CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-01-07 16:53:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
14,592 Commits 21 Branches 120 Tags
df058b3f4a3ab63fdfd220d9763fffcefd2f8f25
Commit Graph

591 Commits

Author SHA1 Message Date
Josh Brower
b8d33ab983 Merge pull request #12639 from Security-Onion-Solutions/2.4/enable-detections 
Enable Detections
 2024-03-25 09:30:01 -04:00
Corey Ogburn
237946e916 Specify Folder in Rule Repo 2024-03-22 13:52:20 -06:00
Corey Ogburn
3d04d37030 Update ElastAlert Config with Default Repos 2024-03-22 13:52:20 -06:00
Doug Burks
a78a304d4f FEATURE: Add event.dataset to all Events column layouts #12641 2024-03-22 13:19:31 -04:00
DefensiveDepth
5ca9ec4b17 Enable Detections 2024-03-22 10:12:26 -04:00
Doug Burks
2b019ec8fe Merge pull request #12634 from Security-Onion-Solutions/dougburks-patch-1 
FEATURE: Add Events column layout for event.module system #12628
 2024-03-22 05:52:23 -04:00
DefensiveDepth
4a33234c34 Default update to 24 hours 2024-03-21 07:26:19 -04:00
Doug Burks
778997bed4 FEATURE: Add Events column layout for event.module system #12628 2024-03-20 17:07:37 -04:00
DefensiveDepth
d84af803a6 Enable Autoupdates 2024-03-20 08:48:31 -04:00
DefensiveDepth
020eb47026 Change Detections defaults 2024-03-19 13:53:37 -04:00
Jason Ertel
844cfe55cd handle airgap when detections not enabled 2024-03-13 20:52:17 -04:00
Jason Ertel
927fe9039d handle airgap when detections not enabled 2024-03-13 20:50:03 -04:00
m0duspwnens
1a829190ac remove modules if detections disabled 2024-03-13 09:46:44 -04:00
DefensiveDepth
61a183b7fc Add regex defaults 2024-03-11 15:55:39 -04:00
Corey Ogburn
6f05c3976b Updated RulesRepo for New Strelka Structure 2024-03-08 11:29:46 -07:00
Jason Ertel
8f36a8a4b6 Merge pull request #12514 from Security-Onion-Solutions/jertel/annotations 
detections annotations
 2024-03-06 11:10:21 -05:00
Jason Ertel
1cbac11fae detections annotations 2024-03-06 11:08:03 -05:00
Jason Ertel
167aff24f6 detections annotations 2024-03-06 11:03:52 -05:00
Josh Brower
9e671621db Merge pull request #12510 from Security-Onion-Solutions/2.4/excludedetections 
Add Exclusion toggle
 2024-03-06 10:56:29 -05:00
Jason Ertel
0f12297f50 add new pcap annotations 2024-03-06 08:19:42 -05:00
Jason Ertel
12653eec8c add new pcap annotations 2024-03-06 08:14:33 -05:00
Josh Brower
1b47537a3f Add Exclusion toggle 2024-03-06 07:16:50 -05:00
Josh Brower
f3dce66f03 Merge pull request #12482 from Security-Onion-Solutions/2.4/sigma-pipeline 
2.4/sigma pipeline
 2024-03-01 15:29:13 -05:00
Josh Brower
d832158cc5 Drop Hashes field 2024-03-01 15:26:02 -05:00
Josh Brower
b017157d21 Add antivirus mapping 2024-03-01 14:04:56 -05:00
Josh Brower
59af547838 Fix download location 2024-02-27 09:49:54 -05:00
Josh Brower
c6baa4be1b Airgap Support - Detections module 2024-02-26 16:19:32 -05:00
Doug Burks
52580fb8c4 Merge pull request #12434 from Security-Onion-Solutions/feature/improve-endpoint-columns 
Add multiple endpoint features
 2024-02-26 12:05:30 -05:00
Doug Burks
f8424f3dad Update defaults.yaml 2024-02-26 11:22:09 -05:00
Doug Burks
c8a95a8706 FEATURE: Add new endpoint dashboards #12428 2024-02-26 09:59:07 -05:00
Doug Burks
4df21148fc FEATURE: Add default columns for endpoint.events datasets #12425 2024-02-26 09:40:51 -05:00
Doug Burks
ca249312ba FEATURE: Add new SOC action for Process Info #12421 2024-02-26 09:38:14 -05:00
Josh Brower
66b815d4b2 Merge pull request #12431 from Security-Onion-Solutions/feature/brower-detections 
Add Detection AutoUpdate config
 2024-02-26 08:43:33 -05:00
Josh Brower
a6bb7216f9 Add Detection AutoUpdate config 2024-02-26 08:18:42 -05:00
Doug Burks
d6cb8ab928 update events_x_process in defaults.yaml 2024-02-23 17:09:40 -05:00
Doug Burks
daf96d7934 fix new eventFields in merged.map.jinja 2024-02-23 17:07:48 -05:00
Doug Burks
58f4fb87d0 fix new eventFields in soc_soc.yaml 2024-02-23 17:06:29 -05:00
Doug Burks
b7ef1e8af1 add more endpoint.events.x fields to soc_soc.yaml 2024-02-23 15:38:53 -05:00
Doug Burks
7da0ccf5a6 add more endpoint.events.x entries to merged.map.jinja 2024-02-23 15:35:53 -05:00
m0duspwnens
573d565976 convert _x_ to . for soc ui to config 2024-02-23 15:03:44 -05:00
Doug Burks
b8baca417b add endpoint_x_events_x_process to defaults.yaml 2024-02-23 14:03:04 -05:00
Josh Brower
d04aa06455 Fix source.ip 2024-02-22 14:01:02 -05:00
Josh Brower
c886e72793 Imphash mappings 2024-02-22 08:59:33 -05:00
Josh Brower
0a9022ba6a Add hash mappings 2024-02-21 17:07:08 -05:00
Josh Brower
1952f0f232 Merge remote-tracking branch 'origin/2.4/dev' into kilo 2024-02-21 13:11:49 -05:00
Jason Ertel
4b314c8715 replace correlate icon to avoid confusion with searcheng.in 2024-02-20 10:30:09 -05:00
Josh Brower
ffb3cc87b7 Default ruleset; Descriptions 2024-02-16 11:55:10 -05:00
Corey Ogburn
c64f37ab67 sigmaRulePackages is now a string array 2024-02-15 10:34:07 -07:00
Corey Ogburn
a5db9f87dd Merge branch 'kilo' into cogburn/detection_playbooks 2024-02-13 14:08:44 -07:00
Corey Ogburn
8800b7e878 WIP: Detections Changes 
Removed some strelka/yara rules from salt.

Removed yara scripts for downloading and updating rules. This will be managed by SOC.

Added a new compile_yara.py script.

Added the strelka repos folder.
 2024-02-13 14:05:27 -07:00