Commit Graph

  • d430dd2b73 Merge pull request #14219 from Security-Onion-Solutions/2.4/dev 2.4.120-20250212 Mike Reeves 2025-02-12 11:14:56 -05:00
  • 43a0020a9e Merge pull request #14220 from Security-Onion-Solutions/fixeroni Mike Reeves 2025-02-12 09:37:04 -05:00
  • b0e82cd59b Fix Conflict Mike Reeves 2025-02-12 09:35:52 -05:00
  • 237370f0c7 Merge pull request #14218 from Security-Onion-Solutions/2.4.120 Mike Reeves 2025-02-12 09:20:40 -05:00
  • 69be367acf 2.4.120 Mike Reeves 2025-02-12 09:09:38 -05:00
  • cdf8943f24 Merge pull request #14214 from Security-Onion-Solutions/reyesj2/rel Jorge Reyes 2025-02-11 11:24:18 -06:00
  • fb0cd436d3 ES 8.17.2 TODO: Check import-evtx-logs.json for updated pipeline versions reyesj2 2025-02-11 11:23:04 -06:00
  • 33f145a40b ensure network packet capture integration data has event.module:network_traffic reyesj2 2025-02-04 08:58:36 -06:00
  • 3b69ff9fc9 integration policy update reyesj2 2025-01-29 14:02:45 -06:00
  • 66bc0d487c Merge pull request #14206 from Security-Onion-Solutions/reyesj2-patch-00 Jorge Reyes 2025-02-07 15:27:52 -06:00
  • 9bde70a8e2 zeek.software typo reyesj2 2025-02-07 15:19:40 -06:00
  • 010c205eec configure bond and monitor nics m0duspwnens 2025-02-07 14:45:06 -05:00
  • 322941f29a Merge pull request #14203 from Security-Onion-Solutions/reyesj2-patch-00 Jorge Reyes 2025-02-07 07:52:11 -06:00
  • dd17ee7665 fix defining custom logstash pipelines when kafka is enabled reyesj2 2025-02-06 22:04:25 -06:00
  • 160c84ec1a Merge pull request #14200 from Security-Onion-Solutions/2.4/dev Josh Patterson 2025-02-06 17:41:22 -05:00
  • 924c0b63bd put vnm engine in place m0duspwnens 2025-02-06 16:05:56 -05:00
  • 9b8dce0c77 only wait and make predicable when virt-install runs m0duspwnens 2025-02-06 15:44:28 -05:00
  • 7159678385 create predicatble interfaces m0duspwnens 2025-02-06 15:30:46 -05:00
  • 4b51066327 Merge pull request #14191 from Security-Onion-Solutions/jertel/wip Jason Ertel 2025-02-05 15:09:57 -05:00
  • bf19c6e730 ca download; ignore shard errors on startup; clarify oidc id Jason Ertel 2025-02-05 15:04:04 -05:00
  • 12a2b491c3 Merge pull request #14190 from Security-Onion-Solutions/2.4/fixmsi Josh Brower 2025-02-05 10:22:17 -05:00
  • 4636a8d9b1 Refresh Agent installers Joshua Brower 2025-02-05 09:38:33 -05:00
  • abbb0db1ff Merge pull request #14189 from Security-Onion-Solutions/2.4/fixmsi Josh Brower 2025-02-05 09:35:37 -05:00
  • 95fe212202 Rework for MSI Joshua Brower 2025-02-05 09:29:45 -05:00
  • fbb9bf14e9 Merge pull request #14183 from Security-Onion-Solutions/cogburn/escalate-limit coreyogburn 2025-02-04 15:24:53 -07:00
  • 23ebe966e0 Added Large Values Warning Corey Ogburn 2025-02-04 10:33:04 -07:00
  • d0fa6eaf83 New Limit on Bulk Creating Related Events Corey Ogburn 2025-01-29 15:48:48 -07:00
  • c8e232c598 cloudinit network config out of user-data. default 220G disk m0duspwnens 2025-02-03 12:20:34 -05:00
  • 7a0309cdf4 Merge pull request #14179 from Security-Onion-Solutions/2.4/fixilmpolicy Josh Brower 2025-02-03 09:35:55 -05:00
  • b874619f0d Fix ip-mappings ILM Joshua Brower 2025-02-03 09:31:08 -05:00
  • a3013ff85b simplify the LVM deactivation process by removing unnecessary VG removal attempts m0duspwnens 2025-01-31 16:36:51 -05:00
  • 65c5abfa88 add note regarding possible missing devices m0duspwnens 2025-01-31 16:15:46 -05:00
  • 0114e36cfa set lvm = system uuid and only sanitize new nvme if doesnt belong to current vm m0duspwnens 2025-01-31 15:17:54 -05:00
  • 5c56e0f498 already configured not failure state m0duspwnens 2025-01-31 11:18:11 -05:00
  • 61992ae787 verify script work with 1 or more nvme m0duspwnens 2025-01-30 13:28:08 -05:00
  • 08bbeedbd7 add automatic NVMe device mounting for VMs with LVM support m0duspwnens 2025-01-30 09:55:26 -05:00
  • a5f2db8c80 add preflight check to ensure repo connectivity prior to installing salt-minion with salt-cloud m0duspwnens 2025-01-29 18:17:29 -05:00
  • 8d1ce0460f remove possible race condition caused by vm init cron for setup.virt.init. setup.virt and mine updated during salt-cloud call with init_script m0duspwnens 2025-01-29 14:23:10 -05:00
  • 028c73fd3a Merge pull request #14162 from Security-Onion-Solutions/TOoSmOotH-patch-2 Jason Ertel 2025-01-29 10:12:20 -05:00
  • 27e9773782 Update so-functions Mike Reeves 2025-01-29 10:07:52 -05:00
  • 7ae128dec6 Merge pull request #14161 from Security-Onion-Solutions/esdtsn Josh Patterson 2025-01-29 09:29:04 -05:00
  • fe4129c8e0 env discovery.type single-node change Josh Patterson 2025-01-29 09:11:52 -05:00
  • 3c85b48291 manage with contents to simplify salt cloud profile file_map m0duspwnens 2025-01-29 08:12:50 -05:00
  • ea2e026c56 only manager nodes or heavynodes should ever be single-node m0duspwnens 2025-01-29 08:10:05 -05:00
  • 8b3f310212 install python3-dnf-plugin-versionlock on vm before first highstate m0duspwnens 2025-01-29 04:08:30 -05:00
  • 87136e9e2b restart salt-minion to trigger highstate m0duspwnens 2025-01-28 16:38:20 -05:00
  • 5a6a9d6ec2 round ES_HEAP_SIZE m0duspwnens 2025-01-28 16:01:49 -05:00
  • d3b3a0eb8a wrap salt-cloud -yd. start implementing vm/minion cleanup with ip removal m0duspwnens 2025-01-28 14:04:58 -05:00
  • 91fc59cffc add removehost option to so-firewall. add logging to console and so-firewall.log m0duspwnens 2025-01-28 14:04:02 -05:00
  • e32dbad0d0 fix monitoring for add_ files m0duspwnens 2025-01-28 11:22:26 -05:00
  • 8828a3049d Merge pull request #14155 from Security-Onion-Solutions/reyesj2/es-integ-tmp Jorge Reyes 2025-01-27 16:36:17 -06:00
  • d74b69d84d add additional weird_integration reyesj2 2025-01-27 16:34:33 -06:00
  • b66aafd168 fix claiming for cpu/mem m0duspwnens 2025-01-27 17:24:04 -05:00
  • 2cd0f69069 watch and build m0duspwnens 2025-01-27 16:40:10 -05:00
  • 0177f641c8 watch for files and create a vm m0duspwnens 2025-01-27 15:09:42 -05:00
  • abcfe638c9 Merge pull request #14153 from Security-Onion-Solutions/reyesj2/es-integ-tmp Jorge Reyes 2025-01-27 14:07:32 -06:00
  • 49ab0751c0 Remove uneeded import Joshua Brower 2025-01-27 15:01:21 -05:00
  • e994f3a220 Fix commits Joshua Brower 2025-01-27 14:48:50 -05:00
  • 38b0276458 remove reference to deleted file reyesj2 2025-01-27 13:45:18 -06:00
  • a373d96c3c run managed_soc_annotations.sls from manager state reyesj2 2025-01-27 13:45:03 -06:00
  • b3969a6ce0 fix hardware passthrough for pci devices m0duspwnens 2025-01-24 17:19:41 -05:00
  • ab97d3b8b7 ensure 64962 patch applies to manager for salt-cloud m0duspwnens 2025-01-24 11:26:34 -05:00
  • 97a3f130c8 Update Elastic Josh Brower 2025-01-23 15:32:39 -05:00
  • 5b8f8fb62f add/remove es annotations/defaults automagically reyesj2 2025-01-23 12:47:22 -06:00
  • 213df68d04 merge with 120 dev and fix conflicts m0duspwnens 2025-01-23 10:56:48 -05:00
  • 9738ef382c Upgrade Elastic to 8.17.1 Josh Brower 2025-01-23 08:12:02 -05:00
  • ca0c1170ab Merge pull request #14140 from Security-Onion-Solutions/jertel/wip Jason Ertel 2025-01-22 17:43:54 -05:00
  • db9387764d fix issue with first-time api client permission toggling Jason Ertel 2025-01-22 17:41:04 -05:00
  • e0039a08ef fix forcedType typo reyesj2 2025-01-22 13:57:26 -06:00
  • 09df4a5771 Merge pull request #14139 from Security-Onion-Solutions/reyesj2/es-integ-tmp Jorge Reyes 2025-01-22 13:12:53 -06:00
  • 81ac1ebc08 fixes merging local pillar /global overrides for generated index templates reyesj2 2025-01-22 13:12:09 -06:00
  • c2f5c2226f Merge pull request #14138 from Security-Onion-Solutions/reyesj2/es-integ-tmp Jorge Reyes 2025-01-22 10:16:30 -06:00
  • d779f7ae7f add back missing component for http_endpoint_x_generic & winlog_x_winglog reyesj2 2025-01-22 10:13:01 -06:00
  • d26c7e6f9b Merge pull request #14134 from Security-Onion-Solutions/reyesj2/es-integ-tmp Jorge Reyes 2025-01-21 11:00:18 -06:00
  • 6331298eac remove individual <integration>@custom mappings. Moved over to so-fleet_integrations.ip_mappings-1 reyesj2 2025-01-21 10:49:54 -06:00
  • 76abf37351 Merge remote-tracking branch 'origin/2.4/dev' into foxtrot reyesj2 2025-01-21 09:03:04 -06:00
  • 9db3cd901c update documentation of core functionality m0duspwnens 2025-01-18 10:45:10 -05:00
  • 64c9230423 prevent conflicts with network manager in base vm m0duspwnens 2025-01-18 10:44:44 -05:00
  • 17943ef0db add hypervisor state to hypervisor node m0duspwnens 2025-01-18 08:24:50 -05:00
  • 8ed3f0b1cc change base image path for so-salt-cloud m0duspwnens 2025-01-18 07:30:36 -05:00
  • 7c50a5e17b cloud-init needs to import repo gpg keys so packags can install m0duspwnens 2025-01-17 23:16:18 -05:00
  • c13c85bd2d manager needs ssh config. need -r to ignore bootstrap provided repos m0duspwnens 2025-01-17 22:54:46 -05:00
  • ae01dc9639 manager needs more packages for salt-cloud. change location of priv key for salt-cloud config m0duspwnens 2025-01-17 22:26:39 -05:00
  • a74ed0daf0 fix disabling cloud-init and system shutdown. increase ram/cpu of base vm. shrink disk_size to 6G for testing m0duspwnens 2025-01-17 21:25:40 -05:00
  • 60387651d2 recreate the base vm if any of the cloud init files change m0duspwnens 2025-01-17 20:13:42 -05:00
  • 3a78be68d6 ensure cloud-init is removed m0duspwnens 2025-01-17 20:05:35 -05:00
  • a896332db3 fix deprecation m0duspwnens 2025-01-17 19:49:41 -05:00
  • 54eeb0e327 handle refreshing base image and reinstalling the vm if the source qcow2 image changes m0duspwnens 2025-01-17 19:27:04 -05:00
  • 704e30219a Merge pull request #14124 from Security-Onion-Solutions/reyesj2-patch-8 Jorge Reyes 2025-01-17 13:33:26 -06:00
  • 1396083b7d use so-elasticsearch-query where possible; simplify suricata.alerts index reroute reyesj2 2025-01-17 13:29:46 -06:00
  • 7017024ba7 Merge pull request #14123 from Security-Onion-Solutions/jertel/wip Jason Ertel 2025-01-17 12:31:42 -05:00
  • 942c1aa3a6 Merge pull request #14126 from Security-Onion-Solutions/reyesj2/es-integ-tmp Jorge Reyes 2025-01-17 11:24:31 -06:00
  • d35ffef503 merge 2.4/dev reyesj2 2025-01-17 11:23:54 -06:00
  • 7705f45d78 Revert "subgrid config annotations" Jason Ertel 2025-01-17 12:16:12 -05:00
  • 964bbe6aa5 additional web server security measures Jason Ertel 2025-01-17 12:14:30 -05:00
  • 01a2e4cd4f check for index existence before attemping rollover reyesj2 2025-01-17 09:27:28 -06:00
  • 1f13554bd9 move add virt install and pool creation to images/init. start moving to /nsm/libvirt/ m0duspwnens 2025-01-17 09:43:39 -05:00
  • 9032d7d7bc any suricata.alert with event.imported: true remains in logs-import-so reyesj2 2025-01-16 18:48:31 -06:00
  • d573c0922d add 2.4.111 -> postupgrade check reyesj2 2025-01-16 18:25:06 -06:00
  • 45d3438d18 update ingest pipeline for imported logs reyesj2 2025-01-16 17:33:14 -06:00