mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-03-23 21:12:39 +01:00
Compare commits
2 Commits
reyesj2-36
...
jertel/wip
| Author | SHA1 | Date | |
|---|---|---|---|
|
2f9a2e15b3 | ||
|
|
0c88b32fc2 |
@@ -545,22 +545,6 @@ retry() {
|
||||
return $exitcode
|
||||
}
|
||||
|
||||
rollover_index() {
|
||||
idx=$1
|
||||
exists=$(so-elasticsearch-query $idx -o /dev/null -w "%{http_code}")
|
||||
if [[ $exists -eq 200 ]]; then
|
||||
rollover=$(so-elasticsearch-query $idx/_rollover -o /dev/null -w "%{http_code}" -XPOST)
|
||||
|
||||
if [[ $rollover -eq 200 ]]; then
|
||||
echo "Successfully triggered rollover for $idx..."
|
||||
else
|
||||
echo "Could not trigger rollover for $idx..."
|
||||
fi
|
||||
else
|
||||
echo "Could not find index $idx..."
|
||||
fi
|
||||
}
|
||||
|
||||
run_check_net_err() {
|
||||
local cmd=$1
|
||||
local err_msg=${2:-"Unknown error occured, please check /root/$WHATWOULDYOUSAYYAHDOHERE.log for details."} # Really need to rename that variable
|
||||
|
||||
@@ -119,7 +119,7 @@ elasticsearch:
|
||||
ignore_missing_component_templates: []
|
||||
index_patterns:
|
||||
- so-case*
|
||||
priority: 501
|
||||
priority: 500
|
||||
template:
|
||||
mappings:
|
||||
date_detection: false
|
||||
@@ -131,6 +131,8 @@ elasticsearch:
|
||||
match_mapping_type: string
|
||||
settings:
|
||||
index:
|
||||
lifecycle:
|
||||
name: so-case-logs
|
||||
mapping:
|
||||
total_fields:
|
||||
limit: 1500
|
||||
@@ -141,7 +143,14 @@ elasticsearch:
|
||||
sort:
|
||||
field: '@timestamp'
|
||||
order: desc
|
||||
policy:
|
||||
phases:
|
||||
hot:
|
||||
actions: {}
|
||||
min_age: 0ms
|
||||
so-common:
|
||||
close: 30
|
||||
delete: 365
|
||||
index_sorting: false
|
||||
index_template:
|
||||
composed_of:
|
||||
@@ -205,9 +214,7 @@ elasticsearch:
|
||||
- common-settings
|
||||
- common-dynamic-mappings
|
||||
- winlog-mappings
|
||||
data_stream:
|
||||
allow_custom_routing: false
|
||||
hidden: false
|
||||
data_stream: {}
|
||||
ignore_missing_component_templates: []
|
||||
index_patterns:
|
||||
- logs-*-so*
|
||||
@@ -267,7 +274,7 @@ elasticsearch:
|
||||
ignore_missing_component_templates: []
|
||||
index_patterns:
|
||||
- so-detection*
|
||||
priority: 501
|
||||
priority: 500
|
||||
template:
|
||||
mappings:
|
||||
date_detection: false
|
||||
@@ -279,6 +286,8 @@ elasticsearch:
|
||||
match_mapping_type: string
|
||||
settings:
|
||||
index:
|
||||
lifecycle:
|
||||
name: so-detection-logs
|
||||
mapping:
|
||||
total_fields:
|
||||
limit: 1500
|
||||
@@ -289,6 +298,11 @@ elasticsearch:
|
||||
sort:
|
||||
field: '@timestamp'
|
||||
order: desc
|
||||
policy:
|
||||
phases:
|
||||
hot:
|
||||
actions: {}
|
||||
min_age: 0ms
|
||||
sos-backup:
|
||||
index_sorting: false
|
||||
index_template:
|
||||
@@ -448,7 +462,7 @@ elasticsearch:
|
||||
ignore_missing_component_templates: []
|
||||
index_patterns:
|
||||
- endgame*
|
||||
priority: 501
|
||||
priority: 500
|
||||
template:
|
||||
mappings:
|
||||
date_detection: false
|
||||
@@ -496,6 +510,8 @@ elasticsearch:
|
||||
priority: 50
|
||||
min_age: 30d
|
||||
so-idh:
|
||||
close: 30
|
||||
delete: 365
|
||||
index_sorting: false
|
||||
index_template:
|
||||
composed_of:
|
||||
@@ -550,13 +566,10 @@ elasticsearch:
|
||||
- dtc-user_agent-mappings
|
||||
- common-settings
|
||||
- common-dynamic-mappings
|
||||
data_stream:
|
||||
allow_custom_routing: false
|
||||
hidden: false
|
||||
ignore_missing_component_templates: []
|
||||
index_patterns:
|
||||
- logs-idh-so*
|
||||
priority: 501
|
||||
- so-idh-*
|
||||
priority: 500
|
||||
template:
|
||||
mappings:
|
||||
date_detection: false
|
||||
@@ -666,13 +679,11 @@ elasticsearch:
|
||||
- common-dynamic-mappings
|
||||
- winlog-mappings
|
||||
- hash-mappings
|
||||
data_stream:
|
||||
allow_custom_routing: false
|
||||
hidden: false
|
||||
data_stream: {}
|
||||
ignore_missing_component_templates: []
|
||||
index_patterns:
|
||||
- logs-import-so*
|
||||
priority: 501
|
||||
priority: 500
|
||||
template:
|
||||
mappings:
|
||||
date_detection: false
|
||||
@@ -727,7 +738,7 @@ elasticsearch:
|
||||
ignore_missing_component_templates: []
|
||||
index_patterns:
|
||||
- so-ip*
|
||||
priority: 501
|
||||
priority: 500
|
||||
template:
|
||||
mappings:
|
||||
date_detection: false
|
||||
@@ -742,12 +753,19 @@ elasticsearch:
|
||||
mapping:
|
||||
total_fields:
|
||||
limit: 1500
|
||||
lifecycle:
|
||||
name: so-ip-mappings-logs
|
||||
number_of_replicas: 0
|
||||
number_of_shards: 1
|
||||
refresh_interval: 30s
|
||||
sort:
|
||||
field: '@timestamp'
|
||||
order: desc
|
||||
policy:
|
||||
phases:
|
||||
hot:
|
||||
actions: {}
|
||||
min_age: 0ms
|
||||
so-items:
|
||||
index_sorting: false
|
||||
index_template:
|
||||
@@ -756,7 +774,7 @@ elasticsearch:
|
||||
ignore_missing_component_templates: []
|
||||
index_patterns:
|
||||
- .items-default-**
|
||||
priority: 501
|
||||
priority: 500
|
||||
template:
|
||||
mappings:
|
||||
date_detection: false
|
||||
@@ -835,6 +853,8 @@ elasticsearch:
|
||||
priority: 50
|
||||
min_age: 30d
|
||||
so-kratos:
|
||||
close: 30
|
||||
delete: 365
|
||||
index_sorting: false
|
||||
index_template:
|
||||
composed_of:
|
||||
@@ -855,7 +875,7 @@ elasticsearch:
|
||||
ignore_missing_component_templates: []
|
||||
index_patterns:
|
||||
- logs-kratos-so*
|
||||
priority: 501
|
||||
priority: 500
|
||||
template:
|
||||
mappings:
|
||||
date_detection: false
|
||||
@@ -903,6 +923,8 @@ elasticsearch:
|
||||
priority: 50
|
||||
min_age: 30d
|
||||
so-hydra:
|
||||
close: 30
|
||||
delete: 365
|
||||
index_sorting: false
|
||||
index_template:
|
||||
composed_of:
|
||||
@@ -963,7 +985,7 @@ elasticsearch:
|
||||
ignore_missing_component_templates: []
|
||||
index_patterns:
|
||||
- logs-hydra-so*
|
||||
priority: 501
|
||||
priority: 500
|
||||
template:
|
||||
mappings:
|
||||
date_detection: false
|
||||
@@ -1018,7 +1040,7 @@ elasticsearch:
|
||||
ignore_missing_component_templates: []
|
||||
index_patterns:
|
||||
- .lists-default-**
|
||||
priority: 501
|
||||
priority: 500
|
||||
template:
|
||||
mappings:
|
||||
date_detection: false
|
||||
@@ -1504,9 +1526,6 @@ elasticsearch:
|
||||
- so-fleet_integrations.ip_mappings-1
|
||||
- so-fleet_globals-1
|
||||
- so-fleet_agent_id_verification-1
|
||||
data_stream:
|
||||
allow_custom_routing: false
|
||||
hidden: false
|
||||
ignore_missing_component_templates:
|
||||
- logs-elastic_agent.cloudbeat@custom
|
||||
index_patterns:
|
||||
@@ -1742,9 +1761,6 @@ elasticsearch:
|
||||
- so-fleet_integrations.ip_mappings-1
|
||||
- so-fleet_globals-1
|
||||
- so-fleet_agent_id_verification-1
|
||||
data_stream:
|
||||
allow_custom_routing: false
|
||||
hidden: false
|
||||
ignore_missing_component_templates:
|
||||
- logs-elastic_agent.heartbeat@custom
|
||||
index_patterns:
|
||||
@@ -3004,6 +3020,8 @@ elasticsearch:
|
||||
priority: 50
|
||||
min_age: 30d
|
||||
so-logs-soc:
|
||||
close: 30
|
||||
delete: 365
|
||||
index_sorting: false
|
||||
index_template:
|
||||
composed_of:
|
||||
@@ -3058,13 +3076,11 @@ elasticsearch:
|
||||
- dtc-user_agent-mappings
|
||||
- common-settings
|
||||
- common-dynamic-mappings
|
||||
data_stream:
|
||||
allow_custom_routing: false
|
||||
hidden: false
|
||||
data_stream: {}
|
||||
ignore_missing_component_templates: []
|
||||
index_patterns:
|
||||
- logs-soc-so*
|
||||
priority: 501
|
||||
priority: 500
|
||||
template:
|
||||
mappings:
|
||||
date_detection: false
|
||||
@@ -3654,13 +3670,10 @@ elasticsearch:
|
||||
- vulnerability-mappings
|
||||
- common-settings
|
||||
- common-dynamic-mappings
|
||||
data_stream:
|
||||
allow_custom_routing: false
|
||||
hidden: false
|
||||
ignore_missing_component_templates: []
|
||||
index_patterns:
|
||||
- logs-logstash-default*
|
||||
priority: 501
|
||||
priority: 500
|
||||
template:
|
||||
mappings:
|
||||
date_detection: false
|
||||
@@ -3958,13 +3971,10 @@ elasticsearch:
|
||||
- vulnerability-mappings
|
||||
- common-settings
|
||||
- common-dynamic-mappings
|
||||
data_stream:
|
||||
allow_custom_routing: false
|
||||
hidden: false
|
||||
ignore_missing_component_templates: []
|
||||
index_patterns:
|
||||
- logs-redis.log*
|
||||
priority: 501
|
||||
- logs-redis-default*
|
||||
priority: 500
|
||||
template:
|
||||
mappings:
|
||||
date_detection: false
|
||||
@@ -4075,13 +4085,11 @@ elasticsearch:
|
||||
- common-settings
|
||||
- common-dynamic-mappings
|
||||
- hash-mappings
|
||||
data_stream:
|
||||
allow_custom_routing: false
|
||||
hidden: false
|
||||
data_stream: {}
|
||||
ignore_missing_component_templates: []
|
||||
index_patterns:
|
||||
- logs-strelka-so*
|
||||
priority: 501
|
||||
priority: 500
|
||||
template:
|
||||
mappings:
|
||||
date_detection: false
|
||||
@@ -4191,13 +4199,11 @@ elasticsearch:
|
||||
- common-settings
|
||||
- common-dynamic-mappings
|
||||
- hash-mappings
|
||||
data_stream:
|
||||
allow_custom_routing: false
|
||||
hidden: false
|
||||
data_stream: {}
|
||||
ignore_missing_component_templates: []
|
||||
index_patterns:
|
||||
- logs-suricata-so*
|
||||
priority: 501
|
||||
priority: 500
|
||||
template:
|
||||
mappings:
|
||||
date_detection: false
|
||||
@@ -4307,13 +4313,11 @@ elasticsearch:
|
||||
- common-settings
|
||||
- common-dynamic-mappings
|
||||
- hash-mappings
|
||||
data_stream:
|
||||
allow_custom_routing: false
|
||||
hidden: false
|
||||
data_stream: {}
|
||||
ignore_missing_component_templates: []
|
||||
index_patterns:
|
||||
- logs-suricata.alerts-*
|
||||
priority: 501
|
||||
priority: 500
|
||||
template:
|
||||
mappings:
|
||||
date_detection: false
|
||||
@@ -4423,13 +4427,11 @@ elasticsearch:
|
||||
- vulnerability-mappings
|
||||
- common-settings
|
||||
- common-dynamic-mappings
|
||||
data_stream:
|
||||
allow_custom_routing: false
|
||||
hidden: false
|
||||
data_stream: {}
|
||||
ignore_missing_component_templates: []
|
||||
index_patterns:
|
||||
- logs-syslog-so*
|
||||
priority: 501
|
||||
priority: 500
|
||||
template:
|
||||
mappings:
|
||||
date_detection: false
|
||||
@@ -4541,13 +4543,11 @@ elasticsearch:
|
||||
- common-settings
|
||||
- common-dynamic-mappings
|
||||
- hash-mappings
|
||||
data_stream:
|
||||
allow_custom_routing: false
|
||||
hidden: false
|
||||
data_stream: {}
|
||||
ignore_missing_component_templates: []
|
||||
index_patterns:
|
||||
- logs-zeek-so*
|
||||
priority: 501
|
||||
priority: 500
|
||||
template:
|
||||
mappings:
|
||||
date_detection: false
|
||||
|
||||
@@ -403,15 +403,7 @@ migrate_pcap_to_suricata() {
|
||||
}
|
||||
|
||||
post_to_3.0.0() {
|
||||
for idx in "logs-idh-so" "logs-redis.log-default"; do
|
||||
rollover_index "$idx"
|
||||
done
|
||||
|
||||
# Remove ILM for so-case and so-detection indices
|
||||
for idx in "so-case" "so-casehistory" "so-detection" "so-detectionhistory"; do
|
||||
so-elasticsearch-query $idx/_ilm/remove -XPOST
|
||||
done
|
||||
|
||||
echo "Nothing to apply"
|
||||
POSTVERSION=3.0.0
|
||||
}
|
||||
|
||||
|
||||
@@ -387,7 +387,7 @@ http {
|
||||
error_page 429 = @error429;
|
||||
|
||||
location @error401 {
|
||||
if ($request_uri ~* (^/api/.*|^/connect/.*|^/oauth2/.*)) {
|
||||
if ($request_uri ~* (^/api/.*|^/connect/.*|^/oauth2/.*|^/.*\.map$)) {
|
||||
return 401;
|
||||
}
|
||||
|
||||
|
||||
@@ -6,7 +6,7 @@ nginx:
|
||||
external_suricata:
|
||||
description: Enable this to allow external access to Suricata Rulesets managed by Detections.
|
||||
advanced: True
|
||||
helplink: nginx
|
||||
helpLink: nginx
|
||||
forcedType: bool
|
||||
ssl:
|
||||
replace_cert:
|
||||
|
||||
@@ -376,7 +376,7 @@ sensoroni:
|
||||
file: True
|
||||
global: True
|
||||
syntax: md
|
||||
helplink: reports
|
||||
helpLink: reports
|
||||
custom:
|
||||
generic_report1__md:
|
||||
title: Custom Report 1
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
Reference in New Issue
Block a user