CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-01-15 12:41:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
14,557 Commits 23 Branches 120 Tags
d2fb067110facbac8bcb228e2bc99cdd6650c690
Commit Graph

125 Commits

Author SHA1 Message Date
m0duspwnens
1a829190ac remove modules if detections disabled 2024-03-13 09:46:44 -04:00
DefensiveDepth
61a183b7fc Add regex defaults 2024-03-11 15:55:39 -04:00
Corey Ogburn
6f05c3976b Updated RulesRepo for New Strelka Structure 2024-03-08 11:29:46 -07:00
Jason Ertel
8f36a8a4b6 Merge pull request #12514 from Security-Onion-Solutions/jertel/annotations 
detections annotations
 2024-03-06 11:10:21 -05:00
Jason Ertel
167aff24f6 detections annotations 2024-03-06 11:03:52 -05:00
Josh Brower
9e671621db Merge pull request #12510 from Security-Onion-Solutions/2.4/excludedetections 
Add Exclusion toggle
 2024-03-06 10:56:29 -05:00
Jason Ertel
12653eec8c add new pcap annotations 2024-03-06 08:14:33 -05:00
Josh Brower
1b47537a3f Add Exclusion toggle 2024-03-06 07:16:50 -05:00
Doug Burks
52580fb8c4 Merge pull request #12434 from Security-Onion-Solutions/feature/improve-endpoint-columns 
Add multiple endpoint features
 2024-02-26 12:05:30 -05:00
Doug Burks
f8424f3dad Update defaults.yaml 2024-02-26 11:22:09 -05:00
Doug Burks
c8a95a8706 FEATURE: Add new endpoint dashboards #12428 2024-02-26 09:59:07 -05:00
Doug Burks
4df21148fc FEATURE: Add default columns for endpoint.events datasets #12425 2024-02-26 09:40:51 -05:00
Doug Burks
ca249312ba FEATURE: Add new SOC action for Process Info #12421 2024-02-26 09:38:14 -05:00
Josh Brower
a6bb7216f9 Add Detection AutoUpdate config 2024-02-26 08:18:42 -05:00
Doug Burks
d6cb8ab928 update events_x_process in defaults.yaml 2024-02-23 17:09:40 -05:00
Doug Burks
b8baca417b add endpoint_x_events_x_process to defaults.yaml 2024-02-23 14:03:04 -05:00
Josh Brower
1952f0f232 Merge remote-tracking branch 'origin/2.4/dev' into kilo 2024-02-21 13:11:49 -05:00
Jason Ertel
4b314c8715 replace correlate icon to avoid confusion with searcheng.in 2024-02-20 10:30:09 -05:00
Josh Brower
ffb3cc87b7 Default ruleset; Descriptions 2024-02-16 11:55:10 -05:00
Corey Ogburn
c64f37ab67 sigmaRulePackages is now a string array 2024-02-15 10:34:07 -07:00
Corey Ogburn
a5db9f87dd Merge branch 'kilo' into cogburn/detection_playbooks 2024-02-13 14:08:44 -07:00
Josh Brower
0c6c6ba2d5 Various UI tweaks 2024-02-13 13:38:43 -05:00
Doug Burks
0741ae370a Update defaults.yaml 2024-02-13 12:51:26 -05:00
Doug Burks
8060751a66 Add table columns to process dashboard in defaults.yaml 2024-02-13 12:24:33 -05:00
Josh Brower
ea80469c2d Detection Default queries 2024-02-12 19:39:55 -05:00
Doug Burks
0ad39a7e32 FEATURE: Add new SOC action to show process ancestry #12345 2024-02-12 19:18:29 -05:00
Doug Burks
20d2f3b97e Update Sublime action in defaults.yaml to use i18n 2024-02-12 19:13:32 -05:00
Josh Brower
5102269440 Update defaults 2024-02-12 16:44:54 -05:00
Corey Ogburn
29174566f3 WIP: Updated Detection Mappings, Changed Engine to Language 
Detection mappings updated to include the removal of Note and the addition of Tags, Ruleset, and Language.

SOC defaults updated to use language based queries rather than engine and show the language column instead of the engine column in results.
 2024-02-08 09:44:56 -07:00
Doug Burks
d3d2305f00 FEATURE: Add new dashboards for community_id and firewall auth #12323 2024-02-07 16:08:27 -05:00
Doug Burks
7106095128 FEATURE: Improve Correlate and Hunt actions on SOC Actions menu #12315 2024-02-06 15:39:23 -05:00
Josh Brower
378c99ae88 Fix bindings 2024-02-02 18:27:49 -05:00
Corey Ogburn
8f81c9eb68 Updating config for Detection(s) 2024-02-02 11:49:58 -07:00
Josh Brower
fe196b5661 Add SOC Config for Detections 2024-02-01 12:22:50 -05:00
Jason Ertel
e075d07f5c show last highstate date/time on grid metrics screen; expose maxUploadSize and staleMetricsMs settings on config screen 2023-12-29 11:38:42 -05:00
Doug Burks
ab5de4c104 update soc defaults.yaml 2023-12-19 07:27:07 -05:00
Doug Burks
4d8661d2e0 FIX: Update dashboard and hunt query for firewall logs #12021 2023-12-18 13:38:04 -05:00
Doug Burks
6a1073b616 FIX: Update dashboard and hunt query for firewall logs #12021 2023-12-18 12:57:40 -05:00
Doug Burks
8779fb8cbc Update defaults.yaml 2023-12-14 13:30:52 -05:00
Doug Burks
042e5ae9f0 https://github.com/Security-Onion-Solutions/securityonion/issues/12021 2023-12-14 12:46:28 -05:00
weslambert
0334ef9677 Add eml observable type 2023-12-05 19:10:16 -05:00
Doug Burks
4666b993e5 Update defaults.yaml 2023-11-14 09:58:45 -05:00
Wes
bca1194a46 Sublime SOC Action 2023-11-01 14:01:55 +00:00
Jason Ertel
546c562ef0 expose standard relay timeout in config UI; up default to 45s to accommodate sluggish pillar.get calls 2023-09-01 10:31:02 -04:00
Corey Ogburn
a615fc8e47 New Config Default: longRelayTimeoutMs 
Salt is getting a second timeout for operations known to take a long time such as sending and importing files. There's also an entry in soc_soc.yaml so the value can be changed in SOC's config page.
 2023-08-30 15:33:01 -06:00
weslambert
563a495725 Add Playbook 2023-08-21 11:24:07 -04:00
weslambert
9e18fe64cf Remove OSSEC configuration 2023-08-21 11:20:47 -04:00
bryant-treacle
036b81707b Update defaults.yaml 2023-08-08 16:10:54 -04:00
bryant-treacle
3d4fd08547 Update defaults.yaml 2023-08-08 15:28:06 -04:00
weslambert
527a6ba454 Use asterisk when searching 'msg' since it is now a keyword 2023-07-31 23:52:38 -04:00