CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-28 20:03:44 +01:00
Code Issues Packages Projects Releases Wiki Activity
14,270 Commits 19 Branches 120 Tags
ea80469c2db1bc690e26e4a7e5cf5c1afd44bc3d
Commit Graph

533 Commits

Author SHA1 Message Date
Josh Brower
ea80469c2d Detection Default queries 2024-02-12 19:39:55 -05:00
Josh Brower
5102269440 Update defaults 2024-02-12 16:44:54 -05:00
Corey Ogburn
29174566f3 WIP: Updated Detection Mappings, Changed Engine to Language 
Detection mappings updated to include the removal of Note and the addition of Tags, Ruleset, and Language.

SOC defaults updated to use language based queries rather than engine and show the language column instead of the engine column in results.
 2024-02-08 09:44:56 -07:00
Josh Brower
81a3e95914 Fixup sigma pipelines 2024-02-07 16:42:16 -05:00
Josh Brower
7e3187c0b8 Fixup sigma pipelines 2024-02-07 15:35:31 -05:00
Josh Brower
b7b501d289 Add Sigma pipelines 2024-02-07 15:02:52 -05:00
Josh Brower
378c99ae88 Fix bindings 2024-02-02 18:27:49 -05:00
Corey Ogburn
8f81c9eb68 Updating config for Detection(s) 2024-02-02 11:49:58 -07:00
Josh Brower
fe196b5661 Add SOC Config for Detections 2024-02-01 12:22:50 -05:00
Josh Brower
49b5788ac1 add bindings 2024-02-01 07:21:49 -05:00
Corey Ogburn
858166bcae WIP: Detections Changes 
Removed some strelka/yara rules from salt.

Removed yara scripts for downloading and updating rules. This will be managed by SOC.

Added a new compile_yara.py script.

Added the strelka repos folder.
 2024-01-30 15:43:51 -07:00
Corey Ogburn
0fa4d92f8f socsigmarepo 
Need write permissions on the /opt/so/rules dir so I can clone the sigma repo there.
 2024-01-30 14:49:05 -07:00
Jason Ertel
e075d07f5c show last highstate date/time on grid metrics screen; expose maxUploadSize and staleMetricsMs settings on config screen 2023-12-29 11:38:42 -05:00
Doug Burks
ab5de4c104 update soc defaults.yaml 2023-12-19 07:27:07 -05:00
Doug Burks
4d8661d2e0 FIX: Update dashboard and hunt query for firewall logs #12021 2023-12-18 13:38:04 -05:00
Doug Burks
6a1073b616 FIX: Update dashboard and hunt query for firewall logs #12021 2023-12-18 12:57:40 -05:00
Doug Burks
8779fb8cbc Update defaults.yaml 2023-12-14 13:30:52 -05:00
Doug Burks
042e5ae9f0 https://github.com/Security-Onion-Solutions/securityonion/issues/12021 2023-12-14 12:46:28 -05:00
m0duspwnens
3dbf97944d fix extra_hosts. https://github.com/Security-Onion-Solutions/securityonion/issues/12015 2023-12-14 10:26:29 -05:00
weslambert
0334ef9677 Add eml observable type 2023-12-05 19:10:16 -05:00
Jason Ertel
c09e8f0d71 improve timing of responses 2023-11-16 15:58:48 -05:00
Jason Ertel
de99cda766 improve timing of responses 2023-11-16 15:51:17 -05:00
Doug Burks
4666b993e5 Update defaults.yaml 2023-11-14 09:58:45 -05:00
Wes
bca1194a46 Sublime SOC Action 2023-11-01 14:01:55 +00:00
m0duspwnens
99662c999f log operation and minion target 2023-10-20 13:41:24 -04:00
Jason Ertel
84c39b5de7 only add heavynodes to remoteHostUrls 2023-10-16 13:01:13 -04:00
m0duspwnens
35157f2e8b add comment 2023-09-07 15:46:04 -04:00
m0duspwnens
60f1947eb4 prevent endgame_dict from being added to standard_actions if it is already present 2023-09-07 14:01:19 -04:00
m0duspwnens
ffaab4a1b4 only add endgame to action if it is populated 2023-09-06 14:19:53 -04:00
Jason Ertel
546c562ef0 expose standard relay timeout in config UI; up default to 45s to accommodate sluggish pillar.get calls 2023-09-01 10:31:02 -04:00
Doug Burks
da56a421e5 Update motd.md 2023-08-31 09:17:33 -04:00
Corey Ogburn
a615fc8e47 New Config Default: longRelayTimeoutMs 
Salt is getting a second timeout for operations known to take a long time such as sending and importing files. There's also an entry in soc_soc.yaml so the value can be changed in SOC's config page.
 2023-08-30 15:33:01 -06:00
Mike Reeves
bd61ee22be Update defaults.map.jinja 2023-08-28 14:41:06 -04:00
weslambert
563a495725 Add Playbook 2023-08-21 11:24:07 -04:00
weslambert
9e18fe64cf Remove OSSEC configuration 2023-08-21 11:20:47 -04:00
Jason Ertel
1fb3a59573 add missing annotations to avoid soc crash 2023-08-11 13:41:58 -04:00
Jason Ertel
a5e60363cf add missing annotations to avoid soc crash 2023-08-11 13:38:16 -04:00
Doug Burks
4426437ad3 Update motd.md 2023-08-10 15:04:31 -04:00
bryant-treacle
036b81707b Update defaults.yaml 2023-08-08 16:10:54 -04:00
bryant-treacle
3d4fd08547 Update defaults.yaml 2023-08-08 15:28:06 -04:00
weslambert
527a6ba454 Use asterisk when searching 'msg' since it is now a keyword 2023-07-31 23:52:38 -04:00
Corey Ogburn
aa56085758 New Action "Add to Case" 2023-07-28 09:55:44 -06:00
Josh Patterson
c1190064ad Merge pull request #10823 from Security-Onion-Solutions/2.4/dockerips 
2.4/dockerips
 2023-07-25 08:39:49 -04:00
m0duspwnens
4c9d172721 sorange to range 2023-07-21 16:21:18 -04:00
Corey Ogburn
bb7a918a16 Added ReverseLookup Option 
Defaults to false, has metadata to show up in the config section of soc.
 2023-07-21 13:18:08 -06:00
Wes
1848a835f5 Remove keyword 2023-07-19 13:52:15 +00:00
Jason Ertel
5eca1acbeb incorporate features pillar 2023-07-06 13:24:45 -04:00
Jason Ertel
951f04c265 remove use of pipe 2023-06-29 12:10:12 -04:00
Corey Ogburn
fb27e7c479 Also add to dashboard 
Duplicate new queryToggleFilter from hunt to dashboard.
 2023-06-23 11:30:26 -06:00
Corey Ogburn
261acee8a0 New Hunt queryToggleFilter 
New filter to exclude soc logs from hunt results.
 2023-06-23 11:30:26 -06:00