CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-09 02:32:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
16,037 Commits 25 Branches 119 Tags
d35ffef503b0933f56c65b47c25349b32caed24f
Commit Graph

805 Commits

Author SHA1 Message Date
Jorge Reyes
107ca38268 fix http query for "includes" function 2025-01-14 08:24:07 -06:00
Jorge Reyes
35547b476f update http query 2025-01-14 08:13:27 -06:00
Jorge Reyes
ad765200c3 Merge pull request #14105 from Security-Onion-Solutions/reyesj2/moarzeekparse 
Additional Zeek parsing & cloudflare_logpush integration
 2025-01-13 11:37:21 -06:00
reyesj2
14c920a258 fix hidden ldap menu subtitle 2025-01-13 09:23:32 -06:00
Joshua Brower
dcdf31eee8 Fix folder perm 2025-01-10 16:15:17 -05:00
reyesj2
e60a1e4357 zeek ldap & ldap_search parsing 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-01-09 16:06:10 -06:00
Joshua Brower
a2caf7425d Add config options 2025-01-07 13:22:14 -05:00
Joshua Brower
6fa11a38ef Update defaults 2025-01-07 13:14:50 -05:00
Josh Brower
8408a53b82 Merge remote-tracking branch 'origin/2.4/dev' into 2.4/navigator 2025-01-02 16:13:34 -05:00
Doug Burks
927b618ec9 Update Zeek QUIC dashboard, add Hunt query, add quic.server.name as column in Events table 2025-01-02 06:57:56 -05:00
reyesj2
9f83853922 Zeek QUIC support 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-12-31 13:44:20 -06:00
defensivedepth
7237b8971e Refactor pipeline for hash changes 2024-12-23 15:41:13 -05:00
defensivedepth
9475211417 Refactor Navigator for Detections 2024-12-09 16:31:51 -05:00
reyesj2
754d28e95d add openvpn & ipsec support to Zeek 2024-12-05 09:52:55 -06:00
Josh Brower
04ffdf9b15 Merge pull request #13958 from Security-Onion-Solutions/2.4/autoenablesigma 
More flexibility for AutoEnable Sigma rules
 2024-11-21 09:47:49 -05:00
defensivedepth
f61bf1bd67 Remove adv 2024-11-21 09:15:29 -05:00
defensivedepth
b1c4e32123 Remove duplicate option 2024-11-21 09:11:44 -05:00
defensivedepth
8958da83b3 Deprecate instead 2024-11-20 18:00:26 -05:00
defensivedepth
3fcf197bc1 Tweak structure 2024-11-19 11:54:15 -05:00
Corey Ogburn
d86c009f55 Add Annotations to Existing Detections Options 
The autoUpdateEnabled setting has been present for awhile and now have annotations.
 2024-11-18 14:35:55 -07:00
defensivedepth
56d6857cd6 Addl customization for autoenable sigma 2024-11-18 09:03:17 -05:00
reyesj2
1113c3924f zeek http2 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-11-14 09:09:23 -06:00
Jason Ertel
5b74a55c3c ensure roles file exists since no longer syncing clients to es 2024-11-11 17:21:42 -05:00
Jason Ertel
57a9992a3d Merge branch '2.4/dev' into jertel/wip 2024-11-11 10:06:44 -05:00
defensivedepth
dcbb0e48d4 make sure its owned by socore 2024-11-08 14:34:29 -05:00
defensivedepth
8b70aa9f0e Fix socore permissions 2024-11-08 09:19:41 -05:00
defensivedepth
f5bd8ab585 Rewrite docs 2024-11-07 15:33:47 -05:00
defensivedepth
28d468dd41 Merge remote-tracking branch 'origin/2.4/dev' into 2.4/templaterepos 2024-11-07 07:25:01 -05:00
Corey Ogburn
52a144c052 Added Help Link to Annotation for IgnoredSidRanges 2024-11-05 12:11:17 -07:00
Corey Ogburn
25d55feeef More Detailed Description 2024-11-05 11:41:14 -07:00
Corey Ogburn
5e48ccafce Update Default Value 2024-11-05 11:11:34 -07:00
Corey Ogburn
69dd35c30a Add Option for Ignoring Ranges of SIDs in Suricata Integrity Check 2024-11-04 14:31:53 -07:00
Jason Ertel
c9f6b5206a connect 2024-11-01 16:18:40 -04:00
Jason Ertel
825dbb36dd connect 2024-11-01 15:37:59 -04:00
Jason Ertel
cd2e5bf2d0 rename role 2024-10-31 17:20:44 -04:00
Jason Ertel
a146153ee9 switch to json 2024-10-30 12:44:01 -04:00
defensivedepth
5406a263d5 Add local custom template 2024-10-29 19:42:06 -04:00
Jason Ertel
3f3ac21f50 connect 2024-10-29 12:28:24 -04:00
Jason Ertel
11820a16f0 connect 2024-10-29 12:04:38 -04:00
Jason Ertel
1243c7588b connect 2024-10-28 19:42:01 -04:00
Jason Ertel
624c4855c8 connect 2024-10-28 19:25:20 -04:00
Jason Ertel
12a76a9d35 connect 2024-10-28 19:11:26 -04:00
Josh Brower
6a3e5415cf Merge pull request #13832 from Security-Onion-Solutions/2.4/sigmapipelines 
Add process and file creation mappings
 2024-10-28 18:30:21 -04:00
defensivedepth
f3ca5b1c42 Remove OS-specific mappings 2024-10-28 09:19:51 -04:00
Corey Ogburn
6ce52bf9ab Specify Defaults for detectionEngineStatusQueries 
Specify the defaults as an example to the user.
 2024-10-24 13:11:49 -06:00
Corey Ogburn
f67fcecc6e Clean up StatusQueries String 2024-10-24 11:18:48 -06:00
Corey Ogburn
b7c392a244 Corrected a misspelling 2024-10-24 11:18:48 -06:00
Corey Ogburn
ad0b0a5e95 Refactor to String 
To accomodate the config screen, the annotation now specifies it as a multiline string with a yaml syntax. The user can edit the yaml to add or remove queries. The UI will parse the YAML before use.

Also updated the IntegrityFailure queries to specify table columns more relevant to a sync failure than the default ones.
 2024-10-24 11:18:47 -06:00
Corey Ogburn
c77b0afd8e Move to Client/Detections 
Added a basic annotation.
 2024-10-24 11:18:47 -06:00
Corey Ogburn
04ebe4efea Array to Dictionary 2024-10-24 11:18:46 -06:00