Staging #7
Merged
Staging #7
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…og; (dashboard)
…ices.log get the ICS protocols assigned to them corrrectly and tagged appropriately
…tagged with 'ics' properly cisagov#541
…ern on update of index pattern
…ern on update of index pattern
…ik or other reverse proxy
…n of sigma rules
…n of sigma rules
…ong connections (wIP)
…ong connections (WIP)
…ong connections (WIP)
…ong connections (WIP)
…pts into one place to make it easier to keep track of them
…other netbox password stuff
piercema
added a commit
that referenced
this pull request
Feb 13, 2025
* Bump development for v25.01.0, also update copyright year * bump netbox to v4.1.10, osd_transform to v2.18.0, and fluent-bit to v3.2.4 * for cisagov#354, work in progress for Malcolm directly accepting syslog * for cisagov#354, work in progress for Malcolm directly accepting syslog; (dashboard) * cisagov#543, add naviation pane to non-network dashboards * bump jinja to 3.1.5 * Documentation for cisagov#354, syslog * replace old filebeat input for syslog with tcp/udp input and syslog processor, for cisagov#354 * Documentation for cisagov#354, syslog * install.py tweak for cisagov#354 * minor fix for for cisagov#354, set host.name correctly * bump netbox to v4.11.1 and elasticsearch-dsl to v8.17.1 * start of cisagov#356, normalize winlogbeats * WIP of cisagov#356, normalize winlogbeats * WIP of cisagov#356, normalize winlogbeats * WIP of cisagov#356, fix for a dashboard * WIP of cisagov#356, normalize winlogbeats * Work in progress for cisagov#541, making sure conn.log and known_services.log get the ICS protocols assigned to them corrrectly and tagged appropriately * Work in progress for cisagov#541 * standardize ICS protocols in network.protocol field, so they all get tagged with 'ics' properly cisagov#541 * fix cisagov#533, allow keystores to be created on startup even in hedgehog mode * forgot to add file for cisagov#356 * For cisagov#524, handle filenames with spaces in extracted_files_http_server.py * work for cisagov#542, preserve custom field formatting for index pattern on update of index pattern * work for cisagov#542, preserve custom field formatting for index pattern on update of index pattern * bump yq to v4.45.1 * for cisagov#551, URL pivot links from dashboards to arkime * for cisagov#551, URL pivot links from dashboards to arkime * fix pivot from arkime to dashboards and vice-versa when using a traefik or other reverse proxy * for cisagov#551, URL pivot links from dashboards to netbox * for cisagov#551, URL pivot links from dashboards to netbox * for cisagov#551, URL pivot links from netbox to arkime/dashboards * start of cisagov#553, update zeek to v7.1.0 * cisagov#553, handle conn.log for zeek v7.1.0 and documentation update * cisagov#553, handle postgresql.log * cisagov#553, handle postgresql.log * cisagov#553, added PostgreSQL dashboard * for cisagov#551, URL pivot links in dashboards (ignore date/times) * start of omron fins integration, cisagov#554 * wip omron fins integration, , cisagov#554 * arkime to v5.6.0 * bump logstash and filebeat to v8.17.0 * Fix nginx filebeat * WIP omron fins integration, cisagov#554 * WIP omron fins integration, cisagov#554 * WIP omron fins integration, cisagov#554 * WIP omron fins integration, cisagov#554 * WIP omron fins integration, cisagov#554 * dashboards tweaks * fix links for hh redirect download * First pass at adding suricata socket optimization * fix issue with nginx proxy * Setting debug to false * Fixing permissions for socket * html formatting * documentation for workaround for UFW software firewall for Malcolm ISO should automatically open ports for syslog cisagov#560) * Bump for v25.02.0 development * restore _config.yml * fix version * I don't think we need a seperate pod for the socket-based suricata, that's what the offline one does now anyway, right? * restore some comments, black python style * some tweaks for cisagov#457, pulled jjrush's branch into mine for some fixes * some tweaks for cisagov#457 * allow suricata to spawn threads * logging tweaks * more flexible verbosity for suricata * some tweaks for cisagov#457, try to wait until PCAP is finished processing before moving on * First pass at adding suricata socket optimization * Setting debug to false * Fixing permissions for socket * for cisagov#457, a few tweaks of the suricata pcap processing mode after reviewing @jjrush's code * for cisagov#457, monitor suricata.log to know when PCAP is done processing * for cisagov#457, monitor suricata.log to know when PCAP is done processing * for cisagov#457, signal suricata rules to reload after update * for cisagov#457, signal suricata rules to reload after update * for cisagov#457, fix processing of other log types * for cisagov#457, fix processing of other log types * for cisagov#457, signal suricata rules to reload after update * decrease verbosity for log * fix logic for autoarkime/forcearkime * some tweaks for cisagov#457, don't bother keeping track of when suricata is done with a PCAP file. just let filebeat handle it and pick up the resultant eve.json files directly * Standardizing healthcheck scripts, updating docker-compose, updating kubernetes * Adding livenessProbe to htadmin * cisagov#457, handle multiple Suricata PCAP processing threads * cisagov#574, clear screen after auth_setup when using Dialog mode * add the related.user field to the 'nginx Access Logs' table * bump fluent bit to v3.2.5 * fixed import of ECS templates * handle ARKIME_PORT value formatted like a URL in the init of the API container * cisagov#565, warn user about overwriting netbox passwords if they've already been set * fix cisagov#559, ANSI color codes from croc displayed * Exception in build triggers * for cisagov#557, try building dirinit with arm runner * cisagov#557, use arm-hosted runners for github build actions * restore _config.yml * a bit of cleanup for Dockefiles/health check scripts * minor fixes for health checks * Tweaks for health checks * restore _config.yml * Tweaks for health checks * build tweaks for health scripts * bump capa to v9.0.0 * workaround for issue blocking cisagov#475, integration of sigma rules * improvements to workaround for issue blocking cisagov#475, integration of sigma rules * improvements to workaround for issue blocking cisagov#475, integration of sigma rules * for cisagov#475, automatically apply aliases via index templates * for cisagov#475, starting on mappings for security analytics * for cisagov#585, include corelight/zeek-long-connections plugin for long connections (wIP) * for cisagov#585, include corelight/zeek-long-connections plugin for long connections (WIP) * for cisagov#585, include corelight/zeek-long-connections plugin for long connections (WIP) * for cisagov#585, include corelight/zeek-long-connections plugin for long connections (WIP) * demo fix * for cisagov#585, show long connection count on connections dashboard * decouple redis from netbox (cisagov#580) * one more minor change to cisagov#491, moved all container health scripts into one place to make it easier to keep track of them * decouple redis from netbox (cisagov#580) and reorganized some of the other netbox password stuff * updated fluent bit * fix filebeat health --------- Co-authored-by: Seth Grover <seth.d.grover@gmail.com> Co-authored-by: Jason Rush <jjrush-github@proton.me>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.