securityonion

mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-25 14:07:49 +02:00

Author	SHA1	Message	Date
weslambert	26b5a39912	Change index to detections.alerts	2024-05-13 12:59:17 -04:00
DefensiveDepth	f2c3c928fc	Sigma pivot fix and cleanup	2024-04-29 08:49:05 -04:00
Josh Brower	5a72c558cb	Tag at top level	2023-07-11 08:35:47 -04:00
Josh Brower	a6e907f76c	Tag Playbook Alerts	2023-07-11 08:03:15 -04:00
weslambert	96b60fa39a	Restore original URL syntax, but use data stream	2023-06-06 20:53:05 -04:00
weslambert	f172a74fbc	Remove EQL setting	2023-06-06 20:51:29 -04:00
weslambert	c4be56ec7b	Update host syntax	2023-06-06 20:51:03 -04:00
Wes	905bc564fc	Change data stream name	2023-06-05 21:18:47 +00:00
Wes	f6f387428f	Update Playbook alerter to write to a data stream	2023-06-05 21:17:10 +00:00
Mike Reeves	cace817c79	Merge branch '2.4/dev' of https://github.com/Security-Onion-Solutions/securityonion into airgaps	2023-05-24 08:43:03 -04:00
weslambert	00bd93c026	Update 'url' to use 'es_hosts'	2023-05-19 17:14:13 -04:00
weslambert	1ddf45bbbe	Change Elastalert writeback index name from 'elastalert_status' to 'elastalert'	2023-05-19 12:39:27 -04:00
Mike Reeves	5315c51197	Allow additional docker parameters	2023-05-18 16:52:38 -04:00
Mike Reeves	c0dc05f26a	Allow additional docker parameters	2023-05-18 16:39:42 -04:00
Mike Reeves	0fd9fb9294	Allow additional docker parameters	2023-05-18 15:19:09 -04:00
Wes	d3c7ea4805	Add EQL option	2023-05-18 16:55:26 +00:00
Wes	82c3d78672	Change Elasticsearch host syntax	2023-05-18 16:52:27 +00:00
m0duspwnens	9049f9cf03	enabled/disable elastalert via web ui	2023-05-08 15:56:26 -04:00
Mike Reeves	7595072e85	Fix some files	2023-05-02 12:15:05 -04:00
Mike Reeves	2d4f4791e0	Move files out of common	2023-05-01 15:21:31 -04:00
Mike Reeves	3d7f2bc691	Fix annotations and file locations	2023-04-27 13:23:53 -04:00
Mike Reeves	148b0b1c4c	use hostnames please	2023-02-23 11:11:29 -05:00
Mike Reeves	95f254dc63	Change elastalert ip	2023-02-23 09:37:20 -05:00
Mike Reeves	dc2fed5b04	Change elastalert ip	2023-02-23 09:34:16 -05:00
Mike Reeves	0ec0983d7b	Chane Elastalert to use hosntame	2023-02-23 08:57:30 -05:00
m0duspwnens	a37f0fd0c0	rename sosbridge to sobridge	2023-02-03 10:07:07 -05:00
m0duspwnens	ac157432de	include docker	2023-01-09 14:58:36 -05:00
m0duspwnens	ec5c565cec	put elastalert on sosbridge	2023-01-09 14:49:33 -05:00
m0duspwnens	b526532ab6	use global vars in states	2022-10-11 11:57:15 -04:00
doug	fee5a7bea9	initial quick OCD pass	2022-09-23 16:29:55 -04:00
Mike Reeves	85339d7cb1	Add helpLinks to everything	2022-09-20 15:43:34 -04:00
Mike Reeves	064b64f68a	Add Grafana annotation	2022-09-13 14:00:04 -04:00
Mike Reeves	de047cea8e	Add Grafana annotation	2022-09-13 13:56:37 -04:00
Mike Reeves	3de4e56db9	Fix ES merge	2022-09-10 19:25:01 -04:00
Mike Reeves	037d5d1c46	Fix yaml for idh,es,kib,esalert	2022-09-09 15:55:51 -04:00
Mike Reeves	e2eaefab6e	Fix yaml for idh,es,kib,esalert	2022-09-09 15:45:13 -04:00
Mike Reeves	74ef6c0ed0	Fix yaml for idh,es,kib,esalert	2022-09-09 15:30:28 -04:00
Mike Reeves	2bd9dd80e2	Move In Day	2022-09-07 09:06:25 -04:00
m0duspwnens	7d7cf42d9a	use onlyif requisite instead	2022-07-13 15:21:34 -04:00
m0duspwnens	086cf3996d	do not start elastalert if elasticsearch is not v8	2022-07-13 11:21:27 -04:00
Jason Ertel	eefcc929c2	Update copyright pattern to match other repos	2022-01-24 10:09:23 -05:00
m0duspwnens	7ebba1f325	use show_changes: False to prevent es pw from being shown when running the state	2022-01-19 12:11:38 -05:00
m0duspwnens	4d078046d6	quote ES_PASS due to new characters in random string for elasticsearch:auth pw generation	2022-01-19 11:55:25 -05:00
m0duspwnens	f93c6146f5	docker binds requires	2021-10-21 15:24:55 -04:00
Jason Ertel	d0592c4293	Update ElastAlert to use ElastAlert 2	2021-09-28 00:51:29 -04:00
Josh Brower	591ef540a6	esalerter ES creds fix	2021-06-21 10:50:09 -04:00
Jason Ertel	059b016c62	Fix require statement	2021-06-16 21:48:31 -04:00
Jason Ertel	2d34208269	Elastic auth: Fun with Salt	2021-06-16 17:52:22 -04:00
Jason Ertel	dd14235e31	Accept either 200 or 401 instead of wasting 3 minutes waiting for this to timeout	2021-06-16 11:39:21 -04:00
Jason Ertel	09fbb045a1	If ES auth disabled ensure user/pass are blank	2021-06-16 09:59:57 -04:00

1 2 3

133 Commits