CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-01-16 13:11:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

Commit Graph

  • af681881e6 Merge pull request #12963 from Security-Onion-Solutions/TOoSmOotH-patch-4 Mike Reeves 2024-05-08 08:45:34 -04:00
  • 47dc911b79 Merge pull request #12964 from Security-Onion-Solutions/2.4/agstrelka Josh Brower 2024-05-08 08:45:16 -04:00
  • 6d2ecce9b7 remove old yara airgap code #12964 DefensiveDepth 2024-05-08 08:43:37 -04:00
  • 326c59bb26 Update soc_idstools.yaml #12963 Mike Reeves 2024-05-08 08:42:38 -04:00
  • c1257f1c13 Merge pull request #12961 from Security-Onion-Solutions/TOoSmOotH-patch-3 Mike Reeves 2024-05-07 17:23:12 -04:00
  • 2eee617788 Update soc_idstools.yaml #12961 Mike Reeves 2024-05-07 17:21:01 -04:00
  • 70ef8092a7 Merge pull request #12959 from Security-Onion-Solutions/jertel/testcy Jason Ertel 2024-05-07 11:37:31 -07:00
  • 8364b2a730 update for testing #12959 Jason Ertel 2024-05-07 14:30:52 -04:00
  • cb7dea1295 Merge pull request #12957 from Security-Onion-Solutions/cogburn/retry-import coreyogburn 2024-05-07 11:20:26 -06:00
  • 1da88b70ac Specify Error Retry Wait and Error Limit for All Detection Engines #12957 Corey Ogburn 2024-05-06 09:56:24 -06:00
  • b4817fa062 Merge pull request #12956 from Security-Onion-Solutions/jertel/testcy Jason Ertel 2024-05-07 08:45:38 -07:00
  • bc24227732 Merge pull request #12955 from Security-Onion-Solutions/fix/cef weslambert 2024-05-07 11:23:53 -04:00
  • 2e70d157e2 Add ref #12955 weslambert 2024-05-07 11:13:51 -04:00
  • 5e2e5b2724 Merge remote-tracking branch 'origin/2.4/dev' into orchit m0duspwnens 2024-05-07 10:44:14 -04:00
  • dcc1f656ee predownload logstash and elastic for new searchnode and heavynode m0duspwnens 2024-05-07 10:13:51 -04:00
  • 23da1f6ee9 Merge pull request #12951 from Security-Onion-Solutions/fix/remove_watch weslambert 2024-05-07 09:23:56 -04:00
  • bee8c2c1ce Remove watch #12951 Wes 2024-05-07 13:21:59 +00:00
  • 4ebe070cd8 test regexes for detections #12956 Jason Ertel 2024-05-06 19:03:12 -04:00
  • a5e89c0854 Merge pull request #12947 from Security-Onion-Solutions/fix/strelka_yara_distributed weslambert 2024-05-06 15:53:08 -04:00
  • a25e43db8f Merge pull request #12948 from Security-Onion-Solutions/fix/strelka_yara_watch weslambert 2024-05-06 15:52:57 -04:00
  • b997e44715 Merge pull request #12939 from Security-Onion-Solutions/2.4/detections-airgap Josh Brower 2024-05-06 15:46:29 -04:00
  • 1e48955376 Restart when rules change #12948 Wes 2024-05-06 19:39:03 +00:00
  • 5056ec526b Add compiled directory #12947 Wes 2024-05-06 19:27:38 +00:00
  • 2431d7b028 Merge branch '2.4/detections-airgap' of https://github.com/Security-Onion-Solutions/securityonion into 2.4/detections-airgap #12939 m0duspwnens 2024-05-06 15:27:27 -04:00
  • d2fa77ae10 Update compile script Wes 2024-05-06 19:10:41 +00:00
  • 445fb31634 Add manager SLS Wes 2024-05-06 19:09:37 +00:00
  • 5aa611302a Handle YARA rules for distributed deployments Wes 2024-05-06 19:08:01 +00:00
  • 554a203541 update airgapEnabled in map file m0duspwnens 2024-05-06 12:59:45 -04:00
  • be1758aea7 Fix license and folder DefensiveDepth 2024-05-06 12:22:44 -04:00
  • 38f74d2e9e change quotes m0duspwnens 2024-05-06 11:38:30 -04:00
  • 5b966b83a9 change rulesRepos for airgap or not m0duspwnens 2024-05-06 09:26:52 -04:00
  • a67f0d93a0 Merge pull request #12942 from Security-Onion-Solutions/dougburks-patch-1 Doug Burks 2024-05-06 09:23:09 -04:00
  • 3f73b14a6a FEATURE: Add event.dataset to all Events table layouts #12641 #12942 Doug Burks 2024-05-06 09:20:47 -04:00
  • e57d1a5fb5 Merge pull request #12941 from Security-Onion-Solutions/dougburks-patch-1 Doug Burks 2024-05-06 08:57:58 -04:00
  • f689cfcd0a FEATURE: Add Events table columns for stun logs #12940 #12941 Doug Burks 2024-05-06 08:52:43 -04:00
  • 26c6a98b45 Initial airgap support for detections DefensiveDepth 2024-05-06 08:43:01 -04:00
  • 45c344e3fa Merge pull request #12938 from Security-Onion-Solutions/dougburks-patch-1 Doug Burks 2024-05-06 08:40:02 -04:00
  • 7b905f5a94 FEATURE: Add Events table columns for tunnel logs #12937 #12938 Doug Burks 2024-05-06 08:22:08 -04:00
  • 6d5ff59657 Merge pull request #12929 from Security-Onion-Solutions/2.4/verifyexclude Josh Brower 2024-05-03 15:38:25 -04:00
  • 7f12d4c815 Exclude new sigma rules #12929 DefensiveDepth 2024-05-03 15:22:53 -04:00
  • b50789a77c Merge pull request #12928 from Security-Onion-Solutions/orchit Josh Patterson 2024-05-03 15:17:34 -04:00
  • bdf1b45a07 redirect and throw in bg #12928 m0duspwnens 2024-05-03 14:54:44 -04:00
  • 3d4fd59a15 orchit m0duspwnens 2024-05-03 13:48:51 -04:00
  • 91c9f26a0c Merge pull request #12926 from Security-Onion-Solutions/dougburks-patch-1 Doug Burks 2024-05-03 13:02:30 -04:00
  • 6cbbb81cad FEATURE: Add hyperlink to airgap screen in setup #12925 #12926 Doug Burks 2024-05-03 12:59:41 -04:00
  • 442a717d75 orchit m0duspwnens 2024-05-03 12:08:57 -04:00
  • fa3522a233 fix requirement m0duspwnens 2024-05-03 11:10:21 -04:00
  • bbc374b56e add logic in orch m0duspwnens 2024-05-03 09:56:52 -04:00
  • 9ae6fc5666 Merge pull request #12922 from Security-Onion-Solutions/dougburks-patch-1 Doug Burks 2024-05-03 09:43:59 -04:00
  • 5fe8c6a95f Update so-whiptail to make installation screen more consistent #12922 Doug Burks 2024-05-03 09:38:34 -04:00
  • 2929877042 fix var m0duspwnens 2024-05-02 16:37:54 -04:00
  • 8035740d2b Merge remote-tracking branch 'origin/2.4/dev' into orchit m0duspwnens 2024-05-02 16:34:24 -04:00
  • 4f8aaba6c6 Merge pull request #12918 from Security-Onion-Solutions/pw Josh Patterson 2024-05-02 16:33:24 -04:00
  • e9b1263249 orchestate searchnode deployment m0duspwnens 2024-05-02 16:32:43 -04:00
  • 3b2d3573d8 Update pillarWatch.py #12918 Josh Patterson 2024-05-02 16:06:04 -04:00
  • e960ae66a3 Merge remote-tracking branch 'remotes/origin/2.4/dev' into reyesj2/kafka reyesj2 2024-05-02 15:12:27 -04:00
  • 093cbc5ebc Reconfigure Kafka defaults - Set default number of partitions per topic -> 3. Helps ensure that out of the box we can take advantage of multi-node Kafka clusters via load balancing across atleast 3 brokers. Also multiple searchnodes will be able to pull from each topic. In this case 3 searchnodes (consumers) would be able to pull from all topics concurrently. - Set default replication factor -> 2. This is the minimum value required for redundancy. Every partition will have 1 replica. In this case if we have 2 brokers each topic will have 3 partitions (load balanced across brokers) and each partition will have a replica on separate broker for redundancy reyesj2 2024-05-02 15:10:13 -04:00
  • f663ef8c16 Setup Kafka to use PKCS12 and remove need for converting to JKS reyesj2 2024-05-02 14:53:28 -04:00
  • de9f6425f9 Automatically switch between Kafka output policy and logstash output policy when globals.pipeline changes reyesj2 2024-05-02 12:13:46 -04:00
  • 33d1170a91 add default pillar value for pillarWatch m0duspwnens 2024-05-02 11:58:39 -04:00
  • 240ffc0862 Merge pull request #12915 from Security-Onion-Solutions/dougburks-patch-1 Doug Burks 2024-05-02 10:44:58 -04:00
  • 0822a46e94 FIX: Improve File dashboard #12914 #12915 Doug Burks 2024-05-02 10:42:34 -04:00
  • 1be3e6204d FIX: Improve File dashboard #12914 Doug Burks 2024-05-02 10:38:56 -04:00
  • 956ae7a7ae Merge pull request #12909 from Security-Onion-Solutions/fix/detection_mappings weslambert 2024-05-01 16:15:40 -04:00
  • 3285ae9366 Update mappings for detection fields #12909 Wes 2024-05-01 20:11:56 +00:00
  • 47ced60243 Create new Kafka output policy using salt reyesj2 2024-05-01 14:49:51 -04:00
  • 72b2503b49 Merge pull request #12906 from Security-Onion-Solutions/det_easr Josh Patterson 2024-05-01 13:05:36 -04:00
  • 58ebbfba20 Add kafka state to standalone highstate reyesj2 2024-05-01 13:03:14 -04:00
  • e164d15ec6 Generate different Kafka certs for different SO nodetypes reyesj2 2024-05-01 13:02:47 -04:00
  • 3efdb4e532 Reconfigure logstash Kafka input - TODO: Configure what topics are pulled to searchnodes via the SOC UI reyesj2 2024-05-01 13:01:29 -04:00
  • 854799fabb Merge pull request #12902 from Security-Onion-Solutions/TOoSmOotH-patch-2 Mike Reeves 2024-05-01 12:56:04 -04:00
  • 47ba4c0f57 add new annotation for soc autoEnabledSigmaRules #12906 m0duspwnens 2024-05-01 12:55:29 -04:00
  • 10c8e4203c Update config.sls #12902 Mike Reeves 2024-05-01 12:54:21 -04:00
  • 05c69925c9 Merge pull request #12904 from Security-Onion-Solutions/jertel/wf Jason Ertel 2024-05-01 09:54:03 -07:00
  • 252d9a5320 make rule settings advanced #12904 Jason Ertel 2024-05-01 12:51:04 -04:00
  • 7122709bbf set Sigma rules based on role if defined and default if not m0duspwnens 2024-05-01 12:25:34 -04:00
  • f7223f132a Update config.sls Mike Reeves 2024-05-01 12:00:39 -04:00
  • 8cd75902f2 Update config.sls Mike Reeves 2024-05-01 11:47:51 -04:00
  • c71af9127b mark detections settings as read-only via the UI Jason Ertel 2024-05-01 11:47:38 -04:00
  • e6f45161c1 Merge pull request #12900 from Security-Onion-Solutions/fix/cold_min_age weslambert 2024-05-01 11:24:48 -04:00
  • fe2edeb2fb 30d to 60d #12900 weslambert 2024-05-01 11:01:59 -04:00
  • 6294f751ee Cold min_age to 60d weslambert 2024-05-01 10:59:41 -04:00
  • de0af58cf8 Write out Kafka pillar path reyesj2 2024-05-01 10:45:46 -04:00
  • 84abfa6881 Remove check for existing value since Kafka pillar is made empty on upgrade reyesj2 2024-05-01 10:45:05 -04:00
  • 6b60e85a33 Make kafka configuration changes prior to 2.4.70 upgrade reyesj2 2024-05-01 10:15:26 -04:00
  • 63f3e23e2b soup typo reyesj2 2024-05-01 09:54:19 -04:00
  • ad1cda1746 Merge pull request #12893 from Security-Onion-Solutions/jertel/wf Jason Ertel 2024-05-01 06:32:13 -07:00
  • 66563a4da0 zeek networks will only ever have one HOME_NETWORKS setting #12893 Jason Ertel 2024-05-01 09:31:11 -04:00
  • d0e140cf7b zeek networks will only ever have one HOME_NETWORKS setting Jason Ertel 2024-05-01 09:30:52 -04:00
  • 87c6d0a820 zeek networks will only ever have one HOME_NETWORKS setting Jason Ertel 2024-05-01 09:29:36 -04:00
  • eb1249618b Update soup for Kafka reyesj2 2024-05-01 09:27:01 -04:00
  • cef9bb1487 Dynamically create Kafka topics based on event.module from elastic agent logs eg. zeek-topic. Depends on Kafka brokers having auto.create.topics.enable set to true reyesj2 2024-05-01 09:16:13 -04:00
  • 9a25d3c30f Merge pull request #12897 from Security-Onion-Solutions/dougburks-patch-1 Doug Burks 2024-05-01 08:01:20 -04:00
  • 9a4a85e3ae FEATURE: Lower EVAL memory requirement to 8GB RAM #12896 #12897 Doug Burks 2024-05-01 07:54:38 -04:00
  • bb49944b96 Setup elastic fleet rollover from logstash -> kafka output policy reyesj2 2024-04-30 16:47:40 -04:00
  • 72db369fbb Merge branch '2.4/dev' into jertel/wf Jason Ertel 2024-04-30 15:16:41 -04:00
  • 84db82852c annotation updates for custom settings Jason Ertel 2024-04-30 15:14:56 -04:00
  • fcc4050f86 Add id to grid-kafka fleet output policy reyesj2 2024-04-30 12:59:53 -04:00
  • 9c83a52c6d Add Kafka output to elastic-fleet setup. Includes separating topics by event.module with fallback to default-logs if no event.module is specified or doesn't match processors reyesj2 2024-04-30 12:01:31 -04:00
  • ea4750d8ad Merge pull request #12882 from Security-Onion-Solutions/cogburn/community-repos coreyogburn 2024-04-30 09:12:25 -06:00