CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
9,436 Commits 24 Branches 119 Tags
e874c32c0872f5cd0a69660f0513857a2e94d95d
Commit Graph

583 Commits

Author SHA1 Message Date
weslambert
367b59188b Revert back to dns.answers for now 2022-01-31 09:54:39 -05:00
weslambert
fc0a5bce86 Revert field limit from testing 2022-01-27 11:18:35 -05:00
weslambert
60a0204975 Revert changes to common template 2022-01-27 11:02:47 -05:00
weslambert
8f0a327cb5 Fix Zeek field name so it doesn't conflict with mapping of other dns.answers fields 2022-01-26 15:02:59 -05:00
weslambert
1b3e7f9d79 Temp changes while adjusting mapping 2022-01-26 14:57:16 -05:00
m0duspwnens
c80adc0430 mount repo dir in container same as defined on host 2022-01-26 13:42:56 -05:00
weslambert
e77648c475 Merge pull request #6994 from Security-Onion-Solutions/feature/dtc 
Additional DTC changes
 2022-01-26 12:22:48 -05:00
Jason Ertel
c2636036ee Merge pull request #6995 from Security-Onion-Solutions/kilo 
store related event data as a flattened object blob
 2022-01-26 12:21:02 -05:00
Wes Lambert
e10749a495 Additional changes to template to accomodate default fields and keyword subfield 2022-01-26 17:16:29 +00:00
Jason Ertel
ed9b74dc33 store related event data as a flattened object blob 2022-01-26 12:16:05 -05:00
m0duspwnens
dd00e3babc use .get since repo may not exist 2022-01-25 13:18:21 -05:00
m0duspwnens
5d2b3992e2 dont need to set ES_PATH_REPO 2022-01-25 13:11:53 -05:00
m0duspwnens
7b6eeac03f dnt mount under /repo in the container 2022-01-25 13:08:46 -05:00
m0duspwnens
00e17d5c78 put repos in /repo in es container 2022-01-25 13:03:54 -05:00
m0duspwnens
a17e1aa87a 930 for group 2022-01-25 13:00:04 -05:00
m0duspwnens
4423e93880 prevent path.repo from being put in elasticsearch.yml if the symlink doesnt exist 2022-01-25 12:57:05 -05:00
m0duspwnens
e62de2934c fix test for es repo 2022-01-25 12:24:03 -05:00
m0duspwnens
a92e2a917b change repos to repo 2022-01-25 10:53:28 -05:00
m0duspwnens
a72f12c4c7 add path.repo mount if symlink exists 2022-01-25 10:50:00 -05:00
weslambert
ba52bd3835 Update template with syntax fixes 2022-01-25 08:56:03 -05:00
Jason Ertel
4ab7a6a079 Merge pull request #6967 from Security-Onion-Solutions/kilo 
Copyright year and format update
 2022-01-24 10:39:31 -05:00
Jason Ertel
eefcc929c2 Update copyright pattern to match other repos 2022-01-24 10:09:23 -05:00
Jason Ertel
7c22f46a55 Update copyright year for 2022 2022-01-24 09:35:29 -05:00
weslambert
f7a4cc20f2 Update so-common-template.json.jinja 2022-01-21 12:36:38 -05:00
weslambert
d1efa71c57 Remove dynamic keyword template to prevent field conflicts with mappings defined in common template 2022-01-20 12:34:32 -05:00
Josh Patterson
c57b2d005e Merge pull request #6933 from Security-Onion-Solutions/issue/6810 
quote ES_PASS in SOCtopus.conf and remove % from random pw
 2022-01-20 10:57:56 -05:00
m0duspwnens
9b2459d8ba quote ES_PASS in SOCtopus.conf and remove % from random pw 2022-01-20 10:52:48 -05:00
weslambert
e137ad60c5 Disable dynamic mapping and increase order to reduce potential field conflicts 2022-01-20 09:44:41 -05:00
m0duspwnens
fc65f7bb84 Merge remote-tracking branch 'remotes/origin/dev' into issue/6810 2022-01-19 15:35:28 -05:00
Jason Ertel
dc44a91398 Prefix all SO fields to avoid potential conflicts with future ECS changes 2022-01-19 14:26:22 -05:00
Jason Ertel
d7ba1cedff remove unused fields object from related case schema 2022-01-19 08:39:21 -05:00
m0duspwnens
87999453f2 Merge remote-tracking branch 'remotes/origin/dev' into issue/6810 2022-01-18 09:13:10 -05:00
m0duspwnens
a46a740170 account for salt 3004 adding new chars to random.get_str 2022-01-14 17:23:29 -05:00
weslambert
c512351dd6 Add mapping for scan.exiftool and scan.pe.sections.entropy 2022-01-14 17:01:13 -05:00
weslambert
a90bc9dba9 Add mapping for scan.pe.sections.entropy 2022-01-14 16:58:53 -05:00
m0duspwnens
06c0cebb26 merge with dev 2022-01-13 09:44:26 -05:00
Mike Reeves
ee44edfe75 Add additional highlander settings 2022-01-12 13:18:44 -05:00
m0duspwnens
494737549d move some es script to src elasticsearch/tools/sbin and dst /usr/sbin. set requires 2022-01-12 10:20:05 -05:00
m0duspwnens
baf297ab0a merge with dev, resolve conflict 2022-01-11 11:24:10 -05:00
Josh Brower
5083be4ce7 Merge pull request #6816 from Security-Onion-Solutions/fix/wazuh-parsing-v2 
Fix Wazuh WEL Parsing
 2022-01-11 11:17:24 -05:00
m0duspwnens
328d6cdeb4 Merge remote-tracking branch 'remotes/origin/dev' into issue/6811 2022-01-11 10:02:18 -05:00
Mike Reeves
8ad36fc7b9 Update init.sls 2022-01-11 10:01:14 -05:00
m0duspwnens
87756cdbc9 Merge remote-tracking branch 'remotes/origin/dev' into issue/6811 2022-01-11 09:57:31 -05:00
Mike Reeves
770a389410 Update init.sls 2022-01-11 09:56:22 -05:00
m0duspwnens
b5c274de10 Merge remote-tracking branch 'remotes/origin/dev' into issue/6811 2022-01-11 09:48:31 -05:00
weslambert
84f7c6b13b Add event.acknowledged and event.escalated mappings 2022-01-10 16:08:35 -05:00
m0duspwnens
716c98ec61 requires and ordering for socusersroles state 2022-01-10 14:39:00 -05:00
Josh Brower
56aa24d874 Fix Wazuh WEL Parsing 2022-01-10 13:55:38 -05:00
Mike Reeves
b7a90a88f9 Merge pull request #6815 from Security-Onion-Solutions/esbackup 
Add ability to specify local backup dir
 2022-01-10 13:31:24 -05:00
weslambert
1c3eeb5a34 Fix typo -- replace period with comma 2022-01-10 13:29:06 -05:00