weslambert and GitHub
8099b1688b
Merge pull request #8319 from Security-Onion-Solutions/fix/elasticsearch_query_missing_query_path
...
Fix missing query path for so-elasticsearch-query
2022-07-18 09:47:16 -04:00
weslambert and GitHub
2914007393
Add forward slash to fix issue with missing query path
2022-07-18 09:07:34 -04:00
weslambert and GitHub
f5e10430ed
Add forward slash to fix issue with missing query path
2022-07-18 09:07:13 -04:00
weslambert and GitHub
52ebbf8ff3
Merge pull request #8304 from Security-Onion-Solutions/fix/kibana_space_defaults_web_response_url
...
Change web_response to evaluate the response from the Spaces API and the default space query
2022-07-14 12:08:02 -04:00
weslambert and GitHub
2443e8b97e
Change web_response to evaluate the response from the Spaces API and the default space query
2022-07-14 12:04:56 -04:00
weslambert and GitHub
4241eb4b29
Merge pull request #8298 from Security-Onion-Solutions/fix/kibana_space_defaults_shebang
...
Add shebang so that so-kibana-space-defaults will work correctly on Ubuntu
2022-07-13 16:50:21 -04:00
weslambert and GitHub
0fd4f34b5b
Add shebang so that so-kibana-space-defaults will work correctly on Ubuntu
2022-07-13 16:48:39 -04:00
weslambert and GitHub
4a5664db7b
Merge pull request #8289 from Security-Onion-Solutions/fix/soup_unsupported_indices_check
...
Add missing 'fi' to if/then for unsupported indices check
2022-07-13 09:15:22 -04:00
weslambert and GitHub
513c7ae56c
Add missing 'fi' to if/then for unsupported indices check
2022-07-13 09:13:28 -04:00
weslambert and GitHub
fa894cf83b
Merge pull request #8288 from Security-Onion-Solutions/fix/soup_elastalert_indices_deletion_check
...
Ensure Elastalert indices are deleted before continuing with SOUP
2022-07-13 08:44:04 -04:00
weslambert and GitHub
8e92060c29
Ensure Elastalert indices are deleted before continuing with SOUP -- if they are not, generate a failure condition
2022-07-13 08:38:55 -04:00
weslambert and GitHub
d7eb8b9bcb
Merge pull request #8281 from Security-Onion-Solutions/fix/soup_elasticsearch8_index_compatibility
...
SOUP - Check for indices created by Elasticsearch 6
2022-07-12 16:20:47 -04:00
weslambert and GitHub
d0a0ca8458
Update exit code for ES checks
2022-07-12 16:15:44 -04:00
weslambert and GitHub
4502182b53
Typo - Ensure Elasticsearch version 6 indices are checked
2022-07-12 15:35:46 -04:00
weslambert and GitHub
0fc6f7b022
Add check for Elasticsearch 6 indices
2022-07-12 15:34:24 -04:00
weslambert and GitHub
e9a22d0aff
Merge pull request #8275 from Security-Onion-Solutions/fix/filebeat_es_output_additions
...
Specify outputs for Elasticsearch and Kibana for Eval and Import Mode
2022-07-11 19:03:07 -04:00
weslambert and GitHub
11d3ed36b7
Specify outputs for Elasticsearch and Kibana for Eval and Import Mode
...
Add outputs for Elasticsearch and Kibana for Eval/Import Mode, since Logstash is not used in Eval Mode or Import Mode. Otherwise, logs from these inputs end up in a filebeat-prefixed index.
2022-07-11 17:22:09 -04:00
weslambert and GitHub
d828bbfe47
Merge pull request #8273 from Security-Onion-Solutions/fix/kibana_space_defaults_cases
...
Add securitySolutionCases feature to ensure Cases are disabled by default
2022-07-11 16:39:30 -04:00
weslambert and GitHub
bd32394560
Add securitySolutionCases feature to ensure Cases are disabled by default
2022-07-11 16:38:05 -04:00
weslambert and GitHub
6f4f050a96
Merge pull request #8272 from Security-Onion-Solutions/fix/soup_kibana_space_defaults
...
Run so-kibana-space-defaults when upgrading to 2.3.140
2022-07-11 14:47:11 -04:00
weslambert and GitHub
f77edaa5c9
Run so-kibana-space-defaults to re-establish the default enabled features since Fleet feature name changed
2022-07-11 14:41:23 -04:00
weslambert and GitHub
dd1d5b1a83
Merge pull request #8270 from Security-Onion-Solutions/fix/curator_actions_delete_kratos
...
Add delete and warm action for Kratos indices in applicable Curator delete/warm scripts
2022-07-11 11:39:43 -04:00
weslambert and GitHub
e82b6fcdec
Typo - Change 'delete' to 'warm'
2022-07-11 11:34:53 -04:00
weslambert and GitHub
8c8ac41b36
Add action for Kratos indices
2022-07-11 11:32:03 -04:00
weslambert and GitHub
b611dda143
Add delete action for Kratos indices
2022-07-11 11:31:22 -04:00
weslambert and GitHub
3f5b98d14d
Merge pull request #8269 from Security-Onion-Solutions/fix/curator_actions_kratos
...
Add Curator actions and adjust Curator close scripts to account for so-kibana and so-kratos indices
2022-07-11 11:21:20 -04:00
Wes Lambert
0b6219d95f
Adjust Curator close scripts to include Kibana and Kratos indices
2022-07-11 14:51:33 +00:00
Wes Lambert
2f729e24d9
Add Curator action files for Kratos indices
2022-07-11 14:34:10 +00:00
weslambert and GitHub
992b6e14de
Merge pull request #8268 from Security-Onion-Solutions/fix/kibana_disable_fleetv2
...
Disable fleetv2 because it is now used to control Fleet visibility and 'fleet' is now used for 'Integrations'
2022-07-11 10:09:12 -04:00
weslambert and GitHub
09a1d8c549
Disable fleetv2 because it is now used to control Fleet visibility and 'fleet' is now used for 'Integrations'
2022-07-11 10:06:24 -04:00
weslambert and GitHub
2903bdbc7e
Merge pull request #8260 from Security-Onion-Solutions/fix/kratos_dedicated_index_and_filestream_id_additions
...
Add dedicated index for Kratos and IDs for all filestream inputs
2022-07-08 12:04:40 -04:00
Wes Lambert
5c90fce3a1
Add Kratos Logstash output to search pipeline for Logstash
2022-07-08 15:58:00 +00:00
Wes Lambert
26698cfd07
Add Logstash output for dedicated Kratos index
2022-07-08 15:55:55 +00:00
Wes Lambert
764e8688b1
Modify Kratos input to use dedicated index and add filestream ID for all applicable inputs
2022-07-08 15:53:55 +00:00
Wes Lambert
b06c16f750
Add ingest node pipeline for Kratos
2022-07-08 15:53:00 +00:00
weslambert and GitHub
42cfab4544
Merge pull request #8256 from Security-Onion-Solutions/fix/kibana_restart_after_role_sync
...
Restart Kibana in case it times out before being able to read role update
2022-07-07 17:44:47 -04:00
weslambert and GitHub
4bbc901860
Restart Kibana in case it times out before being able to read in new role configuration
2022-07-07 17:19:02 -04:00
weslambert and GitHub
a343f8ced0
Merge pull request #8255 from Security-Onion-Solutions/fix/so_kibana_user_role
...
Force so-user to sync roles to ensure so_kibana role change
2022-07-07 16:19:30 -04:00
weslambert and GitHub
85be2f4f99
Force so-user to sync roles to ensure so_kibana role change from superuser to kibana_system
2022-07-07 15:55:44 -04:00
weslambert and GitHub
8b3fa0c4c6
Merge pull request #8252 from Security-Onion-Solutions/feature/elastic_8_3_2
...
Update to Elastic 8.3.2
2022-07-07 11:14:14 -04:00
weslambert and GitHub
ede845ce00
Update to Kibana 8.3.2
2022-07-07 11:05:44 -04:00
weslambert and GitHub
42c96553c5
Update to Kibana 8.3.2
2022-07-07 11:04:43 -04:00
weslambert and GitHub
2b73cd1156
Merge pull request #8236 from Security-Onion-Solutions/fix/localfile_analyzer
...
Strip quotes and ensure file_path is typed as a list (localfile analyzer)
2022-07-05 16:28:56 -04:00
weslambert and GitHub
77ee30f31a
Merge pull request #8237 from Security-Onion-Solutions/feature/elastic_8_3_1
...
Bump Elastic to 8.3.1
2022-07-05 14:50:24 -04:00
weslambert and GitHub
2938464501
Update to Kibana 8.3.1
2022-07-05 14:46:02 -04:00
weslambert and GitHub
79e88c9ca3
Update to Kibana 8.3.1
2022-07-05 14:45:30 -04:00
Wes Lambert
e96206d065
Strip quotes and ensure file_path is typed as a list
2022-07-05 14:25:54 +00:00
weslambert and GitHub
3552dfac03
Merge pull request #8199 from Security-Onion-Solutions/fix/filebeat_filestream_elastic8
...
Change type from 'log' to 'filestream' to ensure compatibility with E…
2022-06-27 14:58:54 -04:00
weslambert and GitHub
85f790b28a
Change type from 'log' to 'filestream' to ensure compatibility with Elastic 8
2022-06-27 10:39:58 -04:00
weslambert and GitHub
d0818e83c9
Merge pull request #8197 from Security-Onion-Solutions/fix/localfile_analyzer_csv_path
...
Ensure file_path uses jinja to derive the value(s) from the pillar
2022-06-27 10:36:59 -04:00
weslambert and GitHub
568b43d0af
Ensure file_path uses jinja to derive the value(s) from the pillar
2022-06-27 10:10:13 -04:00
weslambert and GitHub
10bcc43e85
Merge pull request #8167 from Security-Onion-Solutions/feature/update_es_8_2_3
...
Update to Elastic 8.2.3
2022-06-21 16:11:39 -04:00
weslambert and GitHub
af687fb2b5
Update config_saved_objects.ndjson
2022-06-21 16:06:28 -04:00
weslambert and GitHub
776cc30a8e
Update to ES 8.2.3
2022-06-21 16:06:01 -04:00
weslambert and GitHub
44595cb333
Merge pull request #8123 from Security-Onion-Solutions/foxtrot
...
Merge foxtrot into dev
2022-06-14 15:44:13 -04:00
weslambert and GitHub
959cec1845
Delete Elastalert indices before upgrading to Elastic 8
2022-06-14 11:40:11 -04:00
weslambert and GitHub
151a42734c
Update Elastic version to 8.2.2
2022-06-08 15:07:45 -04:00
weslambert and GitHub
11e3576e0d
Update Elastic version to 8.2.2
2022-06-08 15:07:07 -04:00
weslambert and GitHub
adeccd0e7f
Merge pull request #8097 from Security-Onion-Solutions/dev
...
Merge latest dev into foxtrot
2022-06-08 15:01:09 -04:00
weslambert and GitHub
aadf391e5a
Temporarily downgrade version for merge
2022-06-08 14:59:01 -04:00
weslambert and GitHub
47f74fa5c6
Temporarily downgrade version for merge
2022-06-08 14:58:05 -04:00
weslambert and GitHub
494ce0756d
Merge pull request #8045 from Security-Onion-Solutions/fix/mhr_naming
...
Fix naming for Malware Hash Registry analyzer
2022-05-31 07:52:48 -04:00
Wes Lambert
7f30a364ee
Make sure everything is added back after renaming mhr to malwarehashregistry
2022-05-31 11:44:35 +00:00
Wes Lambert
c82aa89497
Fix Malware Hash Registry naming so it's more descriptive in SOC
2022-05-31 11:41:48 +00:00
weslambert and GitHub
a59ada695b
Merge pull request #8031 from Security-Onion-Solutions/fix/screenshots
...
Fix/screenshots
2022-05-27 17:05:51 -04:00
weslambert and GitHub
1a0ac4d253
Merge pull request #8007 from Security-Onion-Solutions/fix/filestream-id
...
Add filestream input ID for RITA logs
2022-05-25 10:11:36 -04:00
weslambert and GitHub
44622350ea
Add ID for RITA filestream inputs
2022-05-25 10:09:01 -04:00
weslambert and GitHub
99864f4787
Merge pull request #8001 from Security-Onion-Solutions/feature/analyzer_readme
...
Add configuration requirements for various analyzers
2022-05-25 09:33:07 -04:00
Wes Lambert
b93512eb01
Adjust verbiage around pillar configuration
2022-05-24 12:36:32 +00:00
Wes Lambert
92dee14ee8
Add configuration requirements for various analyzers
2022-05-24 12:29:14 +00:00
weslambert and GitHub
3e6dfcfaca
Merge pull request #7996 from Security-Onion-Solutions/weslambert-patch-2
...
Create Virustotal README
2022-05-23 11:43:43 -04:00
weslambert and GitHub
a6f1bf3aef
Create Virustotal README
2022-05-23 11:39:44 -04:00
Wes Lambert
429ccb2dcc
Only import yaml module when config is loaded
2022-05-18 02:07:39 +00:00
weslambert and GitHub
94ca3ddbda
Merge pull request #7961 from Security-Onion-Solutions/weslambert-patch-1
...
Add information for MHR and WhoisLookup, and other minor updates
2022-05-17 13:33:24 -04:00
weslambert and GitHub
d3206a048f
Add information for MHR and WhoisLookup, and other minor updates
2022-05-17 12:49:16 -04:00
weslambert and GitHub
ff855eb8f7
Merge pull request #7958 from Security-Onion-Solutions/feature/mhr_analyzer
...
Add Team Cymru Malware Hash Registry Analyzer
2022-05-17 12:42:01 -04:00
Wes Lambert
8af1f19ac3
Another no_results change
2022-05-17 16:12:43 +00:00
Wes Lambert
e4a7e3cba6
Change 'No results found.' to 'no_results'
2022-05-17 16:11:58 +00:00
weslambert and GitHub
2688083ff1
Merge pull request #7959 from Security-Onion-Solutions/feature/whoislookup-analyzer
...
Add Whoislookup RDAP-based analyzer
2022-05-17 12:09:06 -04:00
Wes Lambert
766e9748c5
Add Whoislookup RDAP-based analyzer
2022-05-17 15:52:12 +00:00
weslambert and GitHub
3761b491c0
Remove whitespace
2022-05-17 10:50:33 -04:00
Wes Lambert
e8fc3ccdf4
Add Team Cymru Malware Hash Registry Analyzer
2022-05-17 14:44:53 +00:00
weslambert and GitHub
6c506bbab0
Merge pull request #7935 from Security-Onion-Solutions/fix/pulsedive
...
Fix Pulsedive analyzer logic
2022-05-12 15:20:15 -04:00
Wes Lambert
3dc266cfa9
Add test for when indicator is not found
2022-05-12 19:02:41 +00:00
Wes Lambert
a233c08830
Update logic to handle indicators that are not present in database.
2022-05-12 19:02:02 +00:00
weslambert and GitHub
7f797a11f8
Merge pull request #7924 from Security-Onion-Solutions/analyzer-docs
...
Update analyzer docs with information about analyzers that require au…
2022-05-10 09:40:50 -04:00
weslambert and GitHub
34d57c386b
Update analyzer docs with information about analyzers that require authentication
2022-05-10 09:32:18 -04:00
weslambert and GitHub
000e813fbb
Merge pull request #7921 from Security-Onion-Solutions/fix/analyzer-packages
...
Update analyzer packages to those downloaded by Alpine and add additional build script option
2022-05-09 16:43:31 -04:00
Wes Lambert
555ca2e277
Update analyzer build/testing script to download necessary Python packages
2022-05-09 20:06:39 +00:00
Wes Lambert
32adba6141
Update analyzer packages with those built from native (Alpine) Docker image
2022-05-09 20:04:41 +00:00
weslambert and GitHub
9800f59ed7
Add Urlscan to observable support matrix
2022-05-06 13:11:43 -04:00
Wes Lambert
ccac71f649
Fix formatting/whitespace
2022-05-06 17:08:40 +00:00
Wes Lambert
1990ba0cf0
Fix formatting/whitespace
2022-05-06 17:08:33 +00:00
Wes Lambert
8ff5778569
Add Urlscan analyzer and tests
2022-05-06 17:01:06 +00:00
weslambert and GitHub
a96c665d04
Change test name for EmailRep
2022-05-03 14:13:25 -04:00
weslambert and GitHub
f3a91d9fcd
Add EmailRep analyzer to observable support matrix
2022-05-03 10:10:57 -04:00
Wes Lambert
5a9acb3857
Add EmailRep analyzer and tests
2022-05-03 14:06:32 +00:00
Wes Lambert
8b5666b238
Ensure API key is used
2022-05-03 12:48:06 +00:00
weslambert and GitHub
efb229cfcb
Update to match configuration in analyzer dir
2022-05-02 16:35:21 -04:00
weslambert and GitHub
2fcb2b081d
Update allowed complexity to 12
2022-05-02 16:14:43 -04:00