Commit Graph

  • 762ccdd222 Merge pull request #14403 from Security-Onion-Solutions/jertel/wip Jason Ertel 2025-03-19 07:24:14 -04:00
  • 277504fff6 Merge pull request #14402 from Security-Onion-Solutions/reyesj2-patch-3 Jason Ertel 2025-03-18 10:27:16 -04:00
  • 3f3e7ea1e8 add no-op soup functions for 2.4.140 Jason Ertel 2025-03-18 10:12:23 -04:00
  • 4d7fdd390c ldap_search include observer.name reyesj2 2025-03-18 08:52:43 -05:00
  • 269919b980 run setup_hypervisor.setup_environment for mangerhype if needed Josh Patterson 2025-03-18 09:39:49 -04:00
  • 05c93e3796 Merge pull request #14394 from Security-Onion-Solutions/jertel/wip Jason Ertel 2025-03-17 17:10:45 -04:00
  • fe21a19c5c Merge pull request #14396 from Security-Onion-Solutions/reyesj2-patch-3 Jorge Reyes 2025-03-17 14:40:40 -05:00
  • af6245f19d add zeek file_extraction forcedType for instances where a single line is speciifed reyesj2 2025-03-17 14:30:17 -05:00
  • ad8f3dfde7 use specified role on new user add Jason Ertel 2025-03-17 14:55:40 -04:00
  • 2dc977ddd8 managerhype Josh Patterson 2025-03-13 14:33:48 -04:00
  • 28c7362cfa Merge remote-tracking branch 'origin/2.4/dev' into vlb2 Josh Patterson 2025-03-13 10:56:32 -04:00
  • c93a5de460 additional changes for managerhype Josh Patterson 2025-03-13 10:55:49 -04:00
  • 44a5b3b1e5 MANAGERHYPE setup is now complete! Josh Patterson 2025-03-12 21:05:04 -04:00
  • d23b6958c1 Merge pull request #14379 from Security-Onion-Solutions/reyesj2-patch-3 Jorge Reyes 2025-03-12 13:22:40 -05:00
  • 60b1535018 update event pipeline annotation reyesj2 2025-03-12 13:15:57 -05:00
  • 758c6728f9 Merge pull request #14375 from Security-Onion-Solutions/TOoSmOotH-patch-1 Mike Reeves 2025-03-11 13:27:21 -04:00
  • 5234b21743 Update 2-4.yml Mike Reeves 2025-03-11 13:25:43 -04:00
  • 7d73f6cfd7 Update VERSION Mike Reeves 2025-03-11 13:25:00 -04:00
  • fb54c2f533 Merge pull request #14373 from Security-Onion-Solutions/2.4/dev 2.4.130-20250311 Mike Reeves 2025-03-11 13:14:26 -04:00
  • e20364cdf5 Merge pull request #14372 from Security-Onion-Solutions/2.4.130 Mike Reeves 2025-03-11 12:10:39 -04:00
  • a9484b4ca9 2.4.130 Mike Reeves 2025-03-11 12:01:01 -04:00
  • ae94722eda Merge remote-tracking branch 'origin/2.4/dev' into vlb2 Josh Patterson 2025-03-11 11:20:50 -04:00
  • ae993c47c1 remove minion pillar files when a vm is destroyed Josh Patterson 2025-03-11 11:12:45 -04:00
  • c784a6e440 fix setting hypervisor for our custom event tag Josh Patterson 2025-03-10 16:55:02 -04:00
  • c66cd3b2f3 ensure image is readded if removed Josh Patterson 2025-03-10 11:23:26 -04:00
  • 6081c46d7f Merge pull request #14362 from Security-Onion-Solutions/reyesj2-patch-2 Josh Brower 2025-03-08 10:18:12 -05:00
  • 4dd72ad15c fix osquery action_data mapping conflict reyesj2 2025-03-07 17:05:13 -06:00
  • 4893eda4fe Merge pull request #14359 from Security-Onion-Solutions/jertel/wip Jason Ertel 2025-03-07 08:44:12 -05:00
  • 2af05b9a23 switch back to colon for better clarity Jason Ertel 2025-03-07 08:24:19 -05:00
  • 0bb76aecb3 Merge branch '2.4/dev' into jertel/wip Jason Ertel 2025-03-07 08:23:18 -05:00
  • 53ab7a223d Merge pull request #14358 from Security-Onion-Solutions/dougburks-patch-1 Mike Reeves 2025-03-07 07:21:14 -05:00
  • 3037dc7c38 Update soc_soc.yaml to fix previous change Doug Burks 2025-03-07 07:13:27 -05:00
  • bde8a965f3 Merge pull request #14357 from Security-Onion-Solutions/TOoSmOotH-patch-3 Mike Reeves 2025-03-06 21:12:24 -05:00
  • 14e95f4898 Update soc_soc.yaml Mike Reeves 2025-03-06 21:01:45 -05:00
  • bad0031829 Update soc_soc.yaml Mike Reeves 2025-03-06 20:58:23 -05:00
  • f30938ed59 hypervisor annotation show if base domain is initialized or not Josh Patterson 2025-03-06 15:26:08 -05:00
  • 630140b979 Merge pull request #14354 from Security-Onion-Solutions/dougburks-patch-1 Doug Burks 2025-03-06 12:11:58 -05:00
  • cce94d96d1 Update soc_elasticsearch.yaml to include note about ILM rollover Doug Burks 2025-03-06 11:14:48 -05:00
  • bcea02b059 Merge pull request #14301 from Security-Onion-Solutions/truefalse Mike Reeves 2025-03-05 16:23:00 -05:00
  • 03ebc2d86e Add Actions Mike Reeves 2025-03-05 15:58:10 -05:00
  • 3021ed5d36 Add Actions Mike Reeves 2025-03-05 15:56:26 -05:00
  • e59ebc89f8 Merge pull request #14346 from Security-Onion-Solutions/reyesj2-patch-2 Jorge Reyes 2025-03-05 14:40:36 -06:00
  • 6a5377ceac bump version reyesj2 2025-03-05 14:39:01 -06:00
  • 515cb3aea8 Merge pull request #14345 from Security-Onion-Solutions/reyesj2-patch-2 Jorge Reyes 2025-03-05 14:28:08 -06:00
  • b51aa56e86 Some things I thought were bools are not bools Mike Reeves 2025-03-05 15:15:26 -05:00
  • d2884ef00b typo reyesj2 2025-03-05 14:02:45 -06:00
  • 0f16b00563 osquery templates reyesj2 2025-03-05 13:57:47 -06:00
  • b01fb733a9 Some things I thought were bools are not bools Mike Reeves 2025-03-05 14:56:26 -05:00
  • 945a467ec8 Some things I thought were bools are not bools Mike Reeves 2025-03-05 14:54:17 -05:00
  • 67f9cd39db Some things I thought were bools are not bools Mike Reeves 2025-03-05 14:53:29 -05:00
  • 72ffef9433 Some things I thought were bools are not bools Mike Reeves 2025-03-05 14:52:54 -05:00
  • cf536469e6 Some things I thought were bools are not bools Mike Reeves 2025-03-05 14:51:56 -05:00
  • c7c6d3e556 Merge branch '2.4/dev' of github.com:Security-Onion-Solutions/securityonion into truefalse Mike Reeves 2025-03-05 13:21:21 -05:00
  • 3a465c2e69 Merge pull request #14343 from Security-Onion-Solutions/cogburn/detections-group-items coreyogburn 2025-03-05 09:57:31 -07:00
  • 21a64b6c1d Add Client Parameter Corey Ogburn 2025-03-05 09:43:21 -07:00
  • 6c472dd383 Merge remote-tracking branch 'origin/2.4/dev' into vlb2 Josh Patterson 2025-03-05 08:58:03 -05:00
  • 2c5861a0c2 ensure local hypervisor dir when new hypervisor key accepted. apply soc.dyanno.hypervisor when hypervisor key accepted Josh Patterson 2025-03-05 08:51:10 -05:00
  • 2f6c7d2643 Merge pull request #14340 from Security-Onion-Solutions/dougburks-patch-1 Doug Burks 2025-03-05 08:02:39 -05:00
  • c6c67f4d06 FEATURE: Add sankey chart to Elastic Agent API dashboard to show relationship between process.name and process.Ext.api.name #14339 Doug Burks 2025-03-05 06:31:16 -05:00
  • f35930317b Merge pull request #14336 from Security-Onion-Solutions/reyesj2-patch-2 Jorge Reyes 2025-03-04 15:36:59 -06:00
  • 11dc004811 ES 8.17.3 reyesj2 2025-03-04 14:24:38 -06:00
  • 966503d875 Merge pull request #14331 from Security-Onion-Solutions/reyesj2-patch-2 Jorge Reyes 2025-03-04 13:17:28 -06:00
  • 124bf266b5 osquery v1.15.0 index templates updates reyesj2 2025-03-04 12:27:04 -06:00
  • 75e3bba9f5 reduce stdout Jason Ertel 2025-03-04 11:35:22 -05:00
  • 0ff4fc101b Merge pull request #14329 from Security-Onion-Solutions/jertel/wip Jason Ertel 2025-03-04 11:23:14 -05:00
  • 85450693a2 Merge branch '2.4/dev' into jertel/wip Jason Ertel 2025-03-04 10:55:29 -05:00
  • 0047246cf2 reduce stdout verbosity Jason Ertel 2025-03-04 10:55:12 -05:00
  • 95d3a2d834 Merge pull request #14328 from Security-Onion-Solutions/reyesj2-patch-2 Jorge Reyes 2025-03-04 09:03:02 -06:00
  • e1c8bee71a install bc package reyesj2 2025-03-04 08:58:41 -06:00
  • 1c96449ad9 Merge pull request #14327 from Security-Onion-Solutions/dougburks-patch-1 Doug Burks 2025-03-04 07:10:41 -05:00
  • 44535cba8c FIX: Elastic Agent Security Events dashboard should reference user.effective.name #14325 Doug Burks 2025-03-04 06:46:56 -05:00
  • 3f4a5a1b28 Merge pull request #14320 from Security-Onion-Solutions/reyesj2/zeekparslin Jorge Reyes 2025-03-03 10:56:15 -06:00
  • 4bd83f8983 zeek traceroute & ntp reyesj2 2025-03-03 10:48:06 -06:00
  • 206acbe618 Merge pull request #14312 from Security-Onion-Solutions/dougburks-patch-1 Doug Burks 2025-03-03 07:09:45 -05:00
  • e53f4fd1f1 Update defaults.yaml to quote the process.entity_id value Doug Burks 2025-03-02 05:54:30 -05:00
  • 8047e196fe fix pipeline workers, zeek/suricata lbprocs, CPUCORES and CORECOUNT Josh Patterson 2025-02-28 17:21:06 -05:00
  • c6c979dc19 properly set memory and CPUCORES for minion pillars during vm setup Josh Patterson 2025-02-28 16:12:28 -05:00
  • 573a2a5595 Merge pull request #14307 from Security-Onion-Solutions/reyesj2/esmngdint Jorge Reyes 2025-02-27 17:13:26 -06:00
  • 9bc64bf453 managed int multiline input reyesj2 2025-02-27 16:48:07 -06:00
  • c8a1c8377a vm power operations Josh Patterson 2025-02-27 16:04:44 -05:00
  • 2ffaf2f601 Add hunt queries Mike Reeves 2025-02-27 12:42:03 -05:00
  • 4696152f78 Add hunt queries Mike Reeves 2025-02-27 12:31:51 -05:00
  • a0944f8359 Add hunt queries Mike Reeves 2025-02-27 12:17:57 -05:00
  • 1fdbe987b8 Add hunt queries Mike Reeves 2025-02-27 12:15:37 -05:00
  • 40303c2d78 Add hunt queries Mike Reeves 2025-02-27 12:10:59 -05:00
  • 4b5048bd80 Add hunt queries Mike Reeves 2025-02-27 11:57:57 -05:00
  • 9d31050907 roll back SOC changes Mike Reeves 2025-02-27 11:32:59 -05:00
  • e930d1dec6 roll back SOC changes Mike Reeves 2025-02-27 11:28:06 -05:00
  • 1d3bae4a7a Add additional entries for actions Mike Reeves 2025-02-27 11:15:51 -05:00
  • d950e4ebb3 Add additional entries for actions Mike Reeves 2025-02-27 11:11:56 -05:00
  • 3ba82bd5a4 Fix actions Mike Reeves 2025-02-27 11:04:47 -05:00
  • bc969c1ca2 Merge pull request #14302 from Security-Onion-Solutions/jertel/wip Jason Ertel 2025-02-27 08:00:49 -05:00
  • 772aa7379f more false positives Jason Ertel 2025-02-27 07:55:22 -05:00
  • 4e954c24f7 handle cpu, copper and sfp as options Josh Patterson 2025-02-26 17:58:09 -05:00
  • 6c00cdd726 Fix healthlink Mike Reeves 2025-02-26 16:15:00 -05:00
  • 52839e2a7d implement regex for cpu and mem Josh Patterson 2025-02-26 15:22:36 -05:00
  • 1a9d5f151f change description formatting. include full vm name in HYPERVISORS Josh Patterson 2025-02-26 14:28:31 -05:00
  • 8bc500e4da soc Mike Reeves 2025-02-26 14:16:42 -05:00
  • 25217c3262 soc Mike Reeves 2025-02-26 14:14:25 -05:00
  • 0c2797ecdc soc Mike Reeves 2025-02-26 13:49:30 -05:00