m0duspwnens
|
e0e094cd95
|
rename sosbip and sosrange to sobip and sorange
|
2023-02-03 10:10:51 -05:00 |
|
m0duspwnens
|
a37f0fd0c0
|
rename sosbridge to sobridge
|
2023-02-03 10:07:07 -05:00 |
|
m0duspwnens
|
6e45f1b6e1
|
Merge remote-tracking branch 'remotes/origin/2.4/dev' into 2.4/firewall
|
2023-02-03 09:55:50 -05:00 |
|
m0duspwnens
|
df9ef9ffc7
|
add managersearch
|
2023-02-03 09:55:33 -05:00 |
|
weslambert
|
bee5a1e9e8
|
Merge pull request #9711 from Security-Onion-Solutions/fix/so_import_pcap_suricata_metadata_disable_zeek
Only run Zeek if it is defined as the metadata engine
|
2023-02-02 13:27:35 -05:00 |
|
m0duspwnens
|
3e808a70fa
|
allow managersearch. comment out localhost allow in setup
|
2023-02-02 12:11:03 -05:00 |
|
Wes
|
bc082dff99
|
Only run Zeek if it is defined as 'mdengine'
|
2023-02-02 16:22:42 +00:00 |
|
m0duspwnens
|
33787d345b
|
Merge remote-tracking branch 'remotes/origin/2.4/dev' into 2.4/firewall
|
2023-02-02 10:04:01 -05:00 |
|
m0duspwnens
|
9eae31e488
|
add managersearch to allowed roles for so-firewall. fix setup error from so-firewall "Please specify a role with --role="
|
2023-02-02 10:03:22 -05:00 |
|
weslambert
|
395cbf330a
|
Merge pull request #9706 from Security-Onion-Solutions/fix/suricata_metadata
Add Suricata metadata configuration
|
2023-02-02 09:54:49 -05:00 |
|
Wes
|
5fba3c5872
|
Add Suricata metadata configuration
|
2023-02-02 14:48:01 +00:00 |
|
m0duspwnens
|
3ba64f7545
|
Merge remote-tracking branch 'remotes/origin/2.4/dev' into 2.4/firewall
|
2023-02-02 09:31:40 -05:00 |
|
weslambert
|
eb7b6e78b9
|
Merge pull request #9702 from Security-Onion-Solutions/fix/elastic_agent_integration_policy_disable
Disable loading of Kibana and Logstash integration policies
|
2023-02-01 16:02:56 -05:00 |
|
weslambert
|
d242050627
|
Disable loading of Kibana and Logstash logs for now since there are issues with the packages from the registry
|
2023-02-01 15:59:35 -05:00 |
|
weslambert
|
3dfa7959b3
|
Merge pull request #9698 from Security-Onion-Solutions/fix/strelka_yara_exclusion_2_4
Add 'configured_vulns_ext_vars.yar' to exclusion list
|
2023-02-01 14:38:38 -05:00 |
|
weslambert
|
2101ca60e9
|
Add 'configured_vulns_ext_vars.yar' to exclusion list
|
2023-02-01 14:25:46 -05:00 |
|
m0duspwnens
|
33668105a5
|
Merge remote-tracking branch 'remotes/origin/2.4/dev' into 2.4/firewall
|
2023-02-01 11:32:02 -05:00 |
|
m0duspwnens
|
d2dd68eb44
|
add global vars for managersearch
|
2023-02-01 11:31:36 -05:00 |
|
Josh Patterson
|
77749adc8f
|
Merge pull request #9691 from Security-Onion-Solutions/2.4/firewall
2.4/firewall
|
2023-01-31 17:11:57 -05:00 |
|
m0duspwnens
|
6ec086e24a
|
add influxdb as extra_hosts for grafana container
|
2023-01-31 17:10:11 -05:00 |
|
m0duspwnens
|
6f1438148f
|
allow elastic agent access
|
2023-01-31 16:54:46 -05:00 |
|
m0duspwnens
|
12bede5e77
|
Merge remote-tracking branch 'remotes/origin/2.4/dev' into 2.4/firewall
|
2023-01-31 16:10:50 -05:00 |
|
weslambert
|
056bcd0121
|
Merge pull request #9683 from Security-Onion-Solutions/fix/kibana_osquery_live_query_link_remove
Remove OSQuery live query link
|
2023-01-31 13:38:07 -05:00 |
|
m0duspwnens
|
8cbafb52d8
|
Merge remote-tracking branch 'remotes/origin/2.4/dev' into 2.4/firewall
|
2023-01-31 13:32:51 -05:00 |
|
m0duspwnens
|
16e1e297a0
|
allow elasticsearch_rest
|
2023-01-31 13:32:33 -05:00 |
|
weslambert
|
98bea0322e
|
Merge pull request #9688 from Security-Onion-Solutions/fix/elastic_agent_elasticsearch_output_typo_fix
Fix Elastic Agent Elasticsearch output typo
|
2023-01-31 12:57:38 -05:00 |
|
weslambert
|
74eed31eec
|
Change Elasticsearch output name from 'so-manager_elasticsearch2' to 'so-manager_elasticsearch'
|
2023-01-31 12:55:03 -05:00 |
|
m0duspwnens
|
aa411e2682
|
allow influxdb on manager and managersearch
|
2023-01-31 12:42:46 -05:00 |
|
weslambert
|
cbf2bd1373
|
Remove OSQuery live query link
|
2023-01-31 10:59:17 -05:00 |
|
m0duspwnens
|
0ba193c7a4
|
allow docker_registry fw
|
2023-01-31 10:55:14 -05:00 |
|
m0duspwnens
|
e09a86dc30
|
2.4 searchnode es config
|
2023-01-31 10:54:40 -05:00 |
|
m0duspwnens
|
8dc7a9da9e
|
add searchnode global vars
|
2023-01-31 10:52:35 -05:00 |
|
Doug Burks
|
acffc5ee07
|
Merge pull request #9682 from Security-Onion-Solutions/fix/suricata-dhcp-parsing-2.4
2.4: Improve Suricata DHCP parsing and dashboard
|
2023-01-31 10:18:41 -05:00 |
|
Doug Burks
|
a44d83d69b
|
Improve Suricata DHCP parsing and dashboard
|
2023-01-31 08:33:38 -05:00 |
|
weslambert
|
bde828cd4f
|
Merge pull request #9676 from Security-Onion-Solutions/fix/so-import-evtx_updates
Updates to so-import-evtx
|
2023-01-31 08:17:02 -05:00 |
|
weslambert
|
0436f885b8
|
Set values for '@timestamp' and 'event.ingested'
|
2023-01-31 08:04:49 -05:00 |
|
Wes
|
5472f53c9f
|
Remove bind mount and reference the correctly named entrypoint script
|
2023-01-30 21:24:30 +00:00 |
|
Wes
|
0156784687
|
Add EVTX integration policy for 'so-import-evtx'
|
2023-01-30 21:22:37 +00:00 |
|
Wes
|
cc100e50cd
|
Update so-import-evtx to convert EVTX to a JSON file instead of streaming to Elasticsearch
|
2023-01-30 21:09:58 +00:00 |
|
weslambert
|
b1eb16d3a2
|
Merge pull request #9670 from Security-Onion-Solutions/fix/elastic_agent_integration_policies_zeek_exclude_files
Remove 'prospector.scanner' prefix from 'exclude_files' configuration
|
2023-01-27 16:53:02 -05:00 |
|
weslambert
|
8240e5b20d
|
Remove 'prospector.scanner' prefix from 'exclude_files' configuration
|
2023-01-27 16:46:43 -05:00 |
|
Doug Burks
|
a13baf7bb8
|
Merge pull request #9669 from Security-Onion-Solutions/dougburks-patch-1
Fix typos in so-elastic-fleet-integration-policy-load
|
2023-01-27 15:52:47 -05:00 |
|
Doug Burks
|
b160d0add5
|
Fix typos in so-elastic-fleet-integration-policy-load
|
2023-01-27 15:45:58 -05:00 |
|
Doug Burks
|
209f732176
|
Merge pull request #9668 from Security-Onion-Solutions/fix/elastic_agent_integration_policies_zeek
Fix syntax for Zeek Elastic Agent integration policies
|
2023-01-27 15:30:50 -05:00 |
|
weslambert
|
68fac4488e
|
Fix syntax for Zeek integration policies
|
2023-01-27 15:27:15 -05:00 |
|
weslambert
|
fa9e62a816
|
Merge pull request #9665 from Security-Onion-Solutions/fix/elastic_agent_integration_policy_import_suricata_event.category
Change event.category from 'file' to 'network' in Import Suricata integration policy
|
2023-01-27 12:03:34 -05:00 |
|
weslambert
|
e47f64bd04
|
Change event.category from 'file' to 'network'
|
2023-01-27 12:00:30 -05:00 |
|
weslambert
|
6d2f379ba5
|
Merge pull request #9664 from Security-Onion-Solutions/fix/elastic_agent_integration_policies_zeek_exclude_files
Update Zeek file exclusions and add a minor output formatting change
|
2023-01-27 11:58:19 -05:00 |
|
weslambert
|
f49627cec1
|
Update Zeek file exclusions and add a minor output formatting change
|
2023-01-27 11:47:14 -05:00 |
|
weslambert
|
5ab3d1e8f1
|
Merge pull request #9663 from Security-Onion-Solutions/fix/elastic_agent_integration_policy_zeek_import_ics_tag
Change 'pipeline' to 'import.file' so that ICS tag conditional is applied to the correct field
|
2023-01-27 11:34:28 -05:00 |
|