Lowercase network transport

Merge pull request #15667 from Security-Onion-Solutions/TOoSmOotH-patch-1
Enable clean option for Zeek configuration
2026-03-25 05:52:41 +01:00 · 2026-03-24 11:24:59 -04:00 · 2026-03-24 09:56:03 -04:00 · 2026-03-24 09:54:49 -04:00 · 2026-03-23 18:09:33 -05:00 · 2026-03-23 17:34:21 -04:00
8 changed files with 74967 additions and 43851 deletions
--- a/.github/.gitleaks.toml
+++ b/.github/.gitleaks.toml
@@ -542,5 +542,6 @@ paths = [
    '''(.*?)(jpg|gif|doc|pdf|bin|svg|socket)$''',
    '''(go.mod|go.sum)$''',
    '''salt/nginx/files/enterprise-attack.json''',
-    '''(.*?)whl$'''
+    '''(.*?)whl$''',
    '''salt/stig/files/sos-oscap.xml'''
 ]
--- a/salt/elasticsearch/files/ingest/suricata.common
+++ b/salt/elasticsearch/files/ingest/suricata.common
@@ -22,6 +22,12 @@
                "ignore_failure": true
            }
        },
        {
            "lowercase": {
                "field": "network.transport",
                "ignore_failure": true
            }
        },
        {
            "rename": {
                "field": "message2.in_iface",
--- a/salt/idh/enabled.sls
+++ b/salt/idh/enabled.sls
@@ -20,7 +20,7 @@ so-idh:
    - network_mode: host
    - binds:
      - /nsm/idh:/var/tmp:rw
-      - /opt/so/conf/idh/http-skins:/usr/local/lib/python3.12/site-packages/opencanary/modules/data/http/skin:ro
+      - /opt/so/conf/idh/http-skins:/opt/opencanary/http-skins:ro
      - /opt/so/conf/idh/opencanary.conf:/etc/opencanaryd/opencanary.conf:ro
      {% if DOCKERMERGED.containers['so-idh'].custom_bind_mounts %}
        {% for BIND in DOCKERMERGED.containers['so-idh'].custom_bind_mounts %}
--- a/salt/idh/opencanary_config.map.jinja
+++ b/salt/idh/opencanary_config.map.jinja
@@ -28,6 +28,7 @@
 {% set HTTPPROXYSKINLIST = OPENCANARYCONFIG.pop('httpproxy_x_skinlist') %}
 {% do OPENCANARYCONFIG.update({'http_x_skin_x_list': HTTPSKINLIST}) %}
 {% do OPENCANARYCONFIG.update({'httpproxy_x_skin_x_list': HTTPPROXYSKINLIST}) %}
 {% do OPENCANARYCONFIG.update({'http_x_skindir': '/opt/opencanary/http-skins/' ~ OPENCANARYCONFIG['http_x_skin']}) %}
 {% set OPENSSH = salt['pillar.get']('idh:openssh', default=IDHCONFIG.idh.openssh, merge=True) %}
--- a/salt/idh/skins/http/opencanary/basicLogin/redirect.html
+++ b/salt/idh/skins/http/opencanary/basicLogin/redirect.html
@@ -0,0 +1,29 @@
 <html>
    <head>
        <title>Redirect</title>
        <style>
            body {
              width: 100%;
            }
            .outer {
               margin-left: auto;
               margin-right: auto;
               width: 25em;
               height: 100%;
            }
            .inner{
               display: table-cell;
               vertical-align: middle;
               height: 30em;
            }
        </style>
    </head>
    <body>
        <div class='outer'>
            <div class='inner'>
              <a href="/index">Click here</a>
            </div>
        </div>
    </body>
 </html>
--- a/salt/idh/skins/http/opencanary/nasLogin/redirect.html
+++ b/salt/idh/skins/http/opencanary/nasLogin/redirect.html
@@ -0,0 +1,29 @@
 <html>
    <head>
        <title>Redirect</title>
        <style>
            body {
              width: 100%;
            }
            .outer {
               margin-left: auto;
               margin-right: auto;
               width: 25em;
               height: 100%;
            }
            .inner{
               display: table-cell;
               vertical-align: middle;
               height: 30em;
            }
        </style>
    </head>
    <body>
        <div class='outer'>
            <div class='inner'>
              <a href="/index">Click here</a>
            </div>
        </div>
    </body>
 </html>
--- a/salt/stig/files/sos-oscap.xml
+++ b/salt/stig/files/sos-oscap.xml
--- a/salt/zeek/config.sls
+++ b/salt/zeek/config.sls
@@ -38,6 +38,7 @@ zeekzkgsync:
    - source: salt://zeek/zkg
    - user: 937
    - group: 939
    - clean: True
    - makedirs: True
    - exclude_pat: README
Author	SHA1	Message	Date
Josh Brower	1f9bf45b66	Lowercase network transport	2026-03-24 11:24:59 -04:00
Mike Reeves	271de757e7	Merge pull request #15667 from Security-Onion-Solutions/TOoSmOotH-patch-1 Enable clean option for Zeek configuration	2026-03-24 09:56:03 -04:00
Mike Reeves	d4ac352b5a	Enable clean option for Zeek configuration	2026-03-24 09:54:49 -04:00
Jorge Reyes	afcef1d0e7	Merge pull request #15661 from Security-Onion-Solutions/reyesj2-361 update stig profile v1r3	2026-03-23 18:09:33 -05:00
Josh Patterson	91b164b728	Merge pull request #15665 from Security-Onion-Solutions/delta allow negation in suricata address-group vars	2026-03-23 17:34:21 -04:00
Josh Brower	c6978f9037	Merge pull request #15663 from Security-Onion-Solutions/fix/idh-skins Remove hardcoded path	2026-03-23 16:30:51 -04:00
Josh Brower	7300513636	Remove hardcoded path	2026-03-23 16:26:56 -04:00
Jorge Reyes	fb7b73c601	Merge pull request #15662 from Security-Onion-Solutions/reyesj2-patch-1 exclude oscap profile from gitleaks	2026-03-23 14:23:24 -05:00
Jorge Reyes	f2b6d59c65	exclude oscap profile from gitleaks	2026-03-23 14:17:39 -05:00
reyesj2	67162357a3	update stig profile v1r3	2026-03-23 14:04:48 -05:00