Commit Graph

22 Commits

Author SHA1 Message Date
22904d402a drop root privileges for suricata 2022-03-08 17:29:03 +00:00
68b080a3a8 Work in progress!
This is the foundation for the distributed T-Pot feature,
highly work in progress, only works with local docker image builds,
will be available for prod for upcoming T-Pot 22xx.
2022-01-03 18:24:17 +00:00
60e57bce52 Update update.sh
Adding quotation marks for $URL
2021-05-03 14:40:08 +02:00
dceaa984c9 Update update.sh
Download rules via URL
2021-04-21 12:44:36 +02:00
87a27e4f2b Suricata: use suricata-update for rule management
As a bonus we can now run "suricata-update" using docker-exec,
triggering both a rule update and a Suricata rule reload.
2020-11-30 17:56:14 +01:00
2ecef8c607 enable MQTT
as eagle eyed by @adepasquale
2020-11-27 19:07:12 +01:00
73a5847753 Suricata: update suricata.yaml config to 6.0.x
Merge in the latest updates from suricata-6.0.x while at the same time
keeping the custom T-Pot configuration.

https://github.com/OISF/suricata/blob/suricata-6.0.0/suricata.yaml.in
2020-11-26 19:16:01 +01:00
0010f99662 Suricata: disable eve.stats since it's unused
Prevent the error below by disabling stats globally and in eve-log:

<Error> - [ERRCODE: SC_ERR_STATS_LOG_GENERIC(278)] - eve.stats: stats are disabled globally: set stats.enabled to true.
2020-11-25 17:07:49 +01:00
e2f76c44cb Suricata: update suricata.yaml config to 5.x
Merge in the latest updates from suricata-5.x while at the same time
keeping the custom T-Pot configuration.

https://github.com/OISF/suricata/blob/master-5.0.x/suricata.yaml.in
2020-11-25 15:51:41 +01:00
b1d8e293de add DockerHub back in cap filter
see https://github.com/telekom-security/tpotce/pull/691#issuecomment-688648225
2020-09-08 10:45:58 -07:00
7fdf9edb60 Update Suricata Capture Filter for New Docker Repo 2020-09-07 19:57:15 -07:00
680194adf7 prep for new listbot FQDN 2020-05-12 09:19:09 +00:00
cbefe6a074 Update capture-filter.bpf 2020-04-22 17:49:59 +02:00
f11ad6b523 tweaking
ELK 7.6.0 is not ready for production, however it works if APM is enabled (disabled in config, so image wont build as precaution)
Remove SISSDEN from ewsposter, suricata
Bump suricata to 5.0.1
Alpine now support suricata incl. enabled JA3 support, move back to Alpine install
2020-02-14 15:28:06 +00:00
78135df9e7 Bump Suricata to 5.0.0 2019-10-22 15:20:23 +00:00
28f5491977 bump suricata to 4.1.4 2019-06-07 13:00:20 +00:00
c7e9015a5a Bump Suricata to 4.1.3
Build with Rust
Enable JA3
Enable more protocols
Improve payload logging
... and more.
2019-03-26 16:26:47 +00:00
e8d8773863 tweaking 2019-03-19 11:08:23 +00:00
6467a03d19 fix suricata ref location 2019-02-28 20:59:20 +00:00
38fce345cf tweaking
fix condition when no internet connection is available
check internet connection before download of rules and avoid errors
check internet connection before setting up capture filters (with FQDNs, resulted in endless restart of suricata) and unset capture filters if no internet connection is available
2018-05-23 13:02:19 +00:00
df6e4dcd44 update logrotating, cleanup.sh, add Suricata ET Pro support, tweaking 2018-03-30 16:41:46 +00:00
0d5d80b1e3 include docker repos
... skip emobility since it is a dev repo
2017-10-13 18:58:14 +00:00