CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: CSEC_PUBLIC:2.3.91
Branches Tags
CSEC_PUBLIC:master CSEC_PUBLIC:2.4/dev CSEC_PUBLIC:idstools-refactor CSEC_PUBLIC:reyesj2/advilm CSEC_PUBLIC:bravo CSEC_PUBLIC:jertel/wip CSEC_PUBLIC:certtest CSEC_PUBLIC:TOoSmOotH-patch-2 CSEC_PUBLIC:reyesj2-patch-2 CSEC_PUBLIC:TOoSmOotH-patch-1 CSEC_PUBLIC:delta CSEC_PUBLIC:salt300616 CSEC_PUBLIC:2.4/main CSEC_PUBLIC:2.4.190 CSEC_PUBLIC:foxtrot CSEC_PUBLIC:2.4/playbooklocalrepo CSEC_PUBLIC:2.4.170 CSEC_PUBLIC:hotfix/2.4.150 CSEC_PUBLIC:kaffytaffy CSEC_PUBLIC:2.3/main CSEC_PUBLIC:dev CSEC_PUBLIC:kilo CSEC_PUBLIC:sysusers CSEC_PUBLIC:feature/users
CSEC_PUBLIC:2.4.190-20251024 CSEC_PUBLIC:2.4.180-20250916 CSEC_PUBLIC:2.4.170-20250812 CSEC_PUBLIC:2.4.160-20250625 CSEC_PUBLIC:2.4.160-20250615 CSEC_PUBLIC:2.4.150-20250522 CSEC_PUBLIC:2.4.150-20250512 CSEC_PUBLIC:2.4.141-20250331 CSEC_PUBLIC:2.4.140-20250324 CSEC_PUBLIC:2.4.130-20250311 CSEC_PUBLIC:2.4.120-20250212 CSEC_PUBLIC:2.4.111-20241217 CSEC_PUBLIC:2.4.110-20241010 CSEC_PUBLIC:2.4.110-20241004 CSEC_PUBLIC:2.4.100-20240903 CSEC_PUBLIC:2.4.100-20240829 CSEC_PUBLIC:2.4.90-20240729 CSEC_PUBLIC:2.4.80-20240624 CSEC_PUBLIC:2.4.80-20240625 CSEC_PUBLIC:2.4.70-20240529 CSEC_PUBLIC:2.3.300-20240401 CSEC_PUBLIC:2.4.60-20240320 CSEC_PUBLIC:2.3.290-20240229 CSEC_PUBLIC:2.4.50-20240220 CSEC_PUBLIC:2.4.40-20240116 CSEC_PUBLIC:2.4.30-20231228 CSEC_PUBLIC:2.4.30-20231219 CSEC_PUBLIC:2.4.30-20231204 CSEC_PUBLIC:2.3.280-20231128 CSEC_PUBLIC:2.4.30-20231121 CSEC_PUBLIC:2.4.30-20231117 CSEC_PUBLIC:2.4.30-20231113 CSEC_PUBLIC:2.4.20-20231012 CSEC_PUBLIC:2.4.20-20231006 CSEC_PUBLIC:2.3.270-1006 CSEC_PUBLIC:2.4.10-202030821 CSEC_PUBLIC:2.4.10-20230815 CSEC_PUBLIC:2.4.5-20230807 CSEC_PUBLIC:2.4.5 CSEC_PUBLIC:2.4.4-20230728 CSEC_PUBLIC:2.4.3-20230711 CSEC_PUBLIC:2.3.260-20230620 CSEC_PUBLIC:2.4.2-20230531 CSEC_PUBLIC:2.3.250-20230519 CSEC_PUBLIC:2.3.240-20220426 CSEC_PUBLIC:2.4.1-20230424 CSEC_PUBLIC:2.3.230-20230417 CSEC_PUBLIC:2.4.0-20230328 CSEC_PUBLIC:2.3.220-20230301 CSEC_PUBLIC:2.3.220-20230224 CSEC_PUBLIC:2.3.210-20230202 CSEC_PUBLIC:2.3.200-20230113 CSEC_PUBLIC:2.3.190-20221207 CSEC_PUBLIC:2.3.190-20221205 CSEC_PUBLIC:2.3.182-20221109 CSEC_PUBLIC:2.3.181-20221021 CSEC_PUBLIC:2.3.180-20221014 CSEC_PUBLIC:2.3.170-20220922 CSEC_PUBLIC:2.3.160-20220829 CSEC_PUBLIC:2.3.150-20220820 CSEC_PUBLIC:2.3.140-20220812 CSEC_PUBLIC:2.3.140-20220719 CSEC_PUBLIC:2.3.140-20220718 CSEC_PUBLIC:2.3.130-20220607 CSEC_PUBLIC:2.3.120 CSEC_PUBLIC:2.3.110-20220407 CSEC_PUBLIC:2.3.110-20220405 CSEC_PUBLIC:2.3.110-20220401 CSEC_PUBLIC:2.3.110-20220309 CSEC_PUBLIC:2.3.100-20220301 CSEC_PUBLIC:2.3.100-20220203 CSEC_PUBLIC:2.3.100-20220202 CSEC_PUBLIC:2.3.100 CSEC_PUBLIC:2.3.91 CSEC_PUBLIC:2.3.90-20211213 CSEC_PUBLIC:2.3.90-20211210 CSEC_PUBLIC:2.3.90-20211206 CSEC_PUBLIC:2.3.90-AIRGAPFIX CSEC_PUBLIC:2.3.90-WAZUH CSEC_PUBLIC:2.3.90 CSEC_PUBLIC:2.3.80 CSEC_PUBLIC:2.3.70-WAZUH CSEC_PUBLIC:2.3.70-GRAFANA CSEC_PUBLIC:2.3.70-CURATOR CSEC_PUBLIC:2.3.70 CSEC_PUBLIC:2.3.61MSEARCH CSEC_PUBLIC:2.3.61STENODOCKER CSEC_PUBLIC:2.3.61 CSEC_PUBLIC:2.3.60CURATORAUTH CSEC_PUBLIC:2.3.60FBPIPELINE CSEC_PUBLIC:2.3.60HEAVYNODE CSEC_PUBLIC:2.3.60ECS CSEC_PUBLIC:2.3.60 CSEC_PUBLIC:2.3.52 CSEC_PUBLIC:2.3.51 CSEC_PUBLIC:2.3.50GRIDFIX CSEC_PUBLIC:2.3.50 CSEC_PUBLIC:2.3.40 CSEC_PUBLIC:2.3.30 CSEC_PUBLIC:2.3.21 CSEC_PUBLIC:2.3.20 CSEC_PUBLIC:2.3.10 CSEC_PUBLIC:2.3.2 CSEC_PUBLIC:2.3.1 CSEC_PUBLIC:2.3.0 CSEC_PUBLIC:2.2.0-rc3 CSEC_PUBLIC:2.1.0-rc2 CSEC_PUBLIC:2.0.1-rc1.1 CSEC_PUBLIC:2.0.1-rc1 CSEC_PUBLIC:2.0.0-rc1 CSEC_PUBLIC:1.4.1 CSEC_PUBLIC:1.4.0 CSEC_PUBLIC:1.3.0 CSEC_PUBLIC:1.2.1-1 CSEC_PUBLIC:1.2.1 CSEC_PUBLIC:1.1.4 CSEC_PUBLIC:1.1.3 CSEC_PUBLIC:1.0.4 CSEC_PUBLIC:v1.0.3
...
compare: CSEC_PUBLIC:2.3.100-20220202
Branches Tags
CSEC_PUBLIC:2.4/dev CSEC_PUBLIC:idstools-refactor CSEC_PUBLIC:reyesj2/advilm CSEC_PUBLIC:bravo CSEC_PUBLIC:jertel/wip CSEC_PUBLIC:certtest CSEC_PUBLIC:TOoSmOotH-patch-2 CSEC_PUBLIC:reyesj2-patch-2 CSEC_PUBLIC:TOoSmOotH-patch-1 CSEC_PUBLIC:delta CSEC_PUBLIC:salt300616 CSEC_PUBLIC:2.4/main CSEC_PUBLIC:2.4.190 CSEC_PUBLIC:foxtrot CSEC_PUBLIC:2.4/playbooklocalrepo CSEC_PUBLIC:2.4.170 CSEC_PUBLIC:hotfix/2.4.150 CSEC_PUBLIC:kaffytaffy CSEC_PUBLIC:2.3/main CSEC_PUBLIC:master CSEC_PUBLIC:dev CSEC_PUBLIC:kilo CSEC_PUBLIC:sysusers CSEC_PUBLIC:feature/users
CSEC_PUBLIC:2.4.190-20251024 CSEC_PUBLIC:2.4.180-20250916 CSEC_PUBLIC:2.4.170-20250812 CSEC_PUBLIC:2.4.160-20250625 CSEC_PUBLIC:2.4.160-20250615 CSEC_PUBLIC:2.4.150-20250522 CSEC_PUBLIC:2.4.150-20250512 CSEC_PUBLIC:2.4.141-20250331 CSEC_PUBLIC:2.4.140-20250324 CSEC_PUBLIC:2.4.130-20250311 CSEC_PUBLIC:2.4.120-20250212 CSEC_PUBLIC:2.4.111-20241217 CSEC_PUBLIC:2.4.110-20241010 CSEC_PUBLIC:2.4.110-20241004 CSEC_PUBLIC:2.4.100-20240903 CSEC_PUBLIC:2.4.100-20240829 CSEC_PUBLIC:2.4.90-20240729 CSEC_PUBLIC:2.4.80-20240624 CSEC_PUBLIC:2.4.80-20240625 CSEC_PUBLIC:2.4.70-20240529 CSEC_PUBLIC:2.3.300-20240401 CSEC_PUBLIC:2.4.60-20240320 CSEC_PUBLIC:2.3.290-20240229 CSEC_PUBLIC:2.4.50-20240220 CSEC_PUBLIC:2.4.40-20240116 CSEC_PUBLIC:2.4.30-20231228 CSEC_PUBLIC:2.4.30-20231219 CSEC_PUBLIC:2.4.30-20231204 CSEC_PUBLIC:2.3.280-20231128 CSEC_PUBLIC:2.4.30-20231121 CSEC_PUBLIC:2.4.30-20231117 CSEC_PUBLIC:2.4.30-20231113 CSEC_PUBLIC:2.4.20-20231012 CSEC_PUBLIC:2.4.20-20231006 CSEC_PUBLIC:2.3.270-1006 CSEC_PUBLIC:2.4.10-202030821 CSEC_PUBLIC:2.4.10-20230815 CSEC_PUBLIC:2.4.5-20230807 CSEC_PUBLIC:2.4.5 CSEC_PUBLIC:2.4.4-20230728 CSEC_PUBLIC:2.4.3-20230711 CSEC_PUBLIC:2.3.260-20230620 CSEC_PUBLIC:2.4.2-20230531 CSEC_PUBLIC:2.3.250-20230519 CSEC_PUBLIC:2.3.240-20220426 CSEC_PUBLIC:2.4.1-20230424 CSEC_PUBLIC:2.3.230-20230417 CSEC_PUBLIC:2.4.0-20230328 CSEC_PUBLIC:2.3.220-20230301 CSEC_PUBLIC:2.3.220-20230224 CSEC_PUBLIC:2.3.210-20230202 CSEC_PUBLIC:2.3.200-20230113 CSEC_PUBLIC:2.3.190-20221207 CSEC_PUBLIC:2.3.190-20221205 CSEC_PUBLIC:2.3.182-20221109 CSEC_PUBLIC:2.3.181-20221021 CSEC_PUBLIC:2.3.180-20221014 CSEC_PUBLIC:2.3.170-20220922 CSEC_PUBLIC:2.3.160-20220829 CSEC_PUBLIC:2.3.150-20220820 CSEC_PUBLIC:2.3.140-20220812 CSEC_PUBLIC:2.3.140-20220719 CSEC_PUBLIC:2.3.140-20220718 CSEC_PUBLIC:2.3.130-20220607 CSEC_PUBLIC:2.3.120 CSEC_PUBLIC:2.3.110-20220407 CSEC_PUBLIC:2.3.110-20220405 CSEC_PUBLIC:2.3.110-20220401 CSEC_PUBLIC:2.3.110-20220309 CSEC_PUBLIC:2.3.100-20220301 CSEC_PUBLIC:2.3.100-20220203 CSEC_PUBLIC:2.3.100-20220202 CSEC_PUBLIC:2.3.100 CSEC_PUBLIC:2.3.91 CSEC_PUBLIC:2.3.90-20211213 CSEC_PUBLIC:2.3.90-20211210 CSEC_PUBLIC:2.3.90-20211206 CSEC_PUBLIC:2.3.90-AIRGAPFIX CSEC_PUBLIC:2.3.90-WAZUH CSEC_PUBLIC:2.3.90 CSEC_PUBLIC:2.3.80 CSEC_PUBLIC:2.3.70-WAZUH CSEC_PUBLIC:2.3.70-GRAFANA CSEC_PUBLIC:2.3.70-CURATOR CSEC_PUBLIC:2.3.70 CSEC_PUBLIC:2.3.61MSEARCH CSEC_PUBLIC:2.3.61STENODOCKER CSEC_PUBLIC:2.3.61 CSEC_PUBLIC:2.3.60CURATORAUTH CSEC_PUBLIC:2.3.60FBPIPELINE CSEC_PUBLIC:2.3.60HEAVYNODE CSEC_PUBLIC:2.3.60ECS CSEC_PUBLIC:2.3.60 CSEC_PUBLIC:2.3.52 CSEC_PUBLIC:2.3.51 CSEC_PUBLIC:2.3.50GRIDFIX CSEC_PUBLIC:2.3.50 CSEC_PUBLIC:2.3.40 CSEC_PUBLIC:2.3.30 CSEC_PUBLIC:2.3.21 CSEC_PUBLIC:2.3.20 CSEC_PUBLIC:2.3.10 CSEC_PUBLIC:2.3.2 CSEC_PUBLIC:2.3.1 CSEC_PUBLIC:2.3.0 CSEC_PUBLIC:2.2.0-rc3 CSEC_PUBLIC:2.1.0-rc2 CSEC_PUBLIC:2.0.1-rc1.1 CSEC_PUBLIC:2.0.1-rc1 CSEC_PUBLIC:2.0.0-rc1 CSEC_PUBLIC:1.4.1 CSEC_PUBLIC:1.4.0 CSEC_PUBLIC:1.3.0 CSEC_PUBLIC:1.2.1-1 CSEC_PUBLIC:1.2.1 CSEC_PUBLIC:1.1.4 CSEC_PUBLIC:1.1.3 CSEC_PUBLIC:1.0.4 CSEC_PUBLIC:v1.0.3

400 Commits
2.3.91 ... 2.3.100-20

Author SHA1 Message Date
Doug Burks
c39047666b Merge pull request #7082 from Security-Onion-Solutions/hotfix/2.3.100 
Hotfix/2.3.100
 2022-02-02 16:38:27 -05:00
Mike Reeves
5c75bb8e7a Merge pull request #7080 from Security-Onion-Solutions/23100hotfix 
2.3.100 Hotfix
 2022-02-02 16:30:46 -05:00
Mike Reeves
83683ec27e 2.3.100 Hotfix 2022-02-02 16:23:51 -05:00
Mike Reeves
b94cae0176 2.3.100 Hotfix 2022-02-02 16:22:44 -05:00
Mike Reeves
fc0824ceb0 2.3.100 Hotfix 2022-02-02 16:20:49 -05:00
Mike Reeves
73a43f3816 Merge pull request #7069 from Security-Onion-Solutions/TOoSmOotH-patch-2 
Update HOTFIX
 2022-02-02 09:57:26 -05:00
Mike Reeves
8152aec22e Update HOTFIX 2022-02-02 09:49:19 -05:00
Mike Reeves
0e28e1e4cb Merge pull request #7066 from Security-Onion-Solutions/TOoSmOotH-patch-1 
Update acng.conf
 2022-02-02 09:22:00 -05:00
Josh Patterson
13f87e4654 Merge pull request #7067 from Security-Onion-Solutions/m0duspwnens-patch-2.3.100 
FIX: ssl state and manager hostname with uppercase
 2022-02-02 09:21:54 -05:00
Josh Patterson
a02fb37493 Update init.sls 2022-02-02 09:18:02 -05:00
Mike Reeves
eaeed07fd4 Update acng.conf 2022-02-02 09:12:29 -05:00
Mike Reeves
943edd0303 Merge pull request #7042 from Security-Onion-Solutions/dev 
2.3.100 Release
 2022-01-31 16:29:57 -05:00
Mike Reeves
b49524a293 Merge pull request #7041 from Security-Onion-Solutions/23100release 
2.3.100 Release
 2022-01-31 14:07:02 -05:00
Mike Reeves
6dc8415af5 2.3.100 Release 2022-01-31 14:05:22 -05:00
Doug Burks
7927534279 Merge pull request #7040 from Security-Onion-Solutions/dougburks-patch-1 
Update version from 2.3.91 to 2.3.100
 2022-01-31 13:32:05 -05:00
Doug Burks
e0f6b9af3a Update version from 2.3.91 to 2.3.100 2022-01-31 13:27:45 -05:00
weslambert
6a2111c2ae Merge pull request #7037 from Security-Onion-Solutions/fix/revert_zeek_dns_answers 
Revert back to dns.answers for now
 2022-01-31 09:55:22 -05:00
weslambert
367b59188b Revert back to dns.answers for now 2022-01-31 09:54:39 -05:00
Josh Patterson
d3fc61e557 Merge pull request #7035 from Security-Onion-Solutions/soup_salt_repo 
ensure /etc/yum.repos.d/securityonion.repo is absent if not a manager…
 2022-01-31 09:05:45 -05:00
m0duspwnens
4dd0ce9f2c ensure /etc/yum.repos.d/securityonion.repo is absent if not a manager and managerupdates is enabled 2022-01-31 09:01:18 -05:00
Josh Patterson
0c5b4c6070 Merge pull request #7033 from Security-Onion-Solutions/receiver_grafana 
Receiver grafana
 2022-01-31 08:41:56 -05:00
Josh Patterson
a8983dd895 Merge pull request #7028 from Security-Onion-Solutions/soup_salt_repo 
Soup salt repo
 2022-01-31 08:21:17 -05:00
m0duspwnens
e189f10a1b Merge branch 'dev' of https://github.com/Security-Onion-Solutions/securityonion into soup_salt_repo 2022-01-29 11:04:07 -05:00
m0duspwnens
a90660c07b ensure salt-latest.repo is absent, salt.minion state include repo.client 2022-01-29 11:04:03 -05:00
Mike Reeves
bb87c85e07 Merge pull request #7027 from Security-Onion-Solutions/fix/soup-kibana 
Move Kibana dashboard update from post_to_2.3.90() to post_to_2.3.100()
 2022-01-29 10:07:36 -05:00
Doug Burks
bc0a362b39 Move Kibana dashboard update from post_to_2.3.90() to post_to_2.3.100() 2022-01-29 08:02:56 -05:00
m0duspwnens
3aee8656d4 fix %} - add redis to receiver telegraf 2022-01-28 17:45:12 -05:00
m0duspwnens
980a1a0c3d add redis to receiver telegraf 2022-01-28 17:44:04 -05:00
m0duspwnens
bf26ae8e41 add receiver to allowed dashboards 2022-01-28 17:32:53 -05:00
m0duspwnens
da3e1e402a add receiver dashboard grafana 2022-01-28 17:27:58 -05:00
m0duspwnens
1cd1ad9214 add inputs for so-receiver to telegraf conf 2022-01-28 17:18:31 -05:00
Josh Patterson
ddba4a5fe5 Merge pull request #7024 from Security-Onion-Solutions/soup_receiver 
Soup receiver
 2022-01-28 17:01:04 -05:00
m0duspwnens
c8b1e6f501 remove -X from UPGRADECOMMAND so salt-minion starts after upgrade 2022-01-28 15:49:53 -05:00
m0duspwnens
c45efebc7f Merge remote-tracking branch 'remotes/origin/dev' into soup_receiver 2022-01-28 15:27:27 -05:00
m0duspwnens
014696f62f fix receiver append to assigned_hostgroups.local.map.yaml 2022-01-28 15:26:37 -05:00
m0duspwnens
6b18551dd1 skip applying repo.client if airgap and saltupgrade prior to yum clean all 2022-01-28 14:39:10 -05:00
weslambert
4ecf4ab253 Merge pull request #7020 from Security-Onion-Solutions/feature/dash_updates 
EG and HL Dashboard Updates
 2022-01-28 13:19:02 -05:00
m0duspwnens
75b8d6a0c5 ensure /etc/yum.repos.d/securityonioncache.repo is absent if global:managerupdate = 0 2022-01-28 13:09:48 -05:00
weslambert
5142e6ccc7 Update so-kibana-config-load 2022-01-28 13:01:33 -05:00
Wes Lambert
3b76c2421c Update to allow for passing HL saved objects 2022-01-28 17:59:34 +00:00
m0duspwnens
e82c6a2393 default for managerupdate should be int not a string 2022-01-28 12:50:58 -05:00
m0duspwnens
905ca35e93 use sed instead of echo 2022-01-28 11:19:54 -05:00
m0duspwnens
3977146a16 add receiver to firewall files during soup 2022-01-28 10:36:30 -05:00
Josh Patterson
5a37b14809 Merge pull request #7017 from Security-Onion-Solutions/issue/7016 
dont apply wazuh state on sensors if it is disabled globally
 2022-01-28 09:33:34 -05:00
m0duspwnens
15c29bda74 dont apply wazuh state on sensors if it is disabled globally - https://github.com/Security-Onion-Solutions/securityonion/issues/7016 2022-01-28 09:31:02 -05:00
Josh Patterson
d0186c8c1b Merge pull request #7011 from Security-Onion-Solutions/fix/reinstall 
https://github.com/Security-Onion-Solutions/securityonion/issues/7010
 2022-01-27 16:40:37 -05:00
Jason Ertel
ac21bd1e29 Merge pull request #7009 from Security-Onion-Solutions/kilo 
Add new abbreviated result limit param
 2022-01-27 15:55:42 -05:00
Jason Ertel
14c587fca2 Add new abbreviated result limit param 2022-01-27 15:51:02 -05:00
m0duspwnens
6cc8e4355e exclude salt ERROR seen during reinstall 2022-01-27 15:31:42 -05:00
m0duspwnens
e63f35a223 change to test 2022-01-27 15:19:33 -05:00
weslambert
69689b470b Merge pull request #7005 from Security-Onion-Solutions/fix/revert_cases_field_limit 
Revert field limit from testing
 2022-01-27 11:33:31 -05:00
weslambert
fc0a5bce86 Revert field limit from testing 2022-01-27 11:18:35 -05:00
weslambert
39257df396 Merge pull request #7004 from Security-Onion-Solutions/fix/revert_dtc 
Revert changes to common template
 2022-01-27 11:15:50 -05:00
weslambert
60a0204975 Revert changes to common template 2022-01-27 11:02:47 -05:00
William Wernert
c6b11f4e05 Merge pull request #7001 from Security-Onion-Solutions/fix/so-rule-string-split 
Fix error message printing in so-rule
 2022-01-26 16:08:00 -05:00
William Wernert
4532de368a Fix error message printing in so-rule 2022-01-26 16:04:45 -05:00
m0duspwnens
9e2278a199 Merge remote-tracking branch 'remotes/origin/dev' into fix/reinstall 2022-01-26 15:48:46 -05:00
weslambert
e303fb12cf Merge pull request #7000 from Security-Onion-Solutions/fix/zeek_dns_answers_pipeline 
Fix Zeek field name so it doesn't conflict with mapping of other dns.…
 2022-01-26 15:04:12 -05:00
weslambert
8f0a327cb5 Fix Zeek field name so it doesn't conflict with mapping of other dns.answers fields 2022-01-26 15:02:59 -05:00
weslambert
bdc5e89822 Merge pull request #6999 from Security-Onion-Solutions/fix/case_mapping_changes_temp 
Mapping changes for case index
 2022-01-26 14:59:45 -05:00
weslambert
1b3e7f9d79 Temp changes while adjusting mapping 2022-01-26 14:57:16 -05:00
Josh Patterson
4f30d43611 Merge pull request #6998 from Security-Onion-Solutions/es_binds 
mount repo dir in container same as defined on host
 2022-01-26 13:59:17 -05:00
m0duspwnens
c80adc0430 mount repo dir in container same as defined on host 2022-01-26 13:42:56 -05:00
weslambert
e77648c475 Merge pull request #6994 from Security-Onion-Solutions/feature/dtc 
Additional DTC changes
 2022-01-26 12:22:48 -05:00
Jason Ertel
c2636036ee Merge pull request #6995 from Security-Onion-Solutions/kilo 
store related event data as a flattened object blob
 2022-01-26 12:21:02 -05:00
Wes Lambert
e10749a495 Additional changes to template to accomodate default fields and keyword subfield 2022-01-26 17:16:29 +00:00
Jason Ertel
ed9b74dc33 store related event data as a flattened object blob 2022-01-26 12:16:05 -05:00
m0duspwnens
2aa19b78da dont remove ca-certificates.crt 2022-01-26 11:27:35 -05:00
m0duspwnens
1337af9d69 more dupes 2022-01-26 11:07:06 -05:00
m0duspwnens
a0e493a186 remove dupe ids 2022-01-26 10:50:35 -05:00
m0duspwnens
a43fb293fc remove role logic 2022-01-26 10:26:52 -05:00
m0duspwnens
8aa002b82e add states to remove ca and ssl keys and certs and call them during reinstall. 2022-01-26 09:33:19 -05:00
m0duspwnens
8ce0f5b7be log removal of root cron 2022-01-26 08:31:37 -05:00
Josh Patterson
26e03ccad2 Merge pull request #6978 from Security-Onion-Solutions/es_binds 
allow for path.repo mounts for elasticsearch
 2022-01-25 16:13:49 -05:00
m0duspwnens
dd00e3babc use .get since repo may not exist 2022-01-25 13:18:21 -05:00
m0duspwnens
5d2b3992e2 dont need to set ES_PATH_REPO 2022-01-25 13:11:53 -05:00
m0duspwnens
7b6eeac03f dnt mount under /repo in the container 2022-01-25 13:08:46 -05:00
m0duspwnens
00e17d5c78 put repos in /repo in es container 2022-01-25 13:03:54 -05:00
m0duspwnens
a17e1aa87a 930 for group 2022-01-25 13:00:04 -05:00
m0duspwnens
4423e93880 prevent path.repo from being put in elasticsearch.yml if the symlink doesnt exist 2022-01-25 12:57:05 -05:00
m0duspwnens
e62de2934c fix test for es repo 2022-01-25 12:24:03 -05:00
m0duspwnens
a92e2a917b change repos to repo 2022-01-25 10:53:28 -05:00
m0duspwnens
a72f12c4c7 add path.repo mount if symlink exists 2022-01-25 10:50:00 -05:00
Josh Patterson
9a45a9799b Merge pull request #6974 from Security-Onion-Solutions/issue/6599 
https://github.com/Security-Onion-Solutions/securityonion/issues/6599
 2022-01-25 09:11:33 -05:00
weslambert
ba52bd3835 Update template with syntax fixes 2022-01-25 08:56:03 -05:00
m0duspwnens
edd8709cdd remove export LC_CTYPE="en_US.UTF-8" from soup 2022-01-24 19:42:56 -05:00
m0duspwnens
d6fc436d49 copy files to default salt base 2022-01-24 19:30:34 -05:00
m0duspwnens
82e2b2b611 dont escape raw and endraw 2022-01-24 17:03:25 -05:00
m0duspwnens
d083338350 adding --local 2022-01-24 16:46:29 -05:00
m0duspwnens
e3f1b456e6 add raw end raw back 2022-01-24 16:09:15 -05:00
m0duspwnens
268e07e2a2 remove jinja from soup scripts 2022-01-24 15:49:55 -05:00
Doug Burks
80b7487d45 Merge pull request #6968 from Security-Onion-Solutions/dougburks-patch-1 
Update CONTRIBUTING.md with warning about more involved PRs
 2022-01-24 10:39:40 -05:00
Jason Ertel
4ab7a6a079 Merge pull request #6967 from Security-Onion-Solutions/kilo 
Copyright year and format update
 2022-01-24 10:39:31 -05:00
Doug Burks
5f67dfd432 Update CONTRIBUTING.md 2022-01-24 10:36:22 -05:00
Jason Ertel
eefcc929c2 Update copyright pattern to match other repos 2022-01-24 10:09:23 -05:00
Jason Ertel
a4d2807fbb Switch to httpcase for consistency 2022-01-24 09:45:07 -05:00
Doug Burks
fb5bff3913 Merge pull request #6956 from Security-Onion-Solutions/dougburks-patch-1 
Fix typos in ssh_warning
 2022-01-24 09:39:40 -05:00
Jason Ertel
7c22f46a55 Update copyright year for 2022 2022-01-24 09:35:29 -05:00
Doug Burks
b103420100 fix typo in so-setup 2022-01-22 10:25:37 -05:00
Doug Burks
304ef64bc8 fix another typo in ssh_warning 2022-01-22 10:24:36 -05:00
Doug Burks
1e14e2977f Fix typo in ssh_warning 2022-01-22 10:21:14 -05:00
Josh Patterson
86cfa07af9 Merge pull request #6955 from Security-Onion-Solutions/issue/6810 
Issue/6810
 2022-01-21 17:37:59 -05:00
m0duspwnens
32080b02e4 dont use logCmd for moving repo files after centos-release update 2022-01-21 17:28:40 -05:00
m0duspwnens
58c5db3bf6 reorder process in securityonion_repo function 2022-01-21 15:15:48 -05:00
m0duspwnens
9e5fb458b4 update saltstack repo location for securityonioncache.repo / managerupdates=1 2022-01-21 14:38:42 -05:00
weslambert
f7a4cc20f2 Update so-common-template.json.jinja 2022-01-21 12:36:38 -05:00
Josh Patterson
36fc25f78e Merge pull request #6953 from Security-Onion-Solutions/issue/6492 
https://github.com/Security-Onion-Solutions/securityonion/issues/6492
 2022-01-21 12:09:13 -05:00
m0duspwnens
e7852d7700 https://github.com/Security-Onion-Solutions/securityonion/issues/6492 2022-01-21 11:59:27 -05:00
Josh Patterson
0257d09cf8 Merge pull request #6949 from Security-Onion-Solutions/issue/6811 
Issue/6811
 2022-01-21 08:46:54 -05:00
m0duspwnens
878c3fe6d9 Merge remote-tracking branch 'remotes/origin/dev' into issue/6811 2022-01-21 08:09:24 -05:00
m0duspwnens
281e5d9b25 remove salt.enable_higstate state 2022-01-21 08:09:04 -05:00
m0duspwnens
baa93301b5 enable cron at the end of soup 2022-01-20 16:53:33 -05:00
m0duspwnens
00d0eb1ce5 fix setting var 2022-01-20 16:37:33 -05:00
m0duspwnens
01cb505338 start cron and enable highstate if soup exits on error 2022-01-20 16:31:01 -05:00
William Wernert
ec023f8f7c Merge pull request #6937 from Security-Onion-Solutions/fix/fail-preflight-early 
Correctly handle failure to install curl in so-preflight
 2022-01-20 16:03:20 -05:00
m0duspwnens
e1757926cf start cron and reenable highstate on soup exit 2022-01-20 15:26:03 -05:00
William Wernert
357cd059aa Use ret_code in prereq function to return failures 2022-01-20 13:53:59 -05:00
weslambert
1b860e11e7 Merge pull request #6936 from Security-Onion-Solutions/fix/field_conflicts 
Remove dynamic keyword template to prevent field conflicts with mappi…
 2022-01-20 12:48:15 -05:00
weslambert
d1efa71c57 Remove dynamic keyword template to prevent field conflicts with mappings defined in common template 2022-01-20 12:34:32 -05:00
Josh Patterson
c57b2d005e Merge pull request #6933 from Security-Onion-Solutions/issue/6810 
quote ES_PASS in SOCtopus.conf and remove % from random pw
 2022-01-20 10:57:56 -05:00
m0duspwnens
9b2459d8ba quote ES_PASS in SOCtopus.conf and remove % from random pw 2022-01-20 10:52:48 -05:00
weslambert
d0c8dd0626 Merge pull request #6931 from Security-Onion-Solutions/fix/cases_dynamic_disable 
Disable dynamic mapping and increase order to reduce potential field …
 2022-01-20 09:48:01 -05:00
weslambert
e137ad60c5 Disable dynamic mapping and increase order to reduce potential field conflicts 2022-01-20 09:44:41 -05:00
Josh Patterson
93236738de Merge pull request #6930 from Security-Onion-Solutions/issue/6810 
upgrade salt to 3004
 2022-01-20 08:28:20 -05:00
m0duspwnens
fc65f7bb84 Merge remote-tracking branch 'remotes/origin/dev' into issue/6810 2022-01-19 15:35:28 -05:00
m0duspwnens
67e34b2402 reorder yum operations in securityonion_repo function 2022-01-19 15:35:04 -05:00
Jason Ertel
e984b0b9c4 Merge pull request #6921 from Security-Onion-Solutions/kilo 
remove unused fields object from related case schema
 2022-01-19 14:42:05 -05:00
Jason Ertel
dc44a91398 Prefix all SO fields to avoid potential conflicts with future ECS changes 2022-01-19 14:26:22 -05:00
m0duspwnens
a861801a24 more logCmd 2022-01-19 13:38:10 -05:00
m0duspwnens
fbe54b9ee8 yum clean all needs to happen before repo files are moved or the clean doesnt clean anything 2022-01-19 12:33:58 -05:00
m0duspwnens
7ebba1f325 use show_changes: False to prevent es pw from being shown when running the state 2022-01-19 12:11:38 -05:00
m0duspwnens
f8ac37c101 Merge remote-tracking branch 'remotes/origin/dev' into issue/6810 2022-01-19 11:57:37 -05:00
m0duspwnens
4d078046d6 quote ES_PASS due to new characters in random string for elasticsearch:auth pw generation 2022-01-19 11:55:25 -05:00
William Wernert
13dbd0034f Merge pull request #6924 from Security-Onion-Solutions/fix/whiptail-height 
Fix height of node whiptail menu
 2022-01-19 11:18:44 -05:00
William Wernert
c10ab712d5 Fix height of node whiptail menu 2022-01-19 11:05:34 -05:00
Jason Ertel
d7ba1cedff remove unused fields object from related case schema 2022-01-19 08:39:21 -05:00
m0duspwnens
55a262646c use logCmd 2022-01-19 08:34:54 -05:00
William Wernert
a3925d231c Merge pull request #6909 from Security-Onion-Solutions/fix/preflight-curl 
Install curl in preflight script to avoid error on Ubuntu
 2022-01-18 13:39:44 -05:00
William Wernert
c0c42c3574 Install curl in preflight script to avoid error on Ubuntu 
Also add check for already installed curl later in setup
 2022-01-18 13:17:56 -05:00
m0duspwnens
f006d1a22c logCmd commands in securityonion_repo function 2022-01-18 12:34:23 -05:00
m0duspwnens
a2ed9a86ff remove influixdb salt state files and update patch files for influxdb salt modules/state 2022-01-18 11:33:36 -05:00
Josh Brower
19ccd5f8e9 Merge pull request #6904 from Security-Onion-Solutions/fix/fleetdm-disable-vuln-feature 
FleetDM - Disable Vuln Proc Feature
 2022-01-18 10:48:06 -05:00
Josh Brower
c4babf22d6 FleetDM - Disable Vuln Proc Feature 2022-01-18 10:38:55 -05:00
Mike Reeves
7eb564db14 Merge pull request #6901 from Security-Onion-Solutions/elasticupdate 
Elastic 7.16.3
 2022-01-18 09:47:36 -05:00
Mike Reeves
2e4e59bbe8 Elastic 7.16.3 2022-01-18 09:42:06 -05:00
m0duspwnens
87999453f2 Merge remote-tracking branch 'remotes/origin/dev' into issue/6810 2022-01-18 09:13:10 -05:00
m0duspwnens
3bd26f05d4 account for salt 3004 adding new chars to random.get_str 2022-01-14 18:02:18 -05:00
m0duspwnens
a46a740170 account for salt 3004 adding new chars to random.get_str 2022-01-14 17:23:29 -05:00
Mike Reeves
71da74fd00 Merge pull request #6878 from Security-Onion-Solutions/fix/scan_pe_sections_entropy 
Fix/scan pe sections entropy
 2022-01-14 17:02:32 -05:00
weslambert
c512351dd6 Add mapping for scan.exiftool and scan.pe.sections.entropy 2022-01-14 17:01:13 -05:00
weslambert
a90bc9dba9 Add mapping for scan.pe.sections.entropy 2022-01-14 16:58:53 -05:00
m0duspwnens
02ce5c3236 update install salt to 3004 2022-01-14 13:47:16 -05:00
m0duspwnens
b6b2e06fbc change module to cmd for onchanges_in 2022-01-14 12:44:58 -05:00
m0duspwnens
f5fe466410 repo update 2022-01-14 12:02:35 -05:00
Jason Ertel
a63787daba Merge pull request #6864 from Security-Onion-Solutions/kilo 
Add default queries for cases to show user's assigned cases
 2022-01-13 17:15:02 -05:00
Jason Ertel
6b0b7245f0 Add default queries for cases to show user's assigned cases 2022-01-13 17:10:08 -05:00
m0duspwnens
bda9221d6f upgrade salt to 3004 and update bootstrap-salt.sh 2022-01-13 13:26:11 -05:00
Josh Patterson
b2434faf10 Merge pull request #6862 from Security-Onion-Solutions/issue/6811 
restart wazuh with docker restart vs so-wazuh-restart
 2022-01-13 13:06:43 -05:00
m0duspwnens
82db3fa3c0 restart wazuh with docker restart vs so-wazuh-restart 2022-01-13 13:02:01 -05:00
Josh Patterson
78bb6e4176 Merge pull request #6856 from Security-Onion-Solutions/issue/6811 
Issue/6811
 2022-01-13 11:03:51 -05:00
m0duspwnens
06c0cebb26 merge with dev 2022-01-13 09:44:26 -05:00
m0duspwnens
389ff1a46d create enable_highstate state to reenable highstate following minion restart if it was previously disabled. same with cron 2022-01-13 09:39:46 -05:00
m0duspwnens
a28bb23d20 fix os_family for cron state map 2022-01-12 17:27:47 -05:00
m0duspwnens
443dc6ebaa move branch echo to main so it is in the log 2022-01-12 16:14:49 -05:00
m0duspwnens
03b9b74ace stop cron before soup upgrades the manager, start cron at the end. add cron state that is in included in common 2022-01-12 16:04:10 -05:00
Mike Reeves
e123dd4bb2 Merge pull request #6844 from Security-Onion-Solutions/highlanderml 
Add additional highlander settings
 2022-01-12 13:34:22 -05:00
Josh Patterson
5889ce02cd Merge pull request #6845 from Security-Onion-Solutions/23100soup_jpp 
remove mine push from 2.3.100 function
 2022-01-12 13:34:06 -05:00
Josh Patterson
776e4c6e12 Update soup 2022-01-12 13:32:46 -05:00
Josh Patterson
035984569b Merge branch 'dev' into 23100soup_jpp 2022-01-12 13:31:46 -05:00
Josh Patterson
da30f66096 remove mine push from 2.3.100 function 2022-01-12 13:29:34 -05:00
Mike Reeves
c525bf310d Add additional highlander settings 2022-01-12 13:19:40 -05:00
Mike Reeves
ee44edfe75 Add additional highlander settings 2022-01-12 13:18:44 -05:00
m0duspwnens
0cf877f169 kill any possible queued salt jobs before stopping salt-master 2022-01-12 12:27:19 -05:00
Mike Reeves
f836d3ad16 Merge pull request #6843 from Security-Onion-Solutions/23100soup_jpp 
push ips of mainint to salt mine
 2022-01-12 12:25:51 -05:00
Josh Patterson
5b347600e9 push ips of mainint to salt mine 2022-01-12 12:24:52 -05:00
m0duspwnens
0388912ba7 kill all salt jobs across grid before stopping salt-master. kill all salt jobs on manager before stopping salt-minion. 2022-01-12 11:05:47 -05:00
m0duspwnens
494737549d move some es script to src elasticsearch/tools/sbin and dst /usr/sbin. set requires 2022-01-12 10:20:05 -05:00
Mike Reeves
22096174bb Merge pull request #6841 from Security-Onion-Solutions/TOoSmOotH-patch-4 
Fix some formatting
 2022-01-12 09:39:15 -05:00
Mike Reeves
1d94e3ac69 Fix some formatting 2022-01-12 09:38:22 -05:00
m0duspwnens
abf3a9401b listen instead to not start service if not running then restart if changes to files 2022-01-11 18:31:35 -05:00
m0duspwnens
ae0f392035 wait for salt-master and salt-minin to exit. disable highstate before stopping salt-minion. apply salt-minion state before first highstate to update configs 2022-01-11 16:57:29 -05:00
Mike Reeves
53d2e20e48 Merge pull request #6834 from Security-Onion-Solutions/nohive 
Remove hive install option
 2022-01-11 16:50:18 -05:00
Mike Reeves
4ff5fc3b38 Remove hive install option 2022-01-11 14:38:38 -05:00
m0duspwnens
5ade8193f0 move highstate messages for more accurate final highstate message 2022-01-11 13:41:51 -05:00
m0duspwnens
0ef130bd38 bootstrap.sh, dont start salt services after salt upgrade, allow soup to do it 2022-01-11 13:12:07 -05:00
m0duspwnens
e33a9eb45c bootstrap.sh, dont start salt services after salt upgrade, allow soup to do it 2022-01-11 13:11:25 -05:00
m0duspwnens
9d19cba600 log time when salt services stopped and started 2022-01-11 13:09:05 -05:00
m0duspwnens
baf297ab0a merge with dev, resolve conflict 2022-01-11 11:24:10 -05:00
m0duspwnens
14eed8e5b9 redirect to setup_log 2022-01-11 11:20:30 -05:00
Josh Brower
5083be4ce7 Merge pull request #6816 from Security-Onion-Solutions/fix/wazuh-parsing-v2 
Fix Wazuh WEL Parsing
 2022-01-11 11:17:24 -05:00
Doug Burks
a3c8335130 Merge pull request #6827 from Security-Onion-Solutions/dougburks-patch-1 
Remove unnecessary word
 2022-01-11 11:06:40 -05:00
Doug Burks
29d8dbe371 Remove unnecessary word 2022-01-11 11:05:30 -05:00
m0duspwnens
91ef9b9366 update salt mine before salt-master and salt-minion get stopped 2022-01-11 10:57:48 -05:00
m0duspwnens
328d6cdeb4 Merge remote-tracking branch 'remotes/origin/dev' into issue/6811 2022-01-11 10:02:18 -05:00
Mike Reeves
a9e58e2aba Merge pull request #6826 from Security-Onion-Solutions/TOoSmOotH-patch-3 
Update init.sls
 2022-01-11 10:01:49 -05:00
Mike Reeves
8ad36fc7b9 Update init.sls 2022-01-11 10:01:14 -05:00
m0duspwnens
87756cdbc9 Merge remote-tracking branch 'remotes/origin/dev' into issue/6811 2022-01-11 09:57:31 -05:00
Mike Reeves
7937487ee9 Merge pull request #6825 from Security-Onion-Solutions/TOoSmOotH-patch-1 
Update init.sls
 2022-01-11 09:57:10 -05:00
Mike Reeves
770a389410 Update init.sls 2022-01-11 09:56:22 -05:00
m0duspwnens
b5c274de10 Merge remote-tracking branch 'remotes/origin/dev' into issue/6811 2022-01-11 09:48:31 -05:00
m0duspwnens
a8d1b9eb90 restart salt-minion at end of run if mine_functions changes 2022-01-11 09:29:12 -05:00
m0duspwnens
86c8fc6c1c need to update mine after salt-master starts 2022-01-11 08:56:38 -05:00
weslambert
17509a9231 Merge pull request #6822 from Security-Onion-Solutions/fix/event_fields 
Add event.acknowledged and event.escalated mappings
 2022-01-10 16:14:45 -05:00
weslambert
84f7c6b13b Add event.acknowledged and event.escalated mappings 2022-01-10 16:08:35 -05:00
m0duspwnens
716c98ec61 requires and ordering for socusersroles state 2022-01-10 14:39:00 -05:00
Josh Brower
56aa24d874 Fix Wazuh WEL Parsing 2022-01-10 13:55:38 -05:00
Mike Reeves
b7a90a88f9 Merge pull request #6815 from Security-Onion-Solutions/esbackup 
Add ability to specify local backup dir
 2022-01-10 13:31:24 -05:00
weslambert
1dc363138a Merge pull request #6814 from Security-Onion-Solutions/fix/template_typo 
Fix typo -- replace period with comma
 2022-01-10 13:30:13 -05:00
weslambert
1c3eeb5a34 Fix typo -- replace period with comma 2022-01-10 13:29:06 -05:00
m0duspwnens
beb9a33628 only include curl.config if elasticsearch:auth is enabled 2022-01-10 11:48:16 -05:00
Mike Reeves
dbba7d7226 Add ability to specify local backup dir 2022-01-10 11:31:41 -05:00
m0duspwnens
291ac7d361 https://github.com/Security-Onion-Solutions/securityonion/issues/6811 2022-01-10 10:36:42 -05:00
Josh Patterson
43eda0c5a3 Merge pull request #6796 from Security-Onion-Solutions/fix/wazuh_register_agent 
dont try to register if state file exists
 2022-01-07 16:07:56 -05:00
m0duspwnens
715d3f0e7e dont try to register if state file exists 2022-01-07 16:05:55 -05:00
Jason Ertel
db04646735 Merge pull request #6794 from Security-Onion-Solutions/kilo 
Update field mappings based on Wes' feedback
 2022-01-07 16:03:05 -05:00
Jason Ertel
66c9e20c6a Add wilcards for CCS compatibility 2022-01-07 15:57:08 -05:00
Josh Patterson
ed97fe0b65 Merge pull request #6795 from Security-Onion-Solutions/fix/wazuh_register_agent 
Fix/wazuh register agent
 2022-01-07 15:52:17 -05:00
m0duspwnens
3a86af8de2 quote $API_RESULT 2022-01-07 15:49:53 -05:00
m0duspwnens
7ee913eb1f if /opt/so/conf/wazuh/initial_agent_registration.log doesnt exist, and agent is already registered, touch file and exit 0 to prevent salt error 2022-01-07 15:46:47 -05:00
Jason Ertel
d3656a7777 Merge branch 'dev' into kilo 2022-01-07 13:41:35 -05:00
Josh Patterson
3c44f6fd41 Merge pull request #6793 from Security-Onion-Solutions/23100soup_jpp 
23100soup
 2022-01-07 13:32:33 -05:00
Jason Ertel
391db568b0 Update field mappings based on Wes' feedback 2022-01-07 13:28:36 -05:00
Jason Ertel
a4f01d4412 Merge pull request #6792 from Security-Onion-Solutions/kilo 
Add case exclusion toggle to Hunt to avoid hunt results getting case …
 2022-01-07 13:02:27 -05:00
Jason Ertel
9ef83da23f Add case exclusion toggle to Hunt to avoid hunt results getting case data hits unintentionally 2022-01-07 12:58:35 -05:00
m0duspwnens
871fd115ae put so-firewalll in /usr/sbin since salt-master isnt running at this time 2022-01-07 12:04:19 -05:00
weslambert
218f7f3a13 Merge pull request #6790 from Security-Onion-Solutions/fix/dtc_severity_label 
Add event.severity_label
 2022-01-07 11:44:30 -05:00
weslambert
770e53d914 Add keyword subfield for event.severity_label 2022-01-07 11:21:57 -05:00
weslambert
c69e1353d9 Add event.severity_label 2022-01-07 11:19:54 -05:00
m0duspwnens
fd0e5d7d29 make sure so-firewall is up to date 2022-01-07 11:10:48 -05:00
Josh Brower
ae6aa0dafd Merge pull request #6789 from Security-Onion-Solutions/fix/wazuh-parsing-revert 
Revert Wazuh parser update
 2022-01-07 10:53:53 -05:00
Josh Brower
5d4ea2ba3a Revert Wazuh parser update 2022-01-07 10:51:24 -05:00
weslambert
a7e7566532 Merge pull request #6780 from Security-Onion-Solutions/feature/datatype_compliance 
Initial commit for data type compliance
 2022-01-06 16:38:17 -05:00
m0duspwnens
5ecb63f5cf prevent exit if minion doesnt respond 2022-01-06 16:17:51 -05:00
Josh Brower
ca4aaae47c Merge pull request #6778 from Security-Onion-Solutions/fix/wazuh-parsing 
Uppercase first char in Wazuh WEL
 2022-01-06 16:01:09 -05:00
Josh Brower
277c7f1ef8 Uppercase first char in Wazuh WEL 2022-01-06 14:58:50 -05:00
m0duspwnens
cd590b894a check that ossec.conf exists 2022-01-06 12:39:48 -05:00
weslambert
3f02003ea2 Merge pull request #6777 from Security-Onion-Solutions/fix/deprecation_ecs_compatibility_logstash 
Add config option for ECS compatibility (default of disabled)
 2022-01-06 11:31:51 -05:00
weslambert
8e2f500b9c Add config option for ECS compatibility (default of disabled) 2022-01-06 11:24:04 -05:00
weslambert
099e3e1ceb Merge pull request #6775 from Security-Onion-Solutions/fix/deprecation_warning_suppress 
Add logger stanza to suppress ES deprecation warning messages
 2022-01-06 10:45:37 -05:00
weslambert
900d12b556 Add logger stanza to suppress deprecation warning messages for now due to current system index access warning messages flooding the ES log 2022-01-06 10:35:50 -05:00
Jason Ertel
8cf7ea8b87 Merge pull request #6772 from Security-Onion-Solutions/kilo 
Prevent PCAP action from showing up outside of hunt/alerts
 2022-01-05 19:15:02 -05:00
Josh Patterson
eaa6597cd7 Merge pull request #6773 from Security-Onion-Solutions/issue/6765 
Issue/6765
 2022-01-05 18:11:06 -05:00
m0duspwnens
6338ba2e45 remove /var/cache/salt/ for reinstall 2022-01-05 16:54:56 -05:00
m0duspwnens
8af74e8bb3 remove more salt configs for reinstall 2022-01-05 16:53:54 -05:00
m0duspwnens
9357995bfa remove root cron and restore yeselastic.txt 2022-01-05 16:04:32 -05:00
weslambert
2fb488f768 Merge pull request #6769 from Security-Onion-Solutions/fix/id_fielddata_deprecation 
Fix issue with _id field fielddata/deprecation
 2022-01-05 15:40:25 -05:00
Wes Lambert
1cafacfa51 Update saved objects to reflect removal of TheHive scripted field and replacement of PCAP pivot with Hunt pivot 2022-01-05 20:36:23 +00:00
weslambert
c1a88977cf Disable fielddata for _id field by default (since it is deprecated and can be memory-intensive) 2022-01-05 15:23:52 -05:00
m0duspwnens
0ff5e3cf6f require so-elasticsearch container to be running to run the scripts 2022-01-05 14:48:41 -05:00
m0duspwnens
8950f94fb0 restore state files so python3-influxdb state doesnt try to patch during a restinstall 2022-01-05 12:02:53 -05:00
Wes Lambert
b60837e71a Initial commit for data type compliance 2022-01-05 16:38:56 +00:00
Jason Ertel
4f8524e0ac Prevent PCAP action from showing up outside of hunt/alerts 2022-01-05 11:13:12 -05:00
weslambert
2f9672d3ea Merge pull request #6764 from Security-Onion-Solutions/feature/soup_branch 
Denote which branch is being used in SOUP if BRANCH is specified
 2022-01-05 10:54:29 -05:00
weslambert
db43e21378 Fix indentation 2022-01-05 10:46:41 -05:00
weslambert
4d8b417fc9 Denote which branch is being used in SOUP if BRANCH is specified 2022-01-05 10:41:27 -05:00
Jason Ertel
89415b12ce Merge pull request #6762 from Security-Onion-Solutions/kilo 
Switch soc.json to use lowercase labels in default queries; Also enab…
 2022-01-05 09:59:39 -05:00
Jason Ertel
4bfdfffe21 Switch soc.json to use lowercase labels in default queries; Also enable the 'Add Case' feature 2022-01-05 09:54:13 -05:00
Mike Reeves
1adc4c5346 Merge pull request #6752 from Security-Onion-Solutions/ubufix 
Fix docker holds so re-install will work properly
 2022-01-04 18:56:06 -05:00
Mike Reeves
3ca0ce9eea Update so-functions 2022-01-04 18:47:35 -05:00
Mike Reeves
e869013057 Remove docker the reinstall it 2022-01-04 15:24:10 -05:00
Mike Reeves
dd104c9490 Add holds for ubuntu 2022-01-04 13:07:09 -05:00
m0duspwnens
7bb9b6efa9 populate mine with network.ip_addrs pillar.host.mainint for each host prior to highstate 2022-01-04 10:27:45 -05:00
Mike Reeves
288389c93e Soup changes for 2.3.100 2022-01-04 08:38:14 -05:00
Josh Patterson
4247a3a816 Merge pull request #6730 from Security-Onion-Solutions/fix/ub1804ssl 
more detailed logging for the retry command
 2021-12-30 13:19:58 -05:00
m0duspwnens
cc2f6e23ca more detailed logging for the retry command 2021-12-30 13:09:29 -05:00
Josh Patterson
064355dfb5 Merge pull request #6729 from Security-Onion-Solutions/fix/ub1804ssl 
change exitCode to exitcode. set exitcode to 1 if failed output found
 2021-12-30 11:38:32 -05:00
m0duspwnens
d274615376 change exitCode to exitcode. set exitcode to 1 if failed output found 2021-12-30 10:45:30 -05:00
Josh Patterson
78eda75c0f Merge pull request #6725 from Security-Onion-Solutions/fix/ub1804ssl 
add option to look for failed outout in retry function in so-common. …
 2021-12-29 18:18:12 -05:00
m0duspwnens
200736a118 add option to look for failed outout in retry function in so-common. look for Err: when running soapt-get update in setup 2021-12-29 18:15:16 -05:00
Jason Ertel
1d136b611a Merge pull request #6723 from Security-Onion-Solutions/kilo 
Uniform presets
 2021-12-29 16:49:41 -05:00
Jason Ertel
e6051cb653 Switch all presets to lowercase for uniformity 2021-12-29 16:42:34 -05:00
Jason Ertel
74dbc4bf67 Merge pull request #6720 from Security-Onion-Solutions/kilo 
Add case template to eval install types; also improve clarity of case queries
 2021-12-29 11:41:06 -05:00
Josh Patterson
a2f1f52450 Merge pull request #6719 from Security-Onion-Solutions/fix/ub1804ssl 
Fix/ub1804ssl
 2021-12-29 11:39:10 -05:00
Jason Ertel
1d885a5419 Add case template to eval installs 2021-12-29 11:38:38 -05:00
m0duspwnens
b414e22e95 remove spaces in function 2021-12-29 11:37:22 -05:00
m0duspwnens
4c54d45681 some echos for logging 2021-12-29 11:36:12 -05:00
m0duspwnens
c6e9b00488 Merge remote-tracking branch 'remotes/origin/dev' into fix/ub1804ssl 2021-12-29 11:22:25 -05:00
m0duspwnens
b027da6378 wait for the salt-minion service to be ready for requests prior to running ssl state 2021-12-29 11:18:38 -05:00
Jason Ertel
fb02d0d35c clarify case filters 2021-12-29 11:07:36 -05:00
Jason Ertel
d4f3615cae Merge pull request #6717 from Security-Onion-Solutions/kilo 
Support CCS in CM
 2021-12-29 09:12:13 -05:00
Jason Ertel
e5110ac4e8 Use CCS compatible index 2021-12-29 09:08:10 -05:00
Jason Ertel
e87cbc37a4 Add case template 2021-12-28 19:17:15 -05:00
Josh Patterson
3b130ab202 Merge pull request #6712 from Security-Onion-Solutions/fix/ub1804ssl 
all run ssl state during setup
 2021-12-28 16:34:58 -05:00
m0duspwnens
22afe99719 all run ssl state during setup 2021-12-28 16:24:17 -05:00
Doug Burks
e56a9a5f22 Merge pull request #6711 from Security-Onion-Solutions/dougburks-patch-1 
fix typo in so-analyst-install
 2021-12-28 15:24:19 -05:00
Josh Patterson
7655920068 Merge pull request #6710 from Security-Onion-Solutions/fix/ub1804ssl 
add mine function to signing_policies.conf
 2021-12-28 15:23:36 -05:00
Doug Burks
463925686d fix typo in so-analyst-install 2021-12-28 15:23:17 -05:00
m0duspwnens
2a5b4ef276 add mine function to signing_policies.conf. no longer need to check if mine in ca during manager install 2021-12-28 15:19:06 -05:00
Josh Patterson
7029c3a94a Merge pull request #6707 from Security-Onion-Solutions/fix/ub1804ssl 
put x509 signing policies in place when minion is configured
 2021-12-28 12:05:20 -05:00
m0duspwnens
67a9f4d22e put x509 signing policies in place when minion is configured 2021-12-28 12:03:10 -05:00
Josh Patterson
a5746d4919 Merge pull request #6706 from Security-Onion-Solutions/fix/ub1804ssl 
Fix/ub1804ssl
 2021-12-28 11:27:15 -05:00
m0duspwnens
487ac24306 revert back to getting ca from mine 2021-12-28 11:16:01 -05:00
m0duspwnens
2405de4b82 fix require 2021-12-28 11:00:35 -05:00
m0duspwnens
9e3c289562 remove restarting salt in ssl generation. sperate ca and ssl generation into seperate functions 2021-12-28 10:43:45 -05:00
m0duspwnens
f2adcf4ca5 ensure /etc/pki is created and simplify ca logic for non manager in ssl state 2021-12-28 10:41:57 -05:00
Jason Ertel
0072ae253b Merge pull request #6705 from Security-Onion-Solutions/kilo 
Initial CM Impl; Improve so-user script
 2021-12-28 08:36:59 -05:00
Jason Ertel
5a4473ecd6 fix indent 2021-12-28 08:33:31 -05:00
Jason Ertel
f335670b3f Add new client-side param for cases 2021-12-27 21:53:30 -05:00
Jason Ertel
194e4119f0 Correct missing json vars 2021-12-27 20:36:28 -05:00
Jason Ertel
09626deb05 Correct var names for jinja 2021-12-27 18:01:15 -05:00
Jason Ertel
ae7a4b6528 More syntax corrections 2021-12-27 16:18:12 -05:00
Jason Ertel
0a255e5765 Resolve syntax error 2021-12-27 15:15:33 -05:00
Jason Ertel
789719d25e Correct preset file syntax 2021-12-27 13:21:13 -05:00
Jason Ertel
7140255d95 Add missing presets file 2021-12-27 12:27:04 -05:00
Jason Ertel
ab3319b472 Add artifact support 2021-12-27 10:49:10 -05:00
Jason Ertel
b0d36f2ed2 Ensure update timestamp is updated when changing passwords; this ensures the sync will automatically follow 2021-12-21 13:38:35 -05:00
Jason Ertel
62e5914ab8 Merge branch 'dev' into kilo 2021-12-21 13:37:37 -05:00
Jason Ertel
2f88f08be2 Merge pull request #6649 from Security-Onion-Solutions/2.3.91-merge 
2.3.91 merge
 2021-12-21 09:39:14 -05:00
Jason Ertel
9aeaa1fccc resolved merge conflicts 2021-12-21 09:35:57 -05:00
Jason Ertel
2c9062efb7 resolved merge conflicts 2021-12-21 09:34:39 -05:00
Josh Patterson
d33cf19e3d Merge pull request #6612 from Security-Onion-Solutions/issue/6469 
add managersearch to list
 2021-12-16 13:57:53 -05:00
m0duspwnens
a46a876ec6 add managersearch to list 2021-12-16 13:48:41 -05:00
Josh Brower
affe5b9ac0 Merge pull request #6605 from Security-Onion-Solutions/fix/fleet-ips 
Fix cidr for fleet custom docker range
 2021-12-16 11:55:11 -05:00
Josh Patterson
e0c8e03882 Merge pull request #6604 from Security-Onion-Solutions/issue/6469 
https://github.com/Security-Onion-Solutions/securityonion/issues/6469
 2021-12-16 11:54:05 -05:00
Josh Brower
a23824e199 Fix cidr for fleet custom docker range 2021-12-16 11:53:26 -05:00
m0duspwnens
ae342ab673 Merge remote-tracking branch 'remotes/origin/dev' into issue/6469 2021-12-16 11:33:09 -05:00
m0duspwnens
b4b8b91ccd simplify ip logic wazuh-register-agent, mine_interval to 35 minutes 2021-12-16 11:24:35 -05:00
m0duspwnens
2e4ed8062e simplify wazuh agent ip logic 2021-12-16 11:11:01 -05:00
m0duspwnens
bd7ef1cc59 fix whitespace control 2021-12-16 09:19:20 -05:00
Jason Ertel
8ec671422f Merge pull request #6593 from Security-Onion-Solutions/esup 
Finish upgrade of ES to 7.16.1
 2021-12-16 07:59:34 -05:00
Jason Ertel
1268f8f92b Upgrade ES to 7.16.1 2021-12-16 07:57:42 -05:00
Jason Ertel
d4f395b7f4 Fix query name for open cases 2021-12-15 20:02:35 -05:00
Jason Ertel
c68efd56c2 Merge branch 'dev' into kilo 2021-12-15 20:01:55 -05:00
m0duspwnens
a7600f7f43 update scripts to use their own ip 2021-12-15 17:31:39 -05:00
Mike Reeves
0f76227631 Merge pull request #6585 from Security-Onion-Solutions/unhotfix 
Unhotfix
 2021-12-15 17:23:02 -05:00
m0duspwnens
d0b0970353 Merge remote-tracking branch 'remotes/origin/dev' into issue/6469 2021-12-15 17:08:56 -05:00
Mike Reeves
465ba1b7d3 Change CA certs location 2021-12-15 17:08:36 -05:00
m0duspwnens
f9b04ab96a add node's own ip to FILEBEAT_EXTRA_HOSTS 2021-12-15 16:53:22 -05:00
m0duspwnens
522bc1d2b8 fix loadbalance logic and whitespace for filebeat.yml 2021-12-15 16:21:08 -05:00
m0duspwnens
cf2f4bad09 have standalone and managersearch pull from redis nodes 2021-12-15 15:27:23 -05:00
Mike Reeves
61955b7928 Change CA certs location 2021-12-15 13:50:19 -05:00
Jason Ertel
ffa8ca57a7 Merge pull request #6579 from Security-Onion-Solutions/unhotfix 
Remove some previous hotfix code
 2021-12-15 12:34:00 -05:00
Mike Reeves
7cd1b1c482 Remove some previous hotfix code 2021-12-15 12:26:53 -05:00
m0duspwnens
6ab2bdef0c add sensoroni state to receiver node 2021-12-15 10:45:54 -05:00
m0duspwnens
ce0a39db4b remove old EXTRAHOSTNAME EXTRAHOSTIP from being set for logstash 2021-12-15 09:43:46 -05:00
m0duspwnens
ea89d2074b remove ca from allowed_hosts on so-receiver 2021-12-15 09:32:12 -05:00
m0duspwnens
759bf9837e pillar top clean up for receiver and logstash.nodes 2021-12-15 09:31:03 -05:00
m0duspwnens
d9a384cc29 remove global:pipeline pillar call from logstash pipeline pillars 2021-12-15 09:30:15 -05:00
m0duspwnens
176ef852c8 clean up assinged hostgroups for receiver 2021-12-15 08:28:40 -05:00
Doug Burks
09f0bdba91 Merge pull request #6574 from Security-Onion-Solutions/dougburks-patch-1 
fix typo in so-image-common
 2021-12-15 07:45:24 -05:00
Doug Burks
7d1f9c51e8 fix typo in so-image-common 2021-12-15 07:24:30 -05:00
m0duspwnens
024860d0ae rename EXTRA_NODES to LOGSTASH_NODES AND REDIS_NODES 2021-12-14 23:43:06 -05:00
m0duspwnens
0c6aba16ec fix redis input 2021-12-14 23:42:37 -05:00
m0duspwnens
15b8d80b71 fix host for input_redis 2021-12-14 18:51:43 -05:00
m0duspwnens
55b74abcc5 extra_hosts and redis_input for logstash 2021-12-14 18:49:30 -05:00
m0duspwnens
4da017d61c change extra_hosts for docker container 2021-12-14 17:05:30 -05:00
m0duspwnens
a31d61e151 handle ca for redis 2021-12-14 16:43:04 -05:00
m0duspwnens
841b91e052 exclude elasticsearch and managerssl keys and certs from receiver 2021-12-14 16:05:47 -05:00
m0duspwnens
d0b6d5bba6 remove so-eval from lists since it doesnt run logstash 2021-12-14 15:33:06 -05:00
m0duspwnens
a31f034f2e remove receiver add node for cacerts and tls-ca-bundle for logstash bind 2021-12-14 15:02:59 -05:00
m0duspwnens
6962e3f9b3 fix logstash certs mapped into container 2021-12-14 14:52:15 -05:00
m0duspwnens
c490a3be36 move node_data pillar to logstash:nodes, set extra hosts for filebeat docker 2021-12-14 13:32:42 -05:00
Mike Reeves
5006e34208 Merge pull request #6560 from Security-Onion-Solutions/mergerz 
Merge latest hotfix
 2021-12-14 10:57:49 -05:00
Mike Reeves
30344ba0ef Fix conflicts 2021-12-14 10:55:19 -05:00
m0duspwnens
6518691c55 sort the items 2021-12-13 18:16:25 -05:00
m0duspwnens
067e79894f fix loop for node_data 2021-12-13 16:26:38 -05:00
m0duspwnens
6de2f5bd03 fix node_data 2021-12-13 15:55:09 -05:00
m0duspwnens
8d0872bce5 create node_data pillar from mine data, use node_data pillar for filebeat config 2021-12-13 15:48:30 -05:00
m0duspwnens
86f67198bf loadbalance filebeat if across managers and receivers 2021-12-10 17:43:06 -05:00
m0duspwnens
fe7247f876 update fw for receiver and add mine_functions for ip_addr 2021-12-10 15:28:40 -05:00
m0duspwnens
54c32acdbf dont call logstash_pillar if manager or helix 2021-12-09 15:26:00 -05:00
Jason Ertel
83d86aebb1 Perform full email match 2021-12-09 15:04:00 -05:00
m0duspwnens
d94496bb90 remove minio_key and add missing endif 2021-12-09 13:24:20 -05:00
m0duspwnens
c2a952796c Merge remote-tracking branch 'remotes/origin/sans' into issue/6469 2021-12-09 13:13:18 -05:00
Mike Reeves
b92cbb01b3 SSL modifications 2021-12-09 13:13:01 -05:00
m0duspwnens
5b70d5510f Merge remote-tracking branch 'remotes/origin/sans' into issue/6469 2021-12-09 13:12:00 -05:00
Jason Ertel
2761662eb9 Add status presets 2021-12-09 13:09:56 -05:00
Mike Reeves
a7f0d81555 SSL modifications 2021-12-09 13:07:00 -05:00
Josh Brower
d3bbae23ca Merge pull request #6499 from Security-Onion-Solutions/fix/beats-logstash 
Use id for doc id if it exists
 2021-12-09 09:47:14 -05:00
Josh Brower
656ea974dc Use id for doc id if it exists 2021-12-09 09:16:58 -05:00
Jason Ertel
a9b7b9ee92 Jinjafy case params 2021-12-08 17:41:48 -05:00
m0duspwnens
7390b03dc1 dont show es options in final whiptail setup confirmation 2021-12-08 14:58:34 -05:00
m0duspwnens
b4bc32d3ca set logstash pillar and enable avanced ls menu for so-receiver 2021-12-08 14:33:15 -05:00
m0duspwnens
ecc8594d44 prevent so-receiver from getting extra keys/certs 2021-12-08 13:32:56 -05:00
m0duspwnens
59464af10c filebeat certs for logstash on so-receiver 2021-12-08 09:41:17 -05:00
m0duspwnens
1ef63f3a23 ssl things for so-receiver 2021-12-08 09:08:46 -05:00
m0duspwnens
c80059efb0 change from || to && 2021-12-07 17:11:15 -05:00
m0duspwnens
8c95d0f36b set ip for wazuh-register-agent and dont apply nginx in setup for receiver 2021-12-07 16:50:41 -05:00
m0duspwnens
429b9cab2f set ip for ossec.conf 2021-12-07 16:22:07 -05:00
m0duspwnens
f8da5c7fe9 start of fw rules for receiver 2021-12-07 15:59:11 -05:00
m0duspwnens
06010bd157 add so-receiver to allowed_states 2021-12-07 13:34:06 -05:00
Jason Ertel
b73eb76c94 Make case module dynamic 2021-12-07 11:51:02 -05:00
m0duspwnens
f3ec5df447 add receiver node 2021-12-07 11:13:51 -05:00
m0duspwnens
7549e34881 Merge remote-tracking branch 'remotes/origin/dev' into issue/6469 2021-12-07 10:57:12 -05:00
m0duspwnens
ba30c59ec7 add receiver node 2021-12-07 10:56:35 -05:00
Mike Reeves
892899b7f9 Merge pull request #6477 from Security-Onion-Solutions/merge-202112071526 
Merge hotfix
 2021-12-07 10:30:13 -05:00
Jason Ertel
702d95c63a Merge branch 'master' into merge-202112071527 2021-12-07 10:28:00 -05:00
m0duspwnens
96666ab307 add receiver node 2021-12-07 10:19:32 -05:00
Jason Ertel
83fab42b6e Merge pull request #6433 from Security-Onion-Solutions/kilo 
Reign in the Wazuh port check to only complain if a non-Docker process is listening on 55000.
 2021-12-02 09:39:14 -05:00
Jason Ertel
e549cfdf82 Reign in the Wazuh port check to only complain if a non-Docker process is listening on 55000. 2021-12-02 09:35:13 -05:00
Josh Brower
c7a9fb1fa3 Merge pull request #6432 from Security-Onion-Solutions/fix/fleet-nginx 
Fix FleetDM nginx errors
 2021-12-02 08:30:28 -05:00
Josh Brower
97cd679d74 Fix FleetDM nginx errors 2021-12-02 08:17:01 -05:00
William Wernert
3bd8bcba12 Merge pull request #6421 from Security-Onion-Solutions/hotfix-merge 
Hotfix merge
 2021-12-01 14:49:05 -05:00
William Wernert
6e7188b4d8 Merge branch 'hotfix/2.3.90' into hotfix-merge 
# Conflicts:
#	HOTFIX
 2021-12-01 14:40:34 -05:00
Mike Reeves
84b91c547d Merge pull request #6403 from Security-Onion-Solutions/dlee35-patch-1 
add subjectAltName to filebeat.crt
 2021-12-01 11:54:05 -05:00
Dustin Lee
8a394380cb add subjectAltName to filebeat.crt 
IP SAN is required for Endgame integration w/Logstash when DNS resolution is unavailable
 2021-11-30 16:24:08 -05:00
Jason Ertel
1272de3058 Merge pull request #6378 from Security-Onion-Solutions/TOoSmOotH-patch-2 
bump version to 2.3.100
 2021-11-29 09:57:29 -05:00
Mike Reeves
2beb69f495 Update HOTFIX 2021-11-29 09:55:32 -05:00
Mike Reeves
5a447c53d9 bump version to 2.3.100 2021-11-29 09:55:01 -05:00
Jason Ertel
31ffd6c4ec Merge pull request #6339 from Security-Onion-Solutions/kilo 
Merge 2.3.90 WAZUH hotfix into dev
 2021-11-23 19:33:18 -05:00
347 changed files with 3643 additions and 1842 deletions
Expand all files Collapse all files

1
CONTRIBUTING.md
View File

@@ -29,6 +29,7 @@
* See this document's [code styling and conventions section](#code-style-and-conventions) below to be sure your PR fits our code requirements prior to submitting.
* Minor bug fixes can be submitted immediately. However, if you are wanting to make more involved changes, please start a [discussion](https://github.com/Security-Onion-Solutions/securityonion/discussions) first and tell us what you are hoping to achieve. If we agree with your goals, then you can submit the PR.
### Code style and conventions

2
HOTFIX
View File

@@ -1 +1 @@
20220202

4
README.md
View File

@@ -1,6 +1,6 @@
## Security Onion 2.3.91
## Security Onion 2.3.100
Security Onion 2.3.91 is here!
Security Onion 2.3.100 is here!
## Screenshots

22
VERIFY_ISO.md
View File

@@ -1,18 +1,18 @@
### 2.3.91 ISO image built on 2021/12/20
### 2.3.100-20220202 ISO image built on 2022/02/02
### Download and Verify
2.3.91 ISO image:
https://download.securityonion.net/file/securityonion/securityonion-2.3.91.iso
2.3.100-20220202 ISO image:
https://download.securityonion.net/file/securityonion/securityonion-2.3.100-20220202.iso
MD5: CD979038EC60318B7C7F8BA278A12D04
SHA1: 9FB2AC07FCD24A4993B3F61FC2B2863510650520
SHA256: BAA8BEF574ECCB9ADC326D736A00C00AAF940FC6AD68CF491FF1F0AB6C5BAA64
MD5: 170337342118DC32F8C2F687F332CA25
SHA1: 202235BFE37F1F2E129F5D5DE13173A27A9D8CC0
SHA256: F902C561D35F5B9DFB2D65BDAE97D30FD9E46F6822AFA36CA9C4043C50864484
Signature for ISO image:
https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.91.iso.sig
https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.100-20220202.iso.sig
Signing key:
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS
@@ -26,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma
Download the signature file for the ISO:
```
wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.91.iso.sig
wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.100-20220202.iso.sig
```
Download the ISO image:
```
wget https://download.securityonion.net/file/securityonion/securityonion-2.3.91.iso
wget https://download.securityonion.net/file/securityonion/securityonion-2.3.100-20220202.iso
```
Verify the downloaded ISO image using the signature file:
```
gpg --verify securityonion-2.3.91.iso.sig securityonion-2.3.91.iso
gpg --verify securityonion-2.3.100-20220202.iso.sig securityonion-2.3.100-20220202.iso
```
The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
```
gpg: Signature made Mon 20 Dec 2021 12:37:42 PM EST using RSA key ID FE507013
gpg: Signature made Wed 02 Feb 2022 12:12:39 PM EST using RSA key ID FE507013
gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.

2
VERSION
View File

@@ -1 +1 @@
2.3.91
2.3.100

1
files/firewall/assigned_hostgroups.local.map.yaml
View File

@@ -16,6 +16,7 @@ role:
import:
manager:
managersearch:
receiver:
standalone:
searchnode:
sensor:

4
files/firewall/hostgroups.local.yaml
View File

@@ -44,6 +44,10 @@ firewall:
ips:
delete:
insert:
receiver:
ips:
delete:
insert:
search_node:
ips:
delete:

1
pillar/elasticsearch/eval.sls
View File

@@ -1,6 +1,7 @@
elasticsearch:
templates:
- so/so-beats-template.json.jinja
- so/so-case-template.json.jinja
- so/so-common-template.json.jinja
- so/so-firewall-template.json.jinja
- so/so-flow-template.json.jinja

1
pillar/elasticsearch/manager.sls
View File

@@ -1,6 +1,7 @@
elasticsearch:
templates:
- so/so-beats-template.json.jinja
- so/so-case-template.json.jinja
- so/so-common-template.json.jinja
- so/so-endgame-template.json.jinja
- so/so-firewall-template.json.jinja

1
pillar/elasticsearch/search.sls
View File

@@ -1,6 +1,7 @@
elasticsearch:
templates:
- so/so-beats-template.json.jinja
- so/so-case-template.json.jinja
- so/so-common-template.json.jinja
- so/so-endgame-template.json.jinja
- so/so-firewall-template.json.jinja

1
pillar/logstash/manager.sls
View File

@@ -1,4 +1,3 @@
{%- set PIPELINE = salt['pillar.get']('global:pipeline', 'redis') %}
logstash:
pipelines:
manager:

29
pillar/logstash/nodes.sls Normal file
View File

@@ -0,0 +1,29 @@
{% set node_types = {} %}
{% for minionid, ip in salt.saltutil.runner(
'mine.get',
tgt='G@role:so-manager or G@role:so-managersearch or G@role:so-standalone or G@role:so-node or G@role:so-heavynode or G@role:so-receiver or G@role:so-helix ',
fun='network.ip_addrs',
tgt_type='compound') | dictsort()
%}
{% set hostname = minionid.split('_')[0] %}
{% set node_type = minionid.split('_')[1] %}
{% if node_type not in node_types.keys() %}
{% do node_types.update({node_type: {hostname: ip[0]}}) %}
{% else %}
{% if hostname not in node_types[node_type] %}
{% do node_types[node_type].update({hostname: ip[0]}) %}
{% else %}
{% do node_types[node_type][hostname].update(ip[0]) %}
{% endif %}
{% endif %}
{% endfor %}
logstash:
nodes:
{% for node_type, values in node_types.items() %}
{{node_type}}:
{% for hostname, ip in values.items() %}
{{hostname}}:
ip: {{ip}}
{% endfor %}
{% endfor %}

9
pillar/logstash/receiver.sls Normal file
View File

@@ -0,0 +1,9 @@
logstash:
pipelines:
receiver:
config:
- so/0009_input_beats.conf
- so/0010_input_hhbeats.conf
- so/0011_input_endgame.conf
- so/9999_output_redis.conf.jinja

1
pillar/logstash/search.sls
View File

@@ -1,4 +1,3 @@
{%- set PIPELINE = salt['pillar.get']('global:pipeline', 'minio') %}
logstash:
pipelines:
search:

33
pillar/node_data/ips.sls Normal file
View File

@@ -0,0 +1,33 @@
{% set node_types = {} %}
{% set manage_alived = salt.saltutil.runner('manage.alived', show_ip=True) %}
{% set manager = grains.master %}
{% set manager_type = manager.split('_')|last %}
{% for minionid, ip in salt.saltutil.runner('mine.get', tgt='*', fun='network.ip_addrs', tgt_type='glob') | dictsort() %}
{% set hostname = minionid.split('_')[0] %}
{% set node_type = minionid.split('_')[1] %}
{% set is_alive = False %}
{% if minionid in manage_alived.keys() %}
{% if ip[0] == manage_alived[minionid] %}
{% set is_alive = True %}
{% endif %}
{% endif %}
{% if node_type not in node_types.keys() %}
{% do node_types.update({node_type: {hostname: {'ip':ip[0], 'alive':is_alive }}}) %}
{% else %}
{% if hostname not in node_types[node_type] %}
{% do node_types[node_type].update({hostname: {'ip':ip[0], 'alive':is_alive}}) %}
{% else %}
{% do node_types[node_type][hostname].update({'ip':ip[0], 'alive':is_alive}) %}
{% endif %}
{% endif %}
{% endfor %}
node_data:
{% for node_type, host_values in node_types.items() %}
{{node_type}}:
{% for hostname, details in host_values.items() %}
{{hostname}}:
ip: {{details.ip}}
alive: {{ details.alive }}
{% endfor %}
{% endfor %}

10
pillar/top.sls
View File

@@ -3,6 +3,9 @@ base:
- patch.needs_restarting
- logrotate
'* and not *_eval and not *_import':
- logstash.nodes
'*_eval or *_helixsensor or *_heavynode or *_sensor or *_standalone or *_import':
- match: compound
- zeek
@@ -104,6 +107,13 @@ base:
- minions.{{ grains.id }}
- data.nodestab
'*_receiver':
- logstash
- logstash.receiver
- elasticsearch.auth
- global
- minions.{{ grains.id }}
'*_import':
- zeeklogs
- secrets

21
salt/allowed_states.map.jinja
View File

@@ -50,7 +50,6 @@
'learn'
],
'so-heavynode': [
'ca',
'ssl',
'nginx',
'telegraf',
@@ -80,7 +79,6 @@
'docker_clean'
],
'so-fleet': [
'ca',
'ssl',
'nginx',
'telegraf',
@@ -157,7 +155,6 @@
'learn'
],
'so-node': [
'ca',
'ssl',
'nginx',
'telegraf',
@@ -191,7 +188,6 @@
'learn'
],
'so-sensor': [
'ca',
'ssl',
'telegraf',
'firewall',
@@ -205,9 +201,16 @@
'tcpreplay',
'docker_clean'
],
'so-receiver': [
'ssl',
'telegraf',
'firewall',
'schedule',
'docker_clean'
],
}, grain='role') %}
{% if FILEBEAT and grains.role in ['so-helixsensor', 'so-eval', 'so-manager', 'so-standalone', 'so-node', 'so-managersearch', 'so-heavynode', 'so-import'] %}
{% if FILEBEAT and grains.role in ['so-helixsensor', 'so-eval', 'so-manager', 'so-standalone', 'so-node', 'so-managersearch', 'so-heavynode', 'so-import', 'so-receiver'] %}
{% do allowed_states.append('filebeat') %}
{% endif %}
@@ -215,7 +218,7 @@
{% do allowed_states.append('mysql') %}
{% endif %}
{% if (FLEETMANAGER or FLEETNODE) and grains.role in ['so-sensor', 'so-eval', 'so-manager', 'so-standalone', 'so-node', 'so-managersearch', 'so-heavynode'] %}
{% if (FLEETMANAGER or FLEETNODE) and grains.role in ['so-sensor', 'so-eval', 'so-manager', 'so-standalone', 'so-node', 'so-managersearch', 'so-heavynode', 'so-receiver'] %}
{% do allowed_states.append('fleet.install_package') %}
{% endif %}
@@ -235,7 +238,7 @@
{% do allowed_states.append('strelka') %}
{% endif %}
{% if WAZUH and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-node', 'so-managersearch', 'so-heavynode']%}
{% if WAZUH and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-node', 'so-managersearch', 'so-heavynode', 'so-receiver']%}
{% do allowed_states.append('wazuh') %}
{% endif %}
@@ -280,11 +283,11 @@
{% do allowed_states.append('domainstats') %}
{% endif %}
{% if LOGSTASH and grains.role in ['so-helixsensor', 'so-manager', 'so-standalone', 'so-node', 'so-managersearch', 'so-heavynode'] %}
{% if LOGSTASH and grains.role in ['so-helixsensor', 'so-manager', 'so-standalone', 'so-node', 'so-managersearch', 'so-heavynode', 'so-receiver'] %}
{% do allowed_states.append('logstash') %}
{% endif %}
{% if REDIS and grains.role in ['so-manager', 'so-standalone', 'so-managersearch', 'so-heavynode'] %}
{% if REDIS and grains.role in ['so-manager', 'so-standalone', 'so-managersearch', 'so-heavynode', 'so-receiver'] %}
{% do allowed_states.append('redis') %}
{% endif %}

4
salt/ca/dirs.sls Normal file
View File

@@ -0,0 +1,4 @@
pki_issued_certs:
file.directory:
- name: /etc/pki/issued_certs
- makedirs: True

3
salt/ca/files/signing_policies.conf
View File

@@ -1,3 +1,6 @@
mine_functions:
x509.get_pem_entries: [/etc/pki/ca.crt]
x509_signing_policies:
filebeat:
- minions: '*'

17
salt/ca/init.sls
View File

@@ -1,17 +1,14 @@
{% from 'allowed_states.map.jinja' import allowed_states %}
{% if sls in allowed_states %}
include:
- ca.dirs
{% set manager = salt['grains.get']('master') %}
/etc/salt/minion.d/signing_policies.conf:
file.managed:
- source: salt://ca/files/signing_policies.conf
/etc/pki:
file.directory: []
/etc/pki/issued_certs:
file.directory: []
pki_private_key:
x509.private_key_managed:
- name: /etc/pki/ca.key
@@ -42,18 +39,12 @@ pki_public_ca_crt:
- backup: True
- replace: False
- require:
- file: /etc/pki
- sls: ca.dirs
- timeout: 30
- retry:
attempts: 5
interval: 30
x509_pem_entries:
module.run:
- mine.send:
- name: x509.get_pem_entries
- glob_path: /etc/pki/ca.crt
cakeyperms:
file.managed:
- replace: False

7
salt/ca/remove.sls Normal file
View File

@@ -0,0 +1,7 @@
pki_private_key:
file.absent:
- name: /etc/pki/ca.key
pki_public_ca_crt:
file.absent:
- name: /etc/pki/ca.crt

17
salt/common/init.sls
View File

@@ -4,6 +4,12 @@
{% set role = grains.id.split('_') | last %}
{% from 'elasticsearch/auth.map.jinja' import ELASTICAUTH with context %}
include:
- common.soup_scripts
{% if grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch', 'so-import'] %}
- manager.elasticsearch # needed for elastic_curl_config state
{% endif %}
# Remove variables.txt from /tmp - This is temp
rmvariablesfile:
file.absent:
@@ -182,6 +188,7 @@ alwaysupdated:
Etc/UTC:
timezone.system
{% if salt['pillar.get']('elasticsearch:auth:enabled', False) %}
elastic_curl_config:
file.managed:
- name: /opt/so/conf/elasticsearch/curl.config
@@ -189,6 +196,11 @@ elastic_curl_config:
- mode: 600
- show_changes: False
- makedirs: True
{% if grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch', 'so-import'] %}
- require:
- file: elastic_curl_config_distributed
{% endif %}
{% endif %}
# Sync some Utilities
utilsyncscripts:
@@ -203,6 +215,11 @@ utilsyncscripts:
ELASTICCURL: 'curl'
- context:
ELASTICCURL: {{ ELASTICAUTH.elasticcurl }}
- exclude_pat:
- so-common
- so-firewall
- so-image-common
- soup
{% if role in ['eval', 'standalone', 'sensor', 'heavynode'] %}
# Add sensor cleanup

13
salt/common/soup_scripts.sls Normal file
View File

@@ -0,0 +1,13 @@
# Sync some Utilities
soup_scripts:
file.recurse:
- name: /usr/sbin
- user: root
- group: root
- file_mode: 755
- source: salt://common/tools/sbin
- include_pat:
- so-common
- so-firewall
- so-image-common
- soup

2
salt/common/tools/sbin/so-allow
View File

@@ -1,6 +1,6 @@
#!/usr/bin/env python3
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-allow-view
View File

@@ -1,6 +1,6 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

4
salt/common/tools/sbin/so-analyst-install
View File

@@ -1,6 +1,6 @@
#!/bin/bash
# Copyright 2014-2020 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -108,7 +108,7 @@ CANCURL=$(curl -sI https://securityonionsolutions.com/ | grep "200 OK")
while [[ $CURLCONTINUE != "yes" ]] && [[ $CURLCONTINUE != "no" ]]; do
if [[ "$FIRSTPASS" == "yes" ]]; then
echo "We could not access https://securityonionsolutions.com/."
echo "Since packages are downloaded from the internet, internet acceess is required."
echo "Since packages are downloaded from the internet, internet access is required."
echo "If you would like to ignore this warning and continue anyway, please type 'yes'."
echo "Otherwise, type 'no' to exit."
FIRSTPASS=no

2
salt/common/tools/sbin/so-checkin
View File

@@ -1,6 +1,6 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

93
salt/common/tools/sbin/so-common
View File

@@ -1,6 +1,6 @@
#!/bin/bash
#
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -294,32 +294,49 @@ require_manager() {
}
retry() {
maxAttempts=$1
sleepDelay=$2
cmd=$3
expectedOutput=$4
attempt=0
local exitcode=0
while [[ $attempt -lt $maxAttempts ]]; do
attempt=$((attempt+1))
echo "Executing command with retry support: $cmd"
output=$(eval "$cmd")
exitcode=$?
echo "Results: $output ($exitcode)"
if [ -n "$expectedOutput" ]; then
if [[ "$output" =~ "$expectedOutput" ]]; then
return $exitCode
else
echo "Expected '$expectedOutput' but got '$output'"
fi
elif [[ $exitcode -eq 0 ]]; then
return $exitCode
fi
echo "Command failed with exit code $exitcode; will retry in $sleepDelay seconds ($attempt / $maxAttempts)..."
sleep $sleepDelay
done
echo "Command continues to fail; giving up."
return $exitcode
maxAttempts=$1
sleepDelay=$2
cmd=$3
expectedOutput=$4
failedOutput=$5
attempt=0
local exitcode=0
while [[ $attempt -lt $maxAttempts ]]; do
attempt=$((attempt+1))
echo "Executing command with retry support: $cmd"
output=$(eval "$cmd")
exitcode=$?
echo "Results: $output ($exitcode)"
if [ -n "$expectedOutput" ]; then
if [[ "$output" =~ "$expectedOutput" ]]; then
return $exitcode
else
echo "Did not find expectedOutput: '$expectedOutput' in the output below from running the command: '$cmd'"
echo "<Start of output>"
echo "$output"
echo "<End of output>"
fi
elif [ -n "$failedOutput" ]; then
if [[ "$output" =~ "$failedOutput" ]]; then
echo "Found failedOutput: '$failedOutput' in the output below from running the command: '$cmd'"
echo "<Start of output>"
echo "$output"
echo "<End of output>"
if [[ $exitcode -eq 0 ]]; then
echo "The exitcode was 0, but we are setting to 1 since we found $failedOutput in the output."
exitcode=1
fi
else
return $exitcode
fi
elif [[ $exitcode -eq 0 ]]; then
return $exitcode
fi
echo "Command failed with exit code $exitcode; will retry in $sleepDelay seconds ($attempt / $maxAttempts)..."
sleep $sleepDelay
done
echo "Command continues to fail; giving up."
return $exitcode
}
run_check_net_err() {
@@ -343,6 +360,13 @@ run_check_net_err() {
exit $exit_code
fi
}
set_cron_service_name() {
if [[ "$OS" == "centos" ]]; then
cron_service_name="crond"
else
cron_service_name="cron"
fi
}
set_os() {
if [ -f /etc/redhat-release ]; then
@@ -381,6 +405,21 @@ set_version() {
fi
}
systemctl_func() {
local action=$1
local echo_action=$1
local service_name=$2
if [[ "$echo_action" == "stop" ]]; then
echo_action="stopp"
fi
echo ""
echo "${echo_action^}ing $service_name service at $(date +"%T.%6N")"
systemctl $action $service_name && echo "Successfully ${echo_action}ed $service_name." || echo "Failed to $action $service_name."
echo ""
}
has_uppercase() {
local string=$1

2
salt/common/tools/sbin/so-config-backup
View File

@@ -1,6 +1,6 @@
#!/bin/bash
#
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-cortex-restart
View File

@@ -1,6 +1,6 @@
#!/bin/bash
#
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-cortex-start
View File

@@ -1,6 +1,6 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-cortex-stop
View File

@@ -1,6 +1,6 @@
#!/bin/bash
#
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-cortex-user-add
View File

@@ -1,6 +1,6 @@
#!/bin/bash
#
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-cortex-user-enable
View File

@@ -1,6 +1,6 @@
#!/bin/bash
#
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-curator-restart
View File

@@ -1,6 +1,6 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-curator-start
View File

@@ -1,6 +1,6 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-curator-stop
View File

@@ -1,6 +1,6 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-deny
View File

@@ -1,6 +1,6 @@
#!/usr/bin/env python3
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-docker-prune
View File

@@ -1,6 +1,6 @@
#!/usr/bin/env python3
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-docker-refresh
View File

@@ -1,6 +1,6 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-elastalert-restart
View File

@@ -1,6 +1,6 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-elastalert-start
View File

@@ -1,6 +1,6 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-elastalert-stop
View File

@@ -1,6 +1,6 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-elastic-auth
View File

@@ -1,6 +1,6 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-elastic-auth-password-reset
View File

@@ -1,6 +1,6 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-elastic-clear
View File

@@ -1,6 +1,6 @@
#!/bin/bash
#
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-elastic-diagnose
View File

@@ -1,6 +1,6 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-elastic-restart
View File

@@ -1,6 +1,6 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-elastic-start
View File

@@ -1,6 +1,6 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-elastic-stop
View File

@@ -1,6 +1,6 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-elasticsearch-indices-list
View File

@@ -1,6 +1,6 @@
#!/bin/bash
#
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-elasticsearch-indices-rw
View File

@@ -1,7 +1,7 @@
#!/bin/bash
#
#
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-elasticsearch-pipeline-stats
View File

@@ -1,6 +1,6 @@
#!/bin/bash
#
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-elasticsearch-pipeline-view
View File

@@ -1,6 +1,6 @@
#!/bin/bash
#
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-elasticsearch-pipelines-list
View File

@@ -1,6 +1,6 @@
#!/bin/bash
#
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-elasticsearch-query
View File

@@ -1,6 +1,6 @@
#!/bin/bash
#
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-elasticsearch-restart
View File

@@ -1,6 +1,6 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-elasticsearch-shards-list
View File

@@ -1,6 +1,6 @@
#!/bin/bash
#
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-elasticsearch-start
View File

@@ -1,6 +1,6 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-elasticsearch-stop
View File

@@ -1,6 +1,6 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-elasticsearch-template-remove
View File

@@ -1,6 +1,6 @@
#!/bin/bash
#
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-elasticsearch-template-view
View File

@@ -1,6 +1,6 @@
#!/bin/bash
#
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-elasticsearch-templates-list
View File

@@ -1,6 +1,6 @@
#!/bin/bash
#
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-filebeat-module-setup
View File

@@ -1,5 +1,5 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-filebeat-restart
View File

@@ -1,6 +1,6 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-filebeat-start
View File

@@ -1,6 +1,6 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-filebeat-stop
View File

@@ -1,6 +1,6 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-firewall
View File

@@ -1,6 +1,6 @@
#!/usr/bin/env python3
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-fleet-restart
View File

@@ -1,6 +1,6 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-fleet-start
View File

@@ -1,6 +1,6 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-fleet-stop
View File

@@ -1,6 +1,6 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-fleet-user-add
View File

@@ -1,6 +1,6 @@
#!/bin/bash
#
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-fleet-user-delete
View File

@@ -1,6 +1,6 @@
#!/bin/bash
#
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-fleet-user-update
View File

@@ -1,6 +1,6 @@
#!/bin/bash
#
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-grafana-restart
View File

@@ -1,6 +1,6 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-grafana-start
View File

@@ -1,6 +1,6 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-grafana-stop
View File

@@ -1,6 +1,6 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-idstools-restart
View File

@@ -1,6 +1,6 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-idstools-start
View File

@@ -1,6 +1,6 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-idstools-stop
View File

@@ -1,6 +1,6 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

4
salt/common/tools/sbin/so-image-common
View File

@@ -1,6 +1,6 @@
#!/bin/bash
#
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -132,7 +132,7 @@ update_docker_containers() {
# Let's make sure we have the public key
run_check_net_err \
"curl --retry 5 --retry-delay 60 -sSL https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS -o $SIGNPATH/KEYS" \
"Could not pull signature key file, please ensure connectivity to https://raw.gihubusercontent.com" \
"Could not pull signature key file, please ensure connectivity to https://raw.githubusercontent.com" \
noretry >> "$LOG_FILE" 2>&1
result=$?
if [[ $result -eq 0 ]]; then

2
salt/common/tools/sbin/so-image-pull
View File

@@ -1,6 +1,6 @@
#!/bin/bash
#
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

8
salt/common/tools/sbin/so-import-evtx
View File

@@ -1,6 +1,6 @@
#!/bin/bash
#
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -21,7 +21,7 @@
{%- set MANAGERIP = salt['pillar.get']('global:managerip') -%}
{%- set URLBASE = salt['pillar.get']('global:url_base') %}
{% set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %}
{% set ES_PW = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}
{% set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}
INDEX_DATE=$(date +'%Y.%m.%d')
RUNID=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 8 | head -n 1)
@@ -42,7 +42,7 @@ function evtx2es() {
EVTX=$1
HASH=$2
ES_PW=$(lookup_pillar "auth:users:so_elastic_user:pass" "elasticsearch")
ES_PASS=$(lookup_pillar "auth:users:so_elastic_user:pass" "elasticsearch")
ES_USER=$(lookup_pillar "auth:users:so_elastic_user:user" "elasticsearch")
docker run --rm \
@@ -51,7 +51,7 @@ function evtx2es() {
{{ MANAGER }}:5000/{{ IMAGEREPO }}/so-pcaptools:{{ VERSION }} \
--host {{ MANAGERIP }} --scheme https \
--index so-beats-$INDEX_DATE --pipeline import.wel \
--login $ES_USER --pwd $ES_PW \
--login $ES_USER --pwd "$ES_PASS" \
"/tmp/$RUNID.evtx" >> $LOG_FILE 2>&1
docker run --rm \

2
salt/common/tools/sbin/so-import-pcap
View File

@@ -1,6 +1,6 @@
#!/bin/bash
#
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-index-list
View File

@@ -1,6 +1,6 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-influxdb-clean
View File

@@ -1,6 +1,6 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-influxdb-downsample
View File

@@ -1,6 +1,6 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-influxdb-drop-autogen
View File

@@ -1,6 +1,6 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-influxdb-restart
View File

@@ -1,6 +1,6 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-influxdb-start
View File

@@ -1,6 +1,6 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-influxdb-stop
View File

@@ -1,6 +1,6 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-kibana-config-export
View File

@@ -5,7 +5,7 @@
# {%- set FLEET_IP = salt['pillar.get']('global:fleet_ip', '') %}
# {%- set MANAGER = salt['pillar.get']('global:url_base', '') %}
#
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-kibana-restart
View File

@@ -1,6 +1,6 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-kibana-savedobjects-defaults
View File

@@ -1,6 +1,6 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-kibana-start
View File

@@ -1,6 +1,6 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-kibana-stop
View File

@@ -1,6 +1,6 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-learn
View File

@@ -1,6 +1,6 @@
#!/usr/bin/env python3
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

5
salt/common/tools/sbin/so-logstash-events
View File

@@ -1,6 +1,6 @@
#!/bin/bash
#
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -14,7 +14,8 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>
{%- set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') -%}
{% set MAININT = salt['pillar.get']('host:mainint') -%}
{% set NODEIP = salt['grains.get']('ip_interfaces').get(MAININT)[0] -%}
. /usr/sbin/so-common

2
salt/common/tools/sbin/so-logstash-get-parsed
View File

@@ -1,6 +1,6 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

2
salt/common/tools/sbin/so-logstash-get-unparsed
View File

@@ -1,6 +1,6 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

Some files were not shown because too many files have changed in this diff Show More