CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-21 16:33:08 +01:00
Code Issues Packages Projects Releases Wiki Activity
16,037 Commits 18 Branches 120 Tags
d35ffef503b0933f56c65b47c25349b32caed24f
Commit Graph

805 Commits

Author SHA1 Message Date
Doug Burks
f689cfcd0a FEATURE: Add Events table columns for stun logs #12940 2024-05-06 08:52:43 -04:00
DefensiveDepth
26c6a98b45 Initial airgap support for detections 2024-05-06 08:43:01 -04:00
Doug Burks
7b905f5a94 FEATURE: Add Events table columns for tunnel logs #12937 2024-05-06 08:22:08 -04:00
Doug Burks
0822a46e94 FIX: Improve File dashboard #12914 2024-05-02 10:42:34 -04:00
Doug Burks
1be3e6204d FIX: Improve File dashboard #12914 2024-05-02 10:38:56 -04:00
Josh Patterson
72b2503b49 Merge pull request #12906 from Security-Onion-Solutions/det_easr 
Apply autoEnabledSigmaRules based on role if defined and default if not
 2024-05-01 13:05:36 -04:00
m0duspwnens
47ba4c0f57 add new annotation for soc autoEnabledSigmaRules 2024-05-01 12:55:29 -04:00
Mike Reeves
10c8e4203c Update config.sls 2024-05-01 12:54:21 -04:00
m0duspwnens
7122709bbf set Sigma rules based on role if defined and default if not 2024-05-01 12:25:34 -04:00
Mike Reeves
f7223f132a Update config.sls 2024-05-01 12:00:39 -04:00
Mike Reeves
8cd75902f2 Update config.sls 2024-05-01 11:47:51 -04:00
Corey Ogburn
ddf662bdb4 Mark Repos as Community 
Indicate that detection rules pulled from configured repos should be marked as Community rules.
 2024-04-29 16:22:30 -06:00
DefensiveDepth
f2c3c928fc Sigma pivot fix and cleanup 2024-04-29 08:49:05 -04:00
DefensiveDepth
3c3ed8b5c5 Add runtime status logs 2024-04-24 16:33:47 -04:00
Jorge Reyes
d402943403 Merge pull request #12773 from Security-Onion-Solutions/reyesj2/kismet 
Kismet integration for WiFi devices
 2024-04-22 15:59:22 -04:00
DefensiveDepth
a237ef5d96 Update default queries 2024-04-19 16:33:35 -04:00
DefensiveDepth
ff28476191 Fix compile_yara path 2024-04-16 13:10:17 -04:00
DefensiveDepth
8cc4d2668e Move compile_yara 2024-04-16 12:52:14 -04:00
DefensiveDepth
dbfb178556 Add test 2024-04-16 12:22:53 -04:00
DefensiveDepth
f5e42e73af Add docs for ruleset change 2024-04-12 13:30:20 -04:00
DefensiveDepth
49ccd86c39 Fix fingerprint paths 2024-04-12 08:35:44 -04:00
reyesj2
55cf90f477 merge 2.4/dev 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-11 14:44:59 -04:00
reyesj2
c269fb90ac Added a Kismet Wifi devices dashboard for an overview of kismet data 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-11 14:41:54 -04:00
DefensiveDepth
1c5f02ade2 Update annotations 2024-04-11 09:21:08 -04:00
DefensiveDepth
ed97aa4e78 Enable Detections Adv by default 2024-04-11 08:21:20 -04:00
DefensiveDepth
376efab40c Ship Defender logs 2024-04-08 14:01:38 -04:00
Josh Brower
8e38c3763e Merge pull request #12756 from Security-Onion-Solutions/2.4/detections-defaults 
Use list not string
 2024-04-04 17:00:38 -04:00
DefensiveDepth
ca807bd6bd Use list not string 2024-04-04 16:58:39 -04:00
Josh Brower
f72cbd5f23 Merge pull request #12755 from Security-Onion-Solutions/2.4/detections-defaults 
2.4/detections defaults
 2024-04-04 11:33:59 -04:00
DefensiveDepth
49d5fa95a2 Detections tweaks 2024-04-04 11:26:44 -04:00
Doug Burks
d8ac3f1292 FEATURE: Add dashboards specific to Elastic Agent #12746 2024-04-04 09:30:05 -04:00
Doug Burks
5ec3b834fb FEATURE: Add Events table columns for event.module sigma #12743 2024-04-04 09:11:41 -04:00
Jason Ertel
a7fab380b4 clarify telemetry annotation 2024-04-04 07:51:23 -04:00
Jason Ertel
a9517e1291 clarify telemetry annotation 2024-04-04 07:49:30 -04:00
DefensiveDepth
f66cca96ce YARA casing 2024-04-03 16:17:29 -04:00
Corey Ogburn
0f50a265cf Update SOC Config with State File Paths 
Each detection engine is getting a state file to help manage the timer over restarts. By default, the files will go in soc's config folder inside a fingerprints folder.
 2024-04-03 13:12:18 -06:00
Jason Ertel
3e05c04aa1 Merge pull request #12731 from Security-Onion-Solutions/jertel/ana 
SOC Telemetry
 2024-04-03 14:51:41 -04:00
Doug Burks
9078b2bad2 FEATURE: Add Events table columns for event.module kratos #12740 2024-04-03 12:46:29 -04:00
Doug Burks
66844af1c2 FEATURE: Add dashboard for SOC Login Failures #12738 2024-04-03 11:54:53 -04:00
Josh Brower
fbdcc53fe0 Merge pull request #12732 from Security-Onion-Solutions/2.4/detections-defaults 
Feature - auto-enabled Sigma rules
 2024-04-03 09:01:09 -04:00
DefensiveDepth
a8f25150f6 Feature - auto-enabled Sigma rules 2024-04-03 08:21:50 -04:00
Doug Burks
2f03cbf115 FEATURE: Add Events table columns for event.module strelka #12716 2024-04-02 10:42:20 -04:00
Doug Burks
b2b54ccf60 FEATURE: Add Events table columns for event.module strelka #12716 2024-04-02 10:11:16 -04:00
Doug Burks
6c2437f8ef FEATURE: Add Events table columns for event.module playbook #12703 2024-04-02 09:55:56 -04:00
Doug Burks
505eeea66a Update defaults.yaml 2024-04-02 09:39:54 -04:00
DefensiveDepth
7f488422b0 Add default columns 2024-04-02 09:13:27 -04:00
Jason Ertel
9d2b40f366 Merge branch '2.4/dev' into jertel/ana 2024-04-01 09:50:38 -04:00
Jason Ertel
3aea2dec85 analytics 2024-04-01 09:50:18 -04:00
Corey Ogburn
e5a3a54aea Proper YAML 2024-03-29 14:31:43 -06:00
Doug Burks
b64ed5535e FEATURE: Add individual dashboards for Zeek SSL and Suricata SSL logs #12699 2024-03-29 15:29:38 -04:00