CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 01:32:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
16,037 Commits 24 Branches 119 Tags
d35ffef503b0933f56c65b47c25349b32caed24f
Commit Graph

50 Commits

Author SHA1 Message Date
Corey Ogburn
8334fd9c46 Source Dates 2024-11-07 14:44:45 -07:00
defensivedepth
7896f951f3 timestamp fix 2024-10-31 10:24:58 -04:00
reyesj2
36fc3bbd6d add so-ip-mappings index 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-10-30 10:24:11 -04:00
Corey Ogburn
640f53d085 Cleanup 
Fix indentation and trailing comma.
 2024-10-24 17:05:36 -06:00
Corey Ogburn
1aa9d87c5d Corrected 
Put the note on the right model this time.
 2024-10-24 17:05:36 -06:00
Corey Ogburn
e11c562022 Added Note to ES Mappings 2024-10-24 17:05:35 -06:00
Wes
25a9fb9b5c Add destination IP for so-system 2024-09-09 20:16:23 +00:00
Wes
9264a03dbc Add custom system component 2024-07-31 17:03:26 +00:00
Wes
3285ae9366 Update mappings for detection fields 2024-05-01 20:11:56 +00:00
Corey Ogburn
00cea6fb80 Detection Author as a Keyword instead of Text 
With Quick Actions added to Detections, as many fields should be usable as possible.
 2024-04-05 11:22:47 -06:00
Corey Ogburn
0d297274c8 DetectionComment Mapping Defined 2024-02-13 12:53:18 -07:00
Corey Ogburn
64f6d0fba9 Updated Detection's ES Mappings 
Detection's now have a License field and the Comment model is defined now.
 2024-02-09 14:20:07 -07:00
Corey Ogburn
29174566f3 WIP: Updated Detection Mappings, Changed Engine to Language 
Detection mappings updated to include the removal of Note and the addition of Tags, Ruleset, and Language.

SOC defaults updated to use language based queries rather than engine and show the language column instead of the engine column in results.
 2024-02-08 09:44:56 -07:00
Corey Ogburn
585147d1de Added so-detection mapping in elasticsearch 2024-01-31 10:39:47 -07:00
Wes
8426aad56d Text mapping for scan.pe.flags 2024-01-24 15:10:42 +00:00
Wes
0bba68769b Make scan.pe.image_version type of 'float' 2023-09-26 14:05:12 +00:00
Wes
0fed757b11 Add entropy mapping 2023-08-31 15:10:27 +00:00
Wes
a59eda319e Remove security subfield 2023-07-18 19:00:50 +00:00
Wes
1d3e39b6bd Map user name to keyword and remove security subfield generation 2023-07-18 14:46:47 +00:00
Wes
495a9c0783 Add mapping for event.severity_label 2023-06-05 21:19:37 +00:00
Mike Reeves
5fc297b8c1 Change Elastic Logic 2023-03-21 16:52:08 -04:00
doug
fdffac83e1 sysmon fix by bryant 2022-09-19 14:47:45 -04:00
Wes Lambert
fe1b72655b Additional .keyword shims for process mappings 2022-03-24 16:45:06 +00:00
weslambert
406267a892 Add process.name.keyword 2022-03-08 12:42:34 -05:00
Wes Lambert
ffae22beef Add DTC syslog mappings for .keyword and add refs to defaults.yml 2022-03-04 13:04:11 +00:00
Wes Lambert
1f71816ad7 Add keyword subfield for DTC winlog mappings 2022-03-03 14:54:30 +00:00
Wes Lambert
1c086e36da Add missing comma for file mappings 2022-03-03 13:49:54 +00:00
Wes Lambert
85979cbce8 Add file, process, and winlog mapping changes 2022-03-03 13:37:27 +00:00
Wes Lambert
8f97f09c9c Additional .keyword changes for host.hostname client.address, and event.action 2022-03-02 21:54:46 +00:00
Wes Lambert
3ee46e4c29 Add .keyword for destination/source geo.country_name 2022-03-02 21:50:03 +00:00
Wes Lambert
ab9b81ea39 Change match_only_text to text for mac in host mappings 2022-03-02 15:01:05 +00:00
Wes Lambert
ed620b93b7 Add custom analyzer definition to all SO/DTC mappings 2022-03-02 14:43:19 +00:00
Wes Lambert
27c8eaa630 Update all other mappings for .security where applicable 2022-03-02 14:39:23 +00:00
Wes Lambert
e925d435ff Update event, file, and host mappings to include .security 2022-03-02 14:33:52 +00:00
Wes Lambert
496b161253 Update ECS mappings to include .security 2022-03-02 14:27:36 +00:00
Wes Lambert
aae2fd1fbb Update DNS mappings to include .security 2022-03-02 14:27:15 +00:00
Wes Lambert
0b45cf7ae1 Update base mappings to include .security 2022-03-02 14:25:57 +00:00
Wes Lambert
d89af5f04f Update agent mappings to include .security 2022-03-02 14:25:14 +00:00
Wes Lambert
5489b8559d Revert "Switch from .security to match_only_text" 
This reverts commit f7862af934.
 2022-03-01 18:44:00 +00:00
weslambert
e942d81433 Ensure correct formatting for source override 2022-02-25 19:14:58 -05:00
weslambert
a511fd33e9 Ensure correct formatting for destination override 2022-02-25 19:14:21 -05:00
Wes Lambert
a8bdff89ae Move files into SO component template directory 2022-02-25 18:00:16 +00:00
Wes Lambert
0f8a39002f Add .text subfield mappings for DTC where fields are defined 2022-02-24 19:39:52 +00:00
Wes Lambert
f7862af934 Switch from .security to match_only_text 2022-02-22 20:33:49 +00:00
Wes Lambert
9b841fd872 Add 'event.created' and 'event.ingested' keyword mapping 2022-02-08 21:34:32 +00:00
Wes Lambert
317f6471d8 Add additional scan and rule filset mappings 2022-02-04 19:05:09 +00:00
Wes Lambert
f3902cf77d Fix EG template and mappings 2022-02-04 16:00:16 +00:00
Wes Lambert
a3031b2b5c Additional DTC mapping changes 2022-02-04 15:38:51 +00:00
Wes Lambert
1ce386bb7f Add more DTC transition mappings 2022-02-03 17:33:05 +00:00
Wes Lambert
9db1510b0e Initial composable template configuration and base mappings 2022-02-02 02:08:31 +00:00