CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 17:52:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
16,010 Commits 24 Branches 119 Tags
dcdf31eee8532c93547e240f99fb45b8ef82df8d
Commit Graph

166 Commits

Author SHA1 Message Date
reyesj2
0e87351a9c add zeek.quic mappings 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-01-08 16:18:53 -06:00
reyesj2
157185c370 add ti_opencti integration support 2024-12-18 11:33:49 -06:00
reyesj2
754d28e95d add openvpn & ipsec support to Zeek 2024-12-05 09:52:55 -06:00
reyesj2
44ec237447 additional integration support - cisco secure email gateway - rapid7 threat command 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-11-15 11:39:01 -06:00
Corey Ogburn
8334fd9c46 Source Dates 2024-11-07 14:44:45 -07:00
reyesj2
039d5c22ac fix: crowdstrike integration 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-11-06 14:35:41 -06:00
defensivedepth
7896f951f3 timestamp fix 2024-10-31 10:24:58 -04:00
reyesj2
36fc3bbd6d add so-ip-mappings index 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-10-30 10:24:11 -04:00
Corey Ogburn
640f53d085 Cleanup 
Fix indentation and trailing comma.
 2024-10-24 17:05:36 -06:00
Corey Ogburn
1aa9d87c5d Corrected 
Put the note on the right model this time.
 2024-10-24 17:05:36 -06:00
Corey Ogburn
e11c562022 Added Note to ES Mappings 2024-10-24 17:05:35 -06:00
Jorge Reyes
cf95af66c6 Revert "Add support for cybereason integration" 2024-10-21 15:23:05 -04:00
reyesj2
8b11019712 Add support for cybereason integration 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-10-18 11:56:47 -04:00
reyesj2
322199358d add support for trendmicro integration 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-10-16 16:45:46 -04:00
Wes
70c5a07913 Add back meta ad error.message 2024-09-23 21:36:40 +00:00
Wes
41112a59ec Add back meta 2024-09-23 20:12:14 +00:00
Wes
764eb98bc2 Add custom component for ints 2024-09-17 19:43:13 +00:00
Wes
25a9fb9b5c Add destination IP for so-system 2024-09-09 20:16:23 +00:00
Wes
9264a03dbc Add custom system component 2024-07-31 17:03:26 +00:00
weslambert
bae348bef7 Change version 2024-07-30 16:44:44 -04:00
Wes
2d0de87530 Add component templates for Fleet metrics 2024-07-17 15:19:46 +00:00
Wes
a8c231ad8c Add component templates 2024-05-31 17:47:01 +00:00
Wes
3285ae9366 Update mappings for detection fields 2024-05-01 20:11:56 +00:00
reyesj2
55cf90f477 merge 2.4/dev 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-11 14:44:59 -04:00
reyesj2
68e016090b Fix network.wireless.ssid not parsing 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-11 13:21:54 -04:00
reyesj2
4097e1d81a Create mappings for Kismet integration 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-10 16:10:27 -04:00
Corey Ogburn
00cea6fb80 Detection Author as a Keyword instead of Text 
With Quick Actions added to Detections, as many fields should be usable as possible.
 2024-04-05 11:22:47 -06:00
reyesj2
000d15a53c Kismet integration: TODO Elasticsearch mappings 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-03-29 13:56:01 -04:00
Wes
005930f7fd Add error.message mapping for system.syslog 2024-03-07 15:41:23 +00:00
Corey Ogburn
0d297274c8 DetectionComment Mapping Defined 2024-02-13 12:53:18 -07:00
Corey Ogburn
64f6d0fba9 Updated Detection's ES Mappings 
Detection's now have a License field and the Comment model is defined now.
 2024-02-09 14:20:07 -07:00
Corey Ogburn
29174566f3 WIP: Updated Detection Mappings, Changed Engine to Language 
Detection mappings updated to include the removal of Note and the addition of Tags, Ruleset, and Language.

SOC defaults updated to use language based queries rather than engine and show the language column instead of the engine column in results.
 2024-02-08 09:44:56 -07:00
Corey Ogburn
585147d1de Added so-detection mapping in elasticsearch 2024-01-31 10:39:47 -07:00
Wes
12ab6338db Add diagnostic 2024-01-25 20:16:52 +00:00
Wes
8426aad56d Text mapping for scan.pe.flags 2024-01-24 15:10:42 +00:00
weslambert
1dcca0bfd3 Change pipeline to 1.13.1 2023-11-07 12:17:51 -05:00
weslambert
cce80eb2fb Change pipeline to 1.8.0 2023-11-07 09:02:48 -05:00
Wes
0bba68769b Make scan.pe.image_version type of 'float' 2023-09-26 14:05:12 +00:00
Wes
cf19c8f8c2 Remove templates 2023-09-05 13:43:41 +00:00
Wes
0fed757b11 Add entropy mapping 2023-08-31 15:10:27 +00:00
Josh Brower
9437a47946 Fix formatting 2023-07-26 10:54:24 -04:00
Wes
4efc951eaf Add tags 2023-07-24 20:57:39 +00:00
Wes
4b7e7978ef Add final pipeline 2023-07-19 19:56:54 +00:00
Wes
a59eda319e Remove security subfield 2023-07-18 19:00:50 +00:00
Wes
1d3e39b6bd Map user name to keyword and remove security subfield generation 2023-07-18 14:46:47 +00:00
Wes
48331ce35b Add system.system component templates 2023-06-14 13:29:11 +00:00
Wes
8cde05807c Remove elastic-agent dir 2023-06-13 21:33:04 +00:00
Wes
2ac0aba916 Add osquery files 2023-06-13 21:32:02 +00:00
Wes
af003cc2a1 Add osquery templates 2023-06-13 20:43:39 +00:00
Wes
bd7644a557 Add another template 2023-06-13 19:13:20 +00:00