CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-09 18:52:52 +01:00
Code Issues Packages Projects Releases Wiki Activity
4,804 Commits 26 Branches 119 Tags
db12b6f3c67f3a418ab42c0fa55e4297cb6ff99f
Commit Graph

4804 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
William Wernert
db12b6f3c6 Remove salt call to automation_user_create 2020-10-02 13:17:57 -04:00
William Wernert
96d32fda51 Add old api key to pillar during soup 2020-10-02 13:16:58 -04:00
William Wernert
20fd757847 Run playbook-ruleupdate after soctopus is running 2020-10-02 10:05:10 -04:00
William Wernert
39e14b3910 Merge branch 'dev' into feature/generate-playbook-api-key 2020-10-02 08:39:09 -04:00
Mike Reeves
c7fcdc8084 Merge pull request #1438 from Security-Onion-Solutions/socyaml 
Socyaml
 2020-10-01 18:08:33 -04:00
Mike Reeves
4991ea8de3 Jason made me rename json 2020-10-01 18:07:06 -04:00
Mike Reeves
36ccece724 commas gone crazy 2020-10-01 18:02:06 -04:00
Mike Reeves
a0432e97b0 Python print ftl 2020-10-01 17:57:56 -04:00
Mike Reeves
490278a4c3 Add alert events filed 2020-10-01 17:49:17 -04:00
Mike Reeves
bd5efbabd9 Fix Mode 2020-10-01 17:43:43 -04:00
Mike Reeves
8fa426f265 Cleanup sync 2020-10-01 17:41:55 -04:00
Mike Reeves
9d9d3aac53 Switch to JSON from yaml 2020-10-01 17:37:57 -04:00
Mike Reeves
744a8bca73 More json for soc 2020-10-01 17:30:23 -04:00
Mike Reeves
8a41636e7f More json for soc 2020-10-01 17:28:45 -04:00
Mike Reeves
dc79dca7fe More json for soc 2020-10-01 17:25:51 -04:00
Mike Reeves
1c55f738ec More json for soc 2020-10-01 17:23:29 -04:00
William Wernert
e98012ae2c Fix jinja and change state orrder in setup 2020-10-01 17:16:26 -04:00
Mike Reeves
92fa33159e More json for soc 2020-10-01 17:12:08 -04:00
Mike Reeves
5730c85988 More json for soc 2020-10-01 17:04:15 -04:00
Mike Reeves
63be0734c9 More json for soc 2020-10-01 17:00:25 -04:00
Mike Reeves
5653828154 More json for soc 2020-10-01 16:57:04 -04:00
weslambert
2d2f4de337 Merge pull request #1437 from Security-Onion-Solutions/fix/kib_scripted_thehive 
Update scripted field for TheHive case
 2020-10-01 16:54:02 -04:00
Wes Lambert
8a81a5148b Update scripted field for TheHive case 2020-10-01 20:52:57 +00:00
weslambert
98bef8fb9d Merge pull request #1436 from Security-Onion-Solutions/fix/kibana_soc_thehive_case 
Add SOC url for api integration
 2020-10-01 16:47:11 -04:00
Wes Lambert
eced18c3cc Add SOC url for api integration 2020-10-01 20:29:28 +00:00
Jason Ertel
8e15ed56d6 'Escalated' filter toggle will auto-enable 'acknowledged' filter toggle 2020-10-01 16:23:47 -04:00
Mike Reeves
cc2f2de5b5 soc.json stuff 2020-10-01 15:23:07 -04:00
Mike Reeves
b423e8d22a soc.json stuff 2020-10-01 15:20:13 -04:00
Mike Reeves
1a561f6b12 soc.json stuff 2020-10-01 15:18:34 -04:00
William Wernert
a5bf4bbb35 Fix test for key in global.sls 2020-10-01 14:47:18 -04:00
Doug Burks
e836f96c65 move rule.uuid after rule.name 2020-10-01 12:09:52 -04:00
Doug Burks
4851069a10 remove rule.gid from Alerts groupby since Wazuh and Playbook may not have that field 2020-10-01 11:51:40 -04:00
William Wernert
040730e8f5 Rename script for consistent naming 2020-10-01 11:22:11 -04:00
William Wernert
afb777fc8f Add automation user creation to soup when resetting playbook db 2020-10-01 11:13:24 -04:00
Doug Burks
bc19cce4c2 Acknowledging an alert may acknowledge more alerts than intended #1426 2020-10-01 10:00:54 -04:00
Doug Burks
26781de244 Add Strelka query to Hunt #1433 2020-10-01 06:59:36 -04:00
William Wernert
2264b6e51c Add comments to shell code explaining curl statements 2020-09-30 19:54:34 -04:00
William Wernert
03b97cce75 Fix comment in new state + remove useless sleep command 2020-09-30 19:49:13 -04:00
William Wernert
11ae904100 Quiet script output + fix pillar value 2020-09-30 19:46:18 -04:00
weslambert
6818de9e64 Merge pull request #1431 from Security-Onion-Solutions/fix/elastlert_rules 
Remove rule sync, since we don't have any rules to sync
 2020-09-30 18:36:11 -04:00
weslambert
887937a75d Remove rule sync, since we don't have any rules to sync 2020-09-30 18:35:35 -04:00
William Wernert
596f2d31e4 Automation -> automation 2020-09-30 17:04:24 -04:00
William Wernert
3ec255ecee Remove old api token from sql 2020-09-30 17:03:35 -04:00
William Wernert
6361c790e9 Move automation user create to separate script to run after playbook state 2020-09-30 17:02:02 -04:00
William Wernert
8e80b41ca9 Remove Automation user from sql, gen user + store api key 2020-09-30 16:32:43 -04:00
Jason Ertel
1454201505 Disable thehivealerter 2020-09-30 15:26:29 -04:00
Jason Ertel
3af6e9e1fe Remove mount point for SOCtopus generated playbook rules to avoid them activating and sending alerts to TheHive 2020-09-30 15:14:45 -04:00
Mike Reeves
8b5ff31351 Merge pull request #1430 from Security-Onion-Solutions/redis 
Add Redis pillar and fix idstools
 2020-09-30 15:09:59 -04:00
Mike Reeves
7314e2dea8 Add Redis pillar and fix idstools 2020-09-30 15:08:44 -04:00
Jason Ertel
ff04bb507a Remove default Elastalert rules to stop automated alerts from being sent to thehive 2020-09-30 15:06:54 -04:00