Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

2.4.100 #630

Merged
merged 96 commits into from
Aug 30, 2024
Merged

2.4.100 #630

merged 96 commits into from
Aug 30, 2024

Conversation

jertel
Copy link
Contributor

@jertel jertel commented Aug 30, 2024

No description provided.

jertel and others added 30 commits July 24, 2024 17:29
@jertel
force OTP upon login
92d8e7f
@jertel
merge
cc52263
@jertel
extended settings
4cc88ff
@jertel
Merge branch '2.4/dev' into jertel/force
a50e45c
@jertel
use extended setting for index quick links
cd54bff
@reyesj2
reduce soc image size ~30MB
52ec533 
Signed-off-by: reyesj2 <[email protected]>
@jertel
add missing data aids
60b43ce
@reyesj2
Merge pull request #596 from Security-Onion-Solutions/reyesj2/soc-git
82bf11c 
SOC image size
@jertel
Merge pull request #597 from Security-Onion-Solutions/jertel/force
23be019 
Force OTP, Config Breadcrumbs, Extended Settings
@jertel
fix typo in fn name
3b9c18a
@jertel
Add additional settings to the extended group
69fea35
@jertel
Add additional settings to the extended group
cf94027
@jertel
replace final setting term with title, if avail
6f076ac
@jertel
Merge pull request #598 from Security-Onion-Solutions/jertel/force
b6020a3 
Additional extended props and breadcrumb tweaks
@coreyogburn
Overrides Added to Detection History
4015c0c 
Because we're putting a data table in a data table, we're disabling all the hover effects for a cleaner UI.

Updated dateAwareSort to be aware of new date fields and to properly sort non-string fields (such as isEnabled).

In the tuning table, I pass the `type` fields through i18n so they're the proper case.

Duplicated the logic in findHistoryChange into findOverrideHistoryChange but refactored for the simpler case. We don't need to highlight changes while ignoring source code changes. Added tests.
@jertel
remove extended setting toggle
045f842
@jertel
Merge pull request #600 from Security-Onion-Solutions/jertel/force
394ce93 
remove extended setting toggle
@jertel
add close setting button to top right
bd97278
@jertel
Merge pull request #601 from Security-Onion-Solutions/jertel/force
07c0cb2 
add close setting button to top right
@coreyogburn
Merge pull request #599 from Security-Onion-Solutions/cogburn/tuning-…
60de0b4 
…history

Overrides Added to Detection History
@dougburks
FEATURE: Add SOC Config Quick Link to allow Security Onion Desktop in…
fd3eb03 
…stallations through firewall Security-Onion-Solutions/securityonion#13412
@dougburks
FEATURE: Add SOC Config Quick Link to allow Security Onion Desktop in…
b080916 
…stallations through firewall Security-Onion-Solutions/securityonion#13412
@dougburks
Merge pull request #602 from Security-Onion-Solutions/dougburks-patch-1
00a1619 
FEATURE: Add SOC Config Quick Link to allow Security Onion Desktop installations through firewall Security-Onion-Solutions/securityonion#13412
@coreyogburn
Tuning YARA Detections
2e1c4f6 
When clicking "Tune Detection" on the Alerts page for a YARA rule, the user is now taken to the Detection Source tab. Other engines continue to take the user to the Tuning tab. We're doing this because YARA detections don't support overrides.
@coreyogburn
Merge pull request #603 from Security-Onion-Solutions/cogburn/tune-ya…
7a2d15a 
…ra-source

Tuning YARA Detections
@coreyogburn
Added Rule Validator Regex
ce623da 
Because new detections let you specify the language and not the engine, some things needed tweaking to apply to both new and existing detections.

New regexes were added to validate rules as well as some custom logic in elastalert and suricata to hunt for things tricker than regexes can find.

ElastAlert requires an id field be present, checks that the publicId from the DB matches the publicId in the rule, and lastly checks to make sure that there's some logic present by looking for the detection field and ensuring it's not empty.

Suricata requires there to be no newlines, that the sid is specified, and that the sid matches the DB publicId.

Strelka requires that the identifier is specified, and that the `condition:` header be present. Checking for condition content is a slippery slope because comments might be there complicating things and I don't want to risk a false positive error.
@coreyogburn
Fixed grammer
272a70c
@coreyogburn
Merge pull request #604 from Security-Onion-Solutions/cogburn/client-…
e1a1105 
…side-test

Added Rule Validator Regex
@defensivedepth
Reworded for clarity
34a420b
@defensivedepth
Merge pull request #605 from Security-Onion-Solutions/wordingfix
e25cd14 
Rewording error messages
jertel and others added 26 commits August 21, 2024 16:12
@jertel
tiered notifications
e36a9eb
@jertel
Merge pull request #618 from Security-Onion-Solutions/jertel/an2
4a0b527 
update gofast images; tiered notifications
@jertel
remove debug log
c92c21f
@jertel
Merge pull request #619 from Security-Onion-Solutions/jertel/an2
cc10f21 
remove debug log
@coreyogburn
Sync Local Rules
2308b47 
After syncing community rules, run all the local rules through a sync so they can get any newly configured alerters attached to them.

Updated tests for new logic.
@coreyogburn
Merge pull request #620 from Security-Onion-Solutions/cogburn/sync-si…
b04f49d 
…gma-custom

Sync Local Rules
@jertel
support notification only Sigma detections (Pro)
1db92ae
@jertel
Merge branch '2.4/dev' into jertel/an2
f1d7677
@jertel
Merge pull request #621 from Security-Onion-Solutions/jertel/an2
476aecc 
support notification only Sigma Detections
@jertel
notification only adjustments
ade1ab9
@jertel
avoid disrupteding integrity checker
462b22d
@jertel
Merge pull request #622 from Security-Onion-Solutions/jertel/an2
aa1f677 
notification only adjustments
@jertel
avoid license error during unit test runs
4118840
@jertel
Merge pull request #623 from Security-Onion-Solutions/jertel/an2
e8a8909 
avoid license error during unit test runs
@jertel
custom notify sets
9f9b623
@jertel
Merge pull request #624 from Security-Onion-Solutions/jertel/an2
6cbc897 
custom notify sets
@jertel
use Sigma tags, not detection tags
d7079b7
@jertel
Merge pull request #625 from Security-Onion-Solutions/jertel/an2
fcdb762 
use Sigma tags, not detection tags
@coreyogburn
Fixes for go test ./... -count=2
2be6cf4 
When tests are run multiple times the state of package level variables are retained. Made some adjustments so the tests still pass in this scenario.
@jertel
handle single line and multline values
f67a9f4
@jertel
Merge pull request #627 from Security-Onion-Solutions/jertel/an2
5fe6cf0 
handle single line and multline values
@jertel
move custom alerters to subgroup
ea6fbfb
@jertel
Merge pull request #628 from Security-Onion-Solutions/jertel/an2
d03addd 
move custom alerters to subgroup
@coreyogburn
Merge pull request #626 from Security-Onion-Solutions/cogburn/robust-…
260bcfb 
…tests

Fixes for running multiple tests
@jertel
more user interface improvements for duplicated settings
7b8d68a
@jertel
Merge pull request #629 from Security-Onion-Solutions/jertel/an2
ab13e79 
more user interface improvements for duplicated settings
@jertel jertel merged commit fd9c3b8 into 2.4/main Aug 30, 2024
3 checks passed
@github-actions github-actions bot locked and limited conversation to collaborators Aug 30, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@TOoSmOotH TOoSmOotH TOoSmOotH approved these changes

@dougburks dougburks dougburks approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@jertel @dougburks @TOoSmOotH @reyesj2 @coreyogburn @defensivedepth