CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
9,436 Commits 24 Branches 119 Tags
e874c32c0872f5cd0a69660f0513857a2e94d95d
Commit Graph

292 Commits

Author SHA1 Message Date
weslambert
367b59188b Revert back to dns.answers for now 2022-01-31 09:54:39 -05:00
weslambert
8f0a327cb5 Fix Zeek field name so it doesn't conflict with mapping of other dns.answers fields 2022-01-26 15:02:59 -05:00
m0duspwnens
494737549d move some es script to src elasticsearch/tools/sbin and dst /usr/sbin. set requires 2022-01-12 10:20:05 -05:00
m0duspwnens
baf297ab0a merge with dev, resolve conflict 2022-01-11 11:24:10 -05:00
m0duspwnens
716c98ec61 requires and ordering for socusersroles state 2022-01-10 14:39:00 -05:00
Josh Brower
56aa24d874 Fix Wazuh WEL Parsing 2022-01-10 13:55:38 -05:00
m0duspwnens
beb9a33628 only include curl.config if elasticsearch:auth is enabled 2022-01-10 11:48:16 -05:00
Josh Brower
5d4ea2ba3a Revert Wazuh parser update 2022-01-07 10:51:24 -05:00
Josh Brower
277c7f1ef8 Uppercase first char in Wazuh WEL 2022-01-06 14:58:50 -05:00
Jason Ertel
2c9062efb7 resolved merge conflicts 2021-12-21 09:34:39 -05:00
Jason Ertel
35617acaeb Update cacerts to reflect new path; this changed due to ES 7.16.2 2021-12-20 12:12:00 -05:00
Jason Ertel
6f116a2d01 Switch to new Ubuntu SSL dir 2021-12-20 09:43:59 -05:00
Mike Reeves
465ba1b7d3 Change CA certs location 2021-12-15 17:08:36 -05:00
Wes Lambert
f80b70e008 Add config for dynamically formatted ingest pipelines 2021-11-09 20:07:53 +00:00
Wes Lambert
46d3eb452d Add ECS testing pipeline 2021-11-08 20:08:56 +00:00
Josh Brower
2ba619144c Support non-WEL Beats 2021-11-02 08:23:29 -04:00
Mike Reeves
a3e0fb127a Merge pull request #5069 from datlife/datlife/asn-annotation 
Add ASN annotation for IP
 2021-10-05 06:50:31 -04:00
Dat
9569e73bd0 Added ASN annotation for IP 2021-10-04 12:41:20 -07:00
m0duspwnens
aed73511e4 file cleanup, comment cleanup 2021-09-20 09:24:03 -04:00
m0duspwnens
5b77dc109f Merge remote-tracking branch 'remotes/origin/dev' into issue/1257 2021-09-16 16:54:23 -04:00
Josh Brower
a75238bc3f so-import-evtx - fix ingest formatting 2021-09-15 14:13:16 -04:00
m0duspwnens
93f2cd75a4 add the jinja template 2021-09-09 10:19:46 -04:00
Josh Brower
7b93f355e2 so-import-evtx - timestamp extraction 2021-08-25 15:17:19 -04:00
Mike Reeves
71bbb41b5f Merge branch 'dev' into bravo 2021-08-04 10:57:10 -04:00
William Wernert
8a49039b85 Only append source.ip to logscan.source.ips if it's been created 2021-08-02 09:50:49 -04:00
William Wernert
2a6277c0c3 Fix field names in logscan pipeline 2021-07-30 15:46:39 -04:00
William Wernert
33bd6aed20 Fix logscan pipeline on eval 
* Rename logscan pipeline to logscan.alert
* Add module to indices array in filebeat.yml
 2021-07-30 14:41:15 -04:00
William Wernert
0b06d0bfdb Merge branch 'dev' into foxtrot 2021-07-29 15:15:25 -04:00
Jason Ertel
4c6447a3da merge 2.3.61 MSEARCH hotfix into dev 2021-07-29 15:00:58 -04:00
Mike Reeves
a42d8c9229 Fix Manager Search 2021-07-28 17:03:14 -04:00
doug
3d3593a1a9 FIX: Suricata dns.response.code needs to be renamed to dns.response.code_name #4770 2021-07-22 09:50:21 -04:00
Mike Reeves
09165daab8 Several Suricata things 2021-07-21 09:10:33 -04:00
William Wernert
9bf1d3e0c6 Misc fixes 2021-07-16 14:59:44 -04:00
William Wernert
3a12d28d20 Merge branch 'dev' into feature/logscan 2021-07-16 14:13:19 -04:00
Wes Lambert
05aad07bfc Replace staging path with processed path for analyzed files 2021-07-14 15:04:46 +00:00
Wes Lambert
441cd3fc59 Move Wazuh-specific data to wazuh.data 2021-07-14 13:42:51 +00:00
William Wernert
e7a6172d7e [fix] Add single quotes to strings 2021-07-13 14:07:27 -04:00
William Wernert
115e0a6fee [fix] Add missing comma 2021-07-13 12:04:10 -04:00
William Wernert
e059c25ebc [fix][wip] Fix pipeline parsing errors 2021-07-13 11:05:05 -04:00
William Wernert
2b0bca8e55 Merge branch 'dev' into feature/logscan 2021-07-12 14:58:30 -04:00
doug
e6f9592cde FIX: Suricata dns.response.code needs to be renamed to dns.response.code_name #4770 2021-07-12 13:24:21 -04:00
William Wernert
bac7ef71d8 Add logscan.source.ips field 2021-07-09 10:55:11 -04:00
William Wernert
80525ee736 [wip] Add logscan pipeline 2021-07-08 12:29:50 -04:00
Mike Reeves
693f455862 ECS hotfix 2021-07-02 08:55:49 -04:00
Jason Ertel
5298cb8cfb Update copyrights 2021-06-21 07:06:49 -04:00
Jason Ertel
fca1c6e957 Merge branch 'dev' into kilo 2021-06-14 10:40:04 -04:00
weslambert
4c74e7f308 Add event.kind and set name to module[dot]dataset 2021-06-02 15:35:26 -04:00
weslambert
db48c15f1d Create event.kind field and rename dataset to be module[dot]dataset 2021-06-02 15:33:18 -04:00
Jason Ertel
588da4d7dc Resolve salt pillar/state/jinja race condition 2021-06-02 14:34:21 -04:00
Mike Reeves
7b7111e12c Fix some hunt queries 2021-06-02 13:53:39 -04:00