Commit Graph
100 Commits
Author SHA1 Message Date
weslambertandGitHub c25b981c50 Merge pull request #8688 from Security-Onion-Solutions/elastic_agent_security_subfield_additions
Elastic Agent .security subfield additions
2022-09-08 08:05:16 -04:00
Wes 86d60e444d Add Elastic Agent index/template configuration to defaults file 2022-09-08 00:20:22 +00:00
Wes b39a5061ca Load Elastic Agent component templates (managed by Security Onion) 2022-09-07 21:26:43 +00:00
Wes eeffded248 Remove duplicate security subfield configuration from component templates 2022-09-07 21:23:04 +00:00
Wes 3c50072690 Add Elastic Agent component templates 2022-09-07 18:51:57 +00:00
weslambertandGitHub 8099b1688b Merge pull request #8319 from Security-Onion-Solutions/fix/elasticsearch_query_missing_query_path
Fix missing query path for so-elasticsearch-query
2022-07-18 09:47:16 -04:00
weslambertandGitHub 2914007393 Add forward slash to fix issue with missing query path 2022-07-18 09:07:34 -04:00
weslambertandGitHub f5e10430ed Add forward slash to fix issue with missing query path 2022-07-18 09:07:13 -04:00
weslambertandGitHub 52ebbf8ff3 Merge pull request #8304 from Security-Onion-Solutions/fix/kibana_space_defaults_web_response_url
Change web_response to evaluate the response from the Spaces API and the default space query
2022-07-14 12:08:02 -04:00
weslambertandGitHub 2443e8b97e Change web_response to evaluate the response from the Spaces API and the default space query 2022-07-14 12:04:56 -04:00
weslambertandGitHub 4241eb4b29 Merge pull request #8298 from Security-Onion-Solutions/fix/kibana_space_defaults_shebang
Add shebang so that so-kibana-space-defaults will work correctly on Ubuntu
2022-07-13 16:50:21 -04:00
weslambertandGitHub 0fd4f34b5b Add shebang so that so-kibana-space-defaults will work correctly on Ubuntu 2022-07-13 16:48:39 -04:00
weslambertandGitHub 4a5664db7b Merge pull request #8289 from Security-Onion-Solutions/fix/soup_unsupported_indices_check
Add missing 'fi' to if/then for unsupported indices check
2022-07-13 09:15:22 -04:00
weslambertandGitHub 513c7ae56c Add missing 'fi' to if/then for unsupported indices check 2022-07-13 09:13:28 -04:00
weslambertandGitHub fa894cf83b Merge pull request #8288 from Security-Onion-Solutions/fix/soup_elastalert_indices_deletion_check
Ensure Elastalert indices are deleted before continuing with SOUP
2022-07-13 08:44:04 -04:00
weslambertandGitHub 8e92060c29 Ensure Elastalert indices are deleted before continuing with SOUP -- if they are not, generate a failure condition 2022-07-13 08:38:55 -04:00
weslambertandGitHub d7eb8b9bcb Merge pull request #8281 from Security-Onion-Solutions/fix/soup_elasticsearch8_index_compatibility
SOUP - Check for indices created by Elasticsearch 6
2022-07-12 16:20:47 -04:00
weslambertandGitHub d0a0ca8458 Update exit code for ES checks 2022-07-12 16:15:44 -04:00
weslambertandGitHub 4502182b53 Typo - Ensure Elasticsearch version 6 indices are checked 2022-07-12 15:35:46 -04:00
weslambertandGitHub 0fc6f7b022 Add check for Elasticsearch 6 indices 2022-07-12 15:34:24 -04:00
weslambertandGitHub e9a22d0aff Merge pull request #8275 from Security-Onion-Solutions/fix/filebeat_es_output_additions
Specify outputs for Elasticsearch and Kibana for Eval and Import Mode
2022-07-11 19:03:07 -04:00
weslambertandGitHub 11d3ed36b7 Specify outputs for Elasticsearch and Kibana for Eval and Import Mode
Add outputs for Elasticsearch and Kibana for Eval/Import Mode, since Logstash is not used in Eval Mode or Import Mode. Otherwise, logs from these inputs end up in a filebeat-prefixed index.
2022-07-11 17:22:09 -04:00
weslambertandGitHub d828bbfe47 Merge pull request #8273 from Security-Onion-Solutions/fix/kibana_space_defaults_cases
Add securitySolutionCases feature to ensure Cases are disabled by default
2022-07-11 16:39:30 -04:00
weslambertandGitHub bd32394560 Add securitySolutionCases feature to ensure Cases are disabled by default 2022-07-11 16:38:05 -04:00
weslambertandGitHub 6f4f050a96 Merge pull request #8272 from Security-Onion-Solutions/fix/soup_kibana_space_defaults
Run so-kibana-space-defaults when upgrading to 2.3.140
2022-07-11 14:47:11 -04:00
weslambertandGitHub f77edaa5c9 Run so-kibana-space-defaults to re-establish the default enabled features since Fleet feature name changed 2022-07-11 14:41:23 -04:00
weslambertandGitHub dd1d5b1a83 Merge pull request #8270 from Security-Onion-Solutions/fix/curator_actions_delete_kratos
Add delete and warm action for Kratos indices in applicable Curator delete/warm scripts
2022-07-11 11:39:43 -04:00
weslambertandGitHub e82b6fcdec Typo - Change 'delete' to 'warm' 2022-07-11 11:34:53 -04:00
weslambertandGitHub 8c8ac41b36 Add action for Kratos indices 2022-07-11 11:32:03 -04:00
weslambertandGitHub b611dda143 Add delete action for Kratos indices 2022-07-11 11:31:22 -04:00
weslambertandGitHub 3f5b98d14d Merge pull request #8269 from Security-Onion-Solutions/fix/curator_actions_kratos
Add Curator actions and adjust Curator close scripts to account for so-kibana and so-kratos indices
2022-07-11 11:21:20 -04:00
Wes Lambert 0b6219d95f Adjust Curator close scripts to include Kibana and Kratos indices 2022-07-11 14:51:33 +00:00
Wes Lambert 2f729e24d9 Add Curator action files for Kratos indices 2022-07-11 14:34:10 +00:00
weslambertandGitHub 992b6e14de Merge pull request #8268 from Security-Onion-Solutions/fix/kibana_disable_fleetv2
Disable fleetv2 because it is now used to control Fleet visibility and 'fleet' is now used for 'Integrations'
2022-07-11 10:09:12 -04:00
weslambertandGitHub 09a1d8c549 Disable fleetv2 because it is now used to control Fleet visibility and 'fleet' is now used for 'Integrations' 2022-07-11 10:06:24 -04:00
weslambertandGitHub 2903bdbc7e Merge pull request #8260 from Security-Onion-Solutions/fix/kratos_dedicated_index_and_filestream_id_additions
Add dedicated index for Kratos and IDs for all filestream inputs
2022-07-08 12:04:40 -04:00
Wes Lambert 5c90fce3a1 Add Kratos Logstash output to search pipeline for Logstash 2022-07-08 15:58:00 +00:00
Wes Lambert 26698cfd07 Add Logstash output for dedicated Kratos index 2022-07-08 15:55:55 +00:00
Wes Lambert 764e8688b1 Modify Kratos input to use dedicated index and add filestream ID for all applicable inputs 2022-07-08 15:53:55 +00:00
Wes Lambert b06c16f750 Add ingest node pipeline for Kratos 2022-07-08 15:53:00 +00:00
weslambertandGitHub 42cfab4544 Merge pull request #8256 from Security-Onion-Solutions/fix/kibana_restart_after_role_sync
Restart Kibana in case it times out before being able to read role update
2022-07-07 17:44:47 -04:00
weslambertandGitHub 4bbc901860 Restart Kibana in case it times out before being able to read in new role configuration 2022-07-07 17:19:02 -04:00
weslambertandGitHub a343f8ced0 Merge pull request #8255 from Security-Onion-Solutions/fix/so_kibana_user_role
Force so-user to sync roles to ensure so_kibana role change
2022-07-07 16:19:30 -04:00
weslambertandGitHub 85be2f4f99 Force so-user to sync roles to ensure so_kibana role change from superuser to kibana_system 2022-07-07 15:55:44 -04:00
weslambertandGitHub 8b3fa0c4c6 Merge pull request #8252 from Security-Onion-Solutions/feature/elastic_8_3_2
Update to Elastic 8.3.2
2022-07-07 11:14:14 -04:00
weslambertandGitHub ede845ce00 Update to Kibana 8.3.2 2022-07-07 11:05:44 -04:00
weslambertandGitHub 42c96553c5 Update to Kibana 8.3.2 2022-07-07 11:04:43 -04:00
weslambertandGitHub 2b73cd1156 Merge pull request #8236 from Security-Onion-Solutions/fix/localfile_analyzer
Strip quotes and ensure file_path is typed as a list (localfile analyzer)
2022-07-05 16:28:56 -04:00
weslambertandGitHub 77ee30f31a Merge pull request #8237 from Security-Onion-Solutions/feature/elastic_8_3_1
Bump Elastic to 8.3.1
2022-07-05 14:50:24 -04:00
weslambertandGitHub 2938464501 Update to Kibana 8.3.1 2022-07-05 14:46:02 -04:00
weslambertandGitHub 79e88c9ca3 Update to Kibana 8.3.1 2022-07-05 14:45:30 -04:00
Wes Lambert e96206d065 Strip quotes and ensure file_path is typed as a list 2022-07-05 14:25:54 +00:00
weslambertandGitHub 3552dfac03 Merge pull request #8199 from Security-Onion-Solutions/fix/filebeat_filestream_elastic8
Change type from 'log' to 'filestream' to ensure compatibility with E…
2022-06-27 14:58:54 -04:00
weslambertandGitHub 85f790b28a Change type from 'log' to 'filestream' to ensure compatibility with Elastic 8 2022-06-27 10:39:58 -04:00
weslambertandGitHub d0818e83c9 Merge pull request #8197 from Security-Onion-Solutions/fix/localfile_analyzer_csv_path
Ensure file_path uses jinja to derive the value(s) from the pillar
2022-06-27 10:36:59 -04:00
weslambertandGitHub 568b43d0af Ensure file_path uses jinja to derive the value(s) from the pillar 2022-06-27 10:10:13 -04:00
weslambertandGitHub 10bcc43e85 Merge pull request #8167 from Security-Onion-Solutions/feature/update_es_8_2_3
Update to Elastic 8.2.3
2022-06-21 16:11:39 -04:00
weslambertandGitHub af687fb2b5 Update config_saved_objects.ndjson 2022-06-21 16:06:28 -04:00
weslambertandGitHub 776cc30a8e Update to ES 8.2.3 2022-06-21 16:06:01 -04:00
weslambertandGitHub 44595cb333 Merge pull request #8123 from Security-Onion-Solutions/foxtrot
Merge foxtrot into dev
2022-06-14 15:44:13 -04:00
weslambertandGitHub 959cec1845 Delete Elastalert indices before upgrading to Elastic 8 2022-06-14 11:40:11 -04:00
weslambertandGitHub 151a42734c Update Elastic version to 8.2.2 2022-06-08 15:07:45 -04:00
weslambertandGitHub 11e3576e0d Update Elastic version to 8.2.2 2022-06-08 15:07:07 -04:00
weslambertandGitHub adeccd0e7f Merge pull request #8097 from Security-Onion-Solutions/dev
Merge latest dev into foxtrot
2022-06-08 15:01:09 -04:00
weslambertandGitHub aadf391e5a Temporarily downgrade version for merge 2022-06-08 14:59:01 -04:00
weslambertandGitHub 47f74fa5c6 Temporarily downgrade version for merge 2022-06-08 14:58:05 -04:00
weslambertandGitHub 494ce0756d Merge pull request #8045 from Security-Onion-Solutions/fix/mhr_naming
Fix naming for Malware Hash Registry analyzer
2022-05-31 07:52:48 -04:00
Wes Lambert 7f30a364ee Make sure everything is added back after renaming mhr to malwarehashregistry 2022-05-31 11:44:35 +00:00
Wes Lambert c82aa89497 Fix Malware Hash Registry naming so it's more descriptive in SOC 2022-05-31 11:41:48 +00:00
weslambertandGitHub a59ada695b Merge pull request #8031 from Security-Onion-Solutions/fix/screenshots
Fix/screenshots
2022-05-27 17:05:51 -04:00
weslambertandGitHub 1a0ac4d253 Merge pull request #8007 from Security-Onion-Solutions/fix/filestream-id
Add filestream input ID for RITA logs
2022-05-25 10:11:36 -04:00
weslambertandGitHub 44622350ea Add ID for RITA filestream inputs 2022-05-25 10:09:01 -04:00
weslambertandGitHub 99864f4787 Merge pull request #8001 from Security-Onion-Solutions/feature/analyzer_readme
Add configuration requirements for various analyzers
2022-05-25 09:33:07 -04:00
Wes Lambert b93512eb01 Adjust verbiage around pillar configuration 2022-05-24 12:36:32 +00:00
Wes Lambert 92dee14ee8 Add configuration requirements for various analyzers 2022-05-24 12:29:14 +00:00
weslambertandGitHub 3e6dfcfaca Merge pull request #7996 from Security-Onion-Solutions/weslambert-patch-2
Create Virustotal README
2022-05-23 11:43:43 -04:00
weslambertandGitHub a6f1bf3aef Create Virustotal README 2022-05-23 11:39:44 -04:00
Wes Lambert 429ccb2dcc Only import yaml module when config is loaded 2022-05-18 02:07:39 +00:00
weslambertandGitHub 94ca3ddbda Merge pull request #7961 from Security-Onion-Solutions/weslambert-patch-1
Add information for MHR and WhoisLookup, and other minor updates
2022-05-17 13:33:24 -04:00
weslambertandGitHub d3206a048f Add information for MHR and WhoisLookup, and other minor updates 2022-05-17 12:49:16 -04:00
weslambertandGitHub ff855eb8f7 Merge pull request #7958 from Security-Onion-Solutions/feature/mhr_analyzer
Add Team Cymru Malware Hash Registry Analyzer
2022-05-17 12:42:01 -04:00
Wes Lambert 8af1f19ac3 Another no_results change 2022-05-17 16:12:43 +00:00
Wes Lambert e4a7e3cba6 Change 'No results found.' to 'no_results' 2022-05-17 16:11:58 +00:00
weslambertandGitHub 2688083ff1 Merge pull request #7959 from Security-Onion-Solutions/feature/whoislookup-analyzer
Add Whoislookup RDAP-based analyzer
2022-05-17 12:09:06 -04:00
Wes Lambert 766e9748c5 Add Whoislookup RDAP-based analyzer 2022-05-17 15:52:12 +00:00
weslambertandGitHub 3761b491c0 Remove whitespace 2022-05-17 10:50:33 -04:00
Wes Lambert e8fc3ccdf4 Add Team Cymru Malware Hash Registry Analyzer 2022-05-17 14:44:53 +00:00
weslambertandGitHub 6c506bbab0 Merge pull request #7935 from Security-Onion-Solutions/fix/pulsedive
Fix Pulsedive analyzer logic
2022-05-12 15:20:15 -04:00
Wes Lambert 3dc266cfa9 Add test for when indicator is not found 2022-05-12 19:02:41 +00:00
Wes Lambert a233c08830 Update logic to handle indicators that are not present in database. 2022-05-12 19:02:02 +00:00
weslambertandGitHub 7f797a11f8 Merge pull request #7924 from Security-Onion-Solutions/analyzer-docs
Update analyzer docs with information about analyzers that require au…
2022-05-10 09:40:50 -04:00
weslambertandGitHub 34d57c386b Update analyzer docs with information about analyzers that require authentication 2022-05-10 09:32:18 -04:00
weslambertandGitHub 000e813fbb Merge pull request #7921 from Security-Onion-Solutions/fix/analyzer-packages
Update analyzer packages to those downloaded by Alpine and add additional build script option
2022-05-09 16:43:31 -04:00
Wes Lambert 555ca2e277 Update analyzer build/testing script to download necessary Python packages 2022-05-09 20:06:39 +00:00
Wes Lambert 32adba6141 Update analyzer packages with those built from native (Alpine) Docker image 2022-05-09 20:04:41 +00:00
weslambertandGitHub 9800f59ed7 Add Urlscan to observable support matrix 2022-05-06 13:11:43 -04:00
Wes Lambert ccac71f649 Fix formatting/whitespace 2022-05-06 17:08:40 +00:00
Wes Lambert 1990ba0cf0 Fix formatting/whitespace 2022-05-06 17:08:33 +00:00
Wes Lambert 8ff5778569 Add Urlscan analyzer and tests 2022-05-06 17:01:06 +00:00
weslambertandGitHub a96c665d04 Change test name for EmailRep 2022-05-03 14:13:25 -04:00