CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-25 14:07:49 +02:00
Code Issues Packages Projects Releases Wiki Activity
15,765 Commits 40 Branches 125 Tags
d5df002f980ab1e4a442d410fd56ec976cdd9768
Commit Graph

397 Commits

Author SHA1 Message Date
TOoSmOotH d9d7f49b96 Adjust elasticsearch.yml 2020-12-10 11:09:38 -05:00
Wes Lambert f689722559 Add initial suricata.ftp_data pipeline 2020-12-10 14:14:50 +00:00
TOoSmOotH af15f0eb38 remove ml node.role 2020-12-09 16:23:38 -05:00
Mike Reeves 30e69bf7b2 Merge branch 'escluster' into newescluster 2020-12-09 15:23:49 -05:00
Mike Reeves 94253e92a6 Adjust the elasticsearch config 2020-12-03 10:38:18 -05:00
weslambert 95570976a8 Add indices.query.bool.max_clause_count to allow for wildcard searches targeting more than 1024 fields 2020-12-03 09:29:44 -05:00
Mike Reeves 3e322c38eb Fix config for single cluster mode 2020-12-02 15:33:35 -05:00
Mike Reeves d004263b71 Add Elastic Clustering 2020-12-02 14:33:22 -05:00
Mike Reeves ddca9563e5 Merge branch 'mkrmerge' into escluster 2020-11-24 10:29:57 -05:00
OmerTirosh e2ee0db727 Ignore failure for rename processor 
Ignore failure for winlog.event_data.SubjectUserName rename processor.
For some event ids (for example 4688), this field already been added in winlogbeat JS processor.
Therefor, elastic throw [user.name] already exists error.
 2020-11-24 17:21:47 +02:00
Mike Reeves 426769588a Merge pull request #1739 from jtgreen-cse/patch-2 
fix for Windows events via osquery
 2020-11-21 13:27:05 -05:00
Josh Brower 1908a68330 Cleanup & fix sysmon pid ingest 2020-11-14 16:19:23 -05:00
Wes Lambert fddfb8eb92 Syslog updates 2020-11-13 16:06:22 +00:00
Wes Lambert 8258b782fc Update syslog pipeline to allow for initial CEF parsing and pipeline targeting 2020-11-11 21:39:40 +00:00
weslambert ea1f53b40c Add check for field 2020-11-11 10:29:58 -05:00
Wes Lambert 7e578d2ce0 Pull out additional fields from Exif info 2020-11-09 16:53:53 +00:00
Wes Lambert 6420ee0310 Update parsing for scan.exiftool 2020-11-02 19:28:12 +00:00
jtgreen-cse 6359e03ba6 fix for Windows events via osquery 
This change was required to properly let Windows events flow through their specific pipelines. Otherwise, the `temp` field stays around and gets ingested in ES.
 2020-10-29 15:03:13 -04:00
Mike Reeves 57d8f25422 Create master node role in ES 2020-10-28 16:44:14 -04:00
William Wernert 3648e293a1 [fix] Add -L option to curl to respect redirects 2020-10-26 14:08:52 -04:00
Mike Reeves ecfd1bbe4d Merge remote-tracking branch 'remotes/origin/dev' into escluster 2020-10-26 13:33:05 -04:00
weslambert 4765ef5f5c Change rule_ruleset to rule.ruleset 2020-10-20 22:14:23 -04:00
Mike Reeves 97a2d91d15 Re-arrange whiptail screens 2020-10-19 12:14:30 -04:00
Wes Lambert 54c4ee796f Rename file.flavors.mime to file.mime_type 2020-10-14 18:56:44 +00:00
Wes Lambert 3c820365ab Fix common pipeline field removal so won't fail for missing fields 2020-10-14 13:55:24 +00:00
Wes Lambert 14559b081d Ensure Zeek logs without ts field have an @timestamp field associated 2020-10-12 17:19:23 +00:00
Mike Reeves f5cfd480a3 Moar encryptions 2020-10-12 09:12:36 -04:00
Mike Reeves b7c4fd94c4 get pipelines to load 2020-10-11 16:57:08 -04:00
Mike Reeves f6f9097cd9 Enable tls for 9200 on search capable nodes 2020-10-11 10:53:54 -04:00
Doug Burks 87574181d5 Add Community ID to pfsense filterlog #1501 2020-10-10 08:11:51 -04:00
Doug Burks 8d1ba1f4db fix pfsense firewall udp parsing 2020-10-10 07:38:47 -04:00
Doug Burks 9aa4112de1 Remove extra comma 2020-10-10 06:10:10 -04:00
Wes Lambert 28a1f7f88a Remove pfsense tag 2020-10-10 00:03:51 +00:00
Wes Lambert b55ffa44f8 Fix module,dataset rename 2020-10-10 00:01:37 +00:00
Wes Lambert 69a04dedd3 Filterlog config changes 2020-10-09 23:56:52 +00:00
Wes Lambert a6d3dcf398 More fixes for rule field 2020-10-08 13:36:47 +00:00
Wes Lambert a2e2f23a8d Add null safe check for rule 2020-10-08 13:14:39 +00:00
weslambert 5ada85942b Lowercase network.transport 2020-10-08 07:59:57 -04:00
Wes Lambert 7543144afe Don't use regex for determining rule type 2020-10-07 16:15:43 +00:00
Wes Lambert 015a441e79 Change rule.signature_info to rule.reference and ensure common.nids exists 2020-10-07 15:20:26 +00:00
Wes Lambert f0a1457ffd Update common.nids 2020-10-07 15:14:08 +00:00
Wes Lambert 8c07c098f6 Pipeline cleanup 2020-10-06 20:14:15 +00:00
Wes Lambert 350cc41740 Let zeek.common handle common fields for zeek.tunnels 2020-10-06 20:12:23 +00:00
Wes Lambert 019bec992d Add Strelka YARA matches as alerts 2020-10-06 12:19:44 +00:00
weslambert bc31e19e37 Put back rule.category for Wazuh alerts 2020-10-05 11:34:29 -04:00
Wes Lambert 77d31cb289 Add event.severity and event.severity_label config for Wazuh alerts 2020-10-05 12:50:29 +00:00
Wes Lambert 02d2e5e2c6 Fix isue with null Zeek server IP 2020-09-30 17:53:30 +00:00
Wes Lambert 869767d9d9 Add initial parsing for Wazuh WEL/Sysmon 2020-09-28 19:04:21 +00:00
Doug Burks 24c325e9a1 Fix Elasticsearch parsing for Zeek Intel Indicator #1309 2020-09-10 06:41:19 -04:00
Josh Brower c3b2d98ffb Add event.category to WEL 2020-09-10 06:15:30 -04:00