Commit Graph

  • 185fb38b2d Merge pull request #13079 from Security-Onion-Solutions/2.4/sigmapipelineupdates Josh Brower 2024-05-24 14:48:22 -04:00
  • 550b3ee92d Add IDH mappings DefensiveDepth 2024-05-24 14:46:24 -04:00
  • 29a87fd166 Merge pull request #13078 from Security-Onion-Solutions/2.4/socdefaultsdet Josh Brower 2024-05-24 13:02:01 -04:00
  • f90d40b471 Fix typo DefensiveDepth 2024-05-24 12:56:17 -04:00
  • 4344988abe Add instructions for sigma and yara repos DefensiveDepth 2024-05-24 12:54:36 -04:00
  • 979147a111 Merge pull request #13062 from Security-Onion-Solutions/2.4/backupscript Josh Brower 2024-05-24 10:06:56 -04:00
  • 66725b11b3 Added unit tests DefensiveDepth 2024-05-24 09:55:10 -04:00
  • 19f9c4e389 Merge pull request #13076 from Security-Onion-Solutions/jertel/eaconfig Jason Ertel 2024-05-24 08:39:17 -04:00
  • bd11d59c15 add event.dataset since there are other datasets in soc logs Jason Ertel 2024-05-24 08:38:12 -04:00
  • 15155613c3 provide default columns when viewing SOC logs Jason Ertel 2024-05-24 08:23:45 -04:00
  • b5f656ae58 dont render pillar each time so-tcpreplay runs m0duspwnens 2024-05-23 13:22:22 -04:00
  • 7177392adc Merge pull request #13071 from Security-Onion-Solutions/telfinwip Josh Patterson 2024-05-23 10:46:54 -04:00
  • ea7715f729 use waitforstate var instead. m0duspwnens 2024-05-23 10:41:10 -04:00
  • 0b9ebefdb6 only show telem status in final whiptail if new deployment m0duspwnens 2024-05-23 10:08:23 -04:00
  • 19e66604d0 Merge pull request #13069 from Security-Onion-Solutions/TOoSmOotH-patch-8 Mike Reeves 2024-05-23 08:22:05 -04:00
  • 1e6161f89c Update defaults.yaml Mike Reeves 2024-05-23 08:19:43 -04:00
  • a8c287c491 Merge pull request #13067 from Security-Onion-Solutions/2.4/fixpipeline Josh Brower 2024-05-23 07:53:14 -04:00
  • 2c4f5f0a91 Merge pull request #13066 from Security-Onion-Solutions/dougburks-patch-1 Doug Burks 2024-05-23 06:02:49 -04:00
  • 8e7c487cb0 Fix strelka rule.uuid DefensiveDepth 2024-05-23 05:59:31 -04:00
  • 3d4f3a04a3 Update defaults.yaml to fix order of groupby tables and eliminate duplicate Doug Burks 2024-05-23 05:56:18 -04:00
  • ce063cf435 Merge pull request #13063 from Security-Onion-Solutions/2.4/yarafix Josh Brower 2024-05-22 18:51:54 -04:00
  • a072e34cfe Fix casing issue DefensiveDepth 2024-05-22 17:12:41 -04:00
  • d19c1a514b Detections backup script DefensiveDepth 2024-05-22 15:12:23 -04:00
  • b415810485 Merge pull request #13061 from Security-Onion-Solutions/fix/tab_casing weslambert 2024-05-22 13:44:09 -04:00
  • 3cfd710756 Change tab casing to be consistent with other whiptail prompts weslambert 2024-05-22 13:41:32 -04:00
  • 382cd24a57 Small changes needed for using new Kafka docker image + added Kafka logging output to /opt/so/log/kafka/ reyesj2 2024-05-22 13:39:21 -04:00
  • b1beb617b3 Logstash should be disabled when Kafka is enabled except when a minion override exists OR node is a standalone - Standalone subscribes to Kafka topics via logstash for ingest reyesj2 2024-05-22 13:38:09 -04:00
  • 91f8b1fef7 Set default replication factor back to Kafka default If replication factor is > 1 Kafka will fail to start until another broker is added - For internal automated testing purposes a Standalone will be utilized reyesj2 2024-05-22 13:35:09 -04:00
  • ca6e2b8e22 Merge pull request #13054 from Security-Onion-Solutions/jertel/eaconfig Jason Ertel 2024-05-21 18:38:03 -04:00
  • 8af3158ea7 fix elastalert settings Jason Ertel 2024-05-21 18:28:21 -04:00
  • 8b011b8d7e Merge pull request #13053 from Security-Onion-Solutions/2.4/alertsefaults Josh Brower 2024-05-21 17:54:27 -04:00
  • f9e9b825cf Removed unneeded groupby DefensiveDepth 2024-05-21 17:53:20 -04:00
  • 3992ef1082 Add rule.uuid to default groupbys DefensiveDepth 2024-05-21 17:45:56 -04:00
  • 556fdfdcf9 Merge pull request #13052 from Security-Onion-Solutions/fix/add_rule_uuid weslambert 2024-05-21 17:09:49 -04:00
  • f4490fab58 Add rule.uuid for YARA matches weslambert 2024-05-21 17:05:39 -04:00
  • 5aaf44ebb2 Merge pull request #13049 from Security-Onion-Solutions/fix/detections_alerts_component_template weslambert 2024-05-21 13:45:19 -04:00
  • deb140e38e Exclude detections from template name matching weslambert 2024-05-21 13:38:52 -04:00
  • 3de6454d4f Merge pull request #13047 from Security-Onion-Solutions/jertel/eaconfig Jason Ertel 2024-05-21 13:34:20 -04:00
  • d57cc9627f exclude false positives related to detections Jason Ertel 2024-05-21 13:31:50 -04:00
  • 8ce19a93b9 exclude false positives related to detections Jason Ertel 2024-05-21 13:29:20 -04:00
  • d315b95d77 elastalert settings Jason Ertel 2024-05-21 07:15:19 -04:00
  • 6172816f61 Merge pull request #13044 from Security-Onion-Solutions/dougburks-patch-1 Doug Burks 2024-05-21 06:49:35 -04:00
  • 03826dd32c Update README.md with new Detections screenshot number Doug Burks 2024-05-21 06:43:07 -04:00
  • b7a4f20c61 elastalert settings Jason Ertel 2024-05-20 20:11:30 -04:00
  • 02b4d37c11 elastalert settings Jason Ertel 2024-05-20 20:00:31 -04:00
  • f8ce039065 elastalert settings Jason Ertel 2024-05-20 19:58:12 -04:00
  • e2d0b8f4c7 elastalert settings Jason Ertel 2024-05-20 19:38:36 -04:00
  • 8a3061fe3e elastalert settings Jason Ertel 2024-05-20 19:36:06 -04:00
  • c594168b65 elastalert settings Jason Ertel 2024-05-20 19:05:43 -04:00
  • 31fdf15ce1 Merge branch '2.4/dev' into jertel/eaconfig Jason Ertel 2024-05-20 18:59:35 -04:00
  • 6b2219b7f2 elastalert settings Jason Ertel 2024-05-20 18:52:37 -04:00
  • 64144b4759 Merge pull request #13041 from Security-Onion-Solutions/cogburn/integrity-checker-annotations coreyogburn 2024-05-20 14:52:38 -06:00
  • 6e97c39f58 Marked as Advanced Corey Ogburn 2024-05-20 14:52:05 -06:00
  • 026023fd0a Annotate integrityCheckFrequencySeconds per det engine Corey Ogburn 2024-05-20 14:35:11 -06:00
  • d7ee89542a Merge pull request #13040 from Security-Onion-Solutions/lkscript Jorge Reyes 2024-05-20 15:25:50 -04:00
  • 6fac6eebce Helper script for enrolling tpm into luks reyesj2 2024-05-20 14:37:54 -04:00
  • 3c3497c2fd Merge pull request #13039 from Security-Onion-Solutions/cogburn/integrity-check coreyogburn 2024-05-20 11:26:30 -06:00
  • fcc72a4f4e Add Default IntegrityCheck Frequency Values Corey Ogburn 2024-05-20 11:23:25 -06:00
  • 28dea9be58 Merge pull request #13037 from Security-Onion-Solutions/cogburn/comp-report-path-change coreyogburn 2024-05-17 15:48:52 -06:00
  • 0cc57fc240 Change Compilation Report Path Corey Ogburn 2024-05-17 15:47:23 -06:00
  • 17518b90ca Merge pull request #13036 from Security-Onion-Solutions/fix/yara_compile_report weslambert 2024-05-17 16:15:21 -04:00
  • d9edff38df Create compile report for SOC integrity check weslambert 2024-05-17 16:10:10 -04:00
  • 300d8436a8 Merge pull request #13035 from Security-Onion-Solutions/jertel/eaconfig Jason Ertel 2024-05-17 15:01:54 -04:00
  • 1c4d36760a add support for custom alerters Jason Ertel 2024-05-17 14:49:39 -04:00
  • 34a5985311 Create tpm enrollment script reyesj2 2024-05-16 21:14:57 -04:00
  • aa0163349b Merge pull request #13031 from Security-Onion-Solutions/issue/13021 Josh Patterson 2024-05-16 16:40:17 -04:00
  • 572b8d08d9 Merge branch '2.4/dev' into issue/13021 Josh Patterson 2024-05-16 16:39:17 -04:00
  • cc6cb346e7 fix issue/13030 m0duspwnens 2024-05-16 16:31:45 -04:00
  • b54632080e check if exists in override before popping m0duspwnens 2024-05-16 16:04:17 -04:00
  • 44d3468f65 Merge pull request #13029 from Security-Onion-Solutions/revert-13028-issue/13021 Josh Patterson 2024-05-16 15:48:05 -04:00
  • 9d4668f4d3 Revert "dont merge policy from global_overrides if not defined in default index_settings" Josh Patterson 2024-05-16 15:45:55 -04:00
  • da2ac4776e Merge pull request #13028 from Security-Onion-Solutions/issue/13021 Josh Patterson 2024-05-16 14:33:51 -04:00
  • 9796354b48 dont merge policy from global_overrides if not defined in default index_settings m0duspwnens 2024-05-16 14:27:32 -04:00
  • aa32eb9c0e Merge pull request #13025 from Security-Onion-Solutions/jertel/suridp Jason Ertel 2024-05-15 19:21:30 -04:00
  • 4771810361 exclude detect-parse errors Jason Ertel 2024-05-15 19:10:50 -04:00
  • 52f27c00ce Merge pull request #13024 from Security-Onion-Solutions/TOoSmOotH-patch-7 Mike Reeves 2024-05-15 18:07:28 -04:00
  • ab9ec2ec6b Update soup Mike Reeves 2024-05-15 18:04:01 -04:00
  • 4d7835612d Merge pull request #13022 from Security-Onion-Solutions/soupaml Josh Patterson 2024-05-15 16:37:53 -04:00
  • 8076ea0e0a add another space m0duspwnens 2024-05-15 16:34:05 -04:00
  • 320ae641b1 Merge pull request #13023 from Security-Onion-Solutions/2.4/sigmapipelineupdates Josh Brower 2024-05-15 16:30:45 -04:00
  • b4aec9a9d0 alphabetical order DefensiveDepth 2024-05-15 16:29:21 -04:00
  • 6af0308482 add a newline m0duspwnens 2024-05-15 16:26:44 -04:00
  • 08024c7511 Merge pull request #13020 from Security-Onion-Solutions/issue/13012 Josh Patterson 2024-05-15 15:33:01 -04:00
  • 3a56058f7f update description m0duspwnens 2024-05-15 15:31:31 -04:00
  • 795de7ab07 Merge pull request #13019 from Security-Onion-Solutions/TOoSmOotH-patch-6 Mike Reeves 2024-05-15 14:08:40 -04:00
  • 8803ad4018 Update enabled.sls Mike Reeves 2024-05-15 14:05:48 -04:00
  • 62a8024c6c Merge remote-tracking branch 'origin/2.4/dev' into issue/13012 m0duspwnens 2024-05-15 13:48:46 -04:00
  • ea253726a0 fix soup m0duspwnens 2024-05-15 13:48:32 -04:00
  • a0af25c314 Merge pull request #13017 from Security-Onion-Solutions/surimigrate Mike Reeves 2024-05-15 11:40:50 -04:00
  • e3a0847867 Update soup Mike Reeves 2024-05-15 11:31:41 -04:00
  • 7345d2c5a6 Update enabled.sls Mike Reeves 2024-05-15 11:16:20 -04:00
  • 7cbc3a83c6 Merge pull request #13016 from Security-Onion-Solutions/soupaml Josh Patterson 2024-05-15 10:49:56 -04:00
  • 427b1e4524 revert soup_scripts back to common m0duspwnens 2024-05-15 10:28:02 -04:00
  • 2dbbe8dec4 soup_scripts put so-yaml in salt file system. move soup scripts to manager.soup_scripts m0duspwnens 2024-05-15 10:07:06 -04:00
  • e76c2c95a9 Merge pull request #13013 from Security-Onion-Solutions/issue/13012 Josh Patterson 2024-05-15 08:37:15 -04:00
  • 51862e5803 remove idh.services from idh node pillar files m0duspwnens 2024-05-14 13:08:51 -04:00
  • 27ad84ebd9 Merge pull request #13011 from Security-Onion-Solutions/dougburks-patch-1 Doug Burks 2024-05-14 10:15:25 -04:00
  • 67645a662d FEATURE: Add NetFlow dashboard #13009 Doug Burks 2024-05-14 10:14:16 -04:00
  • 1d16f6b7ed Merge pull request #13010 from Security-Onion-Solutions/dougburks-patch-1 Doug Burks 2024-05-14 10:02:40 -04:00
  • 5b45c80a62 FEATURE: Add NetFlow dashboard #13009 Doug Burks 2024-05-14 10:01:18 -04:00