CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
9,483 Commits 24 Branches 119 Tags
ebce67060f2e3b7b46c6b3fd7e1014b850526ef0
Commit Graph

602 Commits

Author SHA1 Message Date
Wes Lambert
ebce67060f Initial template refactor 2022-02-14 15:20:33 +00:00
Wes Lambert
9b841fd872 Add 'event.created' and 'event.ingested' keyword mapping 2022-02-08 21:34:32 +00:00
Wes Lambert
c2c4e4df17 Add Snyk component template 2022-02-08 15:23:43 +00:00
Wes Lambert
f9a50d33c3 Add new templates 2022-02-08 13:17:23 +00:00
Wes Lambert
2951e12c96 Remove snyk component template for now and fix folder structure 2022-02-08 13:16:59 +00:00
Wes Lambert
6d0ca6fcbb Fix mangled key name/typo 2022-02-08 12:59:07 +00:00
Wes Lambert
5090854d4d Add additional component templates and index template references 2022-02-08 03:03:55 +00:00
Wes Lambert
1366e5288e Add mappings references for new component templates to index templates 2022-02-07 19:54:23 +00:00
Wes Lambert
03bfb052ed Add component templates for Elasticsearch, Kibana, Logstash, Netflow, Suricata, and Zeek 2022-02-07 19:42:24 +00:00
Wes Lambert
317f6471d8 Add additional scan and rule filset mappings 2022-02-04 19:05:09 +00:00
Wes Lambert
1ce8bb3523 Fix winlog mapping reference reversion 2022-02-04 18:14:01 +00:00
Wes Lambert
5e03b1a5de Fix reference for file mappings in template 2022-02-04 18:11:03 +00:00
weslambert
898db542bf Merge pull request #7117 from Security-Onion-Solutions/feature/winlog_dtc_mappings 
Add winlog mappings
 2022-02-04 12:16:16 -05:00
Wes Lambert
69cb83cac9 Add winlog mappings 2022-02-04 17:08:26 +00:00
Wes Lambert
f3902cf77d Fix EG template and mappings 2022-02-04 16:00:16 +00:00
Wes Lambert
a3031b2b5c Additional DTC mapping changes 2022-02-04 15:38:51 +00:00
Wes Lambert
1ce386bb7f Add more DTC transition mappings 2022-02-03 17:33:05 +00:00
weslambert
c5b5c5858e Rename to prevent field conflict 2022-02-02 14:31:46 -05:00
Wes Lambert
9db1510b0e Initial composable template configuration and base mappings 2022-02-02 02:08:31 +00:00
weslambert
367b59188b Revert back to dns.answers for now 2022-01-31 09:54:39 -05:00
weslambert
fc0a5bce86 Revert field limit from testing 2022-01-27 11:18:35 -05:00
weslambert
60a0204975 Revert changes to common template 2022-01-27 11:02:47 -05:00
weslambert
8f0a327cb5 Fix Zeek field name so it doesn't conflict with mapping of other dns.answers fields 2022-01-26 15:02:59 -05:00
weslambert
1b3e7f9d79 Temp changes while adjusting mapping 2022-01-26 14:57:16 -05:00
m0duspwnens
c80adc0430 mount repo dir in container same as defined on host 2022-01-26 13:42:56 -05:00
weslambert
e77648c475 Merge pull request #6994 from Security-Onion-Solutions/feature/dtc 
Additional DTC changes
 2022-01-26 12:22:48 -05:00
Jason Ertel
c2636036ee Merge pull request #6995 from Security-Onion-Solutions/kilo 
store related event data as a flattened object blob
 2022-01-26 12:21:02 -05:00
Wes Lambert
e10749a495 Additional changes to template to accomodate default fields and keyword subfield 2022-01-26 17:16:29 +00:00
Jason Ertel
ed9b74dc33 store related event data as a flattened object blob 2022-01-26 12:16:05 -05:00
m0duspwnens
dd00e3babc use .get since repo may not exist 2022-01-25 13:18:21 -05:00
m0duspwnens
5d2b3992e2 dont need to set ES_PATH_REPO 2022-01-25 13:11:53 -05:00
m0duspwnens
7b6eeac03f dnt mount under /repo in the container 2022-01-25 13:08:46 -05:00
m0duspwnens
00e17d5c78 put repos in /repo in es container 2022-01-25 13:03:54 -05:00
m0duspwnens
a17e1aa87a 930 for group 2022-01-25 13:00:04 -05:00
m0duspwnens
4423e93880 prevent path.repo from being put in elasticsearch.yml if the symlink doesnt exist 2022-01-25 12:57:05 -05:00
m0duspwnens
e62de2934c fix test for es repo 2022-01-25 12:24:03 -05:00
m0duspwnens
a92e2a917b change repos to repo 2022-01-25 10:53:28 -05:00
m0duspwnens
a72f12c4c7 add path.repo mount if symlink exists 2022-01-25 10:50:00 -05:00
weslambert
ba52bd3835 Update template with syntax fixes 2022-01-25 08:56:03 -05:00
Jason Ertel
4ab7a6a079 Merge pull request #6967 from Security-Onion-Solutions/kilo 
Copyright year and format update
 2022-01-24 10:39:31 -05:00
Jason Ertel
eefcc929c2 Update copyright pattern to match other repos 2022-01-24 10:09:23 -05:00
Jason Ertel
7c22f46a55 Update copyright year for 2022 2022-01-24 09:35:29 -05:00
weslambert
f7a4cc20f2 Update so-common-template.json.jinja 2022-01-21 12:36:38 -05:00
weslambert
d1efa71c57 Remove dynamic keyword template to prevent field conflicts with mappings defined in common template 2022-01-20 12:34:32 -05:00
Josh Patterson
c57b2d005e Merge pull request #6933 from Security-Onion-Solutions/issue/6810 
quote ES_PASS in SOCtopus.conf and remove % from random pw
 2022-01-20 10:57:56 -05:00
m0duspwnens
9b2459d8ba quote ES_PASS in SOCtopus.conf and remove % from random pw 2022-01-20 10:52:48 -05:00
weslambert
e137ad60c5 Disable dynamic mapping and increase order to reduce potential field conflicts 2022-01-20 09:44:41 -05:00
m0duspwnens
fc65f7bb84 Merge remote-tracking branch 'remotes/origin/dev' into issue/6810 2022-01-19 15:35:28 -05:00
Jason Ertel
dc44a91398 Prefix all SO fields to avoid potential conflicts with future ECS changes 2022-01-19 14:26:22 -05:00
Jason Ertel
d7ba1cedff remove unused fields object from related case schema 2022-01-19 08:39:21 -05:00