CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-06-21 01:44:16 +02:00
Code Issues Packages Projects Releases Wiki Activity
15,078 Commits 33 Branches 127 Tags
fb07ff65c95e07344e58fb06e7c3c5d6da03b526
Commit Graph

9444 Commits

Author SHA1 Message Date
Corey Ogburn ee696be51d Remove rootCA and insecureSkipVerify from SOC defaults 2024-06-07 13:07:04 -06:00
Corey Ogburn 5d3fd3d389 AdditionalCA and InsecureSkipVerify 
New fields have been added to manager and then duplicated over to SOC's config in the same vein as how proxy was updated earlier this week.

AdditionalCA holds the PEM formatted public keys that should be trusted when making requests. It has been implemented for both Sigma's zip downloads and Sigma and Suricata's repository clones and pulls.

InsecureSkipVerify has been added to help our users troubleshoot their configuration. Setting it to true will not verify the cert on outgoing requests. Self signed, missing, or invalid certs will not throw an error.
 2024-06-07 12:47:09 -06:00
Corey Ogburn fa063722e1 RootCA and InsecureSkipVerify 
New empty settings and their annotations.
 2024-06-07 09:10:14 -06:00
coreyogburn f35f6bd4c8 Merge pull request #13154 from Security-Onion-Solutions/cogburn/soc-proxy 
SOC Proxy Setting
 2024-06-06 14:03:16 -06:00
Mike Reeves f37f5ba97b Update soc_suricata.yaml 2024-06-06 15:57:58 -04:00
Corey Ogburn 42818a9950 Remove proxy from SOC defaults 2024-06-06 13:28:07 -06:00
Corey Ogburn e85c3e5b27 SOC Proxy Setting 
The so_proxy value we build during install is now copied to SOC's config.
 2024-06-06 11:55:27 -06:00
Jason Ertel 5600fed9c4 add ability to retrieve yaml values via so-yaml.py; improve so-minion id matching 2024-06-06 11:56:07 -04:00
m0duspwnens f6a8a21f94 remove space 2024-06-05 08:58:46 -04:00
m0duspwnens ff5773c837 move so-tcpreplay back to common. return empty string if no sensor.interface pillar 2024-06-05 08:56:32 -04:00
m0duspwnens 66f8084916 Merge remote-tracking branch 'origin/2.4/dev' into sotcprp 2024-06-05 08:32:54 -04:00
m0duspwnens a2467d0418 move so-tcpreplay to sensor state 2024-06-05 08:24:57 -04:00
Josh Patterson 56a16539ae Merge pull request #13134 from Security-Onion-Solutions/sotcprp 
so-tcpreplay now runs if manager is offline
 2024-06-04 10:43:33 -04:00
m0duspwnens c0b2cf7388 add the curlys 2024-06-04 10:28:21 -04:00
Josh Patterson ef3a52468f Merge pull request #13129 from Security-Onion-Solutions/salt3006.8 
salt 3006.6
 2024-06-03 15:29:19 -04:00
m0duspwnens c88b731793 revert to 3006.6 2024-06-03 15:27:08 -04:00
Wes a8c231ad8c Add component templates 2024-05-31 17:47:01 +00:00
Wes f396247838 Add index templates and lifecycle policies 2024-05-31 17:46:19 +00:00
Corey Ogburn 85c269e697 Added TemplateDetections To Detection ClientParams 
The UI can now insert templates when you select a Detection language. These are those templates, annotated.
 2024-05-30 15:59:03 -06:00
m0duspwnens 6e70268ab9 Merge remote-tracking branch 'origin/2.4/dev' into sotcprp 2024-05-30 16:34:37 -04:00
Josh Patterson fb8929ea37 Merge pull request #13103 from Security-Onion-Solutions/salt3006.8 
Salt3006.8
 2024-05-30 16:32:05 -04:00
m0duspwnens debf093c54 Merge remote-tracking branch 'origin/2.4/dev' into salt3006.8 2024-05-30 15:58:10 -04:00
m0duspwnens 7702f05756 upgrade salt 3006.8. soup for 2.4.80 2024-05-30 15:00:32 -04:00
Wes 2c635bce62 Set index for Suricata alerts 2024-05-30 17:02:31 +00:00
Wes e831354401 Add Suricata alerts setting for configuration 2024-05-30 17:00:11 +00:00
Wes 55c5ea5c4c Add template for Suricata alerts 2024-05-30 16:58:56 +00:00
DefensiveDepth 0d034e7adc fix rsync 2024-05-29 10:55:56 -04:00
DefensiveDepth ee4ca0d7a2 Check to see if local exists 2024-05-28 10:24:09 -04:00
DefensiveDepth f68ac23f0e Fix fi 
Signed-off-by: DefensiveDepth <Josh@defensivedepth.com>
 2024-05-28 10:03:31 -04:00
DefensiveDepth 2a2b86ebe6 Dont overwrite 2024-05-28 09:43:45 -04:00
DefensiveDepth 74dfc25376 backup local rules 2024-05-28 09:29:10 -04:00
DefensiveDepth 81ee60e658 Backup .yml files too 2024-05-28 06:42:18 -04:00
DefensiveDepth 58b565558d Dont bail - just wait for enter 2024-05-24 16:21:59 -04:00
Josh Brower 185fb38b2d Merge pull request #13079 from Security-Onion-Solutions/2.4/sigmapipelineupdates 
Add IDH mappings
 2024-05-24 14:48:22 -04:00
DefensiveDepth 550b3ee92d Add IDH mappings 2024-05-24 14:46:24 -04:00
DefensiveDepth f90d40b471 Fix typo 2024-05-24 12:56:17 -04:00
DefensiveDepth 4344988abe Add instructions for sigma and yara repos 2024-05-24 12:54:36 -04:00
Josh Brower 979147a111 Merge pull request #13062 from Security-Onion-Solutions/2.4/backupscript 
Detections backup script
 2024-05-24 10:06:56 -04:00
DefensiveDepth 66725b11b3 Added unit tests 2024-05-24 09:55:10 -04:00
Jason Ertel bd11d59c15 add event.dataset since there are other datasets in soc logs 2024-05-24 08:38:12 -04:00
Jason Ertel 15155613c3 provide default columns when viewing SOC logs 2024-05-24 08:23:45 -04:00
m0duspwnens b5f656ae58 dont render pillar each time so-tcpreplay runs 2024-05-23 13:22:22 -04:00
Mike Reeves 1e6161f89c Update defaults.yaml 2024-05-23 08:19:43 -04:00
Josh Brower a8c287c491 Merge pull request #13067 from Security-Onion-Solutions/2.4/fixpipeline 
Fix strelka rule.uuid
 2024-05-23 07:53:14 -04:00
DefensiveDepth 8e7c487cb0 Fix strelka rule.uuid 2024-05-23 05:59:31 -04:00
Doug Burks 3d4f3a04a3 Update defaults.yaml to fix order of groupby tables and eliminate duplicate 2024-05-23 05:56:18 -04:00
DefensiveDepth a072e34cfe Fix casing issue 2024-05-22 17:12:41 -04:00
DefensiveDepth d19c1a514b Detections backup script 2024-05-22 15:12:23 -04:00
Jason Ertel ca6e2b8e22 Merge pull request #13054 from Security-Onion-Solutions/jertel/eaconfig 
fix elastalert settings
 2024-05-21 18:38:03 -04:00
Jason Ertel 8af3158ea7 fix elastalert settings 2024-05-21 18:28:21 -04:00