securityonion

mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 17:52:46 +01:00

Author	SHA1	Message	Date
weslambert	a9ea99daa8	Switch from so_elastic user to so_kibana user for Elastic 8	2022-03-18 15:09:50 -04:00
weslambert	cb0d4acd57	Remove X-Pack ML entry for Elastic 8	2022-03-18 14:46:28 -04:00
Doug Burks	eda7a8d7ea	FIX: Update telegraf influxdbsize.sh to collect influxdb size from influxdb_size.log #7468	2022-03-18 13:15:43 -04:00
Doug Burks	f7dc5588ae	FIX: Update common init.sls to create cron job to write influxdb size for telegraf #7468	2022-03-18 13:13:46 -04:00
Doug Burks	c13994994b	FIX: Update telegraf init.sls to run telegraf as non-root #7468	2022-03-18 13:11:56 -04:00
weslambert	e0374be4aa	Update version from 7.16.2 to 8.1.0 for Kibana config	2022-03-18 11:57:33 -04:00
weslambert	6f294cc0c2	Change Kibana user role from superuser to kibana_system for Elastic 8	2022-03-18 11:54:08 -04:00
weslambert	5ec5b9a2ee	Remove older module config files	2022-03-18 10:14:13 -04:00
weslambert	c659a443b0	Update from search.remote to cluster.remote for Elastic 8	2022-03-17 21:25:10 -04:00
weslambert	99430fddeb	Update from search.remote to cluster.remote for Elastic 8	2022-03-17 21:24:39 -04:00
weslambert	7128b04636	Remove indices.query.bool.max_clause_count because it is dynamically allocated in Elastic 8	2022-03-17 21:20:41 -04:00
weslambert	712a92aa39	Switch from log input to filestream input	2022-03-17 21:18:03 -04:00
Wes Lambert	6e2aaa0098	Clean up original map file	2022-03-17 21:08:57 +00:00
Wes Lambert	09892a815b	Add back bind mounts and remove THIRDPARTY	2022-03-17 21:06:07 +00:00
Wes Lambert	a60ef33930	Reorganize FB module management	2022-03-17 21:01:03 +00:00
Josh Patterson	949365c636	Merge pull request #7602 from Security-Onion-Solutions/issue/7601 prevent so-setup iso from running on ubuntu	2022-03-17 11:37:53 -04:00
m0duspwnens	a896348743	prevent so-setup iso from running on ubuntu - https://github.com/Security-Onion-Solutions/securityonion/issues/7601	2022-03-17 11:31:16 -04:00
Josh Brower	5b9c82a434	Merge pull request #7494 from Security-Onion-Solutions/fix/fleetdm-custom-hostname Force regen of ssl cert	2022-03-16 15:17:05 -04:00
Doug Burks	50477071b8	Merge pull request #7588 from Security-Onion-Solutions/fix/prevent-multiple-instances FIX: Prevent multiple instances of so-sensor-clean and so-playbook-sync #6622	2022-03-16 13:54:00 -04:00
Doug Burks	e65f2a5513	FIX: Prevent multiple instances of so-sensor-clean #6622	2022-03-16 13:28:39 -04:00
Doug Burks	e56f90d83c	FIX: Prevent multiple instances of so-playbook-sync #6622	2022-03-16 13:27:37 -04:00
weslambert	aaded58131	Merge pull request #7565 from Security-Onion-Solutions/fix/es_template_fix Custom ES template fixes	2022-03-15 11:09:46 -04:00
Doug Burks	9bf0265cea	Merge pull request #7566 from Security-Onion-Solutions/feature/hunt-soc-auth FEATURE: Add new Hunt query for SOC logins #7327	2022-03-15 10:58:40 -04:00
Mike Reeves	e01c1398d5	Merge pull request #7564 from Security-Onion-Solutions/removethehive Removethehive	2022-03-15 10:56:08 -04:00
Wes Lambert	42d6c3a956	Replace Elastic connection check using ELASTICCURL with so-elasticsearch-query	2022-03-15 14:55:04 +00:00
Doug Burks	eec44a6b02	Add a SOC Auth query to hunt.queries.json	2022-03-15 10:38:46 -04:00
Doug Burks	d1e1887e36	Add support for Kratos audit logs in hunt.eventfields.json	2022-03-15 10:37:58 -04:00
Wes Lambert	5f56c7a261	Replace ELASTICCURL with so-elasticsearch-query	2022-03-15 14:32:00 +00:00
weslambert	d46620ea2a	Merge pull request #7561 from Security-Onion-Solutions/es_template_map_fix Custom ES Template Fixes	2022-03-15 10:01:42 -04:00
Jason Ertel	408f9d6695	Update .gitleaks.toml	2022-03-15 09:53:27 -04:00
Jason Ertel	b810f14428	Update .gitleaks.toml	2022-03-15 09:53:11 -04:00
Jason Ertel	cec9cba40e	Create .gitleaks.toml	2022-03-15 09:47:57 -04:00
Jason Ertel	8ebeeb497f	add configuration to override leak detector defaults	2022-03-15 09:43:09 -04:00
Mike Reeves	9c80ff4f65	Remove hive from more files	2022-03-15 09:37:58 -04:00
Mike Reeves	81f0aa58b8	Remove hive from more files	2022-03-15 08:28:03 -04:00
Doug Burks	63cef4daff	Merge pull request #7557 from Security-Onion-Solutions/dougburks-patch-1 FIX: surilogcompress cron job not running	2022-03-15 07:41:05 -04:00
Doug Burks	db4f138a78	FIX: surilogcompress cron job not running The suricata user was originally created with `/opt/so/conf/suricata` as its home directory. I think at some point we changed permissions on `/opt/so/conf` and at that point the `surilogcompress` cron job stopped working. Changing the home directory to `/nsm/suricata` works on all of my PROD systems (including Ubuntu and CentOS). For more information, please see: https://github.com/Security-Onion-Solutions/securityonion/issues/7133	2022-03-15 07:10:02 -04:00
Mike Reeves	b5b60af16f	Remove hive from so-user	2022-03-14 15:06:07 -04:00
Mike Reeves	b83fec6fd2	More hive remova	2022-03-14 14:51:39 -04:00
Mike Reeves	ff30f572d7	Remove thehive from image common	2022-03-14 10:40:41 -04:00
Mike Reeves	95195c07fc	Disable hive in automation files	2022-03-14 10:36:23 -04:00
Jason Ertel	16f673d956	Merge pull request #7541 from Security-Onion-Solutions/kilo Add assignee field to case list	2022-03-14 08:49:46 -04:00
Jason Ertel	5a28725def	Add assignee to case list	2022-03-14 08:45:28 -04:00
Wes Lambert	ba24f75893	Fix index typo	2022-03-11 18:11:16 +00:00
Wes Lambert	70ed20f691	Add new sls file for custom ES index templates	2022-03-11 18:07:23 +00:00
Wes Lambert	d12ff503c2	Chage role loading verbiage	2022-03-11 16:23:19 +00:00
Wes Lambert	dc258cf043	Load custom component templates in so-elasticsearch-templates-load	2022-03-11 16:22:55 +00:00
Wes Lambert	8e43a6e571	Don't generate index template if index_template definition is not present in pillar	2022-03-11 16:22:06 +00:00
m0duspwnens	e1e8a20e11	make sure values exist in data structure	2022-03-10 17:09:00 -05:00
Josh Brower	f0e44827a5	rm extra line	2022-03-10 08:48:46 -05:00

... 10 11 12 13 14 ...

10363 Commits