b3b983afe6
Change method to get default Suricata interface
...
On some systems, interface number 2 is not always the correct one.
With AWK we now collect the first active interface having both an
address and a broadcast.
2021-01-06 11:14:24 +01:00
87a27e4f2b
Suricata: use suricata-update for rule management
...
As a bonus we can now run "suricata-update" using docker-exec,
triggering both a rule update and a Suricata rule reload.
2020-11-30 17:56:14 +01:00
2ecef8c607
enable MQTT
...
as eagle eyed by @adepasquale
2020-11-27 19:07:12 +01:00
73a5847753
Suricata: update suricata.yaml config to 6.0.x
...
Merge in the latest updates from suricata-6.0.x while at the same time
keeping the custom T-Pot configuration.
https://github.com/OISF/suricata/blob/suricata-6.0.0/suricata.yaml.in
2020-11-26 19:16:01 +01:00
0010f99662
Suricata: disable eve.stats since it's unused
...
Prevent the error below by disabling stats globally and in eve-log:
<Error> - [ERRCODE: SC_ERR_STATS_LOG_GENERIC(278)] - eve.stats: stats are disabled globally: set stats.enabled to true.
2020-11-25 17:07:49 +01:00
e2f76c44cb
Suricata: update suricata.yaml config to 5.x
...
Merge in the latest updates from suricata-5.x while at the same time
keeping the custom T-Pot configuration.
https://github.com/OISF/suricata/blob/master-5.0.x/suricata.yaml.in
2020-11-25 15:51:41 +01:00
e26853c7fa
bump suricata to 5.0.4
2020-10-28 17:53:23 +00:00
b1d8e293de
add DockerHub back in cap filter
...
see https://github.com/telekom-security/tpotce/pull/691#issuecomment-688648225
2020-09-08 10:45:58 -07:00
7fdf9edb60
Update Suricata Capture Filter for New Docker Repo
2020-09-07 19:57:15 -07:00
47dca8b835
continue pin / prep images ghcr
2020-09-04 12:37:28 +00:00
0031980416
cleanup and prepare for docker image rebuilds
2020-06-26 14:34:05 +00:00
680194adf7
prep for new listbot FQDN
2020-05-12 09:19:09 +00:00
cbefe6a074
Update capture-filter.bpf
2020-04-22 17:49:59 +02:00
53e9470d58
cleanup
2020-02-27 10:35:50 +00:00
f11ad6b523
tweaking
...
ELK 7.6.0 is not ready for production, however it works if APM is enabled (disabled in config, so image wont build as precaution)
Remove SISSDEN from ewsposter, suricata
Bump suricata to 5.0.1
Alpine now support suricata incl. enabled JA3 support, move back to Alpine install
2020-02-14 15:28:06 +00:00
78135df9e7
Bump Suricata to 5.0.0
2019-10-22 15:20:23 +00:00
28f5491977
bump suricata to 4.1.4
2019-06-07 13:00:20 +00:00
20711cb633
clean up
2019-03-26 16:30:14 +00:00
c7e9015a5a
Bump Suricata to 4.1.3
...
Build with Rust
Enable JA3
Enable more protocols
Improve payload logging
... and more.
2019-03-26 16:26:47 +00:00
e8d8773863
tweaking
2019-03-19 11:08:23 +00:00
869f05ca8b
cleanup
2019-03-01 21:08:36 +00:00
6467a03d19
fix suricata ref location
2019-02-28 20:59:20 +00:00
65f242d322
cleanup
2019-02-28 15:01:12 +00:00
9f905f70de
prepare for new release
...
fix for installer, now always pointing to master repo
include adbhoney and dashboard
2018-12-07 17:50:39 +01:00
1c8074bce3
update docs, screenshots
2018-11-24 01:05:21 +01:00
ece169dd76
update docker-compose files
2018-11-21 09:26:31 +00:00
0c86bd9a5a
tweaking
2018-09-11 12:19:26 +00:00
42577b6016
Editions
...
start work on new editions
2018-06-07 16:39:13 +02:00
e8621fbba1
tweaking
2018-06-04 13:43:59 +00:00
38fce345cf
tweaking
...
fix condition when no internet connection is available
check internet connection before download of rules and avoid errors
check internet connection before setting up capture filters (with FQDNs, resulted in endless restart of suricata) and unset capture filters if no internet connection is available
2018-05-23 13:02:19 +00:00
004af6dec7
tweaking glutton, signals
2018-04-17 13:54:57 +00:00
594361a056
tweaking
2018-03-30 17:17:17 +00:00
df6e4dcd44
update logrotating, cleanup.sh, add Suricata ET Pro support, tweaking
2018-03-30 16:41:46 +00:00
fb37cb6152
Continue cleaning up and update documentation
2017-10-23 14:56:37 +02:00
0d5d80b1e3
include docker repos
...
... skip emobility since it is a dev repo
2017-10-13 18:58:14 +00:00
