securityonion
securityonion copied to clipboard
Security-Onion-Solutions
Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, and case mana...
When using the * in Hunt for showing missing values - if the field datatype is something like IP or boolean, it silently fails, which can lead the user to...
### Discussed in https://github.com/Security-Onion-Solutions/securityonion/discussions/6916 Originally posted by **petiepooo** January 18, 2022 More and more, we're seeing QUIC traffic. It would be nice to integrate https://github.com/salesforce/GQUIC_Protocol_Analyzer into zeek in SecurityOnion.
Just putting this in so I don't forget. This is a feature request from Paul Melson and is a feature that he misses from Splunk.
I would find it useful to have a prep-install flag for so-setup that installed all the requisite packages, fired up the so-aptcacherng/so-dockerregistry containers, and pulled all so-* docker images then...
Hello SO We are using SO 2.3.61 distributed mode. When editing sigma in playbook GUI (after creating play), there is no validation on yaml format and sigma conventions For example...
While we can't always know the best way for folks to be able to determine to what host a MAC address or IP belongs, we can make it a bit...
I updated from 2.3.61 to 2.3.90 but it was a very painful process. Someone had put in a threshold rule into /opt/so/saltstack/local/pillar/global.sls that had a tab in it instead of...
### Discussed in https://github.com/Security-Onion-Solutions/securityonion/discussions/5418 Originally posted by **rwaight** September 6, 2021 In a true ES cluster, Kibana can be configured to leverage [High availability across multiple Elasticsearch nodes](https://www.elastic.co/guide/en/kibana/7.14/production.html#high-availability): > Kibana...
Hello, We are using SO 2.3.60 in distributed mode. When deleting play with playbook admin, the play does get deleted in the playbook GUI, But the elastalert rule does not...
Because `so-status` always prints with color, and sets color for each `-` in it's output the tool is unusable when the output isn't a tty. If you tried to watch...
Metadata
Owner
Metadata
Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, and case mana...