CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-12 20:22:59 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,157 Commits 26 Branches 119 Tags
e9af46a8cbddba5e17d292d2776067c3523f2b51
Commit Graph

943 Commits

Author SHA1 Message Date
Matthew Wright
d81d9a0722 small tweak to investigation prompt 2025-09-25 14:45:06 -04:00
Corey Ogburn
aa43177d8c Fix Setting Name 
enabledInSoc => enabled
 2025-09-08 09:13:25 -06:00
Matthew Wright
12959d114c added threshold config fields for assistant 2025-09-08 09:13:25 -06:00
Corey Ogburn
0a3ff47008 Cleanup Annotations 
Removed fields no longer need annotations.
 2025-09-08 09:13:24 -06:00
Corey Ogburn
834e34128d Non-dev URL 2025-09-08 09:13:23 -06:00
Corey Ogburn
120e61e45c ClientParams 
Removed investigation prompt from module settings and moved to client settings, added enabledInSoc.
 2025-09-08 09:13:23 -06:00
Corey Ogburn
fc2d450de0 Update Settings 
The apiKey will be built off of the license rather than a new setting. The model is hardcoded for now at the AI Gateway level. We're going to use the investigationPrompt as a trigger for the feature being visible in the UI but by default will be blank for now.
 2025-09-08 09:13:22 -06:00
Corey Ogburn
ec27517bdd New Config Values 
New config values with annotations and defaults.

Updated Nginx config to allow streaming requests to not be buffered on the way to the client.
 2025-09-08 09:13:08 -06:00
Corey Ogburn
df0b484b45 More Descriptive Description 
Include instructions for how to add local lookups and a help link.
 2025-09-02 15:07:13 -06:00
Corey Ogburn
2181cddf49 Move EnableReverseLookup 
Move EnableReverseLookup and it's annotation from ClientParams to ServerConfig.
 2025-09-02 14:09:55 -06:00
Jason Ertel
304985b61e Merge pull request #14959 from Security-Onion-Solutions/jertel/wip 
rpt
 2025-08-22 16:55:45 -04:00
Corey Ogburn
d99857002d Improved Label 
The underlying field is called "rulesetName" but for playbook repos we're not talking about rulesets. Improved the label for user experience.
 2025-08-22 13:18:22 -06:00
Corey Ogburn
2a6c74917e Ruleset Name UiElement 
Add a missing UiElement so all the repo fields are represented in the UI.
 2025-08-22 13:00:17 -06:00
Jason Ertel
884bec7465 fix typo 2025-08-18 15:01:49 -04:00
Jason Ertel
9cb42911dc Merge branch '2.4/dev' into jertel/wip 2025-08-18 09:54:58 -04:00
Jason Ertel
a3cc6f025e reports 2025-08-18 09:54:40 -04:00
Josh Patterson
930c8147e7 simplify cpu and memory regex 2025-08-01 08:52:21 -04:00
reyesj2
84b38daf62 name destination_geo & source_geo to destination.as and source.as better aligning with ECS and linking other log sources already using .as for ASN geo data. 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-07-25 16:17:22 -05:00
Josh Patterson
e61e2f04b3 handle hw not having sfp,disk or copper. show none for total if that is the case 2025-07-16 15:24:43 -04:00
Doug Burks
6bb6c24641 Simplify UniFi dashboards #14838 2025-07-16 07:20:39 -04:00
Doug Burks
4f8bd16910 FEATURE: Add SOC Dashboards for CEF, iptables, and UniFi logs #14838 2025-07-14 15:37:10 -04:00
Doug Burks
ab9d03bc2e FEATURE: Add SOC Dashboards for UniFi logs #14838 2025-07-14 12:21:08 -04:00
Doug Burks
10bf3e8fab FEATURE: Add SOC default fields for CEF logs #14837 2025-07-14 12:07:02 -04:00
Doug Burks
f8108e93d5 FEATURE: Add SOC default fields for iptables logs #14836 2025-07-14 12:04:46 -04:00
Jason Ertel
e49b3fc260 Merge pull request #14832 from Security-Onion-Solutions/jertel/wip 
fix typo
 2025-07-11 11:32:18 -04:00
Jason Ertel
9b125fbe53 fix typo 2025-07-11 11:30:01 -04:00
Jason Ertel
10e3b32fed fix typo 2025-07-11 11:29:16 -04:00
Josh Brower
42552810fb Add user.name to kratos query 2025-07-08 09:50:08 -04:00
Corey Ogburn
a86105294b Playbook Annotations 2025-06-30 12:50:56 -06:00
Corey Ogburn
33c23c30d3 Refactors playbook repo configuration 
Replaces individual playbook repo fields with an array of repos to support multiple playbook sources. Refactor Jinja.
 2025-06-30 11:43:02 -06:00
Josh Patterson
0602601655 Merge remote-tracking branch 'origin/2.4/dev' into vlb2 2025-06-20 16:25:16 -04:00
Josh Brower
31cd5b1365 Add support for dns.resolved_ip 2025-06-20 15:02:59 -04:00
Josh Patterson
bd4f2093db add vm delete warning for ui element 2025-06-11 09:39:15 -04:00
Josh Patterson
07359ad6ec Merge remote-tracking branch 'origin/2.4/dev' into vlb2 2025-06-09 14:48:26 -04:00
Josh Brower
dbdbffa4b0 Add nsm bind 2025-06-08 08:23:09 -04:00
Josh Brower
a3b5db5945 Add support for Airgap for Playbooks 2025-06-06 16:17:14 -04:00
Josh Patterson
2ef89be67d Merge remote-tracking branch 'origin/2.4/dev' into vlb2 2025-06-05 09:40:44 -04:00
Corey Ogburn
fc9107f129 Updated Playbook Repo Config 
The repo and folder have changed. We're splitting out playbooks into their own repo: github.com/security-onion-solutions/securityonion-resources-playbooks.
 2025-06-03 13:33:30 -06:00
Josh Patterson
6e1e617124 Merge remote-tracking branch 'origin/2.4/dev' into vlb2 2025-06-02 14:06:00 -04:00
Josh Brower
0277891392 Use Stable branch 2025-06-02 13:10:13 -04:00
Josh Patterson
be5e41227f rename step 2025-05-23 11:41:45 -04:00
Josh Patterson
b2650da057 Merge remote-tracking branch 'origin/2.4/dev' into vlb2 2025-05-22 09:10:20 -04:00
Josh Brower
2fff6232c1 Merge pull request #14638 from Security-Onion-Solutions/2.4/playbooks-parsing 
Add parsing for Playbook
 2025-05-19 18:06:05 -04:00
Corey Ogburn
39f74fe547 Use the new JSON object editor for RulesRepos config entries 2025-05-19 15:38:45 -06:00
Corey Ogburn
11fb33fdeb Add RulesetName to Rule Repos 
Fill in `rulesetName` in the rules repos of the ElastAlert and Strelka engines. These will act as an example to anybody adding their repos to these lists. The field is not required, but helps avoid collisions when managing repos as the value is used for the folder name. When not present, the final folder of the repo url is used as the rulesetName and as the folder name on disk.

Note that rulesetNames including a `/` will create extra folders in the path but the rulesetName will contain the slash, i.e. `rulesetName="joesecurity/sigma-rules"` will create the nested structure of `reposFolder/joesecurity/sigma-rules" containing the contents of the repo. All rules imported from this repo will have the ruleset of `joesecurity/sigma-rules`.
 2025-05-19 14:19:56 -06:00
Josh Brower
58f4db95ea Create playbooks dir 2025-05-19 15:31:50 -04:00
Josh Brower
b55cb257b6 Add parsing for Playbook 2025-05-19 13:25:27 -04:00
Josh Patterson
b0a8191f59 Merge remote-tracking branch 'origin/2.4/dev' into vlb2 2025-05-19 10:02:26 -04:00
Josh Patterson
28aedcf50b remove vm map example 2025-05-19 09:58:43 -04:00
Josh Brower
9022dc24fb Add Parsing for Playbooks 2025-05-14 13:19:50 -06:00