CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-26 02:43:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
10,772 Commits 19 Branches 120 Tags
f94eb243e415f45dcba2f21ef2676e77367b18ae
Commit Graph

390 Commits

Author SHA1 Message Date
Doug Burks
e1d200e6ce Remove duplicate TDS dashboard from defaults.yaml 2022-12-11 14:39:08 -05:00
Doug Burks
72f71ba695 Fix TDS dashboard in defaults.yaml 2022-12-11 14:36:27 -05:00
Doug Burks
cb16bd36fb fix descriptions in defaults.yaml 2022-12-10 14:31:59 -05:00
Doug Burks
cf7d8076e9 remove old Wazuh Hunt queries in defaults.yaml 2022-12-10 14:21:58 -05:00
Doug Burks
cd664b2d39 remove old Modbus dashboard from defaults.yaml 2022-12-10 14:16:39 -05:00
Doug Burks
7f07a94a98 remove old DNP3 and Wazuh dashboards from defaults.yaml 2022-12-10 14:14:24 -05:00
Doug Burks
187ca4c453 Update soc defaults.yaml to include dnp3_control and dnp3_objects eventfields 2022-12-10 07:33:09 -05:00
Jason Ertel
ef3def156d Switch back to older style redirect due to incompatibility with Ubuntu 18 2022-12-07 14:03:31 -05:00
Jason Ertel
9f72cfa1fc roll back to grep instead of pgrep due to cron issue 2022-12-07 12:08:31 -05:00
Jason Ertel
e849783a86 Reduce cron noise; ensure filecheck is restarted if modified 2022-12-07 08:36:56 -05:00
weslambert
73304e049c Merge pull request #9304 from Security-Onion-Solutions/feature/ics_scada_additions 
Port STUN, TDS, WireGuard, and ICS/SCADA Changes from 2.3 to 2.4
 2022-12-06 13:14:47 -05:00
weslambert
a626acced0 Add new ICS/SCADA event fields to the dashboards section of the configuration and remove extra space in key names. 2022-12-06 13:11:55 -05:00
Wes
1b5c1fecd4 Revert SOC default 'alerts' event fields and specify additional event fields for ICS/SCADA events 2022-12-06 17:28:30 +00:00
Wes
b048eec3c0 Add STUN, TDS, WireGuard, and ICS/SCADA dashboard queries 2022-12-06 17:17:49 +00:00
Wes
f44eee134a Add default queries and ICS/SCADA queries 2022-12-06 16:52:20 +00:00
Jason Ertel
fd13c7ccc0 Additional metadata for soc 2022-12-05 09:03:22 -05:00
Jason Ertel
7f7e5474ed Add more logging for filecheck monitoring, and ensure scripts are accessible to salt-relay 2022-11-17 10:43:05 -05:00
Jason Ertel
0ffef75d7b Move background jobs to cron 2022-11-17 09:50:41 -05:00
Jason Ertel
7cd5d625d1 temporarily remove salt-pipe for debug purposes 2022-11-16 20:45:50 -05:00
Jason Ertel
4497037442 Use bg:True to send cmd to background 2022-11-16 20:03:54 -05:00
Jason Ertel
55f22af758 Merge pull request #9017 from Security-Onion-Solutions/config 
Retry so-user commands if another process is currently using so-user
 2022-10-27 15:41:37 -04:00
Jason Ertel
35fab05bdd Retry so-user commands if another process is currently using so-user 2022-10-27 15:25:08 -04:00
Jason Ertel
d7b370e31b Merge pull request #9010 from Security-Onion-Solutions/config 
regex should match entire input against allowed logLevel values
 2022-10-27 13:17:51 -04:00
Jason Ertel
6347532dd8 regex should match entire input against allowed logLevel values 2022-10-26 18:48:20 -04:00
m0duspwnens
998870ac87 Merge remote-tracking branch 'remotes/origin/2.4/dev' into statesglobals 2022-10-17 15:58:44 -04:00
Doug Burks
f6151b3895 Remove destination_geo.organization_name from Sysmon Network sankey diagram 2022-10-13 09:03:10 -04:00
m0duspwnens
b526532ab6 use global vars in states 2022-10-11 11:57:15 -04:00
doug
d65fde9536 improve sysmon dashboards 2022-10-07 12:23:40 -04:00
Jason Ertel
0fdec03fa9 use yaml anchor to avoid duplicated annotations 2022-09-30 15:15:35 -04:00
Jason Ertel
30a23a4cd0 Add SOC annotations 2022-09-30 15:00:08 -04:00
Jason Ertel
e519548557 add logLevel default and annotation for quick access to enabling debug logs 2022-09-27 16:55:28 -04:00
Jason Ertel
981371c72f log salt-relay responses for troubleshooting assistance 2022-09-27 16:48:47 -04:00
Jason Ertel
16d24d4bc9 Merge pull request #8822 from Security-Onion-Solutions/config 
user management / sync
 2022-09-27 11:14:32 -04:00
Jason Ertel
53b4f01921 replace quotes on minion arg 2022-09-27 10:54:08 -04:00
Jason Ertel
7f7f2c15d0 add support for querying active salt jobs (future use) 2022-09-27 10:29:21 -04:00
m0duspwnens
6bd4860f19 fix path 2022-09-27 09:57:01 -04:00
m0duspwnens
42b03ca6df add missing soc things 2022-09-27 09:53:48 -04:00
Jason Ertel
556ddc2ee4 sync in background 2022-09-27 09:24:34 -04:00
Jason Ertel
8e175b2d3f add manual sync 2022-09-27 07:05:04 -04:00
Jason Ertel
0ad1a1a262 so-user and salt-relay updates for user management 2022-09-26 14:57:33 -04:00
doug
fee5a7bea9 initial quick OCD pass 2022-09-23 16:29:55 -04:00
m0duspwnens
c77fcc74c1 merge in 2.4./firewall changes 2022-09-22 10:55:39 -04:00
Mike Reeves
85339d7cb1 Add helpLinks to everything 2022-09-20 15:43:34 -04:00
Doug Burks
0137004344 Fix releaseNotesUrl in defaults.yaml 2022-09-20 15:16:53 -04:00
Doug Burks
530c497800 Update motd.md 2022-09-20 15:16:04 -04:00
Doug Burks
df18f8f886 Merge pull request #8779 from Security-Onion-Solutions/2.4/dev 
2.4/dev
 2022-09-20 13:32:54 +00:00
Josh Brower
120fdef173 Hunt Query - Elastic Agent Live Osquery Logs 2022-09-20 08:27:47 -04:00
Josh Brower
3eb4adc5c3 Hunt Query - Elastic Agent Live Osquery Logs 2022-09-19 20:12:47 -04:00
Josh Brower
b38804840d Merge pull request #8772 from Security-Onion-Solutions/2.4/grafana-ids 
Grafana SOC Redirect
 2022-09-19 16:02:41 -04:00
Josh Brower
80919827c6 Fixup index patterns 2022-09-19 15:55:23 -04:00