805 Commits

Author	SHA1	Message	Date
DefensiveDepth	484717d57d	initial support for custom suricata urls and local rulesets	2024-06-14 08:42:10 -04:00
Corey Ogburn	d5ef0e5744	Fix unnecessary escaping	2024-06-11 12:34:32 -06:00
DefensiveDepth	08d2a6242d	Add new bind - suricata all.rules	2024-06-11 10:03:33 -04:00
Corey Ogburn	ee696be51d	Remove rootCA and insecureSkipVerify from SOC defaults	2024-06-07 13:07:04 -06:00
Corey Ogburn	5d3fd3d389	AdditionalCA and InsecureSkipVerify ... New fields have been added to manager and then duplicated over to SOC's config in the same vein as how proxy was updated earlier this week. AdditionalCA holds the PEM formatted public keys that should be trusted when making requests. It has been implemented for both Sigma's zip downloads and Sigma and Suricata's repository clones and pulls. InsecureSkipVerify has been added to help our users troubleshoot their configuration. Setting it to true will not verify the cert on outgoing requests. Self signed, missing, or invalid certs will not throw an error.	2024-06-07 12:47:09 -06:00
Corey Ogburn	fa063722e1	RootCA and InsecureSkipVerify ... New empty settings and their annotations.	2024-06-07 09:10:14 -06:00
Corey Ogburn	42818a9950	Remove proxy from SOC defaults	2024-06-06 13:28:07 -06:00
Corey Ogburn	e85c3e5b27	SOC Proxy Setting ... The so_proxy value we build during install is now copied to SOC's config.	2024-06-06 11:55:27 -06:00
Corey Ogburn	85c269e697	Added TemplateDetections To Detection ClientParams ... The UI can now insert templates when you select a Detection language. These are those templates, annotated.	2024-05-30 15:59:03 -06:00
Josh Brower	185fb38b2d	Merge pull request #13079 from Security-Onion-Solutions/2.4/sigmapipelineupdates ... Add IDH mappings	2024-05-24 14:48:22 -04:00
DefensiveDepth	550b3ee92d	Add IDH mappings	2024-05-24 14:46:24 -04:00
DefensiveDepth	f90d40b471	Fix typo	2024-05-24 12:56:17 -04:00
DefensiveDepth	4344988abe	Add instructions for sigma and yara repos	2024-05-24 12:54:36 -04:00
Josh Brower	979147a111	Merge pull request #13062 from Security-Onion-Solutions/2.4/backupscript ... Detections backup script	2024-05-24 10:06:56 -04:00
DefensiveDepth	66725b11b3	Added unit tests	2024-05-24 09:55:10 -04:00
Jason Ertel	bd11d59c15	add event.dataset since there are other datasets in soc logs	2024-05-24 08:38:12 -04:00
Jason Ertel	15155613c3	provide default columns when viewing SOC logs	2024-05-24 08:23:45 -04:00
Mike Reeves	1e6161f89c	Update defaults.yaml	2024-05-23 08:19:43 -04:00
Doug Burks	3d4f3a04a3	Update defaults.yaml to fix order of groupby tables and eliminate duplicate	2024-05-23 05:56:18 -04:00
DefensiveDepth	a072e34cfe	Fix casing issue	2024-05-22 17:12:41 -04:00
DefensiveDepth	d19c1a514b	Detections backup script	2024-05-22 15:12:23 -04:00
DefensiveDepth	f9e9b825cf	Removed unneeded groupby	2024-05-21 17:53:20 -04:00
DefensiveDepth	3992ef1082	Add rule.uuid to default groupbys	2024-05-21 17:45:56 -04:00
Jason Ertel	31fdf15ce1	Merge branch '2.4/dev' into jertel/eaconfig	2024-05-20 18:59:35 -04:00
Jason Ertel	6b2219b7f2	elastalert settings	2024-05-20 18:52:37 -04:00
Corey Ogburn	6e97c39f58	Marked as Advanced	2024-05-20 14:52:05 -06:00
Corey Ogburn	026023fd0a	Annotate integrityCheckFrequencySeconds per det engine	2024-05-20 14:35:11 -06:00
Corey Ogburn	fcc72a4f4e	Add Default IntegrityCheck Frequency Values	2024-05-20 11:23:25 -06:00
Corey Ogburn	0cc57fc240	Change Compilation Report Path ... Move compilation report path to /opt/so/state and mount that foulder in SOC	2024-05-17 15:47:23 -06:00
Jason Ertel	1c4d36760a	add support for custom alerters	2024-05-17 14:49:39 -04:00
DefensiveDepth	b4aec9a9d0	alphabetical order	2024-05-15 16:29:21 -04:00
Mike Reeves	8803ad4018	Update enabled.sls	2024-05-15 14:05:48 -04:00
Mike Reeves	7345d2c5a6	Update enabled.sls	2024-05-15 11:16:20 -04:00
Doug Burks	67645a662d	FEATURE: Add NetFlow dashboard #13009	2024-05-14 10:14:16 -04:00
Doug Burks	5b45c80a62	FEATURE: Add NetFlow dashboard #13009	2024-05-14 10:01:18 -04:00
DefensiveDepth	e430de88d3	Change rule updates to 24h	2024-05-13 13:15:06 -04:00
DefensiveDepth	c4c38f58cb	Update descriptions	2024-05-13 13:13:57 -04:00
Jason Ertel	45fd07cdf8	Merge pull request #12987 from Security-Onion-Solutions/jertel/testcy ... Add quick action to find related alerts for a detection	2024-05-09 18:08:08 -04:00
Jason Ertel	fecd674fdb	Add quick action to find related alerts for a detection	2024-05-09 17:55:41 -04:00
Mike Reeves	ad9fdf064b	Update config.sls	2024-05-08 15:24:29 -04:00
Corey Ogburn	1da88b70ac	Specify Error Retry Wait and Error Limit for All Detection Engines ... If a sync errors out, the engine will wait `communityRulesImportErrorSeconds` seconds instead of the usual `communityRulesImportFrequencySeconds` seconds wait. If `failAfterConsecutiveErrorCount` errors happen in a row when syncing detections to ElasticSearch then the sync is considered a failure and will give up and try again later. This assumes ElasticSearch is the source of the errors and backs of in hopes it'll be able to fix itself.	2024-05-07 10:34:50 -06:00
Jason Ertel	b4817fa062	Merge pull request #12956 from Security-Onion-Solutions/jertel/testcy ... test regexes for detections	2024-05-07 08:45:38 -07:00
Jason Ertel	4ebe070cd8	test regexes for detections	2024-05-06 19:03:12 -04:00
Josh Brower	b997e44715	Merge pull request #12939 from Security-Onion-Solutions/2.4/detections-airgap ... Initial airgap support for detections	2024-05-06 15:46:29 -04:00
m0duspwnens	2431d7b028	Merge branch '2.4/detections-airgap' of https://github.com/Security-Onion-Solutions/securityonion into 2.4/detections-airgap	2024-05-06 15:27:27 -04:00
m0duspwnens	554a203541	update airgapEnabled in map file	2024-05-06 12:59:45 -04:00
DefensiveDepth	be1758aea7	Fix license and folder	2024-05-06 12:22:44 -04:00
m0duspwnens	38f74d2e9e	change quotes	2024-05-06 11:38:30 -04:00
m0duspwnens	5b966b83a9	change rulesRepos for airgap or not	2024-05-06 09:26:52 -04:00
Doug Burks	3f73b14a6a	FEATURE: Add event.dataset to all Events table layouts #12641	2024-05-06 09:20:47 -04:00