CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
14,795 Commits 24 Branches 119 Tags
d0e140cf7b2bd92bbcc6fb6bc2bab3f69ccdbded
Commit Graph

14795 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jason Ertel
d0e140cf7b zeek networks will only ever have one HOME_NETWORKS setting 2024-05-01 09:30:52 -04:00
Jason Ertel
87c6d0a820 zeek networks will only ever have one HOME_NETWORKS setting 2024-05-01 09:29:36 -04:00
Jason Ertel
72db369fbb Merge branch '2.4/dev' into jertel/wf 2024-04-30 15:16:41 -04:00
Jason Ertel
84db82852c annotation updates for custom settings 2024-04-30 15:14:56 -04:00
coreyogburn
ea4750d8ad Merge pull request #12882 from Security-Onion-Solutions/cogburn/community-repos 
Mark Repos as Community
 2024-04-30 09:12:25 -06:00
Doug Burks
e9944796c8 Merge pull request #12886 from Security-Onion-Solutions/dougburks-patch-1 
FIX: Elasticsearch min_age regex #12885
 2024-04-30 10:26:04 -04:00
Doug Burks
4d6124f982 FIX: Elasticsearch min_age regex #12885 2024-04-30 10:18:34 -04:00
Jorge Reyes
dd168e1cca Merge pull request #12881 from Security-Onion-Solutions/2.4/finalpipefix 
Update expected timestamp format in final pipeline for system events
 2024-04-30 09:39:18 -04:00
Corey Ogburn
ddf662bdb4 Mark Repos as Community 
Indicate that detection rules pulled from configured repos should be marked as Community rules.
 2024-04-29 16:22:30 -06:00
reyesj2
fadb6e2aa9 Re-add original timestamp format + ignore failures with this processor 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-29 16:57:48 -04:00
reyesj2
192d91565d Update final pipeline timestamp format for event.module system events 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-29 16:34:29 -04:00
Josh Patterson
82ef4c96c3 Merge pull request #12880 from Security-Onion-Solutions/issue/12878 
set Suricata as default pcap engine for eval
 2024-04-29 15:54:25 -04:00
m0duspwnens
a663bf63c6 set Suricata as default pcap engine for eval 2024-04-29 14:22:04 -04:00
Josh Brower
13ccb58f84 Merge pull request #12876 from Security-Onion-Solutions/2.4/sigmafix 
Sigma pivot fix and cleanup
 2024-04-29 09:12:09 -04:00
DefensiveDepth
f2c3c928fc Sigma pivot fix and cleanup 2024-04-29 08:49:05 -04:00
Jason Ertel
3cbc29e767 Merge pull request #12875 from Security-Onion-Solutions/jertel/wf 
restrict workflows to so
 2024-04-29 05:16:07 -07:00
Jason Ertel
89cb8b79fd restrict workflows to so 2024-04-29 08:07:19 -04:00
Mike Reeves
b5c5c7857b Merge pull request #12846 from petiepooo/fix/check-srvc-status 
check status before stopping service
 2024-04-25 15:10:42 -04:00
Josh Patterson
ed05d51969 Merge pull request #12865 from Security-Onion-Solutions/issue/12637 
only apply ulimits to suricata container if user enable mmap-locked
 2024-04-25 10:08:05 -04:00
m0duspwnens
2c7eb3c755 only apply ulimits to suricata container if user enable mmap-locked 2024-04-25 10:05:59 -04:00
weslambert
cc17de2184 Merge pull request #12864 from Security-Onion-Solutions/fix/exclude_suricata 
Exclude suricata from disk space-based index deletion
 2024-04-25 09:23:38 -04:00
weslambert
b424426298 Exclude suricata 2024-04-25 09:14:18 -04:00
Josh Patterson
03f9160fcc Merge pull request #12860 from Security-Onion-Solutions/issue/12856 
allow for enabled/disable of so-elasticsearch-indices-delete cronjob
 2024-04-25 09:07:44 -04:00
m0duspwnens
d50de804a8 update annotation 2024-04-25 09:04:34 -04:00
weslambert
983ef362e9 Merge pull request #12858 from Security-Onion-Solutions/fix/index_sorting 
Change index sorting to account for older so-prefixed indices
 2024-04-25 08:54:22 -04:00
Josh Brower
d88c1a5e0a Merge pull request #12861 from Security-Onion-Solutions/2.4/detectionlogs 
Add runtime status logs
 2024-04-24 20:07:32 -04:00
weslambert
44afa55274 Fix comments about deletion 2024-04-24 17:41:37 -04:00
weslambert
ab832e4bb2 Include logstash-prefixed indices 2024-04-24 17:17:53 -04:00
DefensiveDepth
3c3ed8b5c5 Add runtime status logs 2024-04-24 16:33:47 -04:00
m0duspwnens
c9d9979f22 allow for enabled/disable of so-elasticsearch-indices-delete cronjob 2024-04-24 16:18:45 -04:00
Josh Patterson
383420b554 Merge pull request #12859 from Security-Onion-Solutions/issue/12637 
Issue/12637
 2024-04-24 15:44:37 -04:00
m0duspwnens
73b5bb1a75 add memlock to so-suricata container 2024-04-24 15:35:17 -04:00
weslambert
59a02635ed Change index sorting 2024-04-24 15:18:49 -04:00
m0duspwnens
13a6520a8c mmap-locked default no 2024-04-24 13:50:12 -04:00
m0duspwnens
4b7f826a2a quote is so true becomes yes 2024-04-24 13:29:55 -04:00
m0duspwnens
0bd0c7b1ec allow for mmap-locked to be configured 2024-04-24 13:26:25 -04:00
weslambert
428fe787c4 Merge pull request #12852 from Security-Onion-Solutions/fix/elastic_max_age 
Remove hot max_age
 2024-04-24 10:15:06 -04:00
weslambert
1b3a0a3de8 Remove hot max_age 2024-04-24 10:11:02 -04:00
weslambert
96ec285241 Merge pull request #12848 from Security-Onion-Solutions/fix/elastic_annotation 
Fix description, regex, and type for cold, warm, and hot
 2024-04-24 09:22:05 -04:00
weslambert
75b5e16696 Update description, type, and regex 2024-04-24 09:14:39 -04:00
weslambert
8a0a435700 Fix warm description 2024-04-24 08:35:19 -04:00
Pete
e53e7768a0 check status before stopping service 
resolves #12811 so-verify detects rare false error

If salt is uninstalled during call to so-setup where it detects a previous install, the "Failed" keyword from "systemctl stop $service" causes so-verify to falsely detect an installation error.  This might happen if the user removes the salt packages between calls to so-setup, or if upgrading from Ubuntu 20.04 to 22.04 then installing 2.4.xx on top of a 2.3.xx installation.

The fix is to wrap the call to stop the service in a check if the service is running.

This ignores the setting of pid var, as the next use of pid is within a while loop that will not execute for the same reason the systemctl stop call was not launched in the background.
 2024-04-23 21:24:39 +00:00
weslambert
bef408b944 Merge pull request #12844 from Security-Onion-Solutions/fix/elastic_annotation 
Fix warm description
 2024-04-23 10:47:04 -04:00
weslambert
691b02a15e Fix warm description 2024-04-23 10:40:09 -04:00
Josh Brower
fc1c41e5a4 Merge pull request #12841 from Security-Onion-Solutions/2.4/logfix 
Temp exclude yara runtime status log
 2024-04-23 07:36:02 -04:00
DefensiveDepth
58ddd55123 Exclude yara runtime log 2024-04-23 07:28:07 -04:00
Jorge Reyes
d402943403 Merge pull request #12773 from Security-Onion-Solutions/reyesj2/kismet 
Kismet integration for WiFi devices
 2024-04-22 15:59:22 -04:00
Josh Brower
64c43b1a55 Merge pull request #12805 from Security-Onion-Solutions/2.4/detectiondefaults 
Strelka fixes and more
 2024-04-19 16:53:07 -04:00
DefensiveDepth
a237ef5d96 Update default queries 2024-04-19 16:33:35 -04:00
Doug Burks
c48da45ac3 Merge pull request #12820 from Security-Onion-Solutions/dougburks-patch-1 
FIX: Elastic retention setting not being honored when manager hostname is a subset of search node hostname #12819
 2024-04-18 11:59:57 -04:00