CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-03-27 23:12:50 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,854 Commits 43 Branches 123 Tags
d60bef1371dc1f8ef751ecaaa77c5f5baeff4ce0
Commit Graph

172 Commits

Author SHA1 Message Date
Josh Patterson
4dc377c99f DOCKER to DOCKERMERGED 2026-03-17 15:06:06 -04:00
Mike Reeves
4bb61d999d Merge pull request #15628 from Security-Onion-Solutions/zeekload 
Add salt states for custom Zeek package loading
 2026-03-17 13:40:14 -04:00
Mike Reeves
e0e0e3e97b Exclude README from zkg sync 2026-03-17 13:36:56 -04:00
Mike Reeves
6b039b3f94 Consolidate zkg directory creation into file.recurse with makedirs 2026-03-17 13:36:03 -04:00
Mike Reeves
e6ee7dac7c Add salt states for custom Zeek package loading 
Create /opt/so/conf/zeek/zkg directory and sync custom packages
from the manager via file.recurse. Bind mount the directory into
the so-zeek container so the entrypoint can install packages on
startup.
 2026-03-17 13:22:59 -04:00
Mike Reeves
b452e70419 Keep JA4S_raw and JA4H_raw hardcoded to disabled 2026-03-17 09:37:37 -04:00
Mike Reeves
6809497730 Add SOC UI toggle for JA4+ fingerprinting in Zeek 
JA4 (BSD licensed) remains always enabled, but JA4+ variants (JA4S,
JA4D, JA4H, JA4L, JA4SSH, JA4T, JA4TS, JA4X) require a FoxIO license
and are now toggleable via the SOC UI. The toggle includes a license
agreement warning and defaults to disabled.
 2026-03-17 09:35:31 -04:00
Mike Reeves
63bb44886e Add JA4D option to config.zeek.ja4 2025-12-01 10:00:42 -05:00
reyesj2
136a829509 detect-sqli deprecated in favor of detect-sql-injection 2025-11-14 16:51:00 -06:00
Josh Patterson
18c0f197b2 suricata bpf 2025-11-10 13:28:19 -05:00
Mike Reeves
c16bf50493 Update files 2025-10-07 14:20:25 -04:00
Mike Reeves
6b8e2e2643 Add Filters 2025-10-01 19:58:07 -04:00
reyesj2
a19b99268d don't create unused zeek home directory 2025-08-12 15:44:50 -05:00
Doug Burks
2a166af524 UPGRADE: Zeek Ethercat plugin #14783 2025-07-22 16:10:44 -04:00
Mike Reeves
eabca5df18 Update defaults.yaml 2025-07-21 11:01:33 -04:00
Mike Reeves
5dac3ff2a6 Update enabled.sls 2025-07-21 10:58:25 -04:00
Mike Reeves
93024738d3 Update config.sls 2025-07-21 10:57:45 -04:00
Mike Reeves
05a368681a Create config.zeek.ja4 2025-07-21 10:53:54 -04:00
Josh Brower
b55cb257b6 Add parsing for Playbook 2025-05-19 13:25:27 -04:00
reyesj2
af6245f19d add zeek file_extraction forcedType for instances where a single line is speciifed 2025-03-17 14:30:17 -05:00
Jorge Reyes
14cb41ea87 Merge pull request #14001 from Security-Onion-Solutions/reyesj2/zeekvpn 
add openvpn & ipsec support to Zeek
 2024-12-06 12:06:02 -06:00
reyesj2
1de20e9d43 fix zeek file extract 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-12-06 09:55:56 -06:00
reyesj2
754d28e95d add openvpn & ipsec support to Zeek 2024-12-05 09:52:55 -06:00
reyesj2
1113c3924f zeek http2 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-11-14 09:09:23 -06:00
reyesj2
ba7a6dbbf0 Remove tuning/defaults "Remove in v7.1 The policy/tuning/defaults package is deprecated. The options set here are now the defaults for Zeek in general." 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-11-12 18:37:46 -06:00
Jason Ertel
0566f46d5b Clarify enabled settings 2024-09-16 10:41:01 -04:00
Jason Ertel
217bb388a0 Clarify enabled settings 2024-09-16 10:05:17 -04:00
Jason Ertel
66563a4da0 zeek networks will only ever have one HOME_NETWORKS setting 2024-05-01 09:31:11 -04:00
Jason Ertel
d0e140cf7b zeek networks will only ever have one HOME_NETWORKS setting 2024-05-01 09:30:52 -04:00
Jason Ertel
87c6d0a820 zeek networks will only ever have one HOME_NETWORKS setting 2024-05-01 09:29:36 -04:00
Jason Ertel
84db82852c annotation updates for custom settings 2024-04-30 15:14:56 -04:00
Mike Reeves
d57f773072 Fix regex to allow ipv6 in bpfs 2024-03-27 09:36:42 -04:00
m0duspwnens
dfe707ab64 fix issue/11610 2023-10-24 17:26:39 -04:00
reyesj2
dd28dc6ddd Add back plugin-tds/ plugin-profinet. Using patched versions for Zeek 6 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2023-10-18 15:30:32 -04:00
reyesj2
ed693a7ae6 Remove commented lines in defaults.yaml to avoid UI issues. 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2023-10-16 15:48:51 -04:00
reyesj2
e5c936e8cf Replace external zeek-community-id with builtin community-id. Disable plugin-tds + plugin-profinet. Not updated for Zeek 6.x 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2023-10-16 15:18:26 -04:00
Mike Reeves
2427344dca Update defaults.yaml 2023-09-27 15:58:58 -04:00
Mike Reeves
f094b1162d Update defaults.yaml 2023-09-27 15:48:05 -04:00
Doug Burks
09e005127e Update soc_zeek.yaml 2023-06-02 07:41:55 -04:00
Wes
2bb77251b0 Move Elastic Fleet logging exclusions to the Fleet pillar 2023-05-31 13:38:58 +00:00
weslambert
36791665f3 Merge pull request #10462 from Security-Onion-Solutions/feature/elastic_agent_zeek_logging 
Dynamic integration configuration and Zeek log exclusions for Elastic Agent
 2023-05-30 19:27:13 -04:00
Wes
e5117a343d Change description 2023-05-30 17:10:17 +00:00
Wes
e910f04beb Add default description and Zeek log exclusions for Elastic Fleet 2023-05-30 03:10:52 +00:00
Mike Reeves
8ce0d76287 Zeek Annotations 2023-05-25 12:12:18 -04:00
Mike Reeves
3be3df00d1 Zeek Annotations 2023-05-25 12:10:15 -04:00
Mike Reeves
bf4ac0c2dd Allow additional docker parameters 2023-05-18 17:08:39 -04:00
Mike Reeves
5315c51197 Allow additional docker parameters 2023-05-18 16:52:38 -04:00
Mike Reeves
0fd9fb9294 Allow additional docker parameters 2023-05-18 15:19:09 -04:00
m0duspwnens
63cea88c1d enable/disable influxdb in ui 2023-05-11 12:43:06 -04:00
m0duspwnens
9049f9cf03 enabled/disable elastalert via web ui 2023-05-08 15:56:26 -04:00