mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-03-23 21:12:39 +01:00
Compare commits
10 Commits
jertel/wip
...
reyesj2-36
| Author | SHA1 | Date | |
|---|---|---|---|
|
67162357a3 | ||
|
|
c16ff2bd99 | ||
|
b6366e52ba | ||
|
|
20c4da50b1 | ||
|
|
5fb396fc09 | ||
|
|
a52e5d0474 | ||
|
|
1a943aefc5 | ||
|
|
eaf3f10adc | ||
|
|
84f4e460f6 | ||
|
|
88841c9814 |
@@ -545,6 +545,22 @@ retry() {
|
||||
return $exitcode
|
||||
}
|
||||
|
||||
rollover_index() {
|
||||
idx=$1
|
||||
exists=$(so-elasticsearch-query $idx -o /dev/null -w "%{http_code}")
|
||||
if [[ $exists -eq 200 ]]; then
|
||||
rollover=$(so-elasticsearch-query $idx/_rollover -o /dev/null -w "%{http_code}" -XPOST)
|
||||
|
||||
if [[ $rollover -eq 200 ]]; then
|
||||
echo "Successfully triggered rollover for $idx..."
|
||||
else
|
||||
echo "Could not trigger rollover for $idx..."
|
||||
fi
|
||||
else
|
||||
echo "Could not find index $idx..."
|
||||
fi
|
||||
}
|
||||
|
||||
run_check_net_err() {
|
||||
local cmd=$1
|
||||
local err_msg=${2:-"Unknown error occured, please check /root/$WHATWOULDYOUSAYYAHDOHERE.log for details."} # Really need to rename that variable
|
||||
|
||||
@@ -119,7 +119,7 @@ elasticsearch:
|
||||
ignore_missing_component_templates: []
|
||||
index_patterns:
|
||||
- so-case*
|
||||
priority: 500
|
||||
priority: 501
|
||||
template:
|
||||
mappings:
|
||||
date_detection: false
|
||||
@@ -131,8 +131,6 @@ elasticsearch:
|
||||
match_mapping_type: string
|
||||
settings:
|
||||
index:
|
||||
lifecycle:
|
||||
name: so-case-logs
|
||||
mapping:
|
||||
total_fields:
|
||||
limit: 1500
|
||||
@@ -143,14 +141,7 @@ elasticsearch:
|
||||
sort:
|
||||
field: '@timestamp'
|
||||
order: desc
|
||||
policy:
|
||||
phases:
|
||||
hot:
|
||||
actions: {}
|
||||
min_age: 0ms
|
||||
so-common:
|
||||
close: 30
|
||||
delete: 365
|
||||
index_sorting: false
|
||||
index_template:
|
||||
composed_of:
|
||||
@@ -214,7 +205,9 @@ elasticsearch:
|
||||
- common-settings
|
||||
- common-dynamic-mappings
|
||||
- winlog-mappings
|
||||
data_stream: {}
|
||||
data_stream:
|
||||
allow_custom_routing: false
|
||||
hidden: false
|
||||
ignore_missing_component_templates: []
|
||||
index_patterns:
|
||||
- logs-*-so*
|
||||
@@ -274,7 +267,7 @@ elasticsearch:
|
||||
ignore_missing_component_templates: []
|
||||
index_patterns:
|
||||
- so-detection*
|
||||
priority: 500
|
||||
priority: 501
|
||||
template:
|
||||
mappings:
|
||||
date_detection: false
|
||||
@@ -286,8 +279,6 @@ elasticsearch:
|
||||
match_mapping_type: string
|
||||
settings:
|
||||
index:
|
||||
lifecycle:
|
||||
name: so-detection-logs
|
||||
mapping:
|
||||
total_fields:
|
||||
limit: 1500
|
||||
@@ -298,11 +289,6 @@ elasticsearch:
|
||||
sort:
|
||||
field: '@timestamp'
|
||||
order: desc
|
||||
policy:
|
||||
phases:
|
||||
hot:
|
||||
actions: {}
|
||||
min_age: 0ms
|
||||
sos-backup:
|
||||
index_sorting: false
|
||||
index_template:
|
||||
@@ -462,7 +448,7 @@ elasticsearch:
|
||||
ignore_missing_component_templates: []
|
||||
index_patterns:
|
||||
- endgame*
|
||||
priority: 500
|
||||
priority: 501
|
||||
template:
|
||||
mappings:
|
||||
date_detection: false
|
||||
@@ -510,8 +496,6 @@ elasticsearch:
|
||||
priority: 50
|
||||
min_age: 30d
|
||||
so-idh:
|
||||
close: 30
|
||||
delete: 365
|
||||
index_sorting: false
|
||||
index_template:
|
||||
composed_of:
|
||||
@@ -566,10 +550,13 @@ elasticsearch:
|
||||
- dtc-user_agent-mappings
|
||||
- common-settings
|
||||
- common-dynamic-mappings
|
||||
data_stream:
|
||||
allow_custom_routing: false
|
||||
hidden: false
|
||||
ignore_missing_component_templates: []
|
||||
index_patterns:
|
||||
- so-idh-*
|
||||
priority: 500
|
||||
- logs-idh-so*
|
||||
priority: 501
|
||||
template:
|
||||
mappings:
|
||||
date_detection: false
|
||||
@@ -679,11 +666,13 @@ elasticsearch:
|
||||
- common-dynamic-mappings
|
||||
- winlog-mappings
|
||||
- hash-mappings
|
||||
data_stream: {}
|
||||
data_stream:
|
||||
allow_custom_routing: false
|
||||
hidden: false
|
||||
ignore_missing_component_templates: []
|
||||
index_patterns:
|
||||
- logs-import-so*
|
||||
priority: 500
|
||||
priority: 501
|
||||
template:
|
||||
mappings:
|
||||
date_detection: false
|
||||
@@ -738,7 +727,7 @@ elasticsearch:
|
||||
ignore_missing_component_templates: []
|
||||
index_patterns:
|
||||
- so-ip*
|
||||
priority: 500
|
||||
priority: 501
|
||||
template:
|
||||
mappings:
|
||||
date_detection: false
|
||||
@@ -753,19 +742,12 @@ elasticsearch:
|
||||
mapping:
|
||||
total_fields:
|
||||
limit: 1500
|
||||
lifecycle:
|
||||
name: so-ip-mappings-logs
|
||||
number_of_replicas: 0
|
||||
number_of_shards: 1
|
||||
refresh_interval: 30s
|
||||
sort:
|
||||
field: '@timestamp'
|
||||
order: desc
|
||||
policy:
|
||||
phases:
|
||||
hot:
|
||||
actions: {}
|
||||
min_age: 0ms
|
||||
so-items:
|
||||
index_sorting: false
|
||||
index_template:
|
||||
@@ -774,7 +756,7 @@ elasticsearch:
|
||||
ignore_missing_component_templates: []
|
||||
index_patterns:
|
||||
- .items-default-**
|
||||
priority: 500
|
||||
priority: 501
|
||||
template:
|
||||
mappings:
|
||||
date_detection: false
|
||||
@@ -853,8 +835,6 @@ elasticsearch:
|
||||
priority: 50
|
||||
min_age: 30d
|
||||
so-kratos:
|
||||
close: 30
|
||||
delete: 365
|
||||
index_sorting: false
|
||||
index_template:
|
||||
composed_of:
|
||||
@@ -875,7 +855,7 @@ elasticsearch:
|
||||
ignore_missing_component_templates: []
|
||||
index_patterns:
|
||||
- logs-kratos-so*
|
||||
priority: 500
|
||||
priority: 501
|
||||
template:
|
||||
mappings:
|
||||
date_detection: false
|
||||
@@ -923,8 +903,6 @@ elasticsearch:
|
||||
priority: 50
|
||||
min_age: 30d
|
||||
so-hydra:
|
||||
close: 30
|
||||
delete: 365
|
||||
index_sorting: false
|
||||
index_template:
|
||||
composed_of:
|
||||
@@ -985,7 +963,7 @@ elasticsearch:
|
||||
ignore_missing_component_templates: []
|
||||
index_patterns:
|
||||
- logs-hydra-so*
|
||||
priority: 500
|
||||
priority: 501
|
||||
template:
|
||||
mappings:
|
||||
date_detection: false
|
||||
@@ -1040,7 +1018,7 @@ elasticsearch:
|
||||
ignore_missing_component_templates: []
|
||||
index_patterns:
|
||||
- .lists-default-**
|
||||
priority: 500
|
||||
priority: 501
|
||||
template:
|
||||
mappings:
|
||||
date_detection: false
|
||||
@@ -1526,6 +1504,9 @@ elasticsearch:
|
||||
- so-fleet_integrations.ip_mappings-1
|
||||
- so-fleet_globals-1
|
||||
- so-fleet_agent_id_verification-1
|
||||
data_stream:
|
||||
allow_custom_routing: false
|
||||
hidden: false
|
||||
ignore_missing_component_templates:
|
||||
- logs-elastic_agent.cloudbeat@custom
|
||||
index_patterns:
|
||||
@@ -1761,6 +1742,9 @@ elasticsearch:
|
||||
- so-fleet_integrations.ip_mappings-1
|
||||
- so-fleet_globals-1
|
||||
- so-fleet_agent_id_verification-1
|
||||
data_stream:
|
||||
allow_custom_routing: false
|
||||
hidden: false
|
||||
ignore_missing_component_templates:
|
||||
- logs-elastic_agent.heartbeat@custom
|
||||
index_patterns:
|
||||
@@ -3020,8 +3004,6 @@ elasticsearch:
|
||||
priority: 50
|
||||
min_age: 30d
|
||||
so-logs-soc:
|
||||
close: 30
|
||||
delete: 365
|
||||
index_sorting: false
|
||||
index_template:
|
||||
composed_of:
|
||||
@@ -3076,11 +3058,13 @@ elasticsearch:
|
||||
- dtc-user_agent-mappings
|
||||
- common-settings
|
||||
- common-dynamic-mappings
|
||||
data_stream: {}
|
||||
data_stream:
|
||||
allow_custom_routing: false
|
||||
hidden: false
|
||||
ignore_missing_component_templates: []
|
||||
index_patterns:
|
||||
- logs-soc-so*
|
||||
priority: 500
|
||||
priority: 501
|
||||
template:
|
||||
mappings:
|
||||
date_detection: false
|
||||
@@ -3670,10 +3654,13 @@ elasticsearch:
|
||||
- vulnerability-mappings
|
||||
- common-settings
|
||||
- common-dynamic-mappings
|
||||
data_stream:
|
||||
allow_custom_routing: false
|
||||
hidden: false
|
||||
ignore_missing_component_templates: []
|
||||
index_patterns:
|
||||
- logs-logstash-default*
|
||||
priority: 500
|
||||
priority: 501
|
||||
template:
|
||||
mappings:
|
||||
date_detection: false
|
||||
@@ -3971,10 +3958,13 @@ elasticsearch:
|
||||
- vulnerability-mappings
|
||||
- common-settings
|
||||
- common-dynamic-mappings
|
||||
data_stream:
|
||||
allow_custom_routing: false
|
||||
hidden: false
|
||||
ignore_missing_component_templates: []
|
||||
index_patterns:
|
||||
- logs-redis-default*
|
||||
priority: 500
|
||||
- logs-redis.log*
|
||||
priority: 501
|
||||
template:
|
||||
mappings:
|
||||
date_detection: false
|
||||
@@ -4085,11 +4075,13 @@ elasticsearch:
|
||||
- common-settings
|
||||
- common-dynamic-mappings
|
||||
- hash-mappings
|
||||
data_stream: {}
|
||||
data_stream:
|
||||
allow_custom_routing: false
|
||||
hidden: false
|
||||
ignore_missing_component_templates: []
|
||||
index_patterns:
|
||||
- logs-strelka-so*
|
||||
priority: 500
|
||||
priority: 501
|
||||
template:
|
||||
mappings:
|
||||
date_detection: false
|
||||
@@ -4199,11 +4191,13 @@ elasticsearch:
|
||||
- common-settings
|
||||
- common-dynamic-mappings
|
||||
- hash-mappings
|
||||
data_stream: {}
|
||||
data_stream:
|
||||
allow_custom_routing: false
|
||||
hidden: false
|
||||
ignore_missing_component_templates: []
|
||||
index_patterns:
|
||||
- logs-suricata-so*
|
||||
priority: 500
|
||||
priority: 501
|
||||
template:
|
||||
mappings:
|
||||
date_detection: false
|
||||
@@ -4313,11 +4307,13 @@ elasticsearch:
|
||||
- common-settings
|
||||
- common-dynamic-mappings
|
||||
- hash-mappings
|
||||
data_stream: {}
|
||||
data_stream:
|
||||
allow_custom_routing: false
|
||||
hidden: false
|
||||
ignore_missing_component_templates: []
|
||||
index_patterns:
|
||||
- logs-suricata.alerts-*
|
||||
priority: 500
|
||||
priority: 501
|
||||
template:
|
||||
mappings:
|
||||
date_detection: false
|
||||
@@ -4427,11 +4423,13 @@ elasticsearch:
|
||||
- vulnerability-mappings
|
||||
- common-settings
|
||||
- common-dynamic-mappings
|
||||
data_stream: {}
|
||||
data_stream:
|
||||
allow_custom_routing: false
|
||||
hidden: false
|
||||
ignore_missing_component_templates: []
|
||||
index_patterns:
|
||||
- logs-syslog-so*
|
||||
priority: 500
|
||||
priority: 501
|
||||
template:
|
||||
mappings:
|
||||
date_detection: false
|
||||
@@ -4543,11 +4541,13 @@ elasticsearch:
|
||||
- common-settings
|
||||
- common-dynamic-mappings
|
||||
- hash-mappings
|
||||
data_stream: {}
|
||||
data_stream:
|
||||
allow_custom_routing: false
|
||||
hidden: false
|
||||
ignore_missing_component_templates: []
|
||||
index_patterns:
|
||||
- logs-zeek-so*
|
||||
priority: 500
|
||||
priority: 501
|
||||
template:
|
||||
mappings:
|
||||
date_detection: false
|
||||
|
||||
@@ -403,7 +403,15 @@ migrate_pcap_to_suricata() {
|
||||
}
|
||||
|
||||
post_to_3.0.0() {
|
||||
echo "Nothing to apply"
|
||||
for idx in "logs-idh-so" "logs-redis.log-default"; do
|
||||
rollover_index "$idx"
|
||||
done
|
||||
|
||||
# Remove ILM for so-case and so-detection indices
|
||||
for idx in "so-case" "so-casehistory" "so-detection" "so-detectionhistory"; do
|
||||
so-elasticsearch-query $idx/_ilm/remove -XPOST
|
||||
done
|
||||
|
||||
POSTVERSION=3.0.0
|
||||
}
|
||||
|
||||
|
||||
@@ -387,7 +387,7 @@ http {
|
||||
error_page 429 = @error429;
|
||||
|
||||
location @error401 {
|
||||
if ($request_uri ~* (^/api/.*|^/connect/.*|^/oauth2/.*|^/.*\.map$)) {
|
||||
if ($request_uri ~* (^/api/.*|^/connect/.*|^/oauth2/.*)) {
|
||||
return 401;
|
||||
}
|
||||
|
||||
|
||||
@@ -6,7 +6,7 @@ nginx:
|
||||
external_suricata:
|
||||
description: Enable this to allow external access to Suricata Rulesets managed by Detections.
|
||||
advanced: True
|
||||
helpLink: nginx
|
||||
helplink: nginx
|
||||
forcedType: bool
|
||||
ssl:
|
||||
replace_cert:
|
||||
|
||||
@@ -376,7 +376,7 @@ sensoroni:
|
||||
file: True
|
||||
global: True
|
||||
syntax: md
|
||||
helpLink: reports
|
||||
helplink: reports
|
||||
custom:
|
||||
generic_report1__md:
|
||||
title: Custom Report 1
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
Reference in New Issue
Block a user