securityonion

mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00

Author	SHA1	Message	Date
doug	fdffac83e1	sysmon fix by bryant	2022-09-19 14:47:45 -04:00
Wes Lambert	b06c16f750	Add ingest node pipeline for Kratos	2022-07-08 15:53:00 +00:00
doug	025993407e	FIX: Add event.category field to pfsense firewall logs #8112	2022-06-13 08:03:44 -04:00
weslambert	e6599cd10e	Update with changes from Abe's PR and other fixes	2022-03-25 13:57:44 -04:00
Wes Lambert	2487d468ab	Add RITA Elasticsearch ingest pipeline config	2022-03-22 17:38:22 +00:00
weslambert	fc3273fa49	Change to label fields to comply with what's defined in Filebeat template	2022-03-04 16:29:01 -05:00
Wes Lambert	a290602a70	Revert syslog pipeline updates from Abe' PR for now	2022-03-01 15:31:07 +00:00
Wes Lambert	dc07adca63	Rename ingest.timestamp to event.ingested	2022-03-01 15:05:08 +00:00
Doug Burks	32b71fdcac	Avoid changing _index for imported logs	2022-02-26 10:36:09 -05:00
weslambert	23fb62c0d6	Split Zeek DNS records into a separate index	2022-02-24 12:52:25 -05:00
weslambert	bc2c1b4ccc	Merge pull request #6935 from abesinger/issue/6912 Updated syslog pipeline, resolves #6912.	2022-02-24 08:33:55 -05:00
weslambert	c5b5c5858e	Rename to prevent field conflict	2022-02-02 14:31:46 -05:00
weslambert	367b59188b	Revert back to dns.answers for now	2022-01-31 09:54:39 -05:00
weslambert	8f0a327cb5	Fix Zeek field name so it doesn't conflict with mapping of other dns.answers fields	2022-01-26 15:02:59 -05:00
abesinger	31d22e717d	Updated syslog pipeline, resolves #6912 . Also cleaned up formatting to make it more readable.	2022-01-19 18:45:26 -06:00
Josh Brower	56aa24d874	Fix Wazuh WEL Parsing	2022-01-10 13:55:38 -05:00
Josh Brower	5d4ea2ba3a	Revert Wazuh parser update	2022-01-07 10:51:24 -05:00
Josh Brower	277c7f1ef8	Uppercase first char in Wazuh WEL	2022-01-06 14:58:50 -05:00
Wes Lambert	f80b70e008	Add config for dynamically formatted ingest pipelines	2021-11-09 20:07:53 +00:00
Wes Lambert	46d3eb452d	Add ECS testing pipeline	2021-11-08 20:08:56 +00:00
Josh Brower	2ba619144c	Support non-WEL Beats	2021-11-02 08:23:29 -04:00
Mike Reeves	a3e0fb127a	Merge pull request #5069 from datlife/datlife/asn-annotation Add ASN annotation for IP	2021-10-05 06:50:31 -04:00
Dat	9569e73bd0	Added ASN annotation for IP	2021-10-04 12:41:20 -07:00
Josh Brower	a75238bc3f	so-import-evtx - fix ingest formatting	2021-09-15 14:13:16 -04:00
Josh Brower	7b93f355e2	so-import-evtx - timestamp extraction	2021-08-25 15:17:19 -04:00
Mike Reeves	71bbb41b5f	Merge branch 'dev' into bravo	2021-08-04 10:57:10 -04:00
William Wernert	8a49039b85	Only append source.ip to logscan.source.ips if it's been created	2021-08-02 09:50:49 -04:00
William Wernert	2a6277c0c3	Fix field names in logscan pipeline	2021-07-30 15:46:39 -04:00
William Wernert	33bd6aed20	Fix logscan pipeline on eval * Rename logscan pipeline to logscan.alert * Add module to indices array in filebeat.yml	2021-07-30 14:41:15 -04:00
Mike Reeves	09165daab8	Several Suricata things	2021-07-21 09:10:33 -04:00
William Wernert	9bf1d3e0c6	Misc fixes	2021-07-16 14:59:44 -04:00
William Wernert	3a12d28d20	Merge branch 'dev' into feature/logscan	2021-07-16 14:13:19 -04:00
Wes Lambert	05aad07bfc	Replace staging path with processed path for analyzed files	2021-07-14 15:04:46 +00:00
Wes Lambert	441cd3fc59	Move Wazuh-specific data to wazuh.data	2021-07-14 13:42:51 +00:00
William Wernert	e7a6172d7e	[fix] Add single quotes to strings	2021-07-13 14:07:27 -04:00
William Wernert	115e0a6fee	[fix] Add missing comma	2021-07-13 12:04:10 -04:00
William Wernert	e059c25ebc	[fix][wip] Fix pipeline parsing errors	2021-07-13 11:05:05 -04:00
William Wernert	2b0bca8e55	Merge branch 'dev' into feature/logscan	2021-07-12 14:58:30 -04:00
doug	e6f9592cde	FIX: Suricata dns.response.code needs to be renamed to dns.response.code_name #4770	2021-07-12 13:24:21 -04:00
William Wernert	bac7ef71d8	Add logscan.source.ips field	2021-07-09 10:55:11 -04:00
William Wernert	80525ee736	[wip] Add logscan pipeline	2021-07-08 12:29:50 -04:00
Mike Reeves	693f455862	ECS hotfix	2021-07-02 08:55:49 -04:00
weslambert	4c74e7f308	Add event.kind and set name to module[dot]dataset	2021-06-02 15:35:26 -04:00
weslambert	db48c15f1d	Create event.kind field and rename dataset to be module[dot]dataset	2021-06-02 15:33:18 -04:00
Jason Ertel	44ad8ce888	Switch to the ES-included community_id plugin	2021-04-29 12:08:07 -04:00
Josh Brower	7cbeed985a	Differentiate between event & ingest timestamp	2021-04-13 12:55:40 -04:00
Josh Brower	cf4de255ec	Fix Wazuh WEL Shipping	2021-04-12 15:18:18 -04:00
Josh Brower	44c75122ed	Update Sigmac mappings and config for IPs and ports	2021-03-16 09:05:35 -04:00
doug	adbc7436b6	FIX: Populate http.status_message field #3408	2021-03-11 16:42:20 -05:00
doug	b4ad7e7359	FIX: Improve Suricata DHCP logging and parsing #3397	2021-03-11 11:01:51 -05:00

1 2 3 4 5

202 Commits