CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
14,725 Commits 24 Branches 119 Tags
ff284761913ed4881c9d98ba68e2022ebcdbb1e6
Commit Graph

380 Commits

Author SHA1 Message Date
DefensiveDepth
376efab40c Ship Defender logs 2024-04-08 14:01:38 -04:00
weslambert
df058b3f4a Merge branch '2.4/dev' into feature/pfsense_suricata 2024-03-25 10:08:03 -04:00
Wes
5e21da443f Minor verbiage updates 2024-03-25 13:58:32 +00:00
weslambert
4e1543b6a8 Get only code 2024-03-22 09:56:21 -04:00
Wes
5934829e0d Include pfsense config 2024-03-21 20:08:33 +00:00
Wes
486a633dfe Add pfsense Suricata config 2024-03-21 20:07:59 +00:00
Wes
d23d367058 Make scan.pe.flags a string 2024-01-24 15:08:38 +00:00
Wes
80a3942245 Rename RITA pipelines 2024-01-22 20:15:48 +00:00
Mike Reeves
efe8cfda95 Update suricata.common 2024-01-19 13:39:28 -05:00
Mike Reeves
08486e279c Update suricata.common 2024-01-19 13:36:43 -05:00
Wes
e70ce50912 Change description 2024-01-17 14:06:16 +00:00
Wes
f6590ac0bf Remove Suricata IKEv2 pipeline 2024-01-16 18:10:00 +00:00
Wes
ea64ce92d3 Add Suricata IKE pipeline 2024-01-16 18:09:46 +00:00
Wes
8a92b023b2 Add interface name 2024-01-16 18:09:16 +00:00
Josh Brower
5513e74807 comma 2024-01-09 08:12:33 -05:00
Josh Brower
31ee365a91 Fixup FIM events 2024-01-09 08:11:05 -05:00
Doug Burks
6a1073b616 FIX: Update dashboard and hunt query for firewall logs #12021 2023-12-18 12:57:40 -05:00
Doug Burks
93fb10de86 Merge pull request #11897 from Security-Onion-Solutions/2.4/nids-rule-reference 
FIX: Update NIDS rule.reference in common.nids pipeline #11846
 2023-11-29 12:19:12 -05:00
weslambert
9d63a47792 Certificate hash 2023-11-29 12:01:43 -05:00
weslambert
7001e90667 Client and server fingerprints 2023-11-29 12:00:46 -05:00
Doug Burks
0603e96c08 FIX: Update NIDS rule.reference in common.nids pipeline #11846 2023-11-29 09:46:11 -05:00
Wes
ae45d40eca Add Sublime Platform ingest pipeline 2023-11-01 13:34:30 +00:00
weslambert
660020cc76 Parse pkt_src for Suricata logs 2023-10-23 15:45:41 -04:00
Wes
508260bd46 Use event.created for timestamp 2023-09-19 13:32:03 +00:00
Wes
1a3b3b21fb Change entropy value syntax 2023-08-31 15:09:19 +00:00
Wes
7971d9749a Assign pipeline to import 2023-08-17 14:08:48 +00:00
Josh Brower
dd1fa51eb5 Generate community_id for defend endpoint logs 2023-08-04 09:03:17 -04:00
weslambert
f102351052 Add event 2023-08-02 13:25:44 -04:00
weslambert
ac28f90af3 Remove override 2023-08-02 13:15:11 -04:00
Josh Brower
4f94d953c9 Merge remote-tracking branch 'origin/2.4/dev' into fix/elasticsearch_endpoint 2023-07-25 07:42:59 -04:00
Wes
5553be02ac Change how tags are added 2023-07-24 21:31:28 +00:00
Josh Brower
741e6039c1 Cleanup for Sigma Rules 2023-07-24 09:25:58 -04:00
Wes
e3249c8e4c Wrap values in quotes for proper conversion 2023-07-13 14:18:57 +00:00
weslambert
85bb5a327c Fix long vs float for pe version 2023-07-13 09:38:09 -04:00
Wes
577bfac886 Update logic for YARA matches 2023-07-11 17:00:13 +00:00
weslambert
7e37cd0f05 Parse xff 2023-06-21 14:29:54 -04:00
Wes
3a34da354f Use append instead of set 2023-06-15 16:35:43 +00:00
Wes
58a63e0765 Remove extra comma 2023-06-15 14:22:37 +00:00
Wes
b5bccc5e05 Use module in dataset name and add dataset tag 2023-06-15 13:06:57 +00:00
Wes
38ab426470 Add final Fleet pipeline 2023-06-13 13:36:26 +00:00
Doug Burks
b3f8ed7dcd FIX: Suricata DHCP logs not ingesting #10565 2023-06-10 11:42:41 -04:00
Doug Burks
e5f76a9c6e change suricata parsers from dataset to event.dataset 2023-06-08 12:31:31 -04:00
weslambert
2c10ad7eec Check if 'dns.query' is null 2023-05-19 15:50:33 -04:00
Doug Burks
a67cbb3276 FIX: Suricata DNS A and CNAME parsing #10117 2023-04-13 10:56:17 -04:00
Josh Brower
bad905f54c SOC Logs & Hunt Query 2023-03-23 16:22:59 -04:00
weslambert
6d87620c6a Explicitly set 'event.dataset' as 'file' 2023-03-22 11:04:18 -04:00
Josh Brower
df036206a8 Fix Kratos parsing 2023-03-20 16:53:25 -04:00
Josh Brower
f7be4ba31c Remove host field from NIDS logs 2023-03-13 14:07:17 -04:00
Doug Burks
19ab2a5a46 rename suricata vlan field to network.vlan.id 2023-03-05 05:57:52 -05:00
Doug Burks
9940a36722 update Elasticsearch ingest for Zeek conn vlan field 2023-03-03 15:22:43 -05:00