Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

v2.0.0 development #106

Merged
merged 213 commits into from
Apr 8, 2020
Merged
Changes from 2 commits
Commits
Show all changes
213 commits
Select commit Hold shift + click to select a range
bb34df3
code to generate website
mmguero Dec 12, 2019
27cd8fb
Merge branch 'master' of https://github.com/idaholab/Malcolm
mmguero Dec 17, 2019
f89b75a
Merge branch 'master' of https://github.com/idaholab/Malcolm
mmguero Dec 24, 2019
d7b50f6
Merge branch 'master' of https://github.com/idaholab/Malcolm
mmguero Jan 10, 2020
6e6eb22
bump moloch to 2.2.0
mmguero Jan 13, 2020
76b1d26
reduce log noise
mmguero Jan 15, 2020
0d479e5
bump version for development to 1.8.2
mmguero Jan 15, 2020
00275c8
set elastalert index settings for a single node
mmguero Jan 15, 2020
e8ddf44
fix issue #97, when using tcpdump the capture files are named .pcap.pcap
mmguero Jan 15, 2020
a7c7f60
check moloch viewer status page periodically for docker container hea…
mmguero Jan 16, 2020
3066800
fix docker-compose log verbosity
mmguero Jan 16, 2020
ba8b51f
made kibana_index_refresh.py more robust as suggested by @fabrie in i…
mmguero Jan 16, 2020
1d9c6d6
added plugin for detecting cve-2020-0601
mmguero Jan 16, 2020
2a10fc4
work on issue #102, log access to Malcolm web interface(s) to Elastic…
mmguero Jan 16, 2020
a26691a
nginx/php adjustments for issue #101, uploading very large pcap files…
mmguero Jan 20, 2020
a0cbe89
fix a few of the control bash scripts to use GNU coreutils where appl…
mmguero Jan 21, 2020
e458f59
bump malcolm version to 1.9.0, moloch version to 2.2.1
mmguero Jan 21, 2020
b396094
work on implementing control scripts (start,stop,restart,wipe,logs) i…
mmguero Jan 21, 2020
3fb4a62
have ISO use new scripts
mmguero Jan 21, 2020
440c859
bump elastic to 7.5.2
mmguero Jan 21, 2020
34c0b12
update iso build scripts to use new python scripts for install
mmguero Jan 21, 2020
e017a1d
compatibility fixes for scripts under linux
mmguero Jan 22, 2020
79c39c0
don't source missing files
mmguero Jan 22, 2020
e19912a
more reworking of scripts from bash -> python (not complete yet, may …
mmguero Jan 22, 2020
59384ae
more work on auth_setup
mmguero Jan 22, 2020
06930a5
remove reference to files we're not longer using
mmguero Jan 22, 2020
90bd12b
Revert "bump elastic to 7.5.2"
mmguero Jan 22, 2020
3f2067a
fix default for external password question
mmguero Jan 23, 2020
414f64c
handle missing python package in windows
mmguero Jan 23, 2020
9567cbc
documentation updates
mmguero Jan 23, 2020
2566131
tweak some codenames
mmguero Jan 23, 2020
ec89f25
use specified path (rather than absolute path) for compose file
mmguero Jan 23, 2020
52e53f4
make python3 the default
mmguero Jan 23, 2020
cba9286
Revert "make python3 the default"
mmguero Jan 23, 2020
40ea9c8
fixes for new control scripts
mmguero Jan 23, 2020
cb9766b
fix logs script hanging
mmguero Jan 23, 2020
a021a49
pin filters by default in kibana
mmguero Jan 27, 2020
e363ea2
put a hack/fix in for vagrant not liking dhcp nat in 6.1
mmguero Jan 28, 2020
54ba1c3
create a zeek.service_version field to track protocol version in a si…
mmguero Jan 28, 2020
fb95341
added security overview dashboard wip
mmguero Jan 28, 2020
b687606
added freq.Dockerfile to detecting string entropy
mmguero Jan 28, 2020
65b6260
if designated by the FREQ_LOOKUP (true) environment variable, look up…
mmguero Jan 28, 2020
067426a
update docker ignore ifle
mmguero Jan 28, 2020
6c65191
ask about string freq lookup in install.py
mmguero Jan 28, 2020
ed8654e
added security overview dashboard wip
mmguero Jan 28, 2020
dcc32b6
added security overview dashboard wip
mmguero Jan 28, 2020
69daa33
Merge branch 'development' of https://github.com/idaholab/Malcolm int…
mmguero Jan 29, 2020
3ca2feb
use a ruby block rather than an http filter in order to better handle…
mmguero Jan 29, 2020
9ba3f96
fix volume mapping for local.zeek in docker-compose.yml for testing
mmguero Jan 29, 2020
943ecd7
fix volume mapping for local.zeek in docker-compose.yml for testing
mmguero Jan 29, 2020
3fe565c
clean up symlinks as well
mmguero Jan 29, 2020
c108329
initial code for generating and parsing smb_cmd.log
mmguero Jan 29, 2020
7d173a8
initial code for generating and parsing smb_cmd.log
mmguero Jan 29, 2020
1b4d5de
more work on smb command mapping
mmguero Jan 29, 2020
a15ef4d
more work on smb
mmguero Jan 29, 2020
d00e940
more work on smb
mmguero Jan 30, 2020
5b9c88b
Merge branch 'development' of https://github.com/idaholab/Malcolm int…
mmguero Jan 30, 2020
c2777fb
bump version to 2.0.0
mmguero Jan 30, 2020
3402e30
some field normalization for 2.0.0
mmguero Jan 30, 2020
6f918d7
fixes to SMB action mapping
mmguero Jan 30, 2020
601a1dc
Merge branch 'development' of https://github.com/idaholab/Malcolm int…
mmguero Jan 31, 2020
78bcd80
remove useless prefix before smb action
mmguero Feb 3, 2020
82aeb8d
exclude some domains from freq. analysis
mmguero Feb 3, 2020
6d8b70a
utility script to repackage zeek logs for upload:
mmguero Feb 3, 2020
0c66572
fix issue #111, moloch/etc mount in docker-compose.yml causes custom …
mmguero Feb 3, 2020
855ff8c
Merge branch 'master' into development
mmguero Feb 3, 2020
6c24609
fix Malcolm issue #110, submitting hunt job crashes viewer unless Zee…
mmguero Feb 3, 2020
c55dede
Added smb_cmd fields to WISE
mmguero Feb 3, 2020
eb61deb
fix dashboard referring to zeek_smb.action -> zeek.action
mmguero Feb 3, 2020
4ac2c77
remove tunnel:: prefix from tunnel type
mmguero Feb 3, 2020
e043a18
added 'action' panel to overview
mmguero Feb 3, 2020
39573ef
added security overview dashboard (wip) to directory
mmguero Feb 3, 2020
1e9c61b
erge branch 'development' of https://github.com/idaholab/Malcolm into…
mmguero Feb 3, 2020
87ee07e
more work on issue #108, create security overview dashboard in kibana
mmguero Feb 4, 2020
5aaea11
working on issue #109, create ICS security overview dashboard
mmguero Feb 4, 2020
e91d467
added ipv4/ipv6
mmguero Feb 4, 2020
57e94d0
working on issue #109, create ICS security overview dashboard
mmguero Feb 4, 2020
ccc3661
working on issue #109, create ICS security overview dashboard
mmguero Feb 4, 2020
9f9adc6
added network layer to connections
mmguero Feb 5, 2020
d571cb5
fix max font size
mmguero Feb 5, 2020
d732ba6
bring sensor local.zeek up to match malcolm's
mmguero Feb 5, 2020
c634f04
fixed spacing of navigation menu
mmguero Feb 5, 2020
a13d75a
fix issue #112, region maps not working because of incorrect redirect
mmguero Feb 5, 2020
6fd7bb9
fix issue #112, region maps not working because of incorrect redirect
mmguero Feb 5, 2020
6ea8973
fix issue #112, region maps not working because of incorrect redirect
mmguero Feb 5, 2020
ac93c4d
fix issue #112, region maps not working because of incorrect redirect
mmguero Feb 5, 2020
36bd5f4
comments
mmguero Feb 6, 2020
cb3cccc
ignore logs that have been renamed and are in transit being archived
mmguero Feb 7, 2020
90b2ad9
updates to dashboards
mmguero Feb 7, 2020
1636a38
fix kibana_index_refresh.py for python2
mmguero Feb 7, 2020
9dfe53f
fix non-ics/iot protocols dashboard
mmguero Feb 7, 2020
a2247eb
erge branch 'development' of https://github.com/idaholab/Malcolm into…
mmguero Feb 8, 2020
ef53f65
bump version to 7.6.0 for elastic
mmguero Feb 11, 2020
39617e3
working with es 7.6, but elastalert had to be temporarily disabled. w…
mmguero Feb 11, 2020
e7e043e
don't include known_certs in outdated/insecure protocols
mmguero Feb 12, 2020
a37e56d
Tons of work refining dashboards
mmguero Feb 12, 2020
1098e55
tweak connections view
mmguero Feb 12, 2020
21444ac
improved maps
mmguero Feb 13, 2020
43e011b
remove warnings
mmguero Feb 13, 2020
cd0ffef
improvements to how notices can be used througout the other dashboards
mmguero Feb 13, 2020
81408a5
improvements to how notices can be used througout the other dashboards
mmguero Feb 13, 2020
00b46d0
do frequency analysis on zeek_ssl.server_name
mmguero Feb 13, 2020
ae60cf2
merge src/dst mac/oui fields into network.mac and network.oui arrays,…
mmguero Feb 17, 2020
8bdcefa
experimenting with creating a merged network.mac_oui field that looks…
mmguero Feb 17, 2020
fab5889
Revert "experimenting with creating a merged network.mac_oui field th…
mmguero Feb 17, 2020
38386e6
Revert "merge src/dst mac/oui fields into network.mac and network.oui…
mmguero Feb 17, 2020
cc99d7d
make installer work better for vms
mmguero Feb 18, 2020
f8b501f
build virtualbox guest debs in a clean environment
mmguero Feb 18, 2020
5b2d18a
fixed vagrantfile for malcolm build
mmguero Feb 18, 2020
a3d8e08
only keep vmware/virtualbox guest packages in the right environments
mmguero Feb 18, 2020
aca19a0
increase build memory requirements
mmguero Feb 18, 2020
46314d5
fix typo
mmguero Feb 19, 2020
482fd7b
updating sensor-iso to match malcolm-iso
mmguero Feb 19, 2020
dbe21f1
fix relative path
mmguero Feb 20, 2020
ff9484f
removed docker-gen in nginx container, we're not using it any more
mmguero Feb 20, 2020
1b1fb7c
update software saved search
mmguero Feb 20, 2020
d03081f
Fixed installation of elastalert kibana plugin, but still broken due …
mmguero Feb 21, 2020
94eb74a
fix issue #104, Upload without trailing slash redirects to incorrect …
mmguero Feb 21, 2020
c3cb5ce
update copyright
mmguero Feb 21, 2020
43d9658
Merge branch 'development' of https://github.com/idaholab/Malcolm int…
mmguero Feb 21, 2020
1b97219
Merge branch 'master' of https://github.com/idaholab/Malcolm
mmguero Feb 21, 2020
f61fddb
update style of upload screen to match the rest of the app
mmguero Feb 24, 2020
2a51904
working on network diff code (wip)
mmguero Feb 24, 2020
2e7c494
work in progress on network time diff, viewer.js not actually used yet
mmguero Feb 24, 2020
cc1dee5
bump moloch to 2.2.2
mmguero Feb 25, 2020
682cab9
work in progress for network diff
mmguero Feb 25, 2020
3d7f3cf
network diff work in progress
mmguero Feb 25, 2020
4deb661
comments/work in progress
mmguero Feb 25, 2020
986b77d
some test files
mmguero Feb 25, 2020
0026302
update zeek to 3.0.2
mmguero Feb 25, 2020
3cafb17
fix reference to zeek::af_packet
mmguero Feb 25, 2020
a20fa9b
install zeek::af_packet with zkg
mmguero Feb 25, 2020
643efb7
Revert "install zeek::af_packet with zkg"
mmguero Feb 25, 2020
2b31a3e
added docker files for running moloch regression tests
mmguero Feb 26, 2020
9184091
added vim to test harnest
mmguero Feb 26, 2020
5c4b5a3
fix af_packet zeek build
mmguero Feb 26, 2020
59ee493
added promotional poster:
mmguero Mar 4, 2020
985b625
switch test harness branch
mmguero Mar 4, 2020
02d21e6
temporarily pull from https://github.com/mmguero-dev/moloch fork for …
mmguero Mar 4, 2020
4e78ea8
update elastic to 7.6.1 for security and bug fixes
mmguero Mar 4, 2020
152920a
Merge branch 'development' of https://github.com/idaholab/Malcolm int…
mmguero Mar 5, 2020
b41fef9
update moloch to 2.2.3
mmguero Mar 9, 2020
bd15d5c
update moloch to 2.2.3
mmguero Mar 9, 2020
9bd8b78
Merge branch 'development' of https://github.com/idaholab/Malcolm int…
mmguero Mar 10, 2020
9da4a97
update zeek to 3.0.3
mmguero Mar 10, 2020
c8da7c6
update psutil to fix security alert https://github.com/advisories/GHS…
mmguero Mar 12, 2020
64a10af
Merge branch 'development' of https://github.com/idaholab/Malcolm int…
mmguero Mar 13, 2020
9ac15f9
zeek updated website, fix broken link
mmguero Mar 18, 2020
3e84060
Merge remote-tracking branch 'origin/development' into development
mmguero Mar 18, 2020
c81bb35
restore stuff for generating web documentation
mmguero Mar 18, 2020
6d3d976
fix URL for relocated MITRE ATTACK BZAR plugin
mmguero Mar 19, 2020
c68c4d7
fix broken links for build of Zeek, MITRE ATT&CK BZAR plugin
mmguero Mar 19, 2020
6f9d398
Merge branch 'master' into development
mmguero Mar 19, 2020
a1a6a24
Merge branch 'master' into development
mmguero Mar 19, 2020
bdd113e
fixed duplicate plugin URL in script
mmguero Mar 19, 2020
03ec489
Merge branch 'development' of github.com:idaholab/Malcolm into develo…
mmguero Mar 19, 2020
2d51818
update moloch version in docs to 2.2.3
mmguero Mar 19, 2020
f58adf9
remove files no longer needed for testing
mmguero Mar 19, 2020
8acc4c1
remove files no longer needed for testing and update moloch version i…
mmguero Mar 19, 2020
ba4d017
Merge branch 'development' of github.com:idaholab/Malcolm into develo…
mmguero Mar 19, 2020
0819bf9
should fix issue #114. I discovered that even though moloch-capture i…
mmguero Mar 20, 2020
b4b6586
should fix issue #114. I discovered that even though moloch-capture i…
mmguero Mar 20, 2020
f308aa2
Merge branch 'development' of github.com:idaholab/Malcolm into develo…
mmguero Mar 20, 2020
2452268
proof of concept for a segment mapping form
mmguero Mar 23, 2020
2fa073f
work in progress on the segment mapping ui
mmguero Mar 23, 2020
8b9bcc6
more work on the segment mapping ui
mmguero Mar 24, 2020
950aee1
more work on the segment mapping ui
mmguero Mar 24, 2020
958ef0b
more work on the segment mapping ui
mmguero Mar 24, 2020
4f3b3e9
more work on the segment mapping ui
mmguero Mar 24, 2020
b2514bd
more work on the segment mapping ui
mmguero Mar 24, 2020
5191b2c
more work on the segment mapping ui
mmguero Mar 24, 2020
b3a1031
apply tooltip for table columns
mmguero Mar 24, 2020
2a67318
scroll back and forth to selected item
mmguero Mar 24, 2020
7be1f7d
beautify with icons
mmguero Mar 24, 2020
c4a2477
basic validation client-side
mmguero Mar 24, 2020
dd97543
more work on the segment mapping ui (integration with malcolm scripts…
mmguero Mar 25, 2020
ca6f55c
more work on the segment mapping ui (creation of docker image, integr…
mmguero Mar 25, 2020
ac25762
Added new icon to malcolm iso for subnet mapping editor
mmguero Mar 26, 2020
4774c4d
documentation updates
mmguero Mar 26, 2020
46dc86f
start logstash under supervisord in order to add a process that will …
mmguero Mar 26, 2020
116f58e
more work on name-map-ui, allow uploading of the JSON file so it can …
mmguero Mar 30, 2020
5daece4
map location of host/subnet mapping to correct location under name-ma…
mmguero Mar 30, 2020
a8db250
integrate upload with name-map-ui
mmguero Mar 30, 2020
dd603c9
add the ability to signal logstash from the net-map-ui container
mmguero Mar 30, 2020
89330cb
clear out previous maps between restarts
mmguero Mar 30, 2020
5182f9e
add ability to save net-map.json from web ui
mmguero Mar 31, 2020
10d929a
basic control for restarting logstash via ui controls
mmguero Mar 31, 2020
5a16fe6
put save/restart confirmations in UI
mmguero Mar 31, 2020
cf6ca1d
added import button to name map ui
mmguero Mar 31, 2020
7fdd7c8
send save-state post value to restart-logstash.php
mmguero Mar 31, 2020
2657a34
update documentation
mmguero Mar 31, 2020
fe1aaff
update documentation
mmguero Mar 31, 2020
cc62138
remove unused variable
mmguero Mar 31, 2020
82859f1
Merge remote-tracking branch 'downstream/development' into development
mmguero Apr 1, 2020
6878484
Merge remote-tracking branch 'upstream/development' into development
mmguero Apr 1, 2020
d6d46e9
documentation updates
mmguero Apr 1, 2020
1946d77
use fonts-symbola instead of fonts-noto-color-emoji
mmguero Apr 1, 2020
80b88d5
re-enable swimlane visualization
mmguero Apr 2, 2020
b38ddb7
update elasticsearch to 7.6.2; also, fix issue #119
mmguero Apr 4, 2020
ab4b962
Merge remote-tracking branch 'downstream/development' into development
mmguero Apr 6, 2020
c878195
Merge remote-tracking branch 'upstream/development' into development
mmguero Apr 6, 2020
733ba5a
use default theme in elastalert kibana editor
mmguero Apr 6, 2020
c01cec7
Merge remote-tracking branch 'downstream/development' into development
mmguero Apr 6, 2020
a5d54bd
Merge remote-tracking branch 'upstream/development' into development
mmguero Apr 6, 2020
8d85cb0
update kibana plugin version
mmguero Apr 7, 2020
acc90c3
add user to vboxsf group for using shared folders
mmguero Apr 7, 2020
da8ba6e
Merge remote-tracking branch 'downstream/development' into development
mmguero Apr 7, 2020
be4a921
Merge remote-tracking branch 'upstream/development' into development
mmguero Apr 7, 2020
ac8c4a2
the 'run a separate instance of Zeek locally' use case isn't really a…
mmguero Apr 7, 2020
34d511e
Merge remote-tracking branch 'upstream/development' into development
mmguero Apr 7, 2020
626ee7f
ensure all services have a health check
mmguero Apr 8, 2020
81b521a
Merge remote-tracking branch 'downstream/development' into development
mmguero Apr 8, 2020
ee73ae9
reduce verbosity of health checks in logs
mmguero Apr 8, 2020
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view

These merge commits were added into this branch cleanly.

There are no new changes to show.