecureSkipVerify 
New fields have been added to manager and then duplicated over to SOC's config in the same vein as how proxy was updated earlier this week.

AdditionalCA holds the PEM formatted public keys that should be trusted when making requests. It has been implemented for both Sigma's zip downloads and Sigma and Suricata's repository clones and pulls.

InsecureSkipVerify has been added to help our users troubleshoot their configuration. Setting it to true will not verify the cert on outgoing requests. Self signed, missing, or invalid certs will not throw an error.
 2024-06-07 12:47:09 -06:00
Corey Ogburn fa063722e1 RootCA and InsecureSkipVerify 
New empty settings and their annotations.
 2024-06-07 09:10:14 -06:00
m0duspwnens f5cc35509b fix output alignment 2024-06-07 11:03:26 -04:00
m0duspwnens d39c8fae54 format output 2024-06-07 09:01:16 -04:00
m0duspwnens d3b81babec check for phases with so-yaml, remove if exists 2024-06-06 16:15:21 -04:00
coreyogburn f35f6bd4c8 Merge pull request #13154 from Security-Onion-Solutions/cogburn/soc-proxy 
SOC Proxy Setting
 2024-06-06 14:03:16 -06:00
Mike Reeves d5cfef94a3 Merge pull request #13156 from Security-Onion-Solutions/TOoSmOotH-patch-3 2024-06-06 16:01:22 -04:00
Mike Reeves f37f5ba97b Update soc_suricata.yaml 2024-06-06 15:57:58 -04:00
Corey Ogburn 42818a9950 Remove proxy from SOC defaults 2024-06-06 13:28:07 -06:00
Corey Ogburn e85c3e5b27 SOC Proxy Setting 
The so_proxy value we build during install is now copied to SOC's config.
 2024-06-06 11:55:27 -06:00
m0duspwnens a39c88c7b4 add set to troubleshoot failure 2024-06-06 12:56:24 -04:00
m0duspwnens 73ebf5256a Merge remote-tracking branch 'origin/2.4/dev' into soupmsgq 2024-06-06 12:44:45 -04:00
Jason Ertel 6d31cd2a41 Merge pull request #13150 from Security-Onion-Solutions/jertel/yaml 
add ability to retrieve yaml values via so-yaml.py; improve so-minion id matching
 2024-06-06 12:09:03 -04:00
Jason Ertel 5600fed9c4 add ability to retrieve yaml values via so-yaml.py; improve so-minion id matching 2024-06-06 11:56:07 -04:00
m0duspwnens 6920b77b4a fix msg 2024-06-06 11:00:43 -04:00
m0duspwnens ccd6b3914c add final msg queue for soup. 2024-06-06 10:33:55 -04:00
reyesj2 c4723263a4 Remove unused kafka reactor 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-06 08:59:17 -04:00
reyesj2 4581a46529 Merge remote-tracking branch 'remotes/origin/2.4/dev' into reyesj2/kafka 2024-06-05 20:47:41 -04:00
Josh Patterson 33a2c5dcd8 Merge pull request #13141 from Security-Onion-Solutions/sotcprp 
move so-tcpreplay from common state to sensor state
 2024-06-05 09:49:39 -04:00
m0duspwnens f6a8a21f94 remove space 2024-06-05 08:58:46 -04:00
m0duspwnens ff5773c837 move so-tcpreplay back to common. return empty string if no sensor.interface pillar 2024-06-05 08:56:32 -04:00
m0duspwnens 66f8084916 Merge remote-tracking branch 'origin/2.4/dev' into sotcprp 2024-06-05 08:32:54 -04:00
m0duspwnens a2467d0418 move so-tcpreplay to sensor state 2024-06-05 08:24:57 -04:00
reyesj2 3b0339a9b3 create kafka.id from kafka {partition}-{offset}-{timestamp} for tracking event 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-04 14:27:52 -04:00
reyesj2 fb1d4fdd3c update license 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-04 12:33:51 -04:00
Josh Patterson 56a16539ae Merge pull request #13134 from Security-Onion-Solutions/sotcprp 
so-tcpreplay now runs if manager is offline
 2024-06-04 10:43:33 -04:00
m0duspwnens c0b2cf7388 add the curlys 2024-06-04 10:28:21 -04:00
reyesj2 d9c58d9333 update receiver pillar access 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-04 08:33:45 -04:00
Josh Patterson ef3a52468f Merge pull request #13129 from Security-Onion-Solutions/salt3006.8 
salt 3006.6
 2024-06-03 15:29:19 -04:00
m0duspwnens c88b731793 revert to 3006.6 2024-06-03 15:27:08 -04:00
reyesj2 2e85a28c02 Remove so-kafka-clusterid script, created during soup 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-02 18:25:59 -04:00
weslambert 964fef1aab Merge pull request #13117 from Security-Onion-Solutions/fix/items_and_lists 
Add templates for .items and .lists indices
 2024-05-31 16:34:29 -04:00
reyesj2 1a832fa0a5 Move soup kafka needfuls to up_to_2.4.80 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-31 14:04:46 -04:00
reyesj2 75bdc92bbf Merge remote-tracking branch 'remotes/origin/2.4/dev' into reyesj2/kafka 2024-05-31 14:02:43 -04:00
Wes a8c231ad8c Add component templates 2024-05-31 17:47:01 +00:00
Wes f396247838 Add index templates and lifecycle policies 2024-05-31 17:46:19 +00:00
reyesj2 e3ea4776c7 Update kafka nodes pillar before running highstate with pillarwatch engine. This allows configuring your Kafka controllers before cluster comes up for the first time 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-31 13:34:28 -04:00
coreyogburn 37a928b065 Merge pull request #13107 from Security-Onion-Solutions/cogburn/detection-templates 
Added TemplateDetections To Detection ClientParams
 2024-05-30 16:26:17 -06:00
Corey Ogburn 85c269e697 Added TemplateDetections To Detection ClientParams 
The UI can now insert templates when you select a Detection language. These are those templates, annotated.
 2024-05-30 15:59:03 -06:00
m0duspwnens 6e70268ab9 Merge remote-tracking branch 'origin/2.4/dev' into sotcprp 2024-05-30 16:34:37 -04:00
Josh Patterson fb8929ea37 Merge pull request #13103 from Security-Onion-Solutions/salt3006.8 
Salt3006.8
 2024-05-30 16:32:05 -04:00
weslambert 5d9c0dd8b5 Merge pull request #13101 from Security-Onion-Solutions/fix/separate_suricata 
Separate Suricata alerts into a specific data stream
 2024-05-30 16:30:55 -04:00
m0duspwnens debf093c54 Merge remote-tracking branch 'origin/2.4/dev' into salt3006.8 2024-05-30 15:58:10 -04:00
reyesj2 00b5a5cc0c Revert "revert version for soup test before 2.4.80 pipeline unpaused" 
This reverts commit 48713a4e7b.
 2024-05-30 15:13:16 -04:00
reyesj2 dbb99d0367 Remove bad config 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-30 15:10:15 -04:00
m0duspwnens 7702f05756 upgrade salt 3006.8. soup for 2.4.80 2024-05-30 15:00:32 -04:00
Wes 2c635bce62 Set index for Suricata alerts 2024-05-30 17:02:31 +00:00
reyesj2 48713a4e7b revert version for soup test before 2.4.80 pipeline unpaused 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-30 13:00:34 -04:00
Wes e831354401 Add Suricata alerts setting for configuration 2024-05-30 17:00:11 +00:00
Wes 55c5ea5c4c Add template for Suricata alerts 2024-05-30 16:58:56 +00:00