CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-01-04 15:23:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
14,612 Commits 20 Branches 120 Tags
ce0c9f846db5d74afa54727d097ecbb8a24fefb5
Commit Graph

141 Commits

Author SHA1 Message Date
Doug Burks
e2caf4668e FEATURE: Add Events table columns for event.module elastic_agent #12666 2024-03-26 16:08:41 -04:00
Josh Brower
63a58efba4 Merge pull request #12656 from Security-Onion-Solutions/2.4/detections-fixes 
Add bindings for sigma repos
 2024-03-26 09:33:38 -04:00
Josh Brower
9c12aa261e Merge pull request #12660 from Security-Onion-Solutions/kilo 
Initial cut to remove Playbook and deps
 2024-03-26 08:31:11 -04:00
Doug Burks
20bd9a9701 FEATURE: Include additional groupby fields in Dashboards relating to sankey diagrams #12657 2024-03-26 07:39:24 -04:00
DefensiveDepth
d7ecad4333 Initial cut to remove Playbook and deps 2024-03-25 19:42:31 -04:00
DefensiveDepth
49fa800b2b Add bindings for sigma repos 2024-03-25 14:45:50 -04:00
Josh Brower
b8d33ab983 Merge pull request #12639 from Security-Onion-Solutions/2.4/enable-detections 
Enable Detections
 2024-03-25 09:30:01 -04:00
Corey Ogburn
237946e916 Specify Folder in Rule Repo 2024-03-22 13:52:20 -06:00
Corey Ogburn
3d04d37030 Update ElastAlert Config with Default Repos 2024-03-22 13:52:20 -06:00
Doug Burks
a78a304d4f FEATURE: Add event.dataset to all Events column layouts #12641 2024-03-22 13:19:31 -04:00
DefensiveDepth
5ca9ec4b17 Enable Detections 2024-03-22 10:12:26 -04:00
Doug Burks
2b019ec8fe Merge pull request #12634 from Security-Onion-Solutions/dougburks-patch-1 
FEATURE: Add Events column layout for event.module system #12628
 2024-03-22 05:52:23 -04:00
DefensiveDepth
4a33234c34 Default update to 24 hours 2024-03-21 07:26:19 -04:00
Doug Burks
778997bed4 FEATURE: Add Events column layout for event.module system #12628 2024-03-20 17:07:37 -04:00
DefensiveDepth
d84af803a6 Enable Autoupdates 2024-03-20 08:48:31 -04:00
DefensiveDepth
020eb47026 Change Detections defaults 2024-03-19 13:53:37 -04:00
m0duspwnens
1a829190ac remove modules if detections disabled 2024-03-13 09:46:44 -04:00
DefensiveDepth
61a183b7fc Add regex defaults 2024-03-11 15:55:39 -04:00
Corey Ogburn
6f05c3976b Updated RulesRepo for New Strelka Structure 2024-03-08 11:29:46 -07:00
Jason Ertel
8f36a8a4b6 Merge pull request #12514 from Security-Onion-Solutions/jertel/annotations 
detections annotations
 2024-03-06 11:10:21 -05:00
Jason Ertel
167aff24f6 detections annotations 2024-03-06 11:03:52 -05:00
Josh Brower
9e671621db Merge pull request #12510 from Security-Onion-Solutions/2.4/excludedetections 
Add Exclusion toggle
 2024-03-06 10:56:29 -05:00
Jason Ertel
12653eec8c add new pcap annotations 2024-03-06 08:14:33 -05:00
Josh Brower
1b47537a3f Add Exclusion toggle 2024-03-06 07:16:50 -05:00
Doug Burks
52580fb8c4 Merge pull request #12434 from Security-Onion-Solutions/feature/improve-endpoint-columns 
Add multiple endpoint features
 2024-02-26 12:05:30 -05:00
Doug Burks
f8424f3dad Update defaults.yaml 2024-02-26 11:22:09 -05:00
Doug Burks
c8a95a8706 FEATURE: Add new endpoint dashboards #12428 2024-02-26 09:59:07 -05:00
Doug Burks
4df21148fc FEATURE: Add default columns for endpoint.events datasets #12425 2024-02-26 09:40:51 -05:00
Doug Burks
ca249312ba FEATURE: Add new SOC action for Process Info #12421 2024-02-26 09:38:14 -05:00
Josh Brower
a6bb7216f9 Add Detection AutoUpdate config 2024-02-26 08:18:42 -05:00
Doug Burks
d6cb8ab928 update events_x_process in defaults.yaml 2024-02-23 17:09:40 -05:00
Doug Burks
b8baca417b add endpoint_x_events_x_process to defaults.yaml 2024-02-23 14:03:04 -05:00
Josh Brower
1952f0f232 Merge remote-tracking branch 'origin/2.4/dev' into kilo 2024-02-21 13:11:49 -05:00
Jason Ertel
4b314c8715 replace correlate icon to avoid confusion with searcheng.in 2024-02-20 10:30:09 -05:00
Josh Brower
ffb3cc87b7 Default ruleset; Descriptions 2024-02-16 11:55:10 -05:00
Corey Ogburn
c64f37ab67 sigmaRulePackages is now a string array 2024-02-15 10:34:07 -07:00
Corey Ogburn
a5db9f87dd Merge branch 'kilo' into cogburn/detection_playbooks 2024-02-13 14:08:44 -07:00
Josh Brower
0c6c6ba2d5 Various UI tweaks 2024-02-13 13:38:43 -05:00
Doug Burks
0741ae370a Update defaults.yaml 2024-02-13 12:51:26 -05:00
Doug Burks
8060751a66 Add table columns to process dashboard in defaults.yaml 2024-02-13 12:24:33 -05:00
Josh Brower
ea80469c2d Detection Default queries 2024-02-12 19:39:55 -05:00
Doug Burks
0ad39a7e32 FEATURE: Add new SOC action to show process ancestry #12345 2024-02-12 19:18:29 -05:00
Doug Burks
20d2f3b97e Update Sublime action in defaults.yaml to use i18n 2024-02-12 19:13:32 -05:00
Josh Brower
5102269440 Update defaults 2024-02-12 16:44:54 -05:00
Corey Ogburn
29174566f3 WIP: Updated Detection Mappings, Changed Engine to Language 
Detection mappings updated to include the removal of Note and the addition of Tags, Ruleset, and Language.

SOC defaults updated to use language based queries rather than engine and show the language column instead of the engine column in results.
 2024-02-08 09:44:56 -07:00
Doug Burks
d3d2305f00 FEATURE: Add new dashboards for community_id and firewall auth #12323 2024-02-07 16:08:27 -05:00
Doug Burks
7106095128 FEATURE: Improve Correlate and Hunt actions on SOC Actions menu #12315 2024-02-06 15:39:23 -05:00
Josh Brower
378c99ae88 Fix bindings 2024-02-02 18:27:49 -05:00
Corey Ogburn
8f81c9eb68 Updating config for Detection(s) 2024-02-02 11:49:58 -07:00
Josh Brower
fe196b5661 Add SOC Config for Detections 2024-02-01 12:22:50 -05:00