Doug Burks
Hello! This question is related to https://github.com/shirkdog/pulledpork/issues/235. Since the current version of PulledPork now copies rules from local_rules to rule_path, it looks like if you set an ips_policy to apply...
_Originally posted by @xfaith in https://github.com/Security-Onion-Solutions/securityonion/discussions/8402_ Under the advance setup for the # of cores for Zeek/Suricata, if you dont "select" the number of cores, it lets you move on...
When SOC encounters an Elasticsearch error, it prompts the user with a link to the Help page of the documentation. We include an offline copy of the documentation in SOC...
https://github.com/Security-Onion-Solutions/securityonion/discussions/3039
For example, `http_request.headers.user-agent` should be renamed to whatever the standard ECS name is for User Agent. - change ingest parsers - update hunt.eventfields.json and hunt.queries.json as necessary to reflect new...
_Originally posted by @jtgreen-cse in https://github.com/Security-Onion-Solutions/securityonion/discussions/7372_ I'd like to use more than one thread with steno. My storage performs better if multiple processes are writing to it. I've added: ```...
We frequently get questions about antivirus alerting for files on the ISO image in `SecurityOnion\agrules\strelka\yara\`. From https://docs.securityonion.net/en/2.3/download.html:  One option might be to put `SecurityOnion\agrules\strelka\yara\` into a password-protected zip file...
Just putting this in so I don't forget. This is a feature request from Paul Melson and is a feature that he misses from Splunk.
Hello all, SO standalone install 2.3.40 updated to 2.3.70 Hotfix [GRAFANA_DASH_ALLOW] ZEEK metadata 8 vCPU 24 GB vRAM 2.5 TB diskspace After updating from 2.3.61 Hotfix [STENO, MSEARCH] to 2.3.70...
_Originally posted by @greatapoc in https://github.com/Security-Onion-Solutions/securityonion/discussions/2350#discussioncomment-212286_ I'd be thrilled if there was a button on Hunt/Alerts for "Resolve Hostname" or something like that.