CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 17:52:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
13,416 Commits 24 Branches 119 Tags
ffaab4a1b47d7949ab6ff061d97d0b59f95ad049
Commit Graph

127 Commits

Author SHA1 Message Date
Wes
0fed757b11 Add entropy mapping 2023-08-31 15:10:27 +00:00
Josh Brower
9437a47946 Fix formatting 2023-07-26 10:54:24 -04:00
Wes
4efc951eaf Add tags 2023-07-24 20:57:39 +00:00
Wes
4b7e7978ef Add final pipeline 2023-07-19 19:56:54 +00:00
Wes
a59eda319e Remove security subfield 2023-07-18 19:00:50 +00:00
Wes
1d3e39b6bd Map user name to keyword and remove security subfield generation 2023-07-18 14:46:47 +00:00
Wes
48331ce35b Add system.system component templates 2023-06-14 13:29:11 +00:00
Wes
8cde05807c Remove elastic-agent dir 2023-06-13 21:33:04 +00:00
Wes
2ac0aba916 Add osquery files 2023-06-13 21:32:02 +00:00
Wes
af003cc2a1 Add osquery templates 2023-06-13 20:43:39 +00:00
Wes
bd7644a557 Add another template 2023-06-13 19:13:20 +00:00
Wes
1b90fd8581 Add custom component templates 2023-06-13 18:21:45 +00:00
Wes
e43b7607bb Add more component templates 2023-06-13 17:04:03 +00:00
Wes
a265c06e31 Add other component templates 2023-06-13 15:47:25 +00:00
Wes
2aa954cb0a Add component templates 2023-06-13 15:25:23 +00:00
Wes
1208915896 Remove Elastic Agent package templates 2023-06-12 14:24:59 +00:00
Wes
495a9c0783 Add mapping for event.severity_label 2023-06-05 21:19:37 +00:00
Wes
3fba27a0d4 Ensure component template files are in the correct directory 2023-03-22 20:45:33 +00:00
Wes
28f5dcd43b Add managed generic Elastic Agent log component templates 2023-03-22 19:57:46 +00:00
Mike Reeves
5fc297b8c1 Change Elastic Logic 2023-03-21 16:52:08 -04:00
Wes
0fd5fee868 Fix syntax for Fleet component templates 2022-09-22 15:07:43 +00:00
Wes
46dd4c2749 Rename component mappings and references for Security Onion 2022-09-20 20:33:06 +00:00
Wes
7f2c5bc757 Add component templates for Fleet 2022-09-20 20:27:26 +00:00
doug
fdffac83e1 sysmon fix by bryant 2022-09-19 14:47:45 -04:00
Wes
eeffded248 Remove duplicate security subfield configuration from component templates 2022-09-07 21:23:04 +00:00
Wes
3c50072690 Add Elastic Agent component templates 2022-09-07 18:51:57 +00:00
Wes Lambert
fe1b72655b Additional .keyword shims for process mappings 2022-03-24 16:45:06 +00:00
weslambert
406267a892 Add process.name.keyword 2022-03-08 12:42:34 -05:00
Wes Lambert
ffae22beef Add DTC syslog mappings for .keyword and add refs to defaults.yml 2022-03-04 13:04:11 +00:00
Wes Lambert
1f71816ad7 Add keyword subfield for DTC winlog mappings 2022-03-03 14:54:30 +00:00
Wes Lambert
1c086e36da Add missing comma for file mappings 2022-03-03 13:49:54 +00:00
Wes Lambert
85979cbce8 Add file, process, and winlog mapping changes 2022-03-03 13:37:27 +00:00
Wes Lambert
8f97f09c9c Additional .keyword changes for host.hostname client.address, and event.action 2022-03-02 21:54:46 +00:00
Wes Lambert
3ee46e4c29 Add .keyword for destination/source geo.country_name 2022-03-02 21:50:03 +00:00
Wes Lambert
ab9b81ea39 Change match_only_text to text for mac in host mappings 2022-03-02 15:01:05 +00:00
Wes Lambert
ed620b93b7 Add custom analyzer definition to all SO/DTC mappings 2022-03-02 14:43:19 +00:00
Wes Lambert
27c8eaa630 Update all other mappings for .security where applicable 2022-03-02 14:39:23 +00:00
Wes Lambert
e925d435ff Update event, file, and host mappings to include .security 2022-03-02 14:33:52 +00:00
Wes Lambert
496b161253 Update ECS mappings to include .security 2022-03-02 14:27:36 +00:00
Wes Lambert
aae2fd1fbb Update DNS mappings to include .security 2022-03-02 14:27:15 +00:00
Wes Lambert
0b45cf7ae1 Update base mappings to include .security 2022-03-02 14:25:57 +00:00
Wes Lambert
d89af5f04f Update agent mappings to include .security 2022-03-02 14:25:14 +00:00
Wes Lambert
2d2ec45029 Modify base ECS mappings to include .security where possible, as well as custom analyzer definition 2022-03-02 14:19:36 +00:00
Wes Lambert
5489b8559d Revert "Switch from .security to match_only_text" 
This reverts commit f7862af934.
 2022-03-01 18:44:00 +00:00
Wes Lambert
2a9caccc7c Revert "Add additional .text subfield mappings" 
This reverts commit 61dadc6249.
 2022-03-01 18:43:24 +00:00
weslambert
e942d81433 Ensure correct formatting for source override 2022-02-25 19:14:58 -05:00
weslambert
a511fd33e9 Ensure correct formatting for destination override 2022-02-25 19:14:21 -05:00
Wes Lambert
a8bdff89ae Move files into SO component template directory 2022-02-25 18:00:16 +00:00
Wes Lambert
61dadc6249 Add additional .text subfield mappings 2022-02-25 16:27:37 +00:00
Wes Lambert
0f8a39002f Add .text subfield mappings for DTC where fields are defined 2022-02-24 19:39:52 +00:00