CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-25 10:23:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
9,687 Commits 19 Branches 120 Tags
e925d435ff677f015403e599f2e68dd7fe9a3a22
Commit Graph

5786 Commits

Author SHA1 Message Date
Wes Lambert
e925d435ff Update event, file, and host mappings to include .security 2022-03-02 14:33:52 +00:00
Wes Lambert
496b161253 Update ECS mappings to include .security 2022-03-02 14:27:36 +00:00
Wes Lambert
aae2fd1fbb Update DNS mappings to include .security 2022-03-02 14:27:15 +00:00
Wes Lambert
0b45cf7ae1 Update base mappings to include .security 2022-03-02 14:25:57 +00:00
Wes Lambert
d89af5f04f Update agent mappings to include .security 2022-03-02 14:25:14 +00:00
Wes Lambert
2d2ec45029 Modify base ECS mappings to include .security where possible, as well as custom analyzer definition 2022-03-02 14:19:36 +00:00
Wes Lambert
5489b8559d Revert "Switch from .security to match_only_text" 
This reverts commit f7862af934.
 2022-03-01 18:44:00 +00:00
Wes Lambert
2a9caccc7c Revert "Add additional .text subfield mappings" 
This reverts commit 61dadc6249.
 2022-03-01 18:43:24 +00:00
Wes Lambert
a290602a70 Revert syslog pipeline updates from Abe' PR for now 2022-03-01 15:31:07 +00:00
Wes Lambert
038dc49098 Temporarily increase field limit before trimming efforts 2022-03-01 15:06:28 +00:00
Wes Lambert
dc07adca63 Rename ingest.timestamp to event.ingested 2022-03-01 15:05:08 +00:00
Josh Brower
e960d99901 Enable state tracking for sigma refresh 2022-02-28 21:18:41 -05:00
Josh Brower
09f1a5025d Merge remote-tracking branch 'remotes/origin/dev' into delta 2022-02-28 21:18:07 -05:00
Josh Brower
41a58b791a Enable state tracking for sigma refresh 2022-02-28 21:17:59 -05:00
Jason Ertel
f147bb33ed Upgrade to ES 7.17.1 2022-02-28 18:18:09 -05:00
Josh Patterson
6b3b5e9a1f Merge pull request #7363 from Security-Onion-Solutions/soup_singlenode_30 
allow for check_log_size_limit to work without salt-master running
 2022-02-28 17:13:42 -05:00
Josh Brower
d71bde0e38 Merge pull request #7362 from Security-Onion-Solutions/delta 
Navigator - include attack json for airgap
 2022-02-28 16:33:10 -05:00
Josh Brower
2075412ca2 Navigator - include attack json for airgap 2022-02-28 16:15:30 -05:00
m0duspwnens
a51f833f36 output only the value for log_size_limit 2022-02-28 16:13:43 -05:00
m0duspwnens
8d12e136f2 Merge remote-tracking branch 'remotes/origin/dev' into soup_singlenode_30 2022-02-28 15:43:37 -05:00
m0duspwnens
710059211d remove debug echo, mkdir verbose 2022-02-28 14:54:39 -05:00
m0duspwnens
80e5198f9e combine local and default pillars to get pillar values locally 2022-02-28 14:35:16 -05:00
m0duspwnens
dc24cb711d need local to be --local 2022-02-28 13:50:08 -05:00
m0duspwnens
c5bf818049 debug messages and pass local to lookup_salt_value 2022-02-28 13:39:50 -05:00
weslambert
414b9dcd59 Run template load first to prevent issues with pipeline changes that generate new indices 2022-02-28 12:33:18 -05:00
m0duspwnens
cd981fa2ae forgot then for if 2022-02-28 12:25:06 -05:00
m0duspwnens
278235b0ca update so-common lookup_salt_value to accept local option. soup get minion id from grains with local option 2022-02-28 12:15:23 -05:00
weslambert
a9caef9596 Merge pull request #7338 from Security-Onion-Solutions/fix/endgame_template 
Revert Endgame index name changes
 2022-02-28 08:13:09 -05:00
Doug Burks
32b71fdcac Avoid changing _index for imported logs 2022-02-26 10:36:09 -05:00
Wes Lambert
bd1b21a5b6 Revert Endgame index name changes 2022-02-26 02:53:57 +00:00
weslambert
e942d81433 Ensure correct formatting for source override 2022-02-25 19:14:58 -05:00
weslambert
a511fd33e9 Ensure correct formatting for destination override 2022-02-25 19:14:21 -05:00
Doug Burks
8df47e809d make sure that each post_to_* function sets POSTVERSION at end 2022-02-25 14:30:59 -05:00
Mike Reeves
15924ebe0f Fix endgame index name 2022-02-25 13:29:29 -05:00
Wes Lambert
a8bdff89ae Move files into SO component template directory 2022-02-25 18:00:16 +00:00
Wes Lambert
08097fe9ec Add Playbook override mappings 2022-02-25 17:58:51 +00:00
Josh Brower
ce4c859f3a Merge pull request #7328 from Security-Onion-Solutions/fix/soup-sigma-refresh 
.110 Post processing - sigma refresh
 2022-02-25 12:24:19 -05:00
Josh Patterson
9de9d92b2b Merge pull request #7329 from Security-Onion-Solutions/delta 
add extra hosts for filebeat on idh node
 2022-02-25 12:23:37 -05:00
m0duspwnens
d76facb1bb add extra hosts for idh node 2022-02-25 12:21:43 -05:00
Josh Brower
1abf27873d .110 Post processing - sigma refresh 2022-02-25 12:19:59 -05:00
Wes Lambert
61dadc6249 Add additional .text subfield mappings 2022-02-25 16:27:37 +00:00
Josh Brower
4a597b9f0e Merge remote-tracking branch 'remotes/origin/dev' into delta 2022-02-24 19:58:10 -05:00
Josh Brower
cf7325a546 IDH - Play tweaks, Setup summary, log rotate 2022-02-24 19:57:11 -05:00
Josh Patterson
8302c45059 Merge pull request #7320 from Security-Onion-Solutions/delta_ssh 
default to false if local role doesnt exist
 2022-02-24 18:06:19 -05:00
m0duspwnens
0970bbc983 default to false if local role doesnt exist 2022-02-24 17:55:50 -05:00
Josh Brower
e8e683c2e9 Merge pull request #7319 from Security-Onion-Solutions/delta 
Add and Update IDH Plays
 2022-02-24 15:48:38 -05:00
Josh Brower
fbc702375c Add and Update IDH Plays 2022-02-24 15:06:04 -05:00
Josh Patterson
5c747fbb4c Merge pull request #7318 from Security-Onion-Solutions/delta_ssh 
change name of selinux policy state for idh node
 2022-02-24 14:49:55 -05:00
m0duspwnens
8b61d4818d change name of selinux policy state for idh node 2022-02-24 14:47:14 -05:00
Wes Lambert
0f8a39002f Add .text subfield mappings for DTC where fields are defined 2022-02-24 19:39:52 +00:00