CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-25 05:57:49 +02:00
Code Issues Packages Projects Releases Wiki Activity
17,918 Commits 40 Branches 125 Tags
fa4bf218d5c82984e6ccb26bc86a4c781c6317c9
Commit Graph

11578 Commits

Author SHA1 Message Date
Josh Patterson d6263812a6 move daemon.json to docker/files 2026-03-17 15:09:09 -04:00
Josh Patterson ef7d1771ab DOCKER TO DOCKERMERGED 2026-03-17 15:08:10 -04:00
Josh Patterson 4dc377c99f DOCKER to DOCKERMERGED 2026-03-17 15:06:06 -04:00
reyesj2 a52e5d0474 update index template priorities + explicity add datastream config options 2026-03-17 13:50:15 -05:00
reyesj2 1a943aefc5 rollover datastreams to get latest index templates + remove existing ilm policies from so-case / so-detection indices 2026-03-17 13:49:20 -05:00
Mike Reeves 4bb61d999d Merge pull request #15628 from Security-Onion-Solutions/zeekload 
Add salt states for custom Zeek package loading
 2026-03-17 13:40:14 -04:00
Mike Reeves e0e0e3e97b Exclude README from zkg sync 2026-03-17 13:36:56 -04:00
Mike Reeves 6b039b3f94 Consolidate zkg directory creation into file.recurse with makedirs 2026-03-17 13:36:03 -04:00
Mike Reeves e6ee7dac7c Add salt states for custom Zeek package loading 
Create /opt/so/conf/zeek/zkg directory and sync custom packages
from the manager via file.recurse. Bind mount the directory into
the so-zeek container so the entrypoint can install packages on
startup.
 2026-03-17 13:22:59 -04:00
Josh Patterson 7bf63b822d replace placeholder files with .gitkeep to keep empty directories 2026-03-17 11:40:49 -04:00
Josh Patterson 1a7d72c630 ensure empty directory tracked by git 2026-03-17 11:11:02 -04:00
Josh Patterson 4224713cc6 Merge pull request #15624 from Security-Onion-Solutions/moreja 
Add SOC UI toggle for JA4+ fingerprinting
 2026-03-17 09:44:04 -04:00
Mike Reeves b452e70419 Keep JA4S_raw and JA4H_raw hardcoded to disabled 2026-03-17 09:37:37 -04:00
Mike Reeves 6809497730 Add SOC UI toggle for JA4+ fingerprinting in Zeek 
JA4 (BSD licensed) remains always enabled, but JA4+ variants (JA4S,
JA4D, JA4H, JA4L, JA4SSH, JA4T, JA4TS, JA4X) require a FoxIO license
and are now toggleable via the SOC UI. The toggle includes a license
agreement warning and defaults to disabled.
 2026-03-17 09:35:31 -04:00
Jason Ertel 70597a77ab Merge pull request #15623 from Security-Onion-Solutions/jertel/wip 
fix hydra health check
 2026-03-17 07:53:00 -04:00
Jason Ertel f5faf86cb3 fix hydra health check 2026-03-17 07:50:40 -04:00
Mike Reeves ebc1152376 Rebuild all analyzer source-packages for Python 3.14 
Full rebuild of all analyzer source-packages via pip download targeting
cp314/manylinux_2_17_x86_64 to match the so-soc Dockerfile base image
(python:3.14.3-slim).

Replaces cp313 wheels with cp314 for pyyaml and charset_normalizer,
and picks up certifi 2026.2.25 (from 2026.1.4).
 2026-03-16 18:58:24 -04:00
Mike Reeves 625bfb3ba7 Rebuild analyzer source-packages wheels for Python 3.14 
The so-soc Dockerfile base image moved to python:3.14.3-slim but
analyzer source-packages still contained cp313 wheels for pyyaml and
charset_normalizer, causing pip install failures at container startup.

Replace all cp313 wheels with cp314 builds (pyyaml 6.0.3,
charset_normalizer 3.4.6) across all 14 analyzers and update the
CI python-test workflow to match.
 2026-03-16 18:58:23 -04:00
Jason Ertel a3b471c1d1 fix health check for new hydra version 2026-03-16 18:43:36 -04:00
reyesj2 eaf3f10adc remove unused close/delete configs on datastream index templates 2026-03-16 17:26:45 -05:00
reyesj2 84f4e460f6 update index patterns 2026-03-16 16:53:22 -05:00
reyesj2 88841c9814 remove ilm configs from non-datastream indices 2026-03-16 16:52:42 -05:00
Mike Reeves 64bb0dfb5b Merge pull request #15610 from Security-Onion-Solutions/moresoup 
Add -r flag to so-yaml get and migrate pcap pillar to suricata
 2026-03-16 17:36:32 -04:00
Mike Reeves ddb26a9f42 Add test for raw dict output in so-yaml get to reach 100% coverage 
Covers the dict/list branch in raw mode (line 358) that was missing
test coverage.
 2026-03-16 17:19:14 -04:00
Josh Patterson 744d8fdd5e Merge pull request #15620 from Security-Onion-Solutions/mreeves/remove-non-oracle9-salt 
Remove non-Oracle Linux 9 support from salt states
 2026-03-16 17:10:24 -04:00
Josh Patterson 6feb06e623 cleanup preflight 2026-03-16 17:02:36 -04:00
Mike Reeves afc14ec29d Remove non-Oracle Linux 9 support from salt states 
Simplifies salt states, map files, and modules to only support
Oracle Linux 9, removing all Debian/Ubuntu/CentOS/Rocky/AlmaLinux/RHEL
conditional branches.
 2026-03-16 16:58:39 -04:00
Josh Patterson 59134c65d0 Merge pull request #15619 from Security-Onion-Solutions/mreeves/remove-non-oracle9-support 
Remove support for non-Oracle Linux 9 operating systems
 2026-03-16 16:55:59 -04:00
Josh Patterson 614537998a remove curator.disabled from top 2026-03-16 16:44:11 -04:00
Mike Reeves d2cee468a0 Remove support for non-Oracle Linux 9 operating systems 
Security Onion now exclusively supports Oracle Linux 9. This removes
detection, setup, and update logic for Ubuntu, Debian, CentOS, Rocky,
AlmaLinux, and RHEL.
 2026-03-16 16:44:07 -04:00
Josh Patterson 94f454c311 cleanup file.absent 2026-03-16 15:57:15 -04:00
Josh Patterson 17881c9a36 cleanup highlander 2026-03-16 15:56:16 -04:00
Josh Patterson 9b6d29212d forcedType bool 2026-03-16 12:46:25 -04:00
Josh Patterson b00f113658 initialize pcap-log 2026-03-14 19:45:50 -04:00
Jason Ertel 7dcd923ebf Merge pull request #15612 from Security-Onion-Solutions/jertel/wip 
API errors will no longer redirect
 2026-03-13 17:04:51 -04:00
Jason Ertel 1fcd8a7c1a API errors will no longer redirect 2026-03-13 16:53:38 -04:00
Mike Reeves 4a89f7f26b Add -r flag to so-yaml get for raw output without YAML formatting 
Preserve default get behavior with yaml.safe_dump output for backwards
compatibility. Add -r flag for clean scalar output used by soup pcap
migration.
 2026-03-13 16:24:41 -04:00
Mike Reeves a9196348ab Merge pull request #15609 from Security-Onion-Solutions/moresoup 
Moresoup
 2026-03-13 16:16:35 -04:00
Mike Reeves 12dec366e0 Fix so-yaml get to output booleans in YAML format and add bool test 2026-03-13 15:58:47 -04:00
Mike Reeves 1713f6af76 Fix so-yaml tests to match scalar output without document end marker 2026-03-13 15:53:53 -04:00
Mike Reeves 7f4adb70bd Fix so-yaml get to print scalar values without YAML document end marker 2026-03-13 15:34:04 -04:00
Mike Reeves e2483e4be0 Fix so-yaml addKey crash when intermediate key has None value 2026-03-13 15:22:29 -04:00
Mike Reeves 322c0b8d56 Move pcap.enabled under suricata.pcap.enabled in so-minion 2026-03-13 15:14:19 -04:00
Mike Reeves 81c1d8362d Fix pcap migration to strip yaml document end marker from so-yaml output 2026-03-13 15:09:37 -04:00
Mike Reeves d1156ee3fd Merge pull request #15608 from Security-Onion-Solutions/moresoup 
Improve soup version checks and migrate pcap to suricata
 2026-03-13 14:59:57 -04:00
Mike Reeves 18f971954b Improve soup version checks and migrate pcap pillar to suricata 
Consolidate version checks to use regex patterns for 2.4.21X and 3.x
versions. Add migrate_pcap_to_suricata to move pcap.enabled to
suricata.pcap.enabled in minion and pcap pillar files during upgrade.
 2026-03-13 14:54:23 -04:00
Josh Patterson e55ac7062c Merge pull request #15574 from Security-Onion-Solutions/delta 
pcap cleanup state. enable/disable pcap for suricata in soc
 2026-03-13 14:54:06 -04:00
Mike Reeves 89f144df75 Remove upgrade instructions for 2.4 branch 
Removed outdated instructions for upgrading to the latest 2.4 branch.
 2026-03-11 16:05:06 -04:00
Mike Reeves cfccbe2bed Update version check to include 2.4.211 2026-03-11 15:59:23 -04:00
Josh Patterson 3dd9a06d67 Merge pull request #15591 from Security-Onion-Solutions/temp-3dev-merge 
remove 10T virtual disk limit. URL_BASE to vm hosts file
 2026-03-11 15:54:08 -04:00