CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 18:22:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
16,037 Commits 24 Branches 119 Tags
d35ffef503b0933f56c65b47c25349b32caed24f
Commit Graph

16037 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Wes
f396247838 Add index templates and lifecycle policies 2024-05-31 17:46:19 +00:00
reyesj2
e3ea4776c7 Update kafka nodes pillar before running highstate with pillarwatch engine. This allows configuring your Kafka controllers before cluster comes up for the first time 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-31 13:34:28 -04:00
coreyogburn
37a928b065 Merge pull request #13107 from Security-Onion-Solutions/cogburn/detection-templates 
Added TemplateDetections To Detection ClientParams
 2024-05-30 16:26:17 -06:00
Corey Ogburn
85c269e697 Added TemplateDetections To Detection ClientParams 
The UI can now insert templates when you select a Detection language. These are those templates, annotated.
 2024-05-30 15:59:03 -06:00
m0duspwnens
6e70268ab9 Merge remote-tracking branch 'origin/2.4/dev' into sotcprp 2024-05-30 16:34:37 -04:00
Josh Patterson
fb8929ea37 Merge pull request #13103 from Security-Onion-Solutions/salt3006.8 
Salt3006.8
 2024-05-30 16:32:05 -04:00
weslambert
5d9c0dd8b5 Merge pull request #13101 from Security-Onion-Solutions/fix/separate_suricata 
Separate Suricata alerts into a specific data stream
 2024-05-30 16:30:55 -04:00
m0duspwnens
debf093c54 Merge remote-tracking branch 'origin/2.4/dev' into salt3006.8 2024-05-30 15:58:10 -04:00
reyesj2
00b5a5cc0c Revert "revert version for soup test before 2.4.80 pipeline unpaused" 
This reverts commit 48713a4e7b.
 2024-05-30 15:13:16 -04:00
reyesj2
dbb99d0367 Remove bad config 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-30 15:10:15 -04:00
m0duspwnens
7702f05756 upgrade salt 3006.8. soup for 2.4.80 2024-05-30 15:00:32 -04:00
Wes
2c635bce62 Set index for Suricata alerts 2024-05-30 17:02:31 +00:00
reyesj2
48713a4e7b revert version for soup test before 2.4.80 pipeline unpaused 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-30 13:00:34 -04:00
Wes
e831354401 Add Suricata alerts setting for configuration 2024-05-30 17:00:11 +00:00
Wes
55c5ea5c4c Add template for Suricata alerts 2024-05-30 16:58:56 +00:00
reyesj2
1fd5165079 Merge remote-tracking branch 'origin/2.4/dev' into reyesj2/kafka 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-29 23:37:40 -04:00
reyesj2
949cea95f4 Update pillarWatch config for global.pipeline 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-29 23:19:44 -04:00
Mike Reeves
12762e08ef Merge pull request #13093 from Security-Onion-Solutions/TOoSmOotH-patch-1 
Update VERSION
 2024-05-29 16:54:31 -04:00
Mike Reeves
62bdb2627a Update VERSION 2024-05-29 16:53:27 -04:00
reyesj2
386be4e746 WIP: Manage Kafka nodes pillar role value 
This way when kafka_controllers is updated the pillar value gets updated and any non-controllers get updated to revert to 'broker' only role.
 Needs more testing when a new controller joins in this manner Kafka errors due to cluster metadata being out of sync. One solution is to remove /nsm/kafka/data/__cluster_metadata-0/quorum-state and restart cluster. Alternative is working with Kafka cli tools to inform cluster of new voter, likely best option but requires a wrapper script of some sort to be created for updating cluster in-place.
Easiest option is to have all receivers join grid and then configure Kafka with specific controllers via SOC UI prior to enabling Kafka. This way Kafka cluster comes up in the desired configuration with no need for immediately modifying cluster

Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-29 16:48:39 -04:00
Mike Reeves
dfcf7a436f Merge pull request #13091 from Security-Onion-Solutions/2.4/dev 
2.4.70
2.4.70-20240529 		2024-05-29 16:41:54 -04:00
reyesj2
d9ec556061 Update some annotations and defaults 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-29 16:41:02 -04:00
reyesj2
876d860488 elastic agent should be able to communicate over 9092 for sending logs to kafka brokers 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-29 16:40:15 -04:00
Mike Reeves
88651219a6 Merge pull request #13090 from Security-Onion-Solutions/2.4.70 
2.4.70
 2024-05-29 14:54:16 -04:00
Mike Reeves
a655f8dc04 2.4.70 2024-05-29 14:52:47 -04:00
Mike Reeves
e98b8566c9 2.4.70 2024-05-29 14:50:22 -04:00
Josh Brower
ef10794e3b Merge pull request #13089 from Security-Onion-Solutions/2.4/realert 
fix rsync
 2024-05-29 11:12:45 -04:00
DefensiveDepth
0d034e7adc fix rsync 2024-05-29 10:55:56 -04:00
reyesj2
59097070ef Revert "Remove unneeded jolokia aggregate metrics to reduce data ingested to influx" 
This reverts commit 1c1a1a1d3f.
 2024-05-28 12:17:43 -04:00
reyesj2
77b5aa4369 Correct dashboard name 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-28 11:34:35 -04:00
reyesj2
0d7c331ff0 only show specific fields when hovering over Kafka influxdb panels 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-28 11:29:38 -04:00
reyesj2
1c1a1a1d3f Remove unneeded jolokia aggregate metrics to reduce data ingested to influx 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-28 11:14:19 -04:00
reyesj2
47efcfd6e2 Add basic Kafka metrics to 'Security Onion Performance' influxdb dashboard 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-28 10:55:11 -04:00
reyesj2
15a0b959aa Add jolokia metrics for influxdb dashboard 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-28 10:51:39 -04:00
Josh Brower
ca49943a7f Merge pull request #13085 from Security-Onion-Solutions/2.4/soupchange 
Check to see if local exists
 2024-05-28 10:25:46 -04:00
DefensiveDepth
ee4ca0d7a2 Check to see if local exists 2024-05-28 10:24:09 -04:00
Josh Brower
0d634f3b8e Merge pull request #13084 from Security-Onion-Solutions/2.4/soupchange 
Fix fi
 2024-05-28 10:05:33 -04:00
DefensiveDepth
f68ac23f0e Fix fi 
Signed-off-by: DefensiveDepth <Josh@defensivedepth.com>
 2024-05-28 10:03:31 -04:00
Josh Brower
825c4a9adb Merge pull request #13083 from Security-Onion-Solutions/2.4/soupchange 
Backup .yml files too
 2024-05-28 09:45:53 -04:00
DefensiveDepth
2a2b86ebe6 Dont overwrite 2024-05-28 09:43:45 -04:00
DefensiveDepth
74dfc25376 backup local rules 2024-05-28 09:29:10 -04:00
DefensiveDepth
81ee60e658 Backup .yml files too 2024-05-28 06:42:18 -04:00
reyesj2
fcb6a47e8c Remove redis.sh telegraf script when Kafka is global pipeline 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-26 21:10:41 -04:00
Josh Brower
49fd84a3a7 Merge pull request #13081 from Security-Onion-Solutions/2.4/soupchange 
Dont bail - just wait for enter
 2024-05-24 16:28:40 -04:00
DefensiveDepth
58b565558d Dont bail - just wait for enter 2024-05-24 16:21:59 -04:00
Josh Brower
185fb38b2d Merge pull request #13079 from Security-Onion-Solutions/2.4/sigmapipelineupdates 
Add IDH mappings
 2024-05-24 14:48:22 -04:00
DefensiveDepth
550b3ee92d Add IDH mappings 2024-05-24 14:46:24 -04:00
Josh Brower
29a87fd166 Merge pull request #13078 from Security-Onion-Solutions/2.4/socdefaultsdet 
Add instructions for sigma and yara repos
 2024-05-24 13:02:01 -04:00
DefensiveDepth
f90d40b471 Fix typo 2024-05-24 12:56:17 -04:00
DefensiveDepth
4344988abe Add instructions for sigma and yara repos 2024-05-24 12:54:36 -04:00