digital-forensics-labs/SecGen
1
0
Fork 0
mirror of https://github.com/cliffe/SecGen.git synced 2026-02-21 11:18:06 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,565 Commits 38 Branches 0 Tags
OSSEC2
Commit Graph

1565 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
ts
d9e8292761 wip - added correct rule path back in for testing 2020-01-23 11:21:31 +00:00
ts
3f37ee9bb7 scenario update to include dynamically generated goals 2020-01-23 11:20:19 +00:00
ts
a9a4259221 Created a rules class to contain the rule generation logic. 
May need to create a second class for the elastalert rules which contains the elastalert/templates/config.yaml.erb boilerplate
 2020-01-15 16:17:53 +00:00
ts
ba8d406d01 WIP code - pushed from laptop 2020-01-13 13:58:10 +00:00
ts
8b8120819f First goals -> rules code. 
Currently prints out an array of the goals objects into the correct elastalert rules location.
TODO: add code to translate this into actual rules and alerts.
TODO: add scenario level goals elements and include those.
TODO: Identify which VM has elastalert and add a full list of elastalert.yaml rules there
TODO: Allow the use of dynamic goals based on other attributes of a module (i.e. filename, path, username, etc.)
 2019-12-11 17:01:03 +00:00
ts
6c24c45455 fixed patch command 2019-12-11 15:57:52 +00:00
ts
28dfc8132a Removed duplicate elastalert module in scenario... 2019-12-11 15:56:38 +00:00
ts
7ce5774c27 re-apply elastalert patch to the pip3 version to fix bug (seems to have been fixed overnight?) 2019-12-11 13:49:55 +00:00
ts
59a3eb39cf revert: apply elastalert patch to the pip3 version to fix bug (seems to have been fixed overnight?) 2019-12-11 13:12:07 +00:00
ts
41c1b954c3 apply elastalert patch to the pip3 version to fix bug 2019-12-11 12:48:01 +00:00
ts
a957b2a8a5 fixed example-rule.yaml formatting + added .diff file with fix 2019-12-10 18:21:46 +00:00
ts
2c51ee2ec4 Removing git conflict from stretch to test... 2019-12-10 17:00:26 +00:00
ts
5c2e5fd601 Added example rule (needs testing/adjusting) 2019-12-10 13:59:32 +00:00
thomashaw
d27817065b rule - fix the alert 2019-12-09 17:22:12 +00:00
thomashaw
11b60ab43c elastalert installing pip elasticsearch version 6.3.1 2019-12-09 16:20:05 +00:00
ts
cd3fabc3c5 Added example rule (needs testing/adjusting) 2019-12-09 14:49:28 +00:00
ts
44b4a87e2d updated audit rules path + forced pip3 elasticsearch package to version 7.0.0 2019-12-09 14:47:49 +00:00
ts
6ff57ec092 updated yml to yaml, copy rules directory 2019-12-09 13:11:13 +00:00
ts
631dec5546 added PyYAML 2019-12-09 12:44:20 +00:00
ts
432b888db7 updated config path 2019-12-09 12:38:14 +00:00
ts
c1c5b4ebd2 added elastalert to tracer 2019-12-09 12:07:26 +00:00
ts
1d1b70b7fa added elastalert to tracer 2019-12-09 12:02:26 +00:00
ts
acbad2a14c config 2019-12-09 11:55:57 +00:00
ts
1f4bb45273 config 2019-12-09 11:54:20 +00:00
ts
542c9be18c fixed package name 2019-12-09 11:43:07 +00:00
ts
5824a364f0 elastalert service 2019-12-09 11:40:06 +00:00
ts
508de79aea elastalert config etc. 2019-12-09 11:29:09 +00:00
ts
217e0385dc renamed class 2019-12-09 10:49:36 +00:00
ts
6260284639 renamed class 2019-12-09 10:39:13 +00:00
ts
c5f2e94fc2 re-added the update 2019-12-09 10:27:53 +00:00
ts
f3af96f123 elastalert stuff 2019-12-05 17:17:02 +00:00
ts
4130e36823 auditbeat pp 2019-12-05 14:53:00 +00:00
ts
b692020338 JSON logs via auditbeat 2019-12-05 14:11:22 +00:00
ts
e6e6df6540 Custom rules file for auditbeat.pp (placeholder, replace me with dynamically generated rules) 2019-12-05 14:09:45 +00:00
ts
cadbc518d9 Revert: Adding auditd to auditbeat puppet [not required] 2019-12-04 13:02:18 +00:00
ts
e76b044796 Adding auditd to auditbeat puppet 2019-12-04 12:29:28 +00:00
ts
6443410f20 clearing up messy nested git repo stuff 2019-12-03 14:24:49 +00:00
ts
7b3d4c267c WIP: adding http.host to logstash config 2019-12-03 13:57:49 +00:00
ts
4237dce790 WIP: adding http.host to logstash config 2019-12-03 13:31:57 +00:00
ts
ae2fe0cc80 WIP: Routing layer skeleton code 2019-12-03 12:51:13 +00:00
ts
441f855e26 Added filebeat and auditbeat to clients 2019-12-03 12:20:58 +00:00
ts
f655eb91eb Hardcoded logstash package to 6.3.1 2019-12-03 11:22:54 +00:00
ts
02c4f2babe Setting all elasticstack versions to 6.3.1 2019-12-03 10:47:29 +00:00
ts
a34db42cbb second machine is a desktop 2019-12-02 07:36:42 +00:00
ts
6a4c7a86a1 wip: starts wazuh-agent service on successful registration, removed -no-parallel 2019-12-01 17:31:25 +00:00
ts
dc17eb397e wip: starting + registering successfully 2019-12-01 16:10:58 +00:00
ts
42ea70598d wip: 2019-12-01 15:55:08 +00:00
ts
8df5e0407b wip: agent mkdir 2019-12-01 14:44:17 +00:00
ts
ce5dadf267 wip - building without errors.. 2019-11-30 13:21:15 +00:00
ts
bfc000ff9c wip 2019-11-30 12:21:01 +00:00