CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 17:52:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
10,705 Commits 24 Branches 119 Tags
d2bc1a5523de9665145f372efa9219a116a3029d
Commit Graph

273 Commits

Author SHA1 Message Date
weslambert
d2bc1a5523 Fix syntax error for 'ics' tag logic 2022-11-22 07:24:54 -05:00
weslambert
fe180d5657 Fix indentation 2022-11-21 17:02:17 -05:00
weslambert
9994d47a43 Add 'ics' tag to events generated from ICS protocol logs 2022-11-21 16:46:47 -05:00
Doug Burks
febb781428 Add ICS/SCADA logs to filebeat defaults.yaml 2022-11-21 12:10:55 -05:00
m0duspwnens
b526532ab6 use global vars in states 2022-10-11 11:57:15 -04:00
Mike Reeves
37c98c14cd Fix zeek logs in filebeat 2022-09-26 17:11:10 -04:00
Mike Reeves
aa7dd47b00 Fix zeek logs in filebeat 2022-09-26 17:01:44 -04:00
Jason Ertel
21c7f940d7 Update copyrights 2022-09-13 11:48:25 -04:00
Mike Reeves
2254512a2a Add more logging to setup process 2022-09-12 12:48:02 -04:00
Mike Reeves
2bd9dd80e2 Move In Day 2022-09-07 09:06:25 -04:00
m0duspwnens
ec451c19f8 move port bindings back under port bindings 2022-07-12 15:17:25 -04:00
weslambert
11d3ed36b7 Specify outputs for Elasticsearch and Kibana for Eval and Import Mode 
Add outputs for Elasticsearch and Kibana for Eval/Import Mode, since Logstash is not used in Eval Mode or Import Mode. Otherwise, logs from these inputs end up in a filebeat-prefixed index.
 2022-07-11 17:22:09 -04:00
Wes Lambert
764e8688b1 Modify Kratos input to use dedicated index and add filestream ID for all applicable inputs 2022-07-08 15:53:55 +00:00
weslambert
85f790b28a Change type from 'log' to 'filestream' to ensure compatibility with Elastic 8 2022-06-27 10:39:58 -04:00
weslambert
adeccd0e7f Merge pull request #8097 from Security-Onion-Solutions/dev 
Merge latest dev into foxtrot
 2022-06-08 15:01:09 -04:00
Josh Patterson
e5c9b91529 Merge pull request #8054 from Security-Onion-Solutions/dmz_receiver 
Dmz receiver
 2022-06-01 15:31:42 -04:00
weslambert
44622350ea Add ID for RITA filestream inputs 2022-05-25 10:09:01 -04:00
m0duspwnens
d8abc0a195 if in dmz_nodes dont add to filebeta 2022-05-11 11:51:18 -04:00
Josh Brower
8e368bdebe Merge in upstream dev 2022-05-06 20:01:07 -04:00
weslambert
fbc86f43ec Add exclude filter for logs for when there are no results from analysis 2022-03-24 13:03:03 -04:00
Wes Lambert
8a56c88773 Adjust log file paths 2022-03-22 17:51:17 +00:00
Wes Lambert
57f01c70ec Remove extra forward slash in log path 2022-03-22 17:45:23 +00:00
Wes Lambert
f613d8ad86 Add RITA Logstash config 2022-03-22 17:36:18 +00:00
weslambert
bb9d6673ec Fix casing 2022-03-21 12:38:50 -04:00
weslambert
9afa949623 Don't rotate Filebeat log on startup 2022-03-21 12:38:12 -04:00
Wes Lambert
1a6ef0cc6b Re-enable FB module load 2022-03-19 03:55:40 +00:00
Wes Lambert
2e7d314650 Remove Cyberark module 2022-03-19 03:43:55 +00:00
Wes Lambert
c97847f0e2 Remove Threat Intel Recored Future fileset 2022-03-19 03:43:34 +00:00
Wes Lambert
59a2ac38f5 Disable FB module load for now 2022-03-18 22:12:09 +00:00
weslambert
5ec5b9a2ee Remove older module config files 2022-03-18 10:14:13 -04:00
weslambert
712a92aa39 Switch from log input to filestream input 2022-03-17 21:18:03 -04:00
Wes Lambert
6e2aaa0098 Clean up original map file 2022-03-17 21:08:57 +00:00
Wes Lambert
09892a815b Add back bind mounts and remove THIRDPARTY 2022-03-17 21:06:07 +00:00
Wes Lambert
a60ef33930 Reorganize FB module management 2022-03-17 21:01:03 +00:00
m0duspwnens
d76facb1bb add extra hosts for idh node 2022-02-25 12:21:43 -05:00
Josh Brower
df9fc807a3 IDH - restart scripts, filebeat fix 2022-02-22 08:05:53 -05:00
Josh Brower
3610b0cd30 merge in dev 2022-02-21 16:52:53 -05:00
Josh Brower
118277ebc5 Ingest Kratos logs 2022-02-18 11:49:02 -05:00
Josh Brower
1e5b9ef0bf IDH - Enable Filebeat 2022-02-10 11:37:10 -05:00
Jason Ertel
eefcc929c2 Update copyright pattern to match other repos 2022-01-24 10:09:23 -05:00
Jason Ertel
7c22f46a55 Update copyright year for 2022 2022-01-24 09:35:29 -05:00
m0duspwnens
bd7ef1cc59 fix whitespace control 2021-12-16 09:19:20 -05:00
m0duspwnens
f9b04ab96a add node's own ip to FILEBEAT_EXTRA_HOSTS 2021-12-15 16:53:22 -05:00
m0duspwnens
522bc1d2b8 fix loadbalance logic and whitespace for filebeat.yml 2021-12-15 16:21:08 -05:00
m0duspwnens
024860d0ae rename EXTRA_NODES to LOGSTASH_NODES AND REDIS_NODES 2021-12-14 23:43:06 -05:00
m0duspwnens
c490a3be36 move node_data pillar to logstash:nodes, set extra hosts for filebeat docker 2021-12-14 13:32:42 -05:00
m0duspwnens
6518691c55 sort the items 2021-12-13 18:16:25 -05:00
m0duspwnens
067e79894f fix loop for node_data 2021-12-13 16:26:38 -05:00
m0duspwnens
6de2f5bd03 fix node_data 2021-12-13 15:55:09 -05:00
m0duspwnens
8d0872bce5 create node_data pillar from mine data, use node_data pillar for filebeat config 2021-12-13 15:48:30 -05:00