CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
14,920 Commits 24 Branches 119 Tags
e960ae66a3719f6af25ae54016f4fd33f466b93b
Commit Graph

1059 Commits

Author SHA1 Message Date
reyesj2
e960ae66a3 Merge remote-tracking branch 'remotes/origin/2.4/dev' into reyesj2/kafka 2024-05-02 15:12:27 -04:00
Wes
3285ae9366 Update mappings for detection fields 2024-05-01 20:11:56 +00:00
weslambert
fe2edeb2fb 30d to 60d 2024-05-01 11:01:59 -04:00
weslambert
6294f751ee Cold min_age to 60d 2024-05-01 10:59:41 -04:00
Doug Burks
4d6124f982 FIX: Elasticsearch min_age regex #12885 2024-04-30 10:18:34 -04:00
reyesj2
fadb6e2aa9 Re-add original timestamp format + ignore failures with this processor 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-29 16:57:48 -04:00
reyesj2
192d91565d Update final pipeline timestamp format for event.module system events 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-29 16:34:29 -04:00
weslambert
b424426298 Exclude suricata 2024-04-25 09:14:18 -04:00
Josh Patterson
03f9160fcc Merge pull request #12860 from Security-Onion-Solutions/issue/12856 
allow for enabled/disable of so-elasticsearch-indices-delete cronjob
 2024-04-25 09:07:44 -04:00
m0duspwnens
d50de804a8 update annotation 2024-04-25 09:04:34 -04:00
weslambert
44afa55274 Fix comments about deletion 2024-04-24 17:41:37 -04:00
weslambert
ab832e4bb2 Include logstash-prefixed indices 2024-04-24 17:17:53 -04:00
m0duspwnens
c9d9979f22 allow for enabled/disable of so-elasticsearch-indices-delete cronjob 2024-04-24 16:18:45 -04:00
weslambert
59a02635ed Change index sorting 2024-04-24 15:18:49 -04:00
weslambert
1b3a0a3de8 Remove hot max_age 2024-04-24 10:11:02 -04:00
weslambert
75b5e16696 Update description, type, and regex 2024-04-24 09:14:39 -04:00
weslambert
8a0a435700 Fix warm description 2024-04-24 08:35:19 -04:00
weslambert
691b02a15e Fix warm description 2024-04-23 10:40:09 -04:00
Jorge Reyes
d402943403 Merge pull request #12773 from Security-Onion-Solutions/reyesj2/kismet 
Kismet integration for WiFi devices
 2024-04-22 15:59:22 -04:00
Doug Burks
406dda6051 Update so-elasticsearch-cluster-space-used 2024-04-18 11:48:15 -04:00
Doug Burks
229a989914 Update so-elasticsearch-cluster-space-total 2024-04-18 11:47:01 -04:00
Mike Reeves
67a57e9df7 Update limited-analyst.json 2024-04-17 13:14:45 -04:00
m0duspwnens
c014508519 need /opt/so/conf/ca/cacerts on receiver for kafka to run 2024-04-12 13:50:25 -04:00
reyesj2
55cf90f477 merge 2.4/dev 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-11 14:44:59 -04:00
reyesj2
68e016090b Fix network.wireless.ssid not parsing 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-11 13:21:54 -04:00
reyesj2
fd689a4607 Fix typo in ingest pipeline 
Test to fix duplicate events in SOC, by removing conflicting field event.created

Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-11 11:18:04 -04:00
reyesj2
7124f04138 Update ingest pipelines to match updated mappings 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-10 16:13:06 -04:00
reyesj2
4097e1d81a Create mappings for Kismet integration 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-10 16:10:27 -04:00
Mike Reeves
2206553e03 Update analyst.json 2024-04-10 09:49:21 -04:00
DefensiveDepth
376efab40c Ship Defender logs 2024-04-08 14:01:38 -04:00
Corey Ogburn
00cea6fb80 Detection Author as a Keyword instead of Text 
With Quick Actions added to Detections, as many fields should be usable as possible.
 2024-04-05 11:22:47 -06:00
Wes
105eadf111 Add cef 2024-04-03 14:40:41 +00:00
reyesj2
000d15a53c Kismet integration: TODO Elasticsearch mappings 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-03-29 13:56:01 -04:00
weslambert
df058b3f4a Merge branch '2.4/dev' into feature/pfsense_suricata 2024-03-25 10:08:03 -04:00
Wes
5e21da443f Minor verbiage updates 2024-03-25 13:58:32 +00:00
weslambert
4e1543b6a8 Get only code 2024-03-22 09:56:21 -04:00
Wes
5934829e0d Include pfsense config 2024-03-21 20:08:33 +00:00
Wes
486a633dfe Add pfsense Suricata config 2024-03-21 20:07:59 +00:00
Wes
c6df805556 Add SOC template 2024-03-18 14:53:36 +00:00
Wes
005930f7fd Add error.message mapping for system.syslog 2024-03-07 15:41:23 +00:00
weslambert
d8e8933ea0 Add AWS Security Hub template 2024-03-05 09:25:41 -05:00
weslambert
d85ac39e28 Add AWS Inspector template 2024-03-05 09:23:17 -05:00
weslambert
1514f1291e Add AWS GuardDuty template 2024-03-05 09:21:48 -05:00
weslambert
b64d61065a Add AWS Cloudfront template 2024-03-05 09:19:43 -05:00
weslambert
df3943b465 Daily rollover 2024-02-27 17:24:27 -05:00
weslambert
1d099f97d2 Update pattern for endpoint diagnostic template 2024-02-26 11:27:56 -05:00
Josh Patterson
d2f7946377 Merge pull request #12411 from Security-Onion-Solutions/issue/12382 
nest under policy
 2024-02-21 16:28:04 -05:00
m0duspwnens
162785575c nest under policy 2024-02-21 15:28:24 -05:00
Josh Brower
686304f24a Merge remote-tracking branch 'origin/2.4/dev' into kilo 2024-02-15 09:47:51 -05:00
Corey Ogburn
0d297274c8 DetectionComment Mapping Defined 2024-02-13 12:53:18 -07:00