securityonion

mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 10:12:53 +01:00

Author	SHA1	Message	Date
weslambert	3148fa0e06	Merge pull request #7422 from Security-Onion-Solutions/fix/syslog_dot_keyword .keyword additions and increase max_clause_count	2022-03-04 15:32:29 -05:00
weslambert	254cf53c2f	Increase clause count to 3500	2022-03-04 10:36:37 -05:00
Wes Lambert	ffae22beef	Add DTC syslog mappings for .keyword and add refs to defaults.yml	2022-03-04 13:04:11 +00:00
weslambert	93c2f82345	Merge pull request #7413 from Security-Onion-Solutions/fix/add_keyword_subfield Add .keyword subfield for more mappings	2022-03-03 10:42:38 -05:00
Wes Lambert	1f71816ad7	Add keyword subfield for DTC winlog mappings	2022-03-03 14:54:30 +00:00
Wes Lambert	1c086e36da	Add missing comma for file mappings	2022-03-03 13:49:54 +00:00
Wes Lambert	aa8d24b6cd	Add DTC destination, source, and winlog mapping references to templates in defaults file	2022-03-03 13:42:20 +00:00
Wes Lambert	85979cbce8	Add file, process, and winlog mapping changes	2022-03-03 13:37:27 +00:00
Wes Lambert	8f97f09c9c	Additional .keyword changes for host.hostname client.address, and event.action	2022-03-02 21:54:46 +00:00
Wes Lambert	3ee46e4c29	Add .keyword for destination/source geo.country_name	2022-03-02 21:50:03 +00:00
weslambert	a21060306c	Merge pull request #7404 from Security-Onion-Solutions/fix/field_limit_adjustment Adjust field limit for now due to component template errors	2022-03-02 11:41:35 -05:00
Wes Lambert	c5b16fdf3b	Adjust field limit for now	2022-03-02 16:33:39 +00:00
weslambert	b80e82aaf6	Merge pull request #7396 from Security-Onion-Solutions/fix/dot_security Revert back to usage of .security field	2022-03-02 10:42:29 -05:00
Josh Brower	2ba72791aa	Remove sigma regen cron	2022-03-02 10:31:15 -05:00
Mike Reeves	d570b56c55	Merge pull request #7392 from Security-Onion-Solutions/hotfix/2.3.100 Hotfix 2.3.100 20220301 2.3.100-20220301	2022-03-02 10:24:50 -05:00
Mike Reeves	ff4345d3aa	Merge pull request #7393 from Security-Onion-Solutions/jertelhf Jertelhf	2022-03-02 10:20:29 -05:00
Jason Ertel	e59f0d69d9	Merge branch 'master' into jertelhf	2022-03-02 10:18:14 -05:00
Mike Reeves	ad2b69c9de	Merge pull request #7391 from Security-Onion-Solutions/hf0301 Hotfix 2.3.100 20220301	2022-03-02 10:08:27 -05:00
Mike Reeves	e874c32c08	Hotfix 2.3.100-20220301	2022-03-02 10:05:41 -05:00
Wes Lambert	ab9b81ea39	Change match_only_text to text for mac in host mappings	2022-03-02 15:01:05 +00:00
Wes Lambert	ed620b93b7	Add custom analyzer definition to all SO/DTC mappings	2022-03-02 14:43:19 +00:00
Wes Lambert	27c8eaa630	Update all other mappings for .security where applicable	2022-03-02 14:39:23 +00:00
Wes Lambert	e925d435ff	Update event, file, and host mappings to include .security	2022-03-02 14:33:52 +00:00
Wes Lambert	496b161253	Update ECS mappings to include .security	2022-03-02 14:27:36 +00:00
Wes Lambert	aae2fd1fbb	Update DNS mappings to include .security	2022-03-02 14:27:15 +00:00
Wes Lambert	0b45cf7ae1	Update base mappings to include .security	2022-03-02 14:25:57 +00:00
Wes Lambert	d89af5f04f	Update agent mappings to include .security	2022-03-02 14:25:14 +00:00
Wes Lambert	2d2ec45029	Modify base ECS mappings to include .security where possible, as well as custom analyzer definition	2022-03-02 14:19:36 +00:00
weslambert	93386f4620	Merge pull request #7389 from Security-Onion-Solutions/fix/revert_text Fix/revert text	2022-03-02 09:17:46 -05:00
Mike Reeves	c0649a863b	Merge pull request #7376 from Security-Onion-Solutions/hfnew Curator Fixes	2022-03-01 14:38:31 -05:00
Mike Reeves	e93dbb5347	Update Hotfix	2022-03-01 14:37:03 -05:00
doug	bbced5b52f	FIX: curator should exclude so-case* indices #7270	2022-03-01 14:34:52 -05:00
Doug Burks	f134c74585	FIX: curator should exclude so-case* indices #7270	2022-03-01 14:34:41 -05:00
Wes Lambert	5489b8559d	Revert "Switch from .security to match_only_text" This reverts commit `f7862af934`.	2022-03-01 18:44:00 +00:00
Wes Lambert	2a9caccc7c	Revert "Add additional .text subfield mappings" This reverts commit `61dadc6249`.	2022-03-01 18:43:24 +00:00
Doug Burks	adf3dc0cf6	Merge pull request #7370 from Security-Onion-Solutions/fix/syslog Revert syslog pipeline updates from Abe's PR for now	2022-03-01 11:13:13 -05:00
Wes Lambert	a290602a70	Revert syslog pipeline updates from Abe' PR for now	2022-03-01 15:31:07 +00:00
weslambert	4201ee45c6	Merge pull request #7369 from Security-Onion-Solutions/fix/ingest_timestamp Rename ingest timestamp to event.ingested	2022-03-01 10:11:16 -05:00
Wes Lambert	038dc49098	Temporarily increase field limit before trimming efforts	2022-03-01 15:06:28 +00:00
Wes Lambert	dc07adca63	Rename ingest.timestamp to event.ingested	2022-03-01 15:05:08 +00:00
Josh Brower	39718561ce	Merge pull request #7366 from Security-Onion-Solutions/delta Enable state tracking for sigma refresh	2022-03-01 05:53:14 -05:00
Josh Brower	e960d99901	Enable state tracking for sigma refresh	2022-02-28 21:18:41 -05:00
Josh Brower	09f1a5025d	Merge remote-tracking branch 'remotes/origin/dev' into delta	2022-02-28 21:18:07 -05:00
Josh Brower	41a58b791a	Enable state tracking for sigma refresh	2022-02-28 21:17:59 -05:00
Jason Ertel	73b2a36e89	Merge pull request #7365 from Security-Onion-Solutions/kilo Upgrade to ES 7.17.1	2022-02-28 18:26:31 -05:00
Jason Ertel	f147bb33ed	Upgrade to ES 7.17.1	2022-02-28 18:18:09 -05:00
Josh Patterson	6b3b5e9a1f	Merge pull request #7363 from Security-Onion-Solutions/soup_singlenode_30 allow for check_log_size_limit to work without salt-master running	2022-02-28 17:13:42 -05:00
Josh Brower	f824717094	Merge pull request #7364 from Security-Onion-Solutions/delta IDH Node verbiage	2022-02-28 17:09:08 -05:00
Josh Brower	0cee0d5dea	IDH Node verbiage	2022-02-28 16:47:24 -05:00
Josh Brower	d71bde0e38	Merge pull request #7362 from Security-Onion-Solutions/delta Navigator - include attack json for airgap	2022-02-28 16:33:10 -05:00

... 12 13 14 15 16 ...

10363 Commits