Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mj Release #459

Merged
merged 368 commits into from May 5, 2020
Merged

Mj Release #459

merged 368 commits into from May 5, 2020

Conversation

neu5ron
Copy link
Collaborator

@neu5ron neu5ron commented May 2, 2020
edited

What is this PR for?
HELK <> OSSEM, included 100’s of normalizations, additions to both. major things like guid and process id pivoting even better
elk stack 7.6
plugins for google cloud logs and azure for future stuff
update base docker images, like nginx gets updated many major versions
setup logic for eventual zeek ossem integration
kibana import/export @troplolBE
stage for sigma @devdua
hundreds of other updates - document later, as we have them all written down.

neu5ron added 30 commits September 14, 2019 17:06
not necessary for index for every single channel anymore
fceb38f
swap at %25
bec43ac
swap at %20
a9c55fb
prepend HELK to all elasticsearch templates
38e18a3
remove appended "template"
4352391
fix accidental appending of .json to ES templates
5339555
use more common field name for ETL tagging
52917bc
change original timestamp, and don't use "log" - as HELK will include…
5b45366 
… more than just "logs" and should be more defined as "data" when referring to things applicable to many sources/data
move setting computer_name to single file (ie: remove duplicate/unnec…
9e64f9f 
…essary code)
ossem for network layer 3, layer 7 and network community id
49cd31c
community id / ecs check
945fbc2
begin ecs to helk
e2551e5
update to use event_original_message
cbc34eb
event_etl_processed_timestamp
46d54dd
update network OSSEM
5374e2e
use event_etl_pipeline
5d5f750
add naming
e3a2650
rever elastalert helk rules back to keyword subfield changes
91f0f96
revert elasticsearch template mappings back to keyword subfield changes
816af54
revert elasticsearch template mappings back to keyword subfield changes
683271f
use etl_pipeline
717fae4
etl_processed_timestamp
bc28235
elastalert, elasticsearch, template mappings back to keyword subfield…
8dcbb3c 
… changes
elastalert, elasticsearch, template mappings
b07bf38
revert elastalert helk rules back to keyword subfield changes
b2553cf
process_parent_id hex to dec
ecd864a
user_data winlog field removal
357904e
user_data winlog field removal v2
7058341
update logstash.yml for newest versions
8b48e68
#346 geo fields despite schema/taxonomy
287b514
devdua and others added 29 commits April 21, 2020 10:17
@devdua
Added prototype code to control sigma rule updates
d9f7158
@devdua
Added some missing code
c49bbb4
Fully working version of the import mechanism
40d79bd
Added missing visualization
b968f47
Updated saved objects
2d91e60
Updated export script
744b8ef
memory example for elasticsearch and logic in script
5178b9e
memory and logic in scripts
0a96445
ports for eventually getting to cisco-ise logs
1c3f7d8
correct time field
f5175ff
cleanup
984a625
small tweak of shards
45cfd70
dynamix template fix, ordering regression in 7.x
a66b5b6
add description
49c53a1
cleanup
371149c
index patterns
b0c1a5f
setup parse failing logic to prevent critical database errors (would …
da8a693 
…apply to almost any database)
@troplolBE
Merge remote-tracking branch 'upstream/warp_pipe' into warp_pipe
3634fb0
beat.name to host_name
b40b7a5
set process time in UTC
e0abba3
keep json as is
b313f4d
basic zeek pipeline
35c6c3f
zeek temp index
0a5a8fe
manual merge of #432
d7662e4
manual merge of commit #9a74d4426b734f2f3cd292345c37f3315af6628a
8c8ff90
a
f8c38bd
Merging pull/452
8d7f367
Merge branch 'pull/452' into warp_pipe
19649db
Merge branch 'warp_pipe' of https://github.com/Cyb3rWard0g/HELK into …
597ca9f 
…pull/453

� Conflicts:
�	docker/helk-logstash/scripts/logstash-entrypoint.sh
@neu5ron neu5ron merged commit ebf25b5 into master May 5, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@neu5ron @devdua @troplolBE