CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,085 Commits 24 Branches 119 Tags
ded520c2c1f23eb5b1035641775bfcd635f253cc
Commit Graph

15 Commits

Author SHA1 Message Date
reyesj2
d0ba6df2fc remove any "" from dns.resolved_ip 2025-08-19 13:44:24 -05:00
reyesj2
95bee91b12 zeek dns.resolved_ip 2025-08-19 11:20:59 -05:00
Josh Brower
31cd5b1365 Add support for dns.resolved_ip 2025-06-20 15:02:59 -04:00
weslambert
2c10ad7eec Check if 'dns.query' is null 2023-05-19 15:50:33 -04:00
Wes
40c6b380df Update Import and Zeek integration policies; also update Zeek ingest node pipelines to set event.dataset. 2023-01-23 21:44:46 +00:00
Doug Burks
32b71fdcac Avoid changing _index for imported logs 2022-02-26 10:36:09 -05:00
weslambert
23fb62c0d6 Split Zeek DNS records into a separate index 2022-02-24 12:52:25 -05:00
weslambert
c5b5c5858e Rename to prevent field conflict 2022-02-02 14:31:46 -05:00
weslambert
367b59188b Revert back to dns.answers for now 2022-01-31 09:54:39 -05:00
weslambert
8f0a327cb5 Fix Zeek field name so it doesn't conflict with mapping of other dns.answers fields 2022-01-26 15:02:59 -05:00
doug
3467f30603 Improve support for Suricata metadata #2200 2021-02-22 10:27:24 -05:00
Wes Lambert
8f5da66335 Add null safe operator for query name 2020-06-30 03:02:38 +00:00
Doug Burks
29420da565 Only process zeek.dns.tld if dns.query.name contains a dot #734 
https://github.com/Security-Onion-Solutions/securityonion-saltstack/issues/734
 2020-05-19 10:08:30 -04:00
Doug Burks
60d2a0818b Add to zeek.dns and have it send to zeek.dns.tld 
https://github.com/Security-Onion-Solutions/securityonion-saltstack/issues/599
 2020-05-15 15:31:17 -04:00
Wes Lambert
9ad16e8c71 upadte ingest config 2020-03-11 12:13:53 +00:00