CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-16 14:02:52 +01:00
Code Issues Packages Projects Releases Wiki Activity
16,874 Commits 28 Branches 119 Tags
f303363a735057196c98a809e1a66e81eaefa209
Commit Graph

925 Commits

Author SHA1 Message Date
Josh Patterson
e61e2f04b3 handle hw not having sfp,disk or copper. show none for total if that is the case 2025-07-16 15:24:43 -04:00
Doug Burks
6bb6c24641 Simplify UniFi dashboards #14838 2025-07-16 07:20:39 -04:00
Doug Burks
4f8bd16910 FEATURE: Add SOC Dashboards for CEF, iptables, and UniFi logs #14838 2025-07-14 15:37:10 -04:00
Doug Burks
ab9d03bc2e FEATURE: Add SOC Dashboards for UniFi logs #14838 2025-07-14 12:21:08 -04:00
Doug Burks
10bf3e8fab FEATURE: Add SOC default fields for CEF logs #14837 2025-07-14 12:07:02 -04:00
Doug Burks
f8108e93d5 FEATURE: Add SOC default fields for iptables logs #14836 2025-07-14 12:04:46 -04:00
Jason Ertel
e49b3fc260 Merge pull request #14832 from Security-Onion-Solutions/jertel/wip 
fix typo
 2025-07-11 11:32:18 -04:00
Jason Ertel
9b125fbe53 fix typo 2025-07-11 11:30:01 -04:00
Jason Ertel
10e3b32fed fix typo 2025-07-11 11:29:16 -04:00
Josh Brower
42552810fb Add user.name to kratos query 2025-07-08 09:50:08 -04:00
Corey Ogburn
a86105294b Playbook Annotations 2025-06-30 12:50:56 -06:00
Corey Ogburn
33c23c30d3 Refactors playbook repo configuration 
Replaces individual playbook repo fields with an array of repos to support multiple playbook sources. Refactor Jinja.
 2025-06-30 11:43:02 -06:00
Josh Patterson
0602601655 Merge remote-tracking branch 'origin/2.4/dev' into vlb2 2025-06-20 16:25:16 -04:00
Josh Brower
31cd5b1365 Add support for dns.resolved_ip 2025-06-20 15:02:59 -04:00
Josh Patterson
bd4f2093db add vm delete warning for ui element 2025-06-11 09:39:15 -04:00
Josh Patterson
07359ad6ec Merge remote-tracking branch 'origin/2.4/dev' into vlb2 2025-06-09 14:48:26 -04:00
Josh Brower
dbdbffa4b0 Add nsm bind 2025-06-08 08:23:09 -04:00
Josh Brower
a3b5db5945 Add support for Airgap for Playbooks 2025-06-06 16:17:14 -04:00
Josh Patterson
2ef89be67d Merge remote-tracking branch 'origin/2.4/dev' into vlb2 2025-06-05 09:40:44 -04:00
Corey Ogburn
fc9107f129 Updated Playbook Repo Config 
The repo and folder have changed. We're splitting out playbooks into their own repo: github.com/security-onion-solutions/securityonion-resources-playbooks.
 2025-06-03 13:33:30 -06:00
Josh Patterson
6e1e617124 Merge remote-tracking branch 'origin/2.4/dev' into vlb2 2025-06-02 14:06:00 -04:00
Josh Brower
0277891392 Use Stable branch 2025-06-02 13:10:13 -04:00
Josh Patterson
be5e41227f rename step 2025-05-23 11:41:45 -04:00
Josh Patterson
b2650da057 Merge remote-tracking branch 'origin/2.4/dev' into vlb2 2025-05-22 09:10:20 -04:00
Josh Brower
2fff6232c1 Merge pull request #14638 from Security-Onion-Solutions/2.4/playbooks-parsing 
Add parsing for Playbook
 2025-05-19 18:06:05 -04:00
Corey Ogburn
39f74fe547 Use the new JSON object editor for RulesRepos config entries 2025-05-19 15:38:45 -06:00
Corey Ogburn
11fb33fdeb Add RulesetName to Rule Repos 
Fill in `rulesetName` in the rules repos of the ElastAlert and Strelka engines. These will act as an example to anybody adding their repos to these lists. The field is not required, but helps avoid collisions when managing repos as the value is used for the folder name. When not present, the final folder of the repo url is used as the rulesetName and as the folder name on disk.

Note that rulesetNames including a `/` will create extra folders in the path but the rulesetName will contain the slash, i.e. `rulesetName="joesecurity/sigma-rules"` will create the nested structure of `reposFolder/joesecurity/sigma-rules" containing the contents of the repo. All rules imported from this repo will have the ruleset of `joesecurity/sigma-rules`.
 2025-05-19 14:19:56 -06:00
Josh Brower
58f4db95ea Create playbooks dir 2025-05-19 15:31:50 -04:00
Josh Brower
b55cb257b6 Add parsing for Playbook 2025-05-19 13:25:27 -04:00
Josh Patterson
b0a8191f59 Merge remote-tracking branch 'origin/2.4/dev' into vlb2 2025-05-19 10:02:26 -04:00
Josh Patterson
28aedcf50b remove vm map example 2025-05-19 09:58:43 -04:00
Josh Brower
9022dc24fb Add Parsing for Playbooks 2025-05-14 13:19:50 -06:00
Corey Ogburn
78b7068638 Playbook Settings 
Map a folder from the manager's soc config folder to soc's sensoroni folder for storing the playbook repo.

Added playbook module section with default values.
 2025-05-14 13:19:49 -06:00
Doug Burks
a8cb18bb2e Update defaults.yaml to replace remaining instances of identity_id with user.name 2025-05-08 09:09:26 -04:00
Josh Brower
d47a798645 Show user.name instead of id 2025-05-07 11:17:00 -04:00
Jason Ertel
1ecf2b29fc update default actions for subgrid support 2025-05-06 13:56:16 -04:00
Josh Patterson
3a31d80a85 fix regex and label for hypervisor annotation 2025-04-30 13:10:49 -04:00
Josh Patterson
5a8e542f96 create macro for resource regex and fix regex logic for mem and cpu 2025-04-30 13:08:54 -04:00
Josh Patterson
ed80c4e13b Merge remote-tracking branch 'origin/2.4/dev' into vlb2 2025-04-23 15:42:04 -04:00
Jason Ertel
3b447b343f fix typo 2025-04-17 11:51:45 -04:00
Jason Ertel
d0375d3c7e fix typo 2025-04-17 11:51:21 -04:00
Jason Ertel
b607689993 improve regex 2025-04-17 11:47:52 -04:00
Jason Ertel
8f1e528f1c improve regex 2025-04-17 11:09:39 -04:00
Jason Ertel
366e39950a subord annotations; ensure node reboots occur in background 2025-04-16 15:55:16 -04:00
Josh Patterson
cc0e91aa96 Merge remote-tracking branch 'origin/2.4/dev' into vlb2 2025-04-07 08:52:50 -04:00
Jason Ertel
b99bb0b004 support options field on actions 2025-04-04 11:19:30 -04:00
Josh Patterson
445afca6ee use vrt 2025-04-03 13:44:13 -04:00
Jason Ertel
9c455badb9 support background actions via config UI 2025-04-03 13:08:44 -04:00
Josh Patterson
f9bf4e4130 Merge remote-tracking branch 'origin/2.4/dev' into vlb2 2025-03-27 11:26:32 -04:00
Jason Ertel
1236c8c1f2 support pcap imports for sensors in distributed grids 2025-03-21 10:34:55 -04:00