securityonion

mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-14 21:22:48 +01:00

Author	SHA1	Message	Date
reyesj2	9bde70a8e2	zeek.software typo Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>	2025-02-07 15:19:40 -06:00
reyesj2	dd17ee7665	fix defining custom logstash pipelines when kafka is enabled	2025-02-06 22:19:24 -06:00
Jason Ertel	4b51066327	Merge pull request #14191 from Security-Onion-Solutions/jertel/wip ca download; ignore shard errors on startup; clarify oidc id	2025-02-05 15:09:57 -05:00
Jason Ertel	bf19c6e730	ca download; ignore shard errors on startup; clarify oidc id	2025-02-05 15:04:04 -05:00
Joshua Brower	4636a8d9b1	Refresh Agent installers	2025-02-05 09:38:33 -05:00
Joshua Brower	95fe212202	Rework for MSI	2025-02-05 09:29:45 -05:00
Corey Ogburn	23ebe966e0	Added Large Values Warning maxBulkEscalateEvents now has a warning that large values may run into other limits.	2025-02-04 10:33:04 -07:00
Corey Ogburn	d0fa6eaf83	New Limit on Bulk Creating Related Events Used by the UI and API to hint at a user that not every event will be attached to a case. Supports values up to 10,000 (the default limit on the number of documents returned by a single ES search).	2025-02-03 14:20:33 -07:00
Joshua Brower	b874619f0d	Fix ip-mappings ILM	2025-02-03 09:31:08 -05:00
Josh Patterson	fe4129c8e0	env discovery.type single-node change only managers and heavynodes are eligible for discovery.type=single-node	2025-01-29 09:11:52 -05:00
Jason Ertel	db9387764d	fix issue with first-time api client permission toggling	2025-01-22 17:41:04 -05:00
Jorge Reyes	704e30219a	Merge pull request #14124 from Security-Onion-Solutions/reyesj2-patch-8 keep imported data in logs-import-so index	2025-01-17 13:33:26 -06:00
reyesj2	1396083b7d	use so-elasticsearch-query where possible; simplify suricata.alerts index reroute Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>	2025-01-17 13:29:46 -06:00
Jason Ertel	7017024ba7	Merge pull request #14123 from Security-Onion-Solutions/jertel/wip Additional web security measures	2025-01-17 12:31:42 -05:00
Jason Ertel	7705f45d78	Revert "subgrid config annotations" This reverts commit `3ab1b907e4`.	2025-01-17 12:16:12 -05:00
Jason Ertel	964bbe6aa5	additional web server security measures	2025-01-17 12:14:30 -05:00
reyesj2	01a2e4cd4f	check for index existence before attemping rollover Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>	2025-01-17 09:27:28 -06:00
reyesj2	9032d7d7bc	any suricata.alert with event.imported: true remains in logs-import-so Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>	2025-01-16 18:48:31 -06:00
reyesj2	d573c0922d	add 2.4.111 -> postupgrade check Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>	2025-01-16 18:25:06 -06:00
reyesj2	45d3438d18	update ingest pipeline for imported logs Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>	2025-01-16 17:33:14 -06:00
reyesj2	b3b7fb8f29	add null check and move tag lookup to .contains() in global@custom Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>	2025-01-15 12:16:11 -06:00
Jason Ertel	d101fda423	Merge branch '2.4/dev' into jertel/wip	2025-01-15 11:06:05 -05:00
Jorge Reyes	107ca38268	fix http query for "includes" function	2025-01-14 08:24:07 -06:00
Jorge Reyes	35547b476f	update http query	2025-01-14 08:13:27 -06:00
Jorge Reyes	ad765200c3	Merge pull request #14105 from Security-Onion-Solutions/reyesj2/moarzeekparse Additional Zeek parsing & cloudflare_logpush integration	2025-01-13 11:37:21 -06:00
reyesj2	4618256442	include okta-mappings in so-logs-okta.system index template	2025-01-13 11:32:27 -06:00
reyesj2	323ef1d5d6	add missing lifecycle name to trend_micro_vision_one indices	2025-01-13 09:29:22 -06:00
reyesj2	a5b1648b68	add missing lifecycle name to crowdstrike indices	2025-01-13 09:26:16 -06:00
reyesj2	14c920a258	fix hidden ldap menu subtitle	2025-01-13 09:23:32 -06:00
reyesj2	4f92b7ced1	add support for cloudflare_logpush integration	2025-01-13 09:23:05 -06:00
Joshua Brower	dcdf31eee8	Fix folder perm	2025-01-10 16:15:17 -05:00
Jason Ertel	3ab1b907e4	subgrid config annotations	2025-01-10 13:45:42 -05:00
reyesj2	e60a1e4357	zeek ldap & ldap_search parsing Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>	2025-01-09 16:06:10 -06:00
Joshua Brower	bcb92b63e3	Move json files to container image	2025-01-09 10:58:40 -05:00
Jorge Reyes	412397fa7b	Merge pull request #14089 from Security-Onion-Solutions/reyesj2/moarzeekparse	2025-01-08 17:45:14 -06:00
reyesj2	0e87351a9c	add zeek.quic mappings Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>	2025-01-08 16:18:53 -06:00
Joshua Brower	a2caf7425d	Add config options	2025-01-07 13:22:14 -05:00
Joshua Brower	6fa11a38ef	Update defaults	2025-01-07 13:14:50 -05:00
Joshua Brower	e3f75215b6	Merge remote-tracking branch 'origin/2.4/dev' into 2.4/navigator	2025-01-07 13:06:49 -05:00
Jason Ertel	bd96b5d722	invalidate user sessions when an admin changes the user's password	2025-01-06 17:23:10 -05:00
Josh Brower	8408a53b82	Merge remote-tracking branch 'origin/2.4/dev' into 2.4/navigator	2025-01-02 16:13:34 -05:00
Doug Burks	927b618ec9	Update Zeek QUIC dashboard, add Hunt query, add quic.server.name as column in Events table	2025-01-02 06:57:56 -05:00
reyesj2	9f83853922	Zeek QUIC support Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>	2024-12-31 13:44:20 -06:00
Josh Brower	8f5634d958	Merge pull request #14048 from Security-Onion-Solutions/2.4/sigmaHashes Refactor pipeline for hash changes	2024-12-23 15:49:35 -05:00
defensivedepth	7237b8971e	Refactor pipeline for hash changes	2024-12-23 15:41:13 -05:00
Mike Reeves	09ef096620	Update soup	2024-12-23 08:27:45 -05:00
reyesj2	157185c370	add ti_opencti integration support	2024-12-18 11:33:49 -06:00
Mike Reeves	9c10094914	Fix conflict	2024-12-18 10:19:40 -05:00
defensivedepth	17405b849a	Delete uneeded files	2024-12-17 16:01:31 -05:00
Mike Reeves	e4db2f4819	Update defaults.yaml	2024-12-10 17:19:15 -05:00

1 2 3 4 5 ...

10161 Commits