Josh Patterson
7d4d6a0756
prune images if so-docker-prune exists
2026-05-08 10:13:15 -04:00
Josh Patterson
66c0a662fc
convert wait to script
2026-05-08 09:26:42 -04:00
Josh Brower
49a643fff4
Merge pull request #15875 from Security-Onion-Solutions/3/sigma-fp-os
...
proc_creation per OS type
2026-05-08 15:13:14 +02:00
Josh Brower
e1d830da76
proc_creation per OS type
2026-05-08 09:11:24 -04:00
Josh Patterson
778cc055ea
wait for salt-minion service to be ready before finishing state run
2026-05-07 17:01:20 -04:00
Josh Brower
e847c46129
Merge pull request #15872 from Security-Onion-Solutions/3/soc-logs
...
cleanup status code
2026-05-07 19:01:24 +02:00
Josh Brower
499f7102bd
cleanup status code
2026-05-07 11:27:49 -04:00
Josh Patterson
932deab751
update the push map
2026-05-07 10:51:53 -04:00
Josh Patterson
1281f0ee37
Merge remote-tracking branch 'origin/3/dev' into saltthangs
2026-05-06 09:46:12 -04:00
Josh Patterson
4bc19f91ce
Merge pull request #15867 from Security-Onion-Solutions/fixhype
...
sanitize minion ids for hypervisor reactors / orchestration
2026-05-06 09:46:01 -04:00
Josh Patterson
f774334b6c
Merge remote-tracking branch 'origin/3/dev' into saltthangs
2026-05-06 08:16:41 -04:00
Mike Reeves
4990d0ddea
Merge pull request #15866 from Security-Onion-Solutions/management-bond1
...
Management bond1
2026-05-05 17:17:58 -04:00
Mike Reeves
3e49322220
Allow preconfigured management bond in requirements
2026-05-05 15:35:12 -04:00
Mike Reeves
ecb92d43fc
Limit management bond setup to ISO installs
2026-05-05 15:30:09 -04:00
Mike Reeves
3b714db0bf
Show management bond option consistently
2026-05-05 15:22:40 -04:00
Mike Reeves
f17da4e68b
Add management bond setup option
2026-05-05 15:13:24 -04:00
Jorge Reyes
04cfc22e3f
Merge pull request #15864 from Security-Onion-Solutions/reyesj2/patch-2
...
update grok type conversion to convert processor
2026-05-05 13:58:39 -05:00
reyesj2
dceed421ae
update grok type conversion to convert processor
2026-05-05 13:41:00 -05:00
Josh Patterson
652ac5d61f
fix regex
2026-05-05 14:26:04 -04:00
Josh Patterson
f888a2ba6b
Merge remote-tracking branch 'origin/3/dev' into fixhype
2026-05-05 10:28:49 -04:00
Mike Reeves
8a1ee02335
Merge pull request #15846 from Security-Onion-Solutions/feature/ensure-pyyaml
...
Ensure python3-pyyaml is installed before continuing setup
2026-05-05 10:24:25 -04:00
Josh Patterson
192f6cfe13
Merge remote-tracking branch 'origin/3/dev' into fixhype
2026-05-05 08:18:26 -04:00
Mike Reeves
5bca81d833
Merge pull request #15858 from Security-Onion-Solutions/security-fix
...
Fix unsafe PyYAML load in filecheck
2026-05-04 16:16:40 -04:00
Josh Patterson
1c6574c694
ensure minion ids
2026-05-04 14:03:14 -04:00
Mike Reeves
b701664e04
Fix unsafe PyYAML load in filecheck
2026-05-04 12:09:35 -04:00
Jorge Reyes
bc64f1431d
Merge pull request #15857 from Security-Onion-Solutions/reyesj2/package-registry-health
...
fleet package registry health check
2026-05-04 11:05:23 -05:00
reyesj2
2203037ce7
fleet package registry health check
2026-05-04 10:52:37 -05:00
Jorge Reyes
77a4ad877e
Merge pull request #15851 from Security-Onion-Solutions/reyesj2/integration-transforms
2026-05-01 14:11:12 -05:00
reyesj2
702b3585cc
excluding additional integration transform job failures
2026-05-01 12:57:59 -05:00
reyesj2
86966d2778
reauthorize unhealthy transform jobs using kibana 9.3.3 auth flow
2026-05-01 12:44:08 -05:00
Josh Patterson
7fcace34c4
add sensoroni to push map
2026-04-30 16:09:08 -04:00
Josh Patterson
9541024eb7
fix broken things
2026-04-30 15:35:24 -04:00
Jorge Reyes
ce3ad3a895
Merge pull request #15844 from Security-Onion-Solutions/reyesj2/elastic-agent-warning
...
update default elastic agent logging level to warning
2026-04-30 09:46:28 -05:00
Mike Reeves
3a4b7b50de
ensure python3-pyyaml is installed before continuing setup
2026-04-30 10:15:09 -04:00
Josh Patterson
0d166ef732
remove trailing slashes
2026-04-30 09:53:00 -04:00
Josh Patterson
f7d2994f8b
filter temp files
2026-04-30 09:16:22 -04:00
reyesj2
39d0947102
update default elastic agent logging level to warning
2026-04-29 17:38:40 -05:00
Josh Patterson
8f0757606d
include salt..minion
2026-04-29 16:42:19 -04:00
Josh Patterson
0a8f2e01a0
install pyinotify
2026-04-29 16:41:56 -04:00
Josh Patterson
4546d7bc52
Merge remote-tracking branch 'origin/3/dev' into saltthangs
2026-04-29 14:28:19 -04:00
Jorge Reyes
0085d9a353
Merge pull request #15842 from Security-Onion-Solutions/reyesj2-patch-1
...
so-elastic-fleet-outputs-update now checks for cert drift. Remove run…
2026-04-29 12:37:04 -05:00
Jorge Reyes
2f01ce3b23
so-elastic-fleet-outputs-update now checks for cert drift. Remove running --cert arg on cert change to prevent highstate from running outputs-update 2x
2026-04-29 12:33:28 -05:00
Mike Reeves
71b19c1b5f
Merge pull request #15840 from Security-Onion-Solutions/fix/import-postgres-firewall
...
Open postgres in DOCKER-USER firewall everywhere influxdb is open
2026-04-29 09:20:03 -04:00
Mike Reeves
82e55ae87f
Open postgres on every hostgroup that opens influxdb
...
The static defaults only listed postgres on each role's self-hostgroup,
leaving sensor/searchnode/heavynode/receiver/fleet/idh/desktop/hypervisor
hostgroups unable to reach the manager's so-postgres in distributed
grids. A dynamic block in firewall/map.jinja added postgres to those
hostgroups only when telegraf.output was switched to POSTGRES/BOTH,
which left postgres unreachable by default.
Mirror influxdb statically across manager/managerhype/managersearch/
standalone for every hostgroup that already lists influxdb, and drop
the now-redundant telegraf-gated dynamic block from firewall/map.jinja.
2026-04-29 09:09:50 -04:00
Mike Reeves
3e02001544
Open postgres port for import role in DOCKER-USER firewall
...
When so-postgres was wired in (868cd1187 ), the import role's firewall
defaults were missed while every other manager-class role (manager,
managerhype, managersearch, standalone, eval) had postgres added to
their DOCKER-USER manager-hostgroup portgroups. As a result, on a
fresh import install the so-postgres container starts but tcp/5432 is
dropped at DOCKER-USER, so soc/kratos/telegraf can't reach it.
Add postgres alongside the existing influxdb entry so import nodes
match the other roles.
2026-04-29 08:48:45 -04:00
Josh Patterson
17849d8758
Merge remote-tracking branch 'origin/3/dev' into saltthangs
2026-04-28 15:49:22 -04:00
Mike Reeves
82f70bb53a
Merge pull request #15839 from Security-Onion-Solutions/fix/drop-postgres-soc-module-injection
...
drop postgres module from soc defaults injection
2026-04-28 15:48:49 -04:00
Mike Reeves
2dcded6cca
drop postgres module from soc defaults injection
...
The soc binary on 3/dev does not register a postgres module, so injecting
postgres into soc.config.server.modules makes soc abort at launch with
'Module does not exist: postgres'. The soc-side module is staged on
feature/postgres but is not landing this release. Drop the injection
until the module ships; salt/postgres state and pillars are unchanged.
2026-04-28 15:46:56 -04:00
Josh Patterson
d3d30a587c
Merge remote-tracking branch 'origin/3/dev' into saltthangs
2026-04-28 15:30:31 -04:00
Mike Reeves
8ca59e6f0c
Merge pull request #15838 from Security-Onion-Solutions/fix/docker-refresh-multiarch-pull
...
Fix/docker refresh multiarch pull
2026-04-28 15:14:27 -04:00