CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-25 05:57:49 +02:00
Code Issues Packages Projects Releases Wiki Activity
5,034 Commits 40 Branches 125 Tags
e2f16d51a6451b2bfe2b104acca8afccb4942b6e
Commit Graph

2950 Commits

Author SHA1 Message Date
Doug Burks 5f15320b9d Update Hunt fields for firewall #1500 2020-10-10 07:54:48 -04:00
Doug Burks 8d1ba1f4db fix pfsense firewall udp parsing 2020-10-10 07:38:47 -04:00
Doug Burks 8cfabf101c Update Hunt query for firewall #1499 2020-10-10 07:17:49 -04:00
Doug Burks 9aa4112de1 Remove extra comma 2020-10-10 06:10:10 -04:00
Wes Lambert 28a1f7f88a Remove pfsense tag 2020-10-10 00:03:51 +00:00
Wes Lambert b55ffa44f8 Fix module,dataset rename 2020-10-10 00:01:37 +00:00
Wes Lambert 69a04dedd3 Filterlog config changes 2020-10-09 23:56:52 +00:00
m0duspwnens ea1324e498 fix LOSS calc line 2020-10-09 11:54:39 -04:00
m0duspwnens 3f007b6af7 Merge remote-tracking branch 'remotes/origin/dev' into issue/1403 2020-10-09 11:40:01 -04:00
m0duspwnens f5cacd66b8 correct zeekcaptureloss script to work on zeek standalone 2020-10-09 11:39:44 -04:00
Jason Ertel 40ff628c0b Replace simple pillar lookup with salt equivalent to ensure quoted values are handled properly 2020-10-09 11:10:46 -04:00
William Wernert 97fce74263 [fix] Rename playbook key and add new admin/automation psswds 2020-10-09 09:59:08 -04:00
William Wernert d7961fdbb8 Merge branch 'dev' of github.com:Security-Onion-Solutions/securityonion into dev 2020-10-09 08:51:45 -04:00
William Wernert 5a8d776a62 [ix] Correct sls syntax 2020-10-09 08:51:35 -04:00
m0duspwnens f38519247b change capture loss to every 5 minutes and default grafana dashboard to 1h 2020-10-08 17:52:02 -04:00
William Wernert 065fe9042d [fix] Make sure Playbook is up before creating user 2020-10-08 17:01:12 -04:00
weslambert 06706d29f2 Ensure pipelines with dots in names can be referenced 2020-10-08 15:41:17 -04:00
Wes Lambert 1efb39a71b Add pipeline stats script 2020-10-08 19:11:41 +00:00
m0duspwnens 52e8265511 update is_airgap for soup 2020-10-08 14:16:19 -04:00
Mike Reeves 26317efe79 Update Soup 2020-10-08 14:05:52 -04:00
William Wernert 2ad3f9da11 [fix] Wazuh not saving .log files anymore, only check .json files 2020-10-08 12:41:51 -04:00
William Wernert 034750fe5b Merge branch 'dev' into feature/rotate-logs 
# Conflicts:
#	setup/so-functions
 2020-10-08 12:36:30 -04:00
William Wernert e1d8f578c2 [feat] Add log dirs for playbook + influxdb 2020-10-08 12:35:14 -04:00
m0duspwnens e7abbf19af fix templates not applying to searchnode. so-searchnode role doesnt exists searchnodes are so-node role 2020-10-08 11:17:26 -04:00
Wes Lambert a6d3dcf398 More fixes for rule field 2020-10-08 13:36:47 +00:00
Wes Lambert a2e2f23a8d Add null safe check for rule 2020-10-08 13:14:39 +00:00
Wes Lambert adf0ef87c9 Fix network transport Kibana viz 2020-10-08 12:17:15 +00:00
weslambert 5ada85942b Lowercase network.transport 2020-10-08 07:59:57 -04:00
Doug Burks 2489ca608a Improve Hunt FTP queries #1479 2020-10-08 05:30:17 -04:00
m0duspwnens be7167d99b Merge remote-tracking branch 'remotes/origin/dev' into issue/1403 2020-10-07 17:45:22 -04:00
m0duspwnens 821ce19aad new dashboard for sensors 2020-10-07 17:38:16 -04:00
m0duspwnens 1bdc45ef0e new dashboard for sensors 2020-10-07 17:37:11 -04:00
m0duspwnens 4f8bb9c2f1 updates to standalone and eval dashboards 2020-10-07 16:48:29 -04:00
m0duspwnens 7dd839cfa2 add zeek capture loss graph and resize redis queue for standalone 2020-10-07 15:53:31 -04:00
Wes Lambert 7543144afe Don't use regex for determining rule type 2020-10-07 16:15:43 +00:00
weslambert 8e829b47ae Remove dataset name since pipeline no longer in use 2020-10-07 11:48:56 -04:00
m0duspwnens 8540a691dc only send loss if timestamp on data has changed 2020-10-07 11:23:06 -04:00
Wes Lambert 015a441e79 Change rule.signature_info to rule.reference and ensure common.nids exists 2020-10-07 15:20:26 +00:00
m0duspwnens 1106b2bf96 only send loss if timestamp on data has changed 2020-10-07 11:15:10 -04:00
Wes Lambert f0a1457ffd Update common.nids 2020-10-07 15:14:08 +00:00
m0duspwnens d09f0f841e only send loss if timestamp on data has changed 2020-10-07 11:13:03 -04:00
m0duspwnens 6f2d47cc40 only send loss if timestamp on data has changed 2020-10-07 11:11:06 -04:00
m0duspwnens 2317e8b348 only send loss if timestamp on data has changed 2020-10-07 11:08:41 -04:00
m0duspwnens f96d6ae4f4 only send loss if timestamp on data has changed 2020-10-07 11:06:54 -04:00
m0duspwnens 5e534571ff set timestamp with capture loss 2020-10-07 10:20:51 -04:00
m0duspwnens 14dd80b410 handle whitespace 2020-10-06 18:46:32 -04:00
m0duspwnens af2df2c7d1 just print the loss 2020-10-06 18:44:22 -04:00
m0duspwnens f95712c502 update log file 2020-10-06 18:38:51 -04:00
m0duspwnens 48ca2cdff1 fix pillars we check 2020-10-06 18:10:41 -04:00
m0duspwnens 73ce948d42 add zeekcaptureloss to data to influxdb. rename broloss to zeekloss - https://github.com/Security-Onion-Solutions/securityonion/issues/1403 2020-10-06 18:05:41 -04:00