CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-26 02:43:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
15,078 Commits 19 Branches 120 Tags
fb07ff65c95e07344e58fb06e7c3c5d6da03b526
Commit Graph

9444 Commits

Author SHA1 Message Date
Corey Ogburn
ee696be51d Remove rootCA and insecureSkipVerify from SOC defaults 2024-06-07 13:07:04 -06:00
Corey Ogburn
5d3fd3d389 AdditionalCA and InsecureSkipVerify 
New fields have been added to manager and then duplicated over to SOC's config in the same vein as how proxy was updated earlier this week.

AdditionalCA holds the PEM formatted public keys that should be trusted when making requests. It has been implemented for both Sigma's zip downloads and Sigma and Suricata's repository clones and pulls.

InsecureSkipVerify has been added to help our users troubleshoot their configuration. Setting it to true will not verify the cert on outgoing requests. Self signed, missing, or invalid certs will not throw an error.
 2024-06-07 12:47:09 -06:00
Corey Ogburn
fa063722e1 RootCA and InsecureSkipVerify 
New empty settings and their annotations.
 2024-06-07 09:10:14 -06:00
coreyogburn
f35f6bd4c8 Merge pull request #13154 from Security-Onion-Solutions/cogburn/soc-proxy 
SOC Proxy Setting
 2024-06-06 14:03:16 -06:00
Mike Reeves
f37f5ba97b Update soc_suricata.yaml 2024-06-06 15:57:58 -04:00
Corey Ogburn
42818a9950 Remove proxy from SOC defaults 2024-06-06 13:28:07 -06:00
Corey Ogburn
e85c3e5b27 SOC Proxy Setting 
The so_proxy value we build during install is now copied to SOC's config.
 2024-06-06 11:55:27 -06:00
Jason Ertel
5600fed9c4 add ability to retrieve yaml values via so-yaml.py; improve so-minion id matching 2024-06-06 11:56:07 -04:00
m0duspwnens
f6a8a21f94 remove space 2024-06-05 08:58:46 -04:00
m0duspwnens
ff5773c837 move so-tcpreplay back to common. return empty string if no sensor.interface pillar 2024-06-05 08:56:32 -04:00
m0duspwnens
66f8084916 Merge remote-tracking branch 'origin/2.4/dev' into sotcprp 2024-06-05 08:32:54 -04:00
m0duspwnens
a2467d0418 move so-tcpreplay to sensor state 2024-06-05 08:24:57 -04:00
Josh Patterson
56a16539ae Merge pull request #13134 from Security-Onion-Solutions/sotcprp 
so-tcpreplay now runs if manager is offline
 2024-06-04 10:43:33 -04:00
m0duspwnens
c0b2cf7388 add the curlys 2024-06-04 10:28:21 -04:00
Josh Patterson
ef3a52468f Merge pull request #13129 from Security-Onion-Solutions/salt3006.8 
salt 3006.6
 2024-06-03 15:29:19 -04:00
m0duspwnens
c88b731793 revert to 3006.6 2024-06-03 15:27:08 -04:00
Wes
a8c231ad8c Add component templates 2024-05-31 17:47:01 +00:00
Wes
f396247838 Add index templates and lifecycle policies 2024-05-31 17:46:19 +00:00
Corey Ogburn
85c269e697 Added TemplateDetections To Detection ClientParams 
The UI can now insert templates when you select a Detection language. These are those templates, annotated.
 2024-05-30 15:59:03 -06:00
m0duspwnens
6e70268ab9 Merge remote-tracking branch 'origin/2.4/dev' into sotcprp 2024-05-30 16:34:37 -04:00
Josh Patterson
fb8929ea37 Merge pull request #13103 from Security-Onion-Solutions/salt3006.8 
Salt3006.8
 2024-05-30 16:32:05 -04:00
m0duspwnens
debf093c54 Merge remote-tracking branch 'origin/2.4/dev' into salt3006.8 2024-05-30 15:58:10 -04:00
m0duspwnens
7702f05756 upgrade salt 3006.8. soup for 2.4.80 2024-05-30 15:00:32 -04:00
Wes
2c635bce62 Set index for Suricata alerts 2024-05-30 17:02:31 +00:00
Wes
e831354401 Add Suricata alerts setting for configuration 2024-05-30 17:00:11 +00:00
Wes
55c5ea5c4c Add template for Suricata alerts 2024-05-30 16:58:56 +00:00
DefensiveDepth
0d034e7adc fix rsync 2024-05-29 10:55:56 -04:00
DefensiveDepth
ee4ca0d7a2 Check to see if local exists 2024-05-28 10:24:09 -04:00
DefensiveDepth
f68ac23f0e Fix fi 
Signed-off-by: DefensiveDepth <Josh@defensivedepth.com>
 2024-05-28 10:03:31 -04:00
DefensiveDepth
2a2b86ebe6 Dont overwrite 2024-05-28 09:43:45 -04:00
DefensiveDepth
74dfc25376 backup local rules 2024-05-28 09:29:10 -04:00
DefensiveDepth
81ee60e658 Backup .yml files too 2024-05-28 06:42:18 -04:00
DefensiveDepth
58b565558d Dont bail - just wait for enter 2024-05-24 16:21:59 -04:00
Josh Brower
185fb38b2d Merge pull request #13079 from Security-Onion-Solutions/2.4/sigmapipelineupdates 
Add IDH mappings
 2024-05-24 14:48:22 -04:00
DefensiveDepth
550b3ee92d Add IDH mappings 2024-05-24 14:46:24 -04:00
DefensiveDepth
f90d40b471 Fix typo 2024-05-24 12:56:17 -04:00
DefensiveDepth
4344988abe Add instructions for sigma and yara repos 2024-05-24 12:54:36 -04:00
Josh Brower
979147a111 Merge pull request #13062 from Security-Onion-Solutions/2.4/backupscript 
Detections backup script
 2024-05-24 10:06:56 -04:00
DefensiveDepth
66725b11b3 Added unit tests 2024-05-24 09:55:10 -04:00
Jason Ertel
bd11d59c15 add event.dataset since there are other datasets in soc logs 2024-05-24 08:38:12 -04:00
Jason Ertel
15155613c3 provide default columns when viewing SOC logs 2024-05-24 08:23:45 -04:00
m0duspwnens
b5f656ae58 dont render pillar each time so-tcpreplay runs 2024-05-23 13:22:22 -04:00
Mike Reeves
1e6161f89c Update defaults.yaml 2024-05-23 08:19:43 -04:00
Josh Brower
a8c287c491 Merge pull request #13067 from Security-Onion-Solutions/2.4/fixpipeline 
Fix strelka rule.uuid
 2024-05-23 07:53:14 -04:00
DefensiveDepth
8e7c487cb0 Fix strelka rule.uuid 2024-05-23 05:59:31 -04:00
Doug Burks
3d4f3a04a3 Update defaults.yaml to fix order of groupby tables and eliminate duplicate 2024-05-23 05:56:18 -04:00
DefensiveDepth
a072e34cfe Fix casing issue 2024-05-22 17:12:41 -04:00
DefensiveDepth
d19c1a514b Detections backup script 2024-05-22 15:12:23 -04:00
Jason Ertel
ca6e2b8e22 Merge pull request #13054 from Security-Onion-Solutions/jertel/eaconfig 
fix elastalert settings
 2024-05-21 18:38:03 -04:00
Jason Ertel
8af3158ea7 fix elastalert settings 2024-05-21 18:28:21 -04:00