CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-01-14 12:11:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

Commit Graph

  • 386be4e746 WIP: Manage Kafka nodes pillar role value This way when kafka_controllers is updated the pillar value gets updated and any non-controllers get updated to revert to 'broker' only role. Needs more testing when a new controller joins in this manner Kafka errors due to cluster metadata being out of sync. One solution is to remove /nsm/kafka/data/__cluster_metadata-0/quorum-state and restart cluster. Alternative is working with Kafka cli tools to inform cluster of new voter, likely best option but requires a wrapper script of some sort to be created for updating cluster in-place. Easiest option is to have all receivers join grid and then configure Kafka with specific controllers via SOC UI prior to enabling Kafka. This way Kafka cluster comes up in the desired configuration with no need for immediately modifying cluster reyesj2 2024-05-29 16:48:39 -04:00
  • dfcf7a436f Merge pull request #13091 from Security-Onion-Solutions/2.4/dev 2.4.70-20240529 Mike Reeves 2024-05-29 16:41:54 -04:00
  • d9ec556061 Update some annotations and defaults reyesj2 2024-05-29 16:41:02 -04:00
  • 876d860488 elastic agent should be able to communicate over 9092 for sending logs to kafka brokers reyesj2 2024-05-29 16:40:15 -04:00
  • 88651219a6 Merge pull request #13090 from Security-Onion-Solutions/2.4.70 #13091 Mike Reeves 2024-05-29 14:54:16 -04:00
  • a655f8dc04 2.4.70 #13090 Mike Reeves 2024-05-29 14:52:47 -04:00
  • e98b8566c9 2.4.70 Mike Reeves 2024-05-29 14:50:22 -04:00
  • ef10794e3b Merge pull request #13089 from Security-Onion-Solutions/2.4/realert Josh Brower 2024-05-29 11:12:45 -04:00
  • 0d034e7adc fix rsync #13089 DefensiveDepth 2024-05-29 10:55:56 -04:00
  • 59097070ef Revert "Remove unneeded jolokia aggregate metrics to reduce data ingested to influx" reyesj2 2024-05-28 12:17:43 -04:00
  • 77b5aa4369 Correct dashboard name reyesj2 2024-05-28 11:34:35 -04:00
  • 0d7c331ff0 only show specific fields when hovering over Kafka influxdb panels reyesj2 2024-05-28 11:29:38 -04:00
  • 1c1a1a1d3f Remove unneeded jolokia aggregate metrics to reduce data ingested to influx reyesj2 2024-05-28 11:14:19 -04:00
  • 47efcfd6e2 Add basic Kafka metrics to 'Security Onion Performance' influxdb dashboard reyesj2 2024-05-28 10:55:11 -04:00
  • 15a0b959aa Add jolokia metrics for influxdb dashboard reyesj2 2024-05-28 10:51:39 -04:00
  • ca49943a7f Merge pull request #13085 from Security-Onion-Solutions/2.4/soupchange Josh Brower 2024-05-28 10:25:46 -04:00
  • ee4ca0d7a2 Check to see if local exists #13085 DefensiveDepth 2024-05-28 10:24:09 -04:00
  • 0d634f3b8e Merge pull request #13084 from Security-Onion-Solutions/2.4/soupchange Josh Brower 2024-05-28 10:05:33 -04:00
  • f68ac23f0e Fix fi #13084 DefensiveDepth 2024-05-28 10:03:31 -04:00
  • 825c4a9adb Merge pull request #13083 from Security-Onion-Solutions/2.4/soupchange Josh Brower 2024-05-28 09:45:53 -04:00
  • 2a2b86ebe6 Dont overwrite #13083 DefensiveDepth 2024-05-28 09:43:45 -04:00
  • 74dfc25376 backup local rules DefensiveDepth 2024-05-28 09:29:10 -04:00
  • 81ee60e658 Backup .yml files too DefensiveDepth 2024-05-28 06:42:18 -04:00
  • fcb6a47e8c Remove redis.sh telegraf script when Kafka is global pipeline reyesj2 2024-05-26 21:10:41 -04:00
  • 49fd84a3a7 Merge pull request #13081 from Security-Onion-Solutions/2.4/soupchange Josh Brower 2024-05-24 16:28:40 -04:00
  • 58b565558d Dont bail - just wait for enter #13081 DefensiveDepth 2024-05-24 16:21:59 -04:00
  • 185fb38b2d Merge pull request #13079 from Security-Onion-Solutions/2.4/sigmapipelineupdates Josh Brower 2024-05-24 14:48:22 -04:00
  • 550b3ee92d Add IDH mappings #13079 DefensiveDepth 2024-05-24 14:46:24 -04:00
  • 29a87fd166 Merge pull request #13078 from Security-Onion-Solutions/2.4/socdefaultsdet Josh Brower 2024-05-24 13:02:01 -04:00
  • f90d40b471 Fix typo #13078 DefensiveDepth 2024-05-24 12:56:17 -04:00
  • 4344988abe Add instructions for sigma and yara repos DefensiveDepth 2024-05-24 12:54:36 -04:00
  • 979147a111 Merge pull request #13062 from Security-Onion-Solutions/2.4/backupscript Josh Brower 2024-05-24 10:06:56 -04:00
  • 66725b11b3 Added unit tests #13062 DefensiveDepth 2024-05-24 09:55:10 -04:00
  • 19f9c4e389 Merge pull request #13076 from Security-Onion-Solutions/jertel/eaconfig Jason Ertel 2024-05-24 08:39:17 -04:00
  • bd11d59c15 add event.dataset since there are other datasets in soc logs #13076 Jason Ertel 2024-05-24 08:38:12 -04:00
  • 15155613c3 provide default columns when viewing SOC logs Jason Ertel 2024-05-24 08:23:45 -04:00
  • b5f656ae58 dont render pillar each time so-tcpreplay runs m0duspwnens 2024-05-23 13:22:22 -04:00
  • 7177392adc Merge pull request #13071 from Security-Onion-Solutions/telfinwip Josh Patterson 2024-05-23 10:46:54 -04:00
  • ea7715f729 use waitforstate var instead. #13071 m0duspwnens 2024-05-23 10:41:10 -04:00
  • 0b9ebefdb6 only show telem status in final whiptail if new deployment m0duspwnens 2024-05-23 10:08:23 -04:00
  • 19e66604d0 Merge pull request #13069 from Security-Onion-Solutions/TOoSmOotH-patch-8 Mike Reeves 2024-05-23 08:22:05 -04:00
  • 1e6161f89c Update defaults.yaml #13069 Mike Reeves 2024-05-23 08:19:43 -04:00
  • a8c287c491 Merge pull request #13067 from Security-Onion-Solutions/2.4/fixpipeline Josh Brower 2024-05-23 07:53:14 -04:00
  • 2c4f5f0a91 Merge pull request #13066 from Security-Onion-Solutions/dougburks-patch-1 Doug Burks 2024-05-23 06:02:49 -04:00
  • 8e7c487cb0 Fix strelka rule.uuid #13067 DefensiveDepth 2024-05-23 05:59:31 -04:00
  • 3d4f3a04a3 Update defaults.yaml to fix order of groupby tables and eliminate duplicate #13066 Doug Burks 2024-05-23 05:56:18 -04:00
  • ce063cf435 Merge pull request #13063 from Security-Onion-Solutions/2.4/yarafix Josh Brower 2024-05-22 18:51:54 -04:00
  • a072e34cfe Fix casing issue #13063 DefensiveDepth 2024-05-22 17:12:41 -04:00
  • d19c1a514b Detections backup script DefensiveDepth 2024-05-22 15:12:23 -04:00
  • b415810485 Merge pull request #13061 from Security-Onion-Solutions/fix/tab_casing weslambert 2024-05-22 13:44:09 -04:00
  • 3cfd710756 Change tab casing to be consistent with other whiptail prompts #13061 weslambert 2024-05-22 13:41:32 -04:00
  • 382cd24a57 Small changes needed for using new Kafka docker image + added Kafka logging output to /opt/so/log/kafka/ reyesj2 2024-05-22 13:39:21 -04:00
  • b1beb617b3 Logstash should be disabled when Kafka is enabled except when a minion override exists OR node is a standalone - Standalone subscribes to Kafka topics via logstash for ingest reyesj2 2024-05-22 13:38:09 -04:00
  • 91f8b1fef7 Set default replication factor back to Kafka default If replication factor is > 1 Kafka will fail to start until another broker is added - For internal automated testing purposes a Standalone will be utilized reyesj2 2024-05-22 13:35:09 -04:00
  • ca6e2b8e22 Merge pull request #13054 from Security-Onion-Solutions/jertel/eaconfig Jason Ertel 2024-05-21 18:38:03 -04:00
  • 8af3158ea7 fix elastalert settings #13054 Jason Ertel 2024-05-21 18:28:21 -04:00
  • 8b011b8d7e Merge pull request #13053 from Security-Onion-Solutions/2.4/alertsefaults Josh Brower 2024-05-21 17:54:27 -04:00
  • f9e9b825cf Removed unneeded groupby #13053 DefensiveDepth 2024-05-21 17:53:20 -04:00
  • 3992ef1082 Add rule.uuid to default groupbys DefensiveDepth 2024-05-21 17:45:56 -04:00
  • 556fdfdcf9 Merge pull request #13052 from Security-Onion-Solutions/fix/add_rule_uuid weslambert 2024-05-21 17:09:49 -04:00
  • f4490fab58 Add rule.uuid for YARA matches #13052 weslambert 2024-05-21 17:05:39 -04:00
  • 5aaf44ebb2 Merge pull request #13049 from Security-Onion-Solutions/fix/detections_alerts_component_template weslambert 2024-05-21 13:45:19 -04:00
  • deb140e38e Exclude detections from template name matching #13049 weslambert 2024-05-21 13:38:52 -04:00
  • 3de6454d4f Merge pull request #13047 from Security-Onion-Solutions/jertel/eaconfig Jason Ertel 2024-05-21 13:34:20 -04:00
  • d57cc9627f exclude false positives related to detections #13047 Jason Ertel 2024-05-21 13:31:50 -04:00
  • 8ce19a93b9 exclude false positives related to detections Jason Ertel 2024-05-21 13:29:20 -04:00
  • d315b95d77 elastalert settings Jason Ertel 2024-05-21 07:15:19 -04:00
  • 6172816f61 Merge pull request #13044 from Security-Onion-Solutions/dougburks-patch-1 Doug Burks 2024-05-21 06:49:35 -04:00
  • 03826dd32c Update README.md with new Detections screenshot number #13044 Doug Burks 2024-05-21 06:43:07 -04:00
  • b7a4f20c61 elastalert settings Jason Ertel 2024-05-20 20:11:30 -04:00
  • 02b4d37c11 elastalert settings Jason Ertel 2024-05-20 20:00:31 -04:00
  • f8ce039065 elastalert settings Jason Ertel 2024-05-20 19:58:12 -04:00
  • e2d0b8f4c7 elastalert settings Jason Ertel 2024-05-20 19:38:36 -04:00
  • 8a3061fe3e elastalert settings Jason Ertel 2024-05-20 19:36:06 -04:00
  • c594168b65 elastalert settings Jason Ertel 2024-05-20 19:05:43 -04:00
  • 31fdf15ce1 Merge branch '2.4/dev' into jertel/eaconfig Jason Ertel 2024-05-20 18:59:35 -04:00
  • 6b2219b7f2 elastalert settings Jason Ertel 2024-05-20 18:52:37 -04:00
  • 64144b4759 Merge pull request #13041 from Security-Onion-Solutions/cogburn/integrity-checker-annotations coreyogburn 2024-05-20 14:52:38 -06:00
  • 6e97c39f58 Marked as Advanced #13041 Corey Ogburn 2024-05-20 14:52:05 -06:00
  • 026023fd0a Annotate integrityCheckFrequencySeconds per det engine Corey Ogburn 2024-05-20 14:35:11 -06:00
  • d7ee89542a Merge pull request #13040 from Security-Onion-Solutions/lkscript Jorge Reyes 2024-05-20 15:25:50 -04:00
  • 6fac6eebce Helper script for enrolling tpm into luks #13040 reyesj2 2024-05-20 14:37:54 -04:00
  • 3c3497c2fd Merge pull request #13039 from Security-Onion-Solutions/cogburn/integrity-check coreyogburn 2024-05-20 11:26:30 -06:00
  • fcc72a4f4e Add Default IntegrityCheck Frequency Values #13039 Corey Ogburn 2024-05-20 11:23:25 -06:00
  • 28dea9be58 Merge pull request #13037 from Security-Onion-Solutions/cogburn/comp-report-path-change coreyogburn 2024-05-17 15:48:52 -06:00
  • 0cc57fc240 Change Compilation Report Path #13037 Corey Ogburn 2024-05-17 15:47:23 -06:00
  • 17518b90ca Merge pull request #13036 from Security-Onion-Solutions/fix/yara_compile_report weslambert 2024-05-17 16:15:21 -04:00
  • d9edff38df Create compile report for SOC integrity check #13036 weslambert 2024-05-17 16:10:10 -04:00
  • 300d8436a8 Merge pull request #13035 from Security-Onion-Solutions/jertel/eaconfig Jason Ertel 2024-05-17 15:01:54 -04:00
  • 1c4d36760a add support for custom alerters #13035 Jason Ertel 2024-05-17 14:49:39 -04:00
  • 34a5985311 Create tpm enrollment script reyesj2 2024-05-16 21:14:57 -04:00
  • aa0163349b Merge pull request #13031 from Security-Onion-Solutions/issue/13021 Josh Patterson 2024-05-16 16:40:17 -04:00
  • 572b8d08d9 Merge branch '2.4/dev' into issue/13021 #13031 Josh Patterson 2024-05-16 16:39:17 -04:00
  • cc6cb346e7 fix issue/13030 m0duspwnens 2024-05-16 16:31:45 -04:00
  • b54632080e check if exists in override before popping m0duspwnens 2024-05-16 16:04:17 -04:00
  • 44d3468f65 Merge pull request #13029 from Security-Onion-Solutions/revert-13028-issue/13021 Josh Patterson 2024-05-16 15:48:05 -04:00
  • 9d4668f4d3 Revert "dont merge policy from global_overrides if not defined in default index_settings" #13029 Josh Patterson 2024-05-16 15:45:55 -04:00
  • da2ac4776e Merge pull request #13028 from Security-Onion-Solutions/issue/13021 Josh Patterson 2024-05-16 14:33:51 -04:00
  • 9796354b48 dont merge policy from global_overrides if not defined in default index_settings #13028 m0duspwnens 2024-05-16 14:27:32 -04:00
  • aa32eb9c0e Merge pull request #13025 from Security-Onion-Solutions/jertel/suridp Jason Ertel 2024-05-15 19:21:30 -04:00