CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 17:52:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,263 Commits 24 Branches 119 Tags
f80b090c932e04ece75003b5c8c01a78f40aac3b
Commit Graph

414 Commits

Author SHA1 Message Date
reyesj2
2baf2478da add additional elasticsearch log output in json format for elasticsearch log integration to parse 2025-10-14 12:47:03 -05:00
Jorge Reyes
23e25fa2d7 Merge pull request #15111 from Security-Onion-Solutions/reyesj2/es-8188 
UPGRADE: ES 8.18.8
 2025-10-07 14:03:45 -05:00
reyesj2
7af95317db es upgrade 8.18.8 pipeline updates 2025-10-06 16:23:22 -05:00
reyesj2
9fd1b9aec1 make sure to pass in variables to json_string.. 2025-10-02 16:38:47 -05:00
reyesj2
c8a3603577 update logstash fleet output policy 2025-10-02 14:47:38 -05:00
reyesj2
e9af46a8cb less strict exits for fleet configuration 2025-09-30 14:28:42 -05:00
reyesj2
8e5fa9576c create disabled so-manager_elasticsearch output policy first, update it then verify it is the only active output 2025-09-26 11:32:25 -05:00
Jorge Reyes
23e12811a1 make sure fleet-default-output is not set as either default output policy 2025-09-25 09:51:32 -05:00
reyesj2
138849d258 more typos 2025-09-18 17:33:42 -05:00
reyesj2
87281efc24 typo 2025-09-18 16:41:33 -05:00
reyesj2
878a3f8962 flip logic to check there aren't two default policies and fleet-default-output is disabled 2025-09-18 16:05:34 -05:00
reyesj2
336ca0dbbd typos 2025-09-18 15:42:25 -05:00
reyesj2
cd5483623b update import/eval fleet output config -- try to prevent corrupt dual 'default' output polices from having a successful installation 2025-09-18 14:33:34 -05:00
reyesj2
faa112eddf update last so-elastic-fleet-common functions 2025-09-18 12:18:16 -05:00
reyesj2
f663f22628 elastic_fleet_integration_id 2025-09-18 10:27:54 -05:00
reyesj2
8b07ff453d elastic_fleet_integration_policy_package_version 2025-09-18 10:21:07 -05:00
reyesj2
24a0fa3f6d add fleet_api wrapper for curl retries 2025-09-18 10:15:57 -05:00
reyesj2
a5011b398d add err check and retries to elastic_fleet_integration_policy_package_name and associated scripts 2025-09-18 09:39:56 -05:00
reyesj2
5b70398c0a add error check & retries to elastic_fleet_integration_policy_names and associated scripts 2025-09-17 15:35:20 -05:00
reyesj2
f3aaee1e41 update elastic_fleet_agent_policy_ids scripts already check rc 2025-09-17 14:59:41 -05:00
reyesj2
d0e875928d add error checking and retries for elastic_fleet_installed_packages & associated script 2025-09-17 14:59:13 -05:00
reyesj2
9e24d21282 remove unused functions from so-elastic-fleet-common 2025-09-17 11:41:27 -05:00
reyesj2
5806999f63 add error check & retries to elastic_fleet_bulk_package_install 2025-09-17 11:39:06 -05:00
reyesj2
063a2b3348 update elastic_fleet_package_version_check & elastic_fleet_package_install to add error checking + retries. Update related scripts 2025-09-16 21:56:53 -05:00
reyesj2
bcd2e95fbe add error checking and retries to elastic_fleet_integration_policy_upgrade 2025-09-16 21:22:03 -05:00
reyesj2
94e8cd84e6 because of more aggressive exits use salt to rerun script as needed 2025-09-16 21:07:33 -05:00
reyesj2
948d72c282 add error check and retry to elastic_fleet_integration_update 2025-09-16 21:07:02 -05:00
reyesj2
bdeb92ab05 add err check and retries for elastic_fleet_integration_create 2025-09-16 20:30:45 -05:00
reyesj2
fdb5ad810a add err check and retries around func elastic_fleet_policy_create 2025-09-16 20:10:48 -05:00
reyesj2
f588a80ec7 fix jq error when indices don't exist (seen on fresh installs when fleet hasn't ever been installed) 2025-09-16 10:37:26 -05:00
Jorge Reyes
562b7e54cb Merge pull request #15031 from Security-Onion-Solutions/reyesj2/kfoutput 
fix case of broken kafka output policy when new receiver is added and…
 2025-09-15 15:33:48 -05:00
reyesj2
e6bcf5db6b fix case of broken kafka output policy when new receiver is added and secret storage was overwritten 2025-09-15 13:46:02 -05:00
Jorge Reyes
4d24c57903 Merge pull request #15028 from Security-Onion-Solutions/reyesj2/ea-alerter 
agent monitor template & dataset name update
 2025-09-12 14:45:20 -05:00
reyesj2
0606c0a454 agent monitor template & dataset name update 2025-09-12 14:26:22 -05:00
Jorge Reyes
a54cd004d6 Merge pull request #15013 from Security-Onion-Solutions/reyesj2/kfoutput 
update kafka output policy
 2025-09-12 07:34:54 -05:00
reyesj2
a7651b2734 lower filestream fingerprint length 2025-09-11 14:30:49 -05:00
reyesj2
890f76e45c avoid delay in log ingest after a forced kafka output policy update 2025-09-10 20:21:11 -05:00
reyesj2
8dc0f8d20e fix elastic agent ssl unpack error 2025-09-10 12:49:30 -05:00
reyesj2
8f36d2ec00 update log file name 2025-09-09 15:38:50 -05:00
reyesj2
9f7bcb0f7d add --force flag to so-kafka-fleet-output-policy & default to using fleet secret storage for client key 2025-09-08 21:13:11 -05:00
reyesj2
dfec29d18e custom kquery 2025-09-04 15:37:28 -05:00
reyesj2
1a32a0897c Merge remote-tracking branch 'origin/2.4/dev' into reyesj2/ea-alerter 2025-09-02 17:11:21 -05:00
reyesj2
e26310d172 elastic agent offline alerter 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-09-02 17:00:03 -05:00
reyesj2
a5675a79fe es 8.18.6 pipeline upd 2025-08-28 19:45:17 -05:00
reyesj2
c1a5c2b2d1 set elasticfleet aritifact registry artifact file permissions 2025-08-12 14:39:35 -05:00
reyesj2
e8c25d157f drop empty ip fields when its a opencanary startup log (1001) to prevent elasticsearch doc ingest error 2025-07-23 15:52:50 -05:00
reyesj2
2e5682f11c 8.18.4 import evtx pipelines 2025-07-23 09:53:04 -05:00
reyesj2
4728b96c51 add a retry to so-elastic-fleet-integration-upgrade when response isn't what was expected that way the error message isn't throwin into sosetup / soup log 2025-07-22 16:16:28 -05:00
reyesj2
8a57b79b77 make package installs go in groups of 25 or less 2025-07-10 15:52:59 -05:00
reyesj2
a4e8e7ea53 update syslog-tcp-514 policy 2025-07-10 13:12:26 -05:00