mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-03-24 21:42:42 +01:00
Compare commits
13 Commits
fix/idh-sk
...
3/dev
| Author | SHA1 | Date | |
|---|---|---|---|
|
115ca2c41d | ||
|
|
9e53bd3f2d | ||
|
|
d4f1078f84 | ||
|
|
1f9bf45b66 | ||
|
271de757e7 | ||
|
|
d4ac352b5a | ||
|
afcef1d0e7 | ||
|
91b164b728 | ||
|
|
6a4501241d | ||
|
|
c6978f9037 | ||
|
|
fb7b73c601 | ||
|
|
f2b6d59c65 | ||
|
|
67162357a3 |
3
.github/.gitleaks.toml
vendored
3
.github/.gitleaks.toml
vendored
@@ -542,5 +542,6 @@ paths = [
|
|||||||
'''(.*?)(jpg|gif|doc|pdf|bin|svg|socket)$''',
|
'''(.*?)(jpg|gif|doc|pdf|bin|svg|socket)$''',
|
||||||
'''(go.mod|go.sum)$''',
|
'''(go.mod|go.sum)$''',
|
||||||
'''salt/nginx/files/enterprise-attack.json''',
|
'''salt/nginx/files/enterprise-attack.json''',
|
||||||
'''(.*?)whl$'''
|
'''(.*?)whl$''',
|
||||||
|
'''salt/stig/files/sos-oscap.xml'''
|
||||||
]
|
]
|
||||||
|
|||||||
@@ -22,6 +22,12 @@
|
|||||||
"ignore_failure": true
|
"ignore_failure": true
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"lowercase": {
|
||||||
|
"field": "network.transport",
|
||||||
|
"ignore_failure": true
|
||||||
|
}
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"rename": {
|
"rename": {
|
||||||
"field": "message2.in_iface",
|
"field": "message2.in_iface",
|
||||||
|
|||||||
@@ -2622,6 +2622,7 @@ soc:
|
|||||||
This is a YARA rule template. Replace all template values with your own values.
|
This is a YARA rule template. Replace all template values with your own values.
|
||||||
The YARA rule name is the unique identifier for the rule.
|
The YARA rule name is the unique identifier for the rule.
|
||||||
Docs: https://yara.readthedocs.io/en/stable/writingrules.html#writing-yara-rules
|
Docs: https://yara.readthedocs.io/en/stable/writingrules.html#writing-yara-rules
|
||||||
|
Delete these comments before attempting to "Create" the rule
|
||||||
*/
|
*/
|
||||||
|
|
||||||
rule Example // This identifier _must_ be unique
|
rule Example // This identifier _must_ be unique
|
||||||
|
|||||||
File diff suppressed because it is too large
Load Diff
@@ -161,7 +161,7 @@ suricata:
|
|||||||
address-groups:
|
address-groups:
|
||||||
HOME_NET:
|
HOME_NET:
|
||||||
description: Assign a list of hosts, or networks, using CIDR notation, to this Suricata variable. The variable can then be re-used within Suricata rules. This allows for a single adjustment to the variable that will then affect all rules referencing the variable.
|
description: Assign a list of hosts, or networks, using CIDR notation, to this Suricata variable. The variable can then be re-used within Suricata rules. This allows for a single adjustment to the variable that will then affect all rules referencing the variable.
|
||||||
regex: ^(((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\/([0-9]|[1-2][0-9]|3[0-2]))?$|^((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|(2[0-4]|1[0-9])[0-9]|0?[0-9][0-9]?)\.){3}(25[0-5]|(2[0-4]|1[0-9])[0-9]|0?[0-9][0-9]?))|:))|(([0-9A-Fa-f]{1,4}:){5}((:[0-9A-Fa-f]{1,4}){1,2}|:((25[0-5]|(2[0-4]|1[0-9])[0-9]|0?[0-9][0-9]?)\.){3}(25[0-5]|(2[0-4]|1[0-9])[0-9]|0?[0-9][0-9]?)|:))|(([0-9A-Fa-f]{1,4}:){4}((:[0-9A-Fa-f]{1,4}){1,3}|:((25[0-5]|(2[0-4]|1[0-9])[0-9]|0?[0-9][0-9]?)\.){3}(25[0-5]|(2[0-4]|1[0-9])[0-9]|0?[0-9][0-9]?)|:))|(([0-9A-Fa-f]{1,4}:){3}((:[0-9A-Fa-f]{1,4}){1,4}|:((25[0-5]|(2[0-4]|1[0-9])[0-9]|0?[0-9][0-9]?)\.){3}(25[0-5]|(2[0-4]|1[0-9])[0-9]|0?[0-9][0-9]?)|:))|(([0-9A-Fa-f]{1,4}:){2}((:[0-9A-Fa-f]{1,4}){1,5}|:((25[0-5]|(2[0-4]|1[0-9])[0-9]|0?[0-9][0-9]?)\.){3}(25[0-5]|(2[0-4]|1[0-9])[0-9]|0?[0-9][0-9]?)|:))|(([0-9A-Fa-f]{1,4}:){1}((:[0-9A-Fa-f]{1,4}){1,6}|:((25[0-5]|(2[0-4]|1[0-9])[0-9]|0?[0-9][0-9]?)\.){3}(25[0-5]|(2[0-4]|1[0-9])[0-9]|0?[0-9][0-9]?)|:))|(:((:[0-9A-Fa-f]{1,4}){1,7}|:)))(\/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?$
|
regex: ^!?((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\/([0-9]|[1-2][0-9]|3[0-2]))?$|^!?((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|(2[0-4]|1[0-9])[0-9]|0?[0-9][0-9]?)\.){3}(25[0-5]|(2[0-4]|1[0-9])[0-9]|0?[0-9][0-9]?)|:))|(([0-9A-Fa-f]{1,4}:){5}((:[0-9A-Fa-f]{1,4}){1,2}|:((25[0-5]|(2[0-4]|1[0-9])[0-9]|0?[0-9][0-9]?)\.){3}(25[0-5]|(2[0-4]|1[0-9])[0-9]|0?[0-9][0-9]?)|:))|(([0-9A-Fa-f]{1,4}:){4}((:[0-9A-Fa-f]{1,4}){1,3}|:((25[0-5]|(2[0-4]|1[0-9])[0-9]|0?[0-9][0-9]?)\.){3}(25[0-5]|(2[0-4]|1[0-9])[0-9]|0?[0-9][0-9]?)|:))|(([0-9A-Fa-f]{1,4}:){3}((:[0-9A-Fa-f]{1,4}){1,4}|:((25[0-5]|(2[0-4]|1[0-9])[0-9]|0?[0-9][0-9]?)\.){3}(25[0-5]|(2[0-4]|1[0-9])[0-9]|0?[0-9][0-9]?)|:))|(([0-9A-Fa-f]{1,4}:){2}((:[0-9A-Fa-f]{1,4}){1,5}|:((25[0-5]|(2[0-4]|1[0-9])[0-9]|0?[0-9][0-9]?)\.){3}(25[0-5]|(2[0-4]|1[0-9])[0-9]|0?[0-9][0-9]?)|:))|(([0-9A-Fa-f]{1,4}:){1}((:[0-9A-Fa-f]{1,4}){1,6}|:((25[0-5]|(2[0-4]|1[0-9])[0-9]|0?[0-9][0-9]?)\.){3}(25[0-5]|(2[0-4]|1[0-9])[0-9]|0?[0-9][0-9]?)|:))|(:((:[0-9A-Fa-f]{1,4}){1,7}|:)))(\/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?$
|
||||||
regexFailureMessage: You must enter a valid IP address or CIDR.
|
regexFailureMessage: You must enter a valid IP address or CIDR.
|
||||||
forcedType: "[]string"
|
forcedType: "[]string"
|
||||||
duplicates: True
|
duplicates: True
|
||||||
|
|||||||
@@ -38,6 +38,7 @@ zeekzkgsync:
|
|||||||
- source: salt://zeek/zkg
|
- source: salt://zeek/zkg
|
||||||
- user: 937
|
- user: 937
|
||||||
- group: 939
|
- group: 939
|
||||||
|
- clean: True
|
||||||
- makedirs: True
|
- makedirs: True
|
||||||
- exclude_pat: README
|
- exclude_pat: README
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user