CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
14,618 Commits 24 Branches 119 Tags
fd689a4607a8f416b8cbf86905647cd8940ec47c
Commit Graph

273 Commits

Author SHA1 Message Date
reyesj2
fd689a4607 Fix typo in ingest pipeline 
Test to fix duplicate events in SOC, by removing conflicting field event.created

Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-11 11:18:04 -04:00
reyesj2
7124f04138 Update ingest pipelines to match updated mappings 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-10 16:13:06 -04:00
reyesj2
000d15a53c Kismet integration: TODO Elasticsearch mappings 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-03-29 13:56:01 -04:00
Wes
5e21da443f Minor verbiage updates 2024-03-25 13:58:32 +00:00
Wes
5934829e0d Include pfsense config 2024-03-21 20:08:33 +00:00
Wes
486a633dfe Add pfsense Suricata config 2024-03-21 20:07:59 +00:00
Wes
d23d367058 Make scan.pe.flags a string 2024-01-24 15:08:38 +00:00
Wes
80a3942245 Rename RITA pipelines 2024-01-22 20:15:48 +00:00
Mike Reeves
efe8cfda95 Update suricata.common 2024-01-19 13:39:28 -05:00
Mike Reeves
08486e279c Update suricata.common 2024-01-19 13:36:43 -05:00
Wes
e70ce50912 Change description 2024-01-17 14:06:16 +00:00
Wes
f6590ac0bf Remove Suricata IKEv2 pipeline 2024-01-16 18:10:00 +00:00
Wes
ea64ce92d3 Add Suricata IKE pipeline 2024-01-16 18:09:46 +00:00
Wes
8a92b023b2 Add interface name 2024-01-16 18:09:16 +00:00
Josh Brower
5513e74807 comma 2024-01-09 08:12:33 -05:00
Josh Brower
31ee365a91 Fixup FIM events 2024-01-09 08:11:05 -05:00
Doug Burks
6a1073b616 FIX: Update dashboard and hunt query for firewall logs #12021 2023-12-18 12:57:40 -05:00
Doug Burks
93fb10de86 Merge pull request #11897 from Security-Onion-Solutions/2.4/nids-rule-reference 
FIX: Update NIDS rule.reference in common.nids pipeline #11846
 2023-11-29 12:19:12 -05:00
weslambert
9d63a47792 Certificate hash 2023-11-29 12:01:43 -05:00
weslambert
7001e90667 Client and server fingerprints 2023-11-29 12:00:46 -05:00
Doug Burks
0603e96c08 FIX: Update NIDS rule.reference in common.nids pipeline #11846 2023-11-29 09:46:11 -05:00
Wes
ae45d40eca Add Sublime Platform ingest pipeline 2023-11-01 13:34:30 +00:00
weslambert
660020cc76 Parse pkt_src for Suricata logs 2023-10-23 15:45:41 -04:00
Wes
508260bd46 Use event.created for timestamp 2023-09-19 13:32:03 +00:00
Wes
1a3b3b21fb Change entropy value syntax 2023-08-31 15:09:19 +00:00
Wes
7971d9749a Assign pipeline to import 2023-08-17 14:08:48 +00:00
Josh Brower
dd1fa51eb5 Generate community_id for defend endpoint logs 2023-08-04 09:03:17 -04:00
weslambert
f102351052 Add event 2023-08-02 13:25:44 -04:00
weslambert
ac28f90af3 Remove override 2023-08-02 13:15:11 -04:00
Josh Brower
4f94d953c9 Merge remote-tracking branch 'origin/2.4/dev' into fix/elasticsearch_endpoint 2023-07-25 07:42:59 -04:00
Wes
5553be02ac Change how tags are added 2023-07-24 21:31:28 +00:00
Josh Brower
741e6039c1 Cleanup for Sigma Rules 2023-07-24 09:25:58 -04:00
Wes
e3249c8e4c Wrap values in quotes for proper conversion 2023-07-13 14:18:57 +00:00
weslambert
85bb5a327c Fix long vs float for pe version 2023-07-13 09:38:09 -04:00
Wes
577bfac886 Update logic for YARA matches 2023-07-11 17:00:13 +00:00
weslambert
7e37cd0f05 Parse xff 2023-06-21 14:29:54 -04:00
Wes
3a34da354f Use append instead of set 2023-06-15 16:35:43 +00:00
Wes
58a63e0765 Remove extra comma 2023-06-15 14:22:37 +00:00
Wes
b5bccc5e05 Use module in dataset name and add dataset tag 2023-06-15 13:06:57 +00:00
Wes
38ab426470 Add final Fleet pipeline 2023-06-13 13:36:26 +00:00
Doug Burks
b3f8ed7dcd FIX: Suricata DHCP logs not ingesting #10565 2023-06-10 11:42:41 -04:00
Doug Burks
e5f76a9c6e change suricata parsers from dataset to event.dataset 2023-06-08 12:31:31 -04:00
weslambert
2c10ad7eec Check if 'dns.query' is null 2023-05-19 15:50:33 -04:00
Doug Burks
a67cbb3276 FIX: Suricata DNS A and CNAME parsing #10117 2023-04-13 10:56:17 -04:00
weslambert
6d87620c6a Explicitly set 'event.dataset' as 'file' 2023-03-22 11:04:18 -04:00
Josh Brower
df036206a8 Fix Kratos parsing 2023-03-20 16:53:25 -04:00
Josh Brower
f7be4ba31c Remove host field from NIDS logs 2023-03-13 14:07:17 -04:00
Doug Burks
19ab2a5a46 rename suricata vlan field to network.vlan.id 2023-03-05 05:57:52 -05:00
Doug Burks
9940a36722 update Elasticsearch ingest for Zeek conn vlan field 2023-03-03 15:22:43 -05:00
Doug Burks
a44d83d69b Improve Suricata DHCP parsing and dashboard 2023-01-31 08:33:38 -05:00