├── .github
├── .gitleaks.toml
├── DISCUSSION_TEMPLATE
│ └── 2-4.yml
├── ISSUE_TEMPLATE
│ ├── bug_report.md
│ └── config.yml
└── workflows
│ ├── close-threads.yml
│ ├── contrib.yml
│ ├── leaktest.yml
│ ├── lock-threads.yml
│ └── pythontest.yml
├── .gitignore
├── CONTRIBUTING.md
├── DOWNLOAD_AND_VERIFY_ISO.md
├── HOTFIX
├── KEYS
├── LICENSE
├── README.md
├── SECURITY.md
├── VERSION
├── assets
└── images
│ ├── screenshots
│ ├── alerts.png
│ ├── analyzers
│ │ ├── echotrail.png
│ │ ├── elasticsearch.png
│ │ └── sublime.png
│ ├── cases-comments.png
│ ├── dashboards.png
│ └── hunt.png
│ └── verified-commit-1.png
├── files
├── firewall
│ ├── assigned_hostgroups.local.map.yaml
│ └── ports
│ │ └── ports.local.yaml
└── salt
│ └── master
│ ├── master
│ └── salt-master.service
├── pillar
├── data
│ └── addtotab.sh
├── elasticsearch
│ ├── eval.sls
│ ├── index_templates.sls
│ ├── manager.sls
│ ├── nodes.sls
│ └── search.sls
├── firewall
│ └── addfirewall.sh
├── healthcheck
│ ├── eval.sls
│ ├── sensor.sls
│ └── standalone.sls
├── kafka
│ └── nodes.sls
├── logstash
│ ├── init.sls
│ └── nodes.sls
├── node_data
│ └── ips.sls
├── patch
│ └── needs_restarting.sls
├── redis
│ └── nodes.sls
├── soc
│ └── license.sls
├── top.sls
└── zeek
│ └── init.sls
├── pyci.sh
├── pytest.ini
├── salt
├── _beacons
│ └── zeek.py
├── _modules
│ ├── healthcheck.py
│ ├── needs_restarting.py
│ ├── so.py
│ ├── telegraf.py
│ └── zeekctl.py
├── allowed_states.map.jinja
├── backup
│ ├── config_backup.sls
│ ├── defaults.yaml
│ ├── map.jinja
│ ├── soc_backup.yaml
│ └── tools
│ │ └── sbin
│ │ └── so-config-backup.jinja
├── bpf
│ ├── defaults.yaml
│ ├── macros.jinja
│ ├── pcap.map.jinja
│ ├── soc_bpf.yaml
│ ├── suricata.map.jinja
│ └── zeek.map.jinja
├── ca
│ ├── dirs.sls
│ ├── files
│ │ └── signing_policies.conf
│ ├── init.sls
│ └── remove.sls
├── common
│ ├── files
│ │ ├── 99-reserved-ports.conf
│ │ ├── daemon.json
│ │ ├── soversion
│ │ └── vimrc
│ ├── init.sls
│ ├── packages.sls
│ ├── soup_scripts.sls
│ └── tools
│ │ ├── sbin
│ │ ├── so-bpf-compile
│ │ ├── so-checkin
│ │ ├── so-common
│ │ ├── so-common-status-check
│ │ ├── so-docker-prune
│ │ ├── so-image-common
│ │ ├── so-image-pull
│ │ ├── so-ip-update
│ │ ├── so-log-check
│ │ ├── so-luks-tpm-regen
│ │ ├── so-monitor-add
│ │ ├── so-nsm-clear
│ │ ├── so-pcap-import
│ │ ├── so-restart
│ │ ├── so-salt-start
│ │ ├── so-salt-stop
│ │ ├── so-sensor-clean
│ │ ├── so-ssh-harden
│ │ ├── so-start
│ │ ├── so-status
│ │ ├── so-stop
│ │ ├── so-tcpreplay-restart
│ │ ├── so-tcpreplay-start
│ │ ├── so-tcpreplay-stop
│ │ └── so-test
│ │ └── sbin_jinja
│ │ ├── so-desktop-install
│ │ ├── so-import-evtx
│ │ ├── so-import-pcap
│ │ ├── so-raid-status
│ │ ├── so-salt-minion-check
│ │ └── so-tcpreplay
├── cron
│ ├── dead.sls
│ ├── map.jinja
│ └── running.sls
├── curator
│ └── disabled.sls
├── desktop
│ ├── files
│ │ ├── 00-background
│ │ ├── session.jinja
│ │ ├── so-lockscreen.jpg
│ │ ├── so-login-logo-dark.svg
│ │ ├── so-login-logo.svg
│ │ └── so-wallpaper.jpg
│ ├── init.sls
│ ├── packages.sls
│ ├── remove_gui.sls
│ ├── trusted-ca.sls
│ └── xwindows.sls
├── docker
│ ├── defaults.yaml
│ ├── docker.map.jinja
│ ├── files
│ │ └── iptables-disabled.conf
│ ├── init.sls
│ └── soc_docker.yaml
├── docker_clean
│ └── init.sls
├── elastalert
│ ├── config.sls
│ ├── defaults.yaml
│ ├── disabled.sls
│ ├── enabled.sls
│ ├── files
│ │ ├── custom
│ │ │ └── placeholder
│ │ ├── elastalert_config.yaml.jinja
│ │ ├── modules
│ │ │ └── so
│ │ │ │ └── securityonion-es.py
│ │ └── predefined
│ │ │ ├── jira_auth.yaml
│ │ │ └── smtp_auth.yaml
│ ├── init.sls
│ ├── map.jinja
│ ├── soc_elastalert.yaml
│ ├── sostatus.sls
│ └── tools
│ │ └── sbin
│ │ ├── so-elastalert-create
│ │ ├── so-elastalert-restart
│ │ ├── so-elastalert-start
│ │ ├── so-elastalert-stop
│ │ └── so-elastalert-test
├── elastic-fleet-package-registry
│ ├── config.sls
│ ├── defaults.yaml
│ ├── disabled.sls
│ ├── enabled.sls
│ ├── init.sls
│ ├── map.jinja
│ ├── soc_elastic-fleet-package-registry.yaml
│ └── sostatus.sls
├── elasticagent
│ ├── config.sls
│ ├── defaults.yaml
│ ├── disabled.sls
│ ├── enabled.sls
│ ├── files
│ │ └── elastic-agent.yml.jinja
│ ├── init.sls
│ ├── map.jinja
│ ├── soc_elasticagent.yaml
│ ├── sostatus.sls
│ └── tools
│ │ └── sbin_jinja
│ │ ├── so-elastic-agent-inspect
│ │ ├── so-elastic-agent-restart
│ │ ├── so-elastic-agent-start
│ │ ├── so-elastic-agent-status
│ │ ├── so-elastic-agent-stop
│ │ └── so-elastic-agent-version
├── elasticfleet
│ ├── artifact_registry.sls
│ ├── config.sls
│ ├── defaults.yaml
│ ├── disabled.sls
│ ├── enabled.sls
│ ├── files
│ │ ├── certs
│ │ │ └── placeholder
│ │ ├── integrations-dynamic
│ │ │ ├── fleet-server
│ │ │ │ └── fleet-server.json
│ │ │ └── grid-nodes_general
│ │ │ │ ├── import-zeek-logs.json
│ │ │ │ ├── kratos-logs.json
│ │ │ │ └── zeek-logs.json
│ │ ├── integrations-optional
│ │ │ ├── kismet.json
│ │ │ └── sublime_platform.json
│ │ ├── integrations
│ │ │ ├── elastic-defend
│ │ │ │ └── elastic-defend-endpoints.json
│ │ │ ├── endpoints-initial
│ │ │ │ ├── osquery.json
│ │ │ │ ├── system-endpoints.json
│ │ │ │ ├── windows-defender.json
│ │ │ │ └── windows-endpoints.json
│ │ │ ├── grid-nodes_general
│ │ │ │ ├── elasticsearch-logs.json
│ │ │ │ ├── hydra-logs.json
│ │ │ │ ├── idh-logs.json
│ │ │ │ ├── import-evtx-logs.json
│ │ │ │ ├── import-suricata-logs.json
│ │ │ │ ├── osquery-grid-nodes.json
│ │ │ │ ├── redis-logs.json
│ │ │ │ ├── rita-logs.json
│ │ │ │ ├── so-ip-mappings.json
│ │ │ │ ├── soc-auth-sync-logs.json
│ │ │ │ ├── soc-detections-logs.json
│ │ │ │ ├── soc-salt-relay-logs.json
│ │ │ │ ├── soc-sensoroni-logs.json
│ │ │ │ ├── soc-server-logs.json
│ │ │ │ ├── strelka-logs.json
│ │ │ │ ├── suricata-logs.json
│ │ │ │ ├── syslog-tcp-514.json
│ │ │ │ ├── syslog-udp-514.json
│ │ │ │ └── system-grid-nodes.json
│ │ │ └── grid-nodes_heavy
│ │ │ │ ├── osquery-grid-nodes.json
│ │ │ │ └── system-grid-nodes.json
│ │ ├── so_agent-installers
│ │ │ └── readme
│ │ └── soc
│ │ │ ├── elastic-defend-custom-filters.yaml
│ │ │ └── elastic-defend-disabled-filters.yaml
│ ├── init.sls
│ ├── install_agent_grid.sls
│ ├── integration-defaults.map.jinja
│ ├── map.jinja
│ ├── soc_elasticfleet.yaml
│ ├── sostatus.sls
│ └── tools
│ │ ├── sbin
│ │ ├── so-elastic-defend-manage-filters.py
│ │ ├── so-elastic-fleet-agent-policy-delete
│ │ ├── so-elastic-fleet-agent-policy-list
│ │ ├── so-elastic-fleet-agent-policy-view
│ │ ├── so-elastic-fleet-common
│ │ ├── so-elastic-fleet-data-streams-list
│ │ ├── so-elastic-fleet-integration-policy-bulk-delete
│ │ ├── so-elastic-fleet-integration-policy-delete
│ │ ├── so-elastic-fleet-integration-policy-elastic-defend
│ │ ├── so-elastic-fleet-integration-policy-elastic-fleet-server
│ │ ├── so-elastic-fleet-integration-policy-list
│ │ ├── so-elastic-fleet-integration-policy-load
│ │ ├── so-elastic-fleet-package-list
│ │ ├── so-elastic-fleet-restart
│ │ ├── so-elastic-fleet-start
│ │ ├── so-elastic-fleet-stop
│ │ └── so_elastic_defend_filters_helper.py
│ │ └── sbin_jinja
│ │ ├── so-elastic-agent-gen-installers
│ │ ├── so-elastic-agent-grid-upgrade
│ │ ├── so-elastic-agent-inspect
│ │ ├── so-elastic-agent-restart
│ │ ├── so-elastic-agent-start
│ │ ├── so-elastic-agent-status
│ │ ├── so-elastic-agent-stop
│ │ ├── so-elastic-agent-version
│ │ ├── so-elastic-fleet-artifacts-url-update
│ │ ├── so-elastic-fleet-es-url-update
│ │ ├── so-elastic-fleet-integration-upgrade
│ │ ├── so-elastic-fleet-optional-integrations-load
│ │ ├── so-elastic-fleet-outputs-update
│ │ ├── so-elastic-fleet-package-load
│ │ ├── so-elastic-fleet-package-upgrade
│ │ ├── so-elastic-fleet-setup
│ │ ├── so-elastic-fleet-urls-update
│ │ └── so-kafka-fleet-output-policy
├── elasticsearch
│ ├── auth.sls
│ ├── base-template.json.jinja
│ ├── ca.sls
│ ├── config.map.jinja
│ ├── config.sls
│ ├── defaults.yaml
│ ├── disabled.sls
│ ├── download.sls
│ ├── enabled.sls
│ ├── files
│ │ ├── curl.config.template
│ │ ├── elasticsearch.yaml.jinja
│ │ ├── ingest-dynamic
│ │ │ └── common
│ │ ├── ingest
│ │ │ ├── beats.common
│ │ │ ├── common.nids
│ │ │ ├── dns.tld
│ │ │ ├── ecs
│ │ │ ├── filterlog
│ │ │ ├── global@custom
│ │ │ ├── http.status
│ │ │ ├── hydra
│ │ │ ├── kismet.ad_hoc
│ │ │ ├── kismet.ap
│ │ │ ├── kismet.bridged
│ │ │ ├── kismet.client
│ │ │ ├── kismet.common
│ │ │ ├── kismet.device
│ │ │ ├── kismet.seenby
│ │ │ ├── kismet.wds
│ │ │ ├── kismet.wds_ap
│ │ │ ├── kratos
│ │ │ ├── logs-pfsense.log-1.21.0
│ │ │ ├── logs-pfsense.log-1.21.0-suricata
│ │ │ ├── logscan.alert
│ │ │ ├── osquery.live_query
│ │ │ ├── osquery.normalize
│ │ │ ├── osquery.query_result
│ │ │ ├── ossec
│ │ │ ├── rita.beacons
│ │ │ ├── rita.connections
│ │ │ ├── rita.dns
│ │ │ ├── strelka.file
│ │ │ ├── sublime
│ │ │ ├── suricata.alert
│ │ │ ├── suricata.alert_pfsense
│ │ │ ├── suricata.common
│ │ │ ├── suricata.common_pfsense
│ │ │ ├── suricata.dhcp
│ │ │ ├── suricata.dnp3
│ │ │ ├── suricata.dns
│ │ │ ├── suricata.fileinfo
│ │ │ ├── suricata.flow
│ │ │ ├── suricata.ftp
│ │ │ ├── suricata.ftp_data
│ │ │ ├── suricata.http
│ │ │ ├── suricata.ike
│ │ │ ├── suricata.krb5
│ │ │ ├── suricata.nfs
│ │ │ ├── suricata.rdp
│ │ │ ├── suricata.sip
│ │ │ ├── suricata.smb
│ │ │ ├── suricata.smtp
│ │ │ ├── suricata.snmp
│ │ │ ├── suricata.ssh
│ │ │ ├── suricata.tftp
│ │ │ ├── suricata.tls
│ │ │ ├── syslog
│ │ │ ├── sysmon
│ │ │ ├── win.eventlogs
│ │ │ ├── zeek.bacnet
│ │ │ ├── zeek.bacnet_discovery
│ │ │ ├── zeek.bacnet_property
│ │ │ ├── zeek.bsap_ip_header
│ │ │ ├── zeek.bsap_ip_rdb
│ │ │ ├── zeek.bsap_ip_unknown
│ │ │ ├── zeek.bsap_serial_header
│ │ │ ├── zeek.bsap_serial_rdb
│ │ │ ├── zeek.bsap_serial_rdb_ext
│ │ │ ├── zeek.bsap_serial_unknown
│ │ │ ├── zeek.cip
│ │ │ ├── zeek.cip_identity
│ │ │ ├── zeek.cip_io
│ │ │ ├── zeek.common
│ │ │ ├── zeek.common_ssl
│ │ │ ├── zeek.conn
│ │ │ ├── zeek.cotp
│ │ │ ├── zeek.dce_rpc
│ │ │ ├── zeek.dhcp
│ │ │ ├── zeek.dnp3
│ │ │ ├── zeek.dnp3_control
│ │ │ ├── zeek.dnp3_objects
│ │ │ ├── zeek.dns
│ │ │ ├── zeek.dpd
│ │ │ ├── zeek.ecat_aoe_info
│ │ │ ├── zeek.ecat_arp_info
│ │ │ ├── zeek.ecat_coe_info
│ │ │ ├── zeek.ecat_dev_info
│ │ │ ├── zeek.ecat_foe_info
│ │ │ ├── zeek.ecat_log_address
│ │ │ ├── zeek.ecat_registers
│ │ │ ├── zeek.ecat_soe_info
│ │ │ ├── zeek.enip
│ │ │ ├── zeek.files
│ │ │ ├── zeek.ftp
│ │ │ ├── zeek.http
│ │ │ ├── zeek.http2
│ │ │ ├── zeek.intel
│ │ │ ├── zeek.ipsec
│ │ │ ├── zeek.irc
│ │ │ ├── zeek.kerberos
│ │ │ ├── zeek.ldap
│ │ │ ├── zeek.ldap_search
│ │ │ ├── zeek.modbus
│ │ │ ├── zeek.modbus_detailed
│ │ │ ├── zeek.modbus_mask_write_register
│ │ │ ├── zeek.modbus_read_write_multiple_registers
│ │ │ ├── zeek.mysql
│ │ │ ├── zeek.notice
│ │ │ ├── zeek.ntlm
│ │ │ ├── zeek.ntp
│ │ │ ├── zeek.opcua_binary
│ │ │ ├── zeek.opcua_binary_activate_session
│ │ │ ├── zeek.opcua_binary_activate_session_client_software_cert
│ │ │ ├── zeek.opcua_binary_activate_session_diagnostic_info
│ │ │ ├── zeek.opcua_binary_activate_session_locale_id
│ │ │ ├── zeek.opcua_binary_browse
│ │ │ ├── zeek.opcua_binary_browse_description
│ │ │ ├── zeek.opcua_binary_browse_diagnostic_info
│ │ │ ├── zeek.opcua_binary_browse_request_continuation_point
│ │ │ ├── zeek.opcua_binary_browse_response_references
│ │ │ ├── zeek.opcua_binary_browse_result
│ │ │ ├── zeek.opcua_binary_create_session
│ │ │ ├── zeek.opcua_binary_create_session_discovery
│ │ │ ├── zeek.opcua_binary_create_session_endpoints
│ │ │ ├── zeek.opcua_binary_create_session_user_token
│ │ │ ├── zeek.opcua_binary_create_subscription
│ │ │ ├── zeek.opcua_binary_diag_info_detail
│ │ │ ├── zeek.opcua_binary_get_endpoints
│ │ │ ├── zeek.opcua_binary_get_endpoints_description
│ │ │ ├── zeek.opcua_binary_get_endpoints_discovery
│ │ │ ├── zeek.opcua_binary_get_endpoints_locale_id
│ │ │ ├── zeek.opcua_binary_get_endpoints_profile_uri
│ │ │ ├── zeek.opcua_binary_get_endpoints_user_token
│ │ │ ├── zeek.opcua_binary_opensecure_channel
│ │ │ ├── zeek.opcua_binary_read
│ │ │ ├── zeek.opcua_binary_read_array_dims
│ │ │ ├── zeek.opcua_binary_read_array_dims_link
│ │ │ ├── zeek.opcua_binary_read_diagnostic_info
│ │ │ ├── zeek.opcua_binary_read_extension_object
│ │ │ ├── zeek.opcua_binary_read_extension_object_link
│ │ │ ├── zeek.opcua_binary_read_nodes_to_read
│ │ │ ├── zeek.opcua_binary_read_results
│ │ │ ├── zeek.opcua_binary_read_results_link
│ │ │ ├── zeek.opcua_binary_read_status_code
│ │ │ ├── zeek.opcua_binary_read_variant_data
│ │ │ ├── zeek.opcua_binary_read_variant_data_link
│ │ │ ├── zeek.opcua_binary_status_code_detail
│ │ │ ├── zeek.pe
│ │ │ ├── zeek.profinet
│ │ │ ├── zeek.profinet_dce_rpc
│ │ │ ├── zeek.quic
│ │ │ ├── zeek.radius
│ │ │ ├── zeek.rdp
│ │ │ ├── zeek.rfb
│ │ │ ├── zeek.s7comm
│ │ │ ├── zeek.s7comm_plus
│ │ │ ├── zeek.s7comm_read_szl
│ │ │ ├── zeek.s7comm_upload_download
│ │ │ ├── zeek.signatures
│ │ │ ├── zeek.sip
│ │ │ ├── zeek.smb_files
│ │ │ ├── zeek.smb_mapping
│ │ │ ├── zeek.smtp
│ │ │ ├── zeek.snmp
│ │ │ ├── zeek.socks
│ │ │ ├── zeek.software
│ │ │ ├── zeek.ssh
│ │ │ ├── zeek.ssl
│ │ │ ├── zeek.stun
│ │ │ ├── zeek.stun_nat
│ │ │ ├── zeek.syslog
│ │ │ ├── zeek.tds
│ │ │ ├── zeek.tds_rpc
│ │ │ ├── zeek.tds_sql_batch
│ │ │ ├── zeek.traceroute
│ │ │ ├── zeek.tunnel
│ │ │ ├── zeek.tunnels
│ │ │ ├── zeek.weird
│ │ │ ├── zeek.wireguard
│ │ │ └── zeek.x509
│ │ └── log4j2.properties
│ ├── init.sls
│ ├── roles
│ │ ├── analyst.json
│ │ ├── auditor.json
│ │ ├── limited-analyst.json
│ │ └── limited-auditor.json
│ ├── soc_elasticsearch.yaml
│ ├── sostatus.sls
│ ├── template.map.jinja
│ ├── templates
│ │ ├── component
│ │ │ ├── ecs
│ │ │ │ ├── agent.json
│ │ │ │ ├── aws.json
│ │ │ │ ├── azure.json
│ │ │ │ ├── base.json
│ │ │ │ ├── cef.json
│ │ │ │ ├── checkpoint.json
│ │ │ │ ├── cisco.json
│ │ │ │ ├── client.json
│ │ │ │ ├── cloud.json
│ │ │ │ ├── container.json
│ │ │ │ ├── cyberark.json
│ │ │ │ ├── data_stream.json
│ │ │ │ ├── destination.json
│ │ │ │ ├── device.json
│ │ │ │ ├── dll.json
│ │ │ │ ├── dns.json
│ │ │ │ ├── ecs.json
│ │ │ │ ├── elasticsearch.json
│ │ │ │ ├── error.json
│ │ │ │ ├── event.json
│ │ │ │ ├── file.json
│ │ │ │ ├── fortinet.json
│ │ │ │ ├── gcp.json
│ │ │ │ ├── google_workspace.json
│ │ │ │ ├── group.json
│ │ │ │ ├── host.json
│ │ │ │ ├── http.json
│ │ │ │ ├── juniper.json
│ │ │ │ ├── kibana.json
│ │ │ │ ├── kismet.json
│ │ │ │ ├── log.json
│ │ │ │ ├── logstash.json
│ │ │ │ ├── metadata.json
│ │ │ │ ├── microsoft.json
│ │ │ │ ├── misp.json
│ │ │ │ ├── netflow.json
│ │ │ │ ├── network.json
│ │ │ │ ├── o365.json
│ │ │ │ ├── observer.json
│ │ │ │ ├── okta.json
│ │ │ │ ├── orchestrator.json
│ │ │ │ ├── organization.json
│ │ │ │ ├── package.json
│ │ │ │ ├── process.json
│ │ │ │ ├── redis.json
│ │ │ │ ├── registry.json
│ │ │ │ ├── related.json
│ │ │ │ ├── rule.json
│ │ │ │ ├── server.json
│ │ │ │ ├── service.json
│ │ │ │ ├── snyk.json
│ │ │ │ ├── sophos.json
│ │ │ │ ├── source.json
│ │ │ │ ├── suricata.json
│ │ │ │ ├── syslog.json
│ │ │ │ ├── threat.json
│ │ │ │ ├── tls.json
│ │ │ │ ├── tracing.json
│ │ │ │ ├── url.json
│ │ │ │ ├── user.json
│ │ │ │ ├── user_agent.json
│ │ │ │ ├── vulnerability.json
│ │ │ │ ├── winlog.json
│ │ │ │ └── zeek.json
│ │ │ ├── elastic-agent
│ │ │ │ ├── logs-osquery_manager.action.responses.json
│ │ │ │ ├── logs-osquery_manager.actions.json
│ │ │ │ ├── logs-osquery_manager.result@custom.json
│ │ │ │ ├── logs-soc@package.json
│ │ │ │ ├── logs-system.syslog@custom.json
│ │ │ │ ├── logs@custom.json
│ │ │ │ ├── metrics@custom.json
│ │ │ │ ├── so-data-streams-mappings.json
│ │ │ │ ├── so-fleet_agent_id_verification-1.json
│ │ │ │ ├── so-fleet_globals-1.json
│ │ │ │ ├── so-fleet_integrations.ip_mappings-1.json
│ │ │ │ ├── so-items-mappings.json
│ │ │ │ ├── so-lists-mappings.json
│ │ │ │ ├── so-logs-mappings.json
│ │ │ │ └── so-logs-settings.json
│ │ │ └── so
│ │ │ │ ├── case-mappings.json
│ │ │ │ ├── case-settings.json
│ │ │ │ ├── common-dynamic-mappings.json
│ │ │ │ ├── common-settings.json
│ │ │ │ ├── detection-mappings.json
│ │ │ │ ├── detection-settings.json
│ │ │ │ ├── dtc-agent-mappings.json
│ │ │ │ ├── dtc-base-mappings.json
│ │ │ │ ├── dtc-client-mappings.json
│ │ │ │ ├── dtc-destination-mappings.json
│ │ │ │ ├── dtc-dns-mappings.json
│ │ │ │ ├── dtc-ecs-mappings.json
│ │ │ │ ├── dtc-event-mappings.json
│ │ │ │ ├── dtc-file-mappings.json
│ │ │ │ ├── dtc-host-mappings.json
│ │ │ │ ├── dtc-http-mappings.json
│ │ │ │ ├── dtc-network-mappings.json
│ │ │ │ ├── dtc-observer-mappings.json
│ │ │ │ ├── dtc-process-mappings.json
│ │ │ │ ├── dtc-rule-mappings.json
│ │ │ │ ├── dtc-service-mappings.json
│ │ │ │ ├── dtc-source-mappings.json
│ │ │ │ ├── dtc-syslog-mappings.json
│ │ │ │ ├── dtc-user-mappings.json
│ │ │ │ ├── dtc-user_agent-mappings.json
│ │ │ │ ├── dtc-winlog-mappings.json
│ │ │ │ ├── endgame-mappings.json
│ │ │ │ ├── pb-override-destination-mappings.json
│ │ │ │ ├── pb-override-source-mappings.json
│ │ │ │ ├── so-file-mappings.json
│ │ │ │ ├── so-ip-mappings.json
│ │ │ │ ├── so-rule-mappings.json
│ │ │ │ ├── so-scan-mappings.json
│ │ │ │ └── so-system-mappings.json
│ │ └── index
│ │ │ └── custom
│ │ │ └── place_custom_template_in_local
│ └── tools
│ │ ├── sbin
│ │ ├── so-elastic-clear
│ │ ├── so-elastic-diagnose
│ │ ├── so-elasticsearch-component-templates-list
│ │ ├── so-elasticsearch-ilm-lifecycle-status
│ │ ├── so-elasticsearch-ilm-policy-delete
│ │ ├── so-elasticsearch-ilm-policy-view
│ │ ├── so-elasticsearch-ilm-restart
│ │ ├── so-elasticsearch-ilm-start
│ │ ├── so-elasticsearch-ilm-status
│ │ ├── so-elasticsearch-ilm-stop
│ │ ├── so-elasticsearch-index-templates-list
│ │ ├── so-elasticsearch-indices-delete
│ │ ├── so-elasticsearch-indices-growth
│ │ ├── so-elasticsearch-indices-list
│ │ ├── so-elasticsearch-indices-rw
│ │ ├── so-elasticsearch-pipeline-stats
│ │ ├── so-elasticsearch-pipeline-view
│ │ ├── so-elasticsearch-pipelines
│ │ ├── so-elasticsearch-pipelines-list
│ │ ├── so-elasticsearch-query
│ │ ├── so-elasticsearch-restart
│ │ ├── so-elasticsearch-roles-load
│ │ ├── so-elasticsearch-shards-list
│ │ ├── so-elasticsearch-start
│ │ ├── so-elasticsearch-stop
│ │ ├── so-elasticsearch-template-remove
│ │ ├── so-elasticsearch-template-view
│ │ ├── so-elasticsearch-templates-list
│ │ ├── so-elasticsearch-wait
│ │ └── so-index-list
│ │ └── sbin_jinja
│ │ ├── so-catrust
│ │ ├── so-elastic-restart
│ │ ├── so-elastic-start
│ │ ├── so-elastic-stop
│ │ ├── so-elasticsearch-cluster-settings
│ │ ├── so-elasticsearch-cluster-space-total
│ │ ├── so-elasticsearch-cluster-space-used
│ │ ├── so-elasticsearch-ilm-policy-load
│ │ ├── so-elasticsearch-indices-delete-delete
│ │ └── so-elasticsearch-templates-load
├── firewall
│ ├── containers.map.jinja
│ ├── defaults.yaml
│ ├── init.sls
│ ├── ipt.map.jinja
│ ├── iptables.jinja
│ ├── map.jinja
│ └── soc_firewall.yaml
├── global
│ ├── defaults.yaml
│ ├── map.jinja
│ └── soc_global.yaml
├── healthcheck
│ └── init.sls
├── host
│ └── soc_host.yaml
├── hydra
│ ├── config.sls
│ ├── defaults.yaml
│ ├── disabled.sls
│ ├── enabled.sls
│ ├── files
│ │ └── hydra.yaml.jinja
│ ├── init.sls
│ ├── map.jinja
│ ├── soc_hydra.yaml
│ └── sostatus.sls
├── idh
│ ├── config.sls
│ ├── defaults.yaml
│ ├── disabled.sls
│ ├── enabled.sls
│ ├── idh.conf.jinja
│ ├── init.sls
│ ├── opencanary_config.map.jinja
│ ├── openssh
│ │ ├── config.sls
│ │ ├── init.sls
│ │ └── map.jinja
│ ├── plays
│ │ ├── idh_ftp.yml
│ │ ├── idh_git.yml
│ │ ├── idh_http_get.yml
│ │ ├── idh_http_login.yml
│ │ ├── idh_httpproxy.yml
│ │ ├── idh_mssql.yml
│ │ ├── idh_mysql.yml
│ │ ├── idh_ntp.yml
│ │ ├── idh_redis.yml
│ │ ├── idh_sip.yml
│ │ ├── idh_smb.yml
│ │ ├── idh_snmp.yml
│ │ ├── idh_ssh.yml
│ │ ├── idh_telnet.yml
│ │ ├── idh_tftp.yml
│ │ └── idh_vnc.yml
│ ├── skins
│ │ └── http
│ │ │ ├── custom
│ │ │ └── basicCustomLogin
│ │ │ │ ├── 403.html
│ │ │ │ ├── 404.html
│ │ │ │ └── index.html
│ │ │ └── opencanary
│ │ │ ├── basicLogin
│ │ │ ├── 403.html
│ │ │ ├── 404.html
│ │ │ └── index.html
│ │ │ └── nasLogin
│ │ │ ├── 403.html
│ │ │ ├── 404.html
│ │ │ ├── index.html
│ │ │ └── static
│ │ │ ├── css
│ │ │ ├── desktop.css
│ │ │ ├── ext-all.css
│ │ │ ├── style.css
│ │ │ ├── ux-all.css
│ │ │ └── xtheme-gray.css
│ │ │ ├── fonts
│ │ │ └── roboto.woff
│ │ │ ├── img
│ │ │ ├── 02.jpg
│ │ │ ├── favicon.ico
│ │ │ ├── icon_dsm_16.png
│ │ │ ├── icon_dsm_32.png
│ │ │ ├── icon_dsm_48.png
│ │ │ ├── icon_dsm_64.png
│ │ │ ├── icon_dsm_96.png
│ │ │ ├── icon_tile.png
│ │ │ └── synohdpack
│ │ │ │ └── images
│ │ │ │ ├── Components
│ │ │ │ ├── bt_dropdown.png
│ │ │ │ ├── bt_grid_dropdown.png
│ │ │ │ ├── bt_pagebar.png
│ │ │ │ ├── c_icon_general.png
│ │ │ │ ├── category_expand.png
│ │ │ │ ├── checkbox.png
│ │ │ │ ├── col-move-bottom.png
│ │ │ │ ├── date_dropdown.png
│ │ │ │ ├── date_prev_next.png
│ │ │ │ ├── dropdown_menu_parent.png
│ │ │ │ ├── dropdown_menu_tick.png
│ │ │ │ ├── fieldset_expand.png
│ │ │ │ ├── icon_advanced_search.png
│ │ │ │ ├── icon_error.png
│ │ │ │ ├── icon_filter.png
│ │ │ │ ├── icon_information.png
│ │ │ │ ├── icon_loading.gif
│ │ │ │ ├── icon_search.png
│ │ │ │ ├── icon_search_clear.png
│ │ │ │ ├── icon_success.png
│ │ │ │ ├── radio_button.png
│ │ │ │ ├── shadow_category.png
│ │ │ │ ├── shadow_footbar.png
│ │ │ │ ├── superbox_button_cancel.png
│ │ │ │ ├── tab_arrow.png
│ │ │ │ ├── tab_shadow.png
│ │ │ │ ├── tree_arrow.png
│ │ │ │ ├── trigger.png
│ │ │ │ └── trigger_date.png
│ │ │ │ ├── dsm
│ │ │ │ ├── modules
│ │ │ │ │ ├── ExternalDevices
│ │ │ │ │ │ └── images
│ │ │ │ │ │ │ └── tray_icon_device.png
│ │ │ │ │ ├── FileTaskMonitor
│ │ │ │ │ │ └── images
│ │ │ │ │ │ │ ├── tray_icon_bgtask.gif
│ │ │ │ │ │ │ ├── tray_icon_bgtask.png
│ │ │ │ │ │ │ ├── tray_icon_download.gif
│ │ │ │ │ │ │ ├── tray_icon_download.png
│ │ │ │ │ │ │ ├── tray_icon_upload.gif
│ │ │ │ │ │ │ └── tray_icon_upload.png
│ │ │ │ │ ├── PollingTask
│ │ │ │ │ │ └── images
│ │ │ │ │ │ │ └── tray_icon_disk_port.png
│ │ │ │ │ └── ThumbConvertProgress
│ │ │ │ │ │ └── images
│ │ │ │ │ │ ├── tray_icon_creating_thumbnail.gif
│ │ │ │ │ │ └── tray_icon_creating_thumbnail.png
│ │ │ │ └── resources
│ │ │ │ │ └── images
│ │ │ │ │ ├── bt_bugs.png
│ │ │ │ │ ├── bt_dsm_mobile.png
│ │ │ │ │ ├── components
│ │ │ │ │ ├── icon_error.png
│ │ │ │ │ ├── icon_image_selector.png
│ │ │ │ │ ├── status_fail.png
│ │ │ │ │ ├── status_loading.gif
│ │ │ │ │ └── status_success.png
│ │ │ │ │ ├── desktop
│ │ │ │ │ ├── add_one.png
│ │ │ │ │ ├── icon_app_category.png
│ │ │ │ │ ├── spotlight.png
│ │ │ │ │ └── taskbar_spinner.gif
│ │ │ │ │ ├── dsm5_badge_num.png
│ │ │ │ │ ├── dsm5_notification_num.png
│ │ │ │ │ ├── dsmv5_wizard_bkg_v_01.png
│ │ │ │ │ ├── dsmv5_wizard_bkg_v_02.png
│ │ │ │ │ ├── folder.png
│ │ │ │ │ ├── icon_drag_add.png
│ │ │ │ │ ├── icon_drag_ban.png
│ │ │ │ │ ├── icon_question.png
│ │ │ │ │ ├── item_drag_status.png
│ │ │ │ │ ├── login
│ │ │ │ │ ├── dark
│ │ │ │ │ │ ├── 0.png
│ │ │ │ │ │ ├── 1.png
│ │ │ │ │ │ ├── 2.png
│ │ │ │ │ │ ├── 3.png
│ │ │ │ │ │ ├── 4.png
│ │ │ │ │ │ ├── 5dot.png
│ │ │ │ │ │ ├── DSM.png
│ │ │ │ │ │ ├── beta.png
│ │ │ │ │ │ ├── copyright_2014.png
│ │ │ │ │ │ ├── copyright_2015.png
│ │ │ │ │ │ └── synology.png
│ │ │ │ │ ├── icon_phone.png
│ │ │ │ │ ├── icon_pw.png
│ │ │ │ │ ├── icon_user.png
│ │ │ │ │ ├── light
│ │ │ │ │ │ ├── 0.png
│ │ │ │ │ │ ├── 1.png
│ │ │ │ │ │ ├── 2.png
│ │ │ │ │ │ ├── 3.png
│ │ │ │ │ │ ├── 4.png
│ │ │ │ │ │ ├── 5dot.png
│ │ │ │ │ │ ├── DSM.png
│ │ │ │ │ │ ├── beta.png
│ │ │ │ │ │ ├── copyright_2014.png
│ │ │ │ │ │ ├── copyright_2015.png
│ │ │ │ │ │ └── synology.png
│ │ │ │ │ ├── login_bkg_highlight_bottom.png
│ │ │ │ │ ├── login_bkg_highlight_top.png
│ │ │ │ │ └── weather
│ │ │ │ │ │ ├── login_icon_weather_cloudy.png
│ │ │ │ │ │ ├── login_icon_weather_cold.png
│ │ │ │ │ │ ├── login_icon_weather_fog.png
│ │ │ │ │ │ ├── login_icon_weather_hail.png
│ │ │ │ │ │ ├── login_icon_weather_moon.png
│ │ │ │ │ │ ├── login_icon_weather_moon_clouds.png
│ │ │ │ │ │ ├── login_icon_weather_rain.png
│ │ │ │ │ │ ├── login_icon_weather_snow.png
│ │ │ │ │ │ ├── login_icon_weather_sun.png
│ │ │ │ │ │ ├── login_icon_weather_sun_clouds.png
│ │ │ │ │ │ ├── login_icon_weather_thunder.png
│ │ │ │ │ │ ├── login_icon_weather_tornado.png
│ │ │ │ │ │ └── login_icon_weather_windy.png
│ │ │ │ │ ├── module_list_icon
│ │ │ │ │ ├── c_icon_CMS.png
│ │ │ │ │ ├── c_icon_backup.png
│ │ │ │ │ ├── c_icon_business.png
│ │ │ │ │ ├── c_icon_community.png
│ │ │ │ │ ├── c_icon_connect.png
│ │ │ │ │ ├── c_icon_contact.png
│ │ │ │ │ ├── c_icon_directory_service.png
│ │ │ │ │ ├── c_icon_dsm_apps.png
│ │ │ │ │ ├── c_icon_expansion.png
│ │ │ │ │ ├── c_icon_external_devices.png
│ │ │ │ │ ├── c_icon_file_services.png
│ │ │ │ │ ├── c_icon_general.png
│ │ │ │ │ ├── c_icon_groups.png
│ │ │ │ │ ├── c_icon_hardware_and_power.png
│ │ │ │ │ ├── c_icon_hdd_management.png
│ │ │ │ │ ├── c_icon_hot_spare.png
│ │ │ │ │ ├── c_icon_info_center.png
│ │ │ │ │ ├── c_icon_installed.png
│ │ │ │ │ ├── c_icon_iscsi_lun.png
│ │ │ │ │ ├── c_icon_iscsi_target.png
│ │ │ │ │ ├── c_icon_login_style.png
│ │ │ │ │ ├── c_icon_media_library.png
│ │ │ │ │ ├── c_icon_network.png
│ │ │ │ │ ├── c_icon_networkmap.png
│ │ │ │ │ ├── c_icon_notifications.png
│ │ │ │ │ ├── c_icon_overview.png
│ │ │ │ │ ├── c_icon_performance.png
│ │ │ │ │ ├── c_icon_portal.png
│ │ │ │ │ ├── c_icon_privilege.png
│ │ │ │ │ ├── c_icon_process.png
│ │ │ │ │ ├── c_icon_public_access.png
│ │ │ │ │ ├── c_icon_purchases.png
│ │ │ │ │ ├── c_icon_quickconnect.png
│ │ │ │ │ ├── c_icon_raid_group.png
│ │ │ │ │ ├── c_icon_recommend.png
│ │ │ │ │ ├── c_icon_region.png
│ │ │ │ │ ├── c_icon_security.png
│ │ │ │ │ ├── c_icon_shared_folders.png
│ │ │ │ │ ├── c_icon_speed.png
│ │ │ │ │ ├── c_icon_ssd_cache.png
│ │ │ │ │ ├── c_icon_syslog.png
│ │ │ │ │ ├── c_icon_task_scheduler.png
│ │ │ │ │ ├── c_icon_terminal_and_SNMP.png
│ │ │ │ │ ├── c_icon_update_and_reset.png
│ │ │ │ │ ├── c_icon_users.png
│ │ │ │ │ ├── c_icon_utilities.png
│ │ │ │ │ ├── c_icon_volume.png
│ │ │ │ │ ├── c_icon_web_server.png
│ │ │ │ │ └── c_icon_wireless.png
│ │ │ │ │ ├── rt_button.png
│ │ │ │ │ ├── shadow_footbar.png
│ │ │ │ │ ├── taskbar
│ │ │ │ │ ├── more_apps.png
│ │ │ │ │ ├── showdesktop.png
│ │ │ │ │ ├── taskbar_bg.png
│ │ │ │ │ ├── taskbar_bt.png
│ │ │ │ │ ├── taskbar_bt_apps.png
│ │ │ │ │ ├── taskbar_bt_widgets_shadow.png
│ │ │ │ │ ├── taskbar_shadow.png
│ │ │ │ │ ├── taskbar_split.png
│ │ │ │ │ ├── tray_icon_notification.png
│ │ │ │ │ ├── tray_icon_pilot_view.png
│ │ │ │ │ ├── tray_icon_search.png
│ │ │ │ │ ├── tray_icon_user_menu.png
│ │ │ │ │ ├── tray_icon_widget.png
│ │ │ │ │ ├── user_menu_about.png
│ │ │ │ │ ├── user_menu_logout.png
│ │ │ │ │ ├── user_menu_options.png
│ │ │ │ │ ├── user_menu_restart.png
│ │ │ │ │ └── user_menu_shutdown.png
│ │ │ │ │ ├── widget_window
│ │ │ │ │ └── widget_rt_button.png
│ │ │ │ │ └── wizard_bkg_h.png
│ │ │ │ └── scrollbar
│ │ │ │ ├── scrollbar_black_h.png
│ │ │ │ ├── scrollbar_black_v.png
│ │ │ │ ├── scrollbar_white_h.png
│ │ │ │ └── scrollbar_white_v.png
│ │ │ └── js
│ │ │ └── misc.js
│ ├── soc_idh.yaml
│ ├── sostatus.sls
│ └── tools
│ │ └── sbin
│ │ ├── so-idh-restart
│ │ ├── so-idh-start
│ │ └── so-idh-stop
├── idstools
│ ├── config.sls
│ ├── defaults.yaml
│ ├── disabled.sls
│ ├── enabled.sls
│ ├── etc
│ │ ├── disable.conf
│ │ ├── enable.conf
│ │ ├── modify.conf
│ │ └── rulecat.conf
│ ├── init.sls
│ ├── map.jinja
│ ├── rules
│ │ ├── extraction.rules
│ │ ├── filters.rules
│ │ └── local.rules
│ ├── soc_idstools.yaml
│ ├── sostatus.sls
│ ├── sync_files.sls
│ └── tools
│ │ ├── sbin
│ │ ├── so-idstools-restart
│ │ ├── so-idstools-start
│ │ └── so-idstools-stop
│ │ └── sbin_jinja
│ │ └── so-rule-update
├── influxdb
│ ├── buckets.json.jinja
│ ├── config.sls
│ ├── config.yaml.jinja
│ ├── curl.config.jinja
│ ├── defaults.yaml
│ ├── disabled.sls
│ ├── enabled.sls
│ ├── init.sls
│ ├── map.jinja
│ ├── metrics_link.txt
│ ├── soc_influxdb.yaml
│ ├── sostatus.sls
│ ├── templates
│ │ ├── alarm_deadman.json
│ │ ├── alarm_high_redis_memory_usage.json
│ │ ├── alarm_logstash_eps.json
│ │ ├── alarm_low_monitor_traffic.json
│ │ ├── alarm_nsm_disk.json
│ │ ├── alarm_pcap_retention.json
│ │ ├── alarm_root_disk.json
│ │ ├── alarm_steno_packet_loss.json
│ │ ├── alarm_suricata_packet_loss.json
│ │ ├── alarm_zeek_packet_loss.json
│ │ ├── dashboard-security_onion_performance.json
│ │ ├── downsample.json
│ │ ├── variable-container.json
│ │ ├── variable-host.json
│ │ └── variable-role.json
│ └── tools
│ │ └── sbin
│ │ ├── so-influxdb-manage
│ │ ├── so-influxdb-restart
│ │ ├── so-influxdb-start
│ │ └── so-influxdb-stop
├── kafka
│ ├── ca.sls
│ ├── config.map.jinja
│ ├── config.sls
│ ├── defaults.yaml
│ ├── disabled.sls
│ ├── enabled.sls
│ ├── etc
│ │ ├── client.properties.jinja
│ │ ├── jaas.conf.jinja
│ │ ├── log4j.properties
│ │ └── server.properties.jinja
│ ├── files
│ │ └── managed_node_pillar.jinja
│ ├── init.sls
│ ├── map.jinja
│ ├── nodes.map.jinja
│ ├── nodes.sls
│ ├── reset.sls
│ ├── soc_kafka.yaml
│ ├── sostatus.sls
│ ├── ssl.sls
│ ├── storage.sls
│ └── tools
│ │ ├── sbin
│ │ ├── so-kafka-cli
│ │ └── so-kafka-config-update
│ │ └── sbin_jinja
│ │ └── so-kafka-trust
├── kibana
│ ├── config.sls
│ ├── custom
│ │ └── PUT YOU CUSTOM DASHBOARDS HERE
│ ├── defaults.yaml
│ ├── disabled.sls
│ ├── enabled.sls
│ ├── etc
│ │ └── kibana.yml.jinja
│ ├── files
│ │ ├── config_saved_objects.ndjson.jinja
│ │ ├── curl.config.template
│ │ ├── hl.ndjson
│ │ ├── live_query_fixup.sh
│ │ ├── saved_objects.ndjson
│ │ └── securitySolution_saved_objects.ndjson
│ ├── init.sls
│ ├── map.jinja
│ ├── secrets.sls
│ ├── so_config_load.sls
│ ├── so_dashboard_load.sls
│ ├── so_savedobjects_defaults.sls
│ ├── so_securitySolution_load.sls
│ ├── soc_kibana.yaml
│ ├── sostatus.sls
│ └── tools
│ │ ├── sbin
│ │ ├── so-kibana-api-check
│ │ ├── so-kibana-restart
│ │ ├── so-kibana-savedobjects-defaults
│ │ ├── so-kibana-start
│ │ └── so-kibana-stop
│ │ └── sbin_jinja
│ │ ├── so-kibana-config-export
│ │ ├── so-kibana-config-load
│ │ └── so-kibana-space-defaults
├── kratos
│ ├── config.sls
│ ├── defaults.yaml
│ ├── disabled.sls
│ ├── enabled.sls
│ ├── files
│ │ ├── kratos.yaml.jinja
│ │ ├── oidc.jsonnet
│ │ └── schema.json
│ ├── init.sls
│ ├── map.jinja
│ ├── soc_kratos.yaml
│ └── sostatus.sls
├── logrotate
│ ├── defaults.yaml
│ ├── etc
│ │ └── rotate.conf.jinja
│ ├── init.sls
│ ├── map.jinja
│ ├── soc_logrotate.yaml
│ └── tools
│ │ └── sbin
│ │ └── common-rotate
├── logstash
│ ├── config.sls
│ ├── defaults.yaml
│ ├── disabled.sls
│ ├── download.sls
│ ├── enabled.sls
│ ├── etc
│ │ ├── certs
│ │ │ └── Put.Your.Certs.Here.txt
│ │ ├── jvm.options
│ │ ├── log4j2.properties
│ │ ├── logstash.yml
│ │ └── pipelines.yml.jinja
│ ├── init.sls
│ ├── map.jinja
│ ├── pipelines
│ │ └── config
│ │ │ ├── custom
│ │ │ └── place_custom_config_in_local
│ │ │ └── so
│ │ │ ├── 0011_input_endgame.conf
│ │ │ ├── 0012_input_elastic_agent.conf.jinja
│ │ │ ├── 0013_input_lumberjack_fleet.conf
│ │ │ ├── 0800_input_kafka.conf.jinja
│ │ │ ├── 0900_input_redis.conf.jinja
│ │ │ ├── 9805_output_elastic_agent.conf.jinja
│ │ │ ├── 9806_output_lumberjack_fleet.conf.jinja
│ │ │ ├── 9900_output_endgame.conf.jinja
│ │ │ └── 9999_output_redis.conf.jinja
│ ├── soc_logstash.yaml
│ ├── sostatus.sls
│ └── tools
│ │ └── sbin
│ │ ├── so-logstash-events
│ │ ├── so-logstash-pipeline-stats
│ │ ├── so-logstash-restart
│ │ ├── so-logstash-start
│ │ └── so-logstash-stop
├── manager
│ ├── defaults.yaml
│ ├── elasticsearch.sls
│ ├── files
│ │ ├── add_minion.sh
│ │ ├── mirror.txt
│ │ ├── repodownload.conf
│ │ └── so-api.py
│ ├── glue.py
│ ├── init.sls
│ ├── kibana.sls
│ ├── managed_soc_annotations.sls
│ ├── map.jinja
│ ├── soc_manager.yaml
│ ├── sync_es_users.sls
│ └── tools
│ │ ├── sbin
│ │ ├── so-allow
│ │ ├── so-client
│ │ ├── so-deny
│ │ ├── so-docker-refresh
│ │ ├── so-elastic-auth-password-reset
│ │ ├── so-elasticagent-status
│ │ ├── so-firewall
│ │ ├── so-firewall-minion
│ │ ├── so-minion
│ │ ├── so-repo-sync
│ │ ├── so-saltstack-update
│ │ ├── so-user
│ │ ├── so-yaml.py
│ │ ├── so-yaml_test.py
│ │ └── soup
│ │ └── sbin_jinja
│ │ └── so-elastic-fleet-reset
├── motd
│ ├── files
│ │ └── so_motd.jinja
│ └── init.sls
├── nginx
│ ├── config.sls
│ ├── defaults.yaml
│ ├── disabled.sls
│ ├── enabled.sls
│ ├── etc
│ │ └── nginx.conf
│ ├── files
│ │ └── navigator_config.json
│ ├── init.sls
│ ├── map.jinja
│ ├── soc_nginx.yaml
│ ├── sostatus.sls
│ ├── ssl
│ │ ├── ssl.crt
│ │ └── ssl.key
│ └── tools
│ │ └── sbin
│ │ ├── so-nginx-restart
│ │ ├── so-nginx-start
│ │ └── so-nginx-stop
├── ntp
│ ├── chrony.conf
│ ├── config.map.jinja
│ ├── defaults.yaml
│ ├── init.sls
│ └── soc_ntp.yaml
├── orch
│ ├── container_download.sls
│ └── deploy_newnode.sls
├── patch
│ ├── defaults.yaml
│ ├── needs_restarting.sls
│ ├── os
│ │ ├── init.sls
│ │ ├── schedule.sls
│ │ └── schedules
│ │ │ ├── example_schedule.yml
│ │ │ └── map.jinja
│ └── soc_patch.yaml
├── pcap
│ ├── config.map.jinja
│ ├── config.sls
│ ├── defaults.yaml
│ ├── disabled.sls
│ ├── enabled.sls
│ ├── files
│ │ └── config.jinja
│ ├── init.sls
│ ├── soc_pcap.yaml
│ ├── sostatus.sls
│ └── tools
│ │ └── sbin
│ │ ├── so-pcap-export
│ │ ├── so-pcap-restart
│ │ ├── so-pcap-start
│ │ └── so-pcap-stop
├── pipeline
│ └── load.sls
├── podman
│ ├── files
│ │ ├── podman.service
│ │ ├── podman.socket
│ │ └── sobridge.conflist
│ └── init.sls
├── reactor
│ └── zeek.sls
├── redis
│ ├── config.sls
│ ├── defaults.yaml
│ ├── disabled.sls
│ ├── enabled.sls
│ ├── etc
│ │ └── redis.conf.jinja
│ ├── init.sls
│ ├── map.jinja
│ ├── soc_redis.yaml
│ ├── sostatus.sls
│ └── tools
│ │ ├── sbin
│ │ ├── so-redis-restart
│ │ ├── so-redis-start
│ │ └── so-redis-stop
│ │ └── sbin_jinja
│ │ └── so-redis-count
├── registry
│ ├── config.sls
│ ├── defaults.yaml
│ ├── disabled.sls
│ ├── enabled.sls
│ ├── etc
│ │ └── config.yml
│ ├── init.sls
│ ├── map.jinja
│ ├── soc_registry.yaml
│ └── sostatus.sls
├── repo
│ └── client
│ │ ├── files
│ │ └── oracle
│ │ │ ├── keys
│ │ │ ├── MariaDB-Server-GPG-KEY
│ │ │ ├── RPM-GPG-KEY-EPEL-9
│ │ │ ├── RPM-GPG-KEY-oracle
│ │ │ ├── SALT-PROJECT-GPG-PUBKEY-2023.pub
│ │ │ ├── docker.pub
│ │ │ └── securityonion.pub
│ │ │ └── yum.conf.jinja
│ │ ├── init.sls
│ │ ├── map.jinja
│ │ └── oracle.sls
├── salt
│ ├── beacons.sls
│ ├── engines
│ │ └── master
│ │ │ ├── checkmine.py
│ │ │ └── pillarWatch.py
│ ├── etc
│ │ └── minion.d
│ │ │ └── mine_functions.conf.jinja
│ ├── files
│ │ ├── beacons.conf.jinja
│ │ └── engines.conf
│ ├── init.sls
│ ├── lasthighstate.sls
│ ├── map.jinja
│ ├── master.defaults.yaml
│ ├── master.sls
│ ├── master
│ │ └── mine_update_highstate.sls
│ ├── mine_functions.sls
│ ├── minion-check.sls
│ ├── minion-state-apply-test.sls
│ ├── minion.defaults.yaml
│ ├── minion.sls
│ ├── module_packages
│ │ └── docker
│ │ │ ├── certifi-2024.7.4-py3-none-any.whl
│ │ │ ├── charset_normalizer-3.3.2-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
│ │ │ ├── docker-7.1.0-py3-none-any.whl
│ │ │ ├── idna-3.7-py3-none-any.whl
│ │ │ ├── requests-2.32.3-py3-none-any.whl
│ │ │ └── urllib3-2.2.2-py3-none-any.whl
│ ├── patch
│ │ └── x509_v2
│ │ │ └── init.sls
│ ├── python_modules.sls
│ ├── scripts
│ │ └── bootstrap-salt.sh
│ └── service
│ │ └── salt-minion.service.jinja
├── schedule.sls
├── sensor
│ ├── files
│ │ └── 99-so-checksum-offload-disable
│ ├── init.sls
│ └── soc_sensor.yaml
├── sensoroni
│ ├── config.sls
│ ├── defaults.yaml
│ ├── disabled.sls
│ ├── enabled.sls
│ ├── files
│ │ ├── analyzers
│ │ │ ├── README.md
│ │ │ ├── build.sh
│ │ │ ├── echotrail
│ │ │ │ ├── README.md
│ │ │ │ ├── echotrail.json
│ │ │ │ ├── echotrail.py
│ │ │ │ ├── echotrail.yaml
│ │ │ │ ├── echotrail_test.py
│ │ │ │ ├── requirements.txt
│ │ │ │ └── source-packages
│ │ │ │ │ ├── PyYAML-6.0.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
│ │ │ │ │ ├── certifi-2023.11.17-py3-none-any.whl
│ │ │ │ │ ├── charset_normalizer-3.4.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
│ │ │ │ │ ├── idna-3.6-py3-none-any.whl
│ │ │ │ │ ├── requests-2.31.0-py3-none-any.whl
│ │ │ │ │ └── urllib3-2.1.0-py3-none-any.whl
│ │ │ ├── elasticsearch
│ │ │ │ ├── README.md
│ │ │ │ ├── elasticsearch.json
│ │ │ │ ├── elasticsearch.py
│ │ │ │ ├── elasticsearch.yaml
│ │ │ │ ├── elasticsearch_test.py
│ │ │ │ ├── requirements.txt
│ │ │ │ └── source-packages
│ │ │ │ │ ├── PyYAML-6.0.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
│ │ │ │ │ ├── certifi-2023.11.17-py3-none-any.whl
│ │ │ │ │ ├── charset_normalizer-3.4.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
│ │ │ │ │ ├── idna-3.6-py3-none-any.whl
│ │ │ │ │ ├── requests-2.31.0-py3-none-any.whl
│ │ │ │ │ └── urllib3-2.1.0-py3-none-any.whl
│ │ │ ├── emailrep
│ │ │ │ ├── README.md
│ │ │ │ ├── __init__.py
│ │ │ │ ├── emailrep.json
│ │ │ │ ├── emailrep.py
│ │ │ │ ├── emailrep.yaml
│ │ │ │ ├── emailrep_test.py
│ │ │ │ ├── requirements.txt
│ │ │ │ └── source-packages
│ │ │ │ │ ├── PyYAML-6.0.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
│ │ │ │ │ ├── certifi-2023.5.7-py3-none-any.whl
│ │ │ │ │ ├── charset_normalizer-3.4.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
│ │ │ │ │ ├── idna-3.4-py3-none-any.whl
│ │ │ │ │ ├── requests-2.31.0-py3-none-any.whl
│ │ │ │ │ └── urllib3-2.0.3-py3-none-any.whl
│ │ │ ├── greynoise
│ │ │ │ ├── README.md
│ │ │ │ ├── __init__.py
│ │ │ │ ├── greynoise.json
│ │ │ │ ├── greynoise.py
│ │ │ │ ├── greynoise.yaml
│ │ │ │ ├── greynoise_test.py
│ │ │ │ ├── requirements.txt
│ │ │ │ └── source-packages
│ │ │ │ │ ├── PyYAML-6.0.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
│ │ │ │ │ ├── certifi-2023.5.7-py3-none-any.whl
│ │ │ │ │ ├── charset_normalizer-3.4.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
│ │ │ │ │ ├── idna-3.4-py3-none-any.whl
│ │ │ │ │ ├── requests-2.31.0-py3-none-any.whl
│ │ │ │ │ └── urllib3-2.0.3-py3-none-any.whl
│ │ │ ├── helpers.py
│ │ │ ├── helpers_test.py
│ │ │ ├── localfile
│ │ │ │ ├── README.md
│ │ │ │ ├── __init__.py
│ │ │ │ ├── localfile.json
│ │ │ │ ├── localfile.py
│ │ │ │ ├── localfile.yaml
│ │ │ │ ├── localfile_test.csv
│ │ │ │ ├── localfile_test.py
│ │ │ │ ├── requirements.txt
│ │ │ │ └── source-packages
│ │ │ │ │ ├── PyYAML-6.0.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
│ │ │ │ │ ├── certifi-2023.5.7-py3-none-any.whl
│ │ │ │ │ ├── charset_normalizer-3.4.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
│ │ │ │ │ ├── idna-3.4-py3-none-any.whl
│ │ │ │ │ ├── requests-2.31.0-py3-none-any.whl
│ │ │ │ │ └── urllib3-2.0.3-py3-none-any.whl
│ │ │ ├── malwarebazaar
│ │ │ │ ├── README.md
│ │ │ │ ├── __init__.py
│ │ │ │ ├── malwarebazaar.json
│ │ │ │ ├── malwarebazaar.py
│ │ │ │ ├── malwarebazaar_test.py
│ │ │ │ ├── requirements.txt
│ │ │ │ └── source-packages
│ │ │ │ │ ├── PyYAML-6.0.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
│ │ │ │ │ ├── certifi-2023.11.17-py3-none-any.whl
│ │ │ │ │ ├── charset_normalizer-3.4.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
│ │ │ │ │ ├── idna-3.6-py3-none-any.whl
│ │ │ │ │ ├── requests-2.31.0-py3-none-any.whl
│ │ │ │ │ └── urllib3-2.1.0-py3-none-any.whl
│ │ │ ├── malwarehashregistry
│ │ │ │ ├── README.md
│ │ │ │ ├── __init__.py
│ │ │ │ ├── malwarehashregistry.json
│ │ │ │ ├── malwarehashregistry.py
│ │ │ │ ├── malwarehashregistry_test.py
│ │ │ │ ├── requirements.txt
│ │ │ │ └── source-packages
│ │ │ │ │ ├── certifi-2023.5.7-py3-none-any.whl
│ │ │ │ │ ├── charset_normalizer-3.4.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
│ │ │ │ │ ├── idna-3.4-py3-none-any.whl
│ │ │ │ │ ├── python_dateutil-2.9.0.post0-py2.py3-none-any.whl
│ │ │ │ │ ├── python_whois-0.9.5-py3-none-any.whl
│ │ │ │ │ ├── requests-2.31.0-py3-none-any.whl
│ │ │ │ │ ├── six-1.17.0-py2.py3-none-any.whl
│ │ │ │ │ └── urllib3-2.0.3-py3-none-any.whl
│ │ │ ├── otx
│ │ │ │ ├── README.md
│ │ │ │ ├── __init__.py
│ │ │ │ ├── otx.json
│ │ │ │ ├── otx.py
│ │ │ │ ├── otx.yaml
│ │ │ │ ├── otx_test.py
│ │ │ │ ├── requirements.txt
│ │ │ │ └── source-packages
│ │ │ │ │ ├── PyYAML-6.0.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
│ │ │ │ │ ├── certifi-2023.5.7-py3-none-any.whl
│ │ │ │ │ ├── charset_normalizer-3.4.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
│ │ │ │ │ ├── idna-3.4-py3-none-any.whl
│ │ │ │ │ ├── requests-2.31.0-py3-none-any.whl
│ │ │ │ │ └── urllib3-2.0.3-py3-none-any.whl
│ │ │ ├── pulsedive
│ │ │ │ ├── README.md
│ │ │ │ ├── __init__.py
│ │ │ │ ├── pulsedive.json
│ │ │ │ ├── pulsedive.py
│ │ │ │ ├── pulsedive.yaml
│ │ │ │ ├── pulsedive_test.py
│ │ │ │ ├── requirements.txt
│ │ │ │ └── source-packages
│ │ │ │ │ ├── PyYAML-6.0.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
│ │ │ │ │ ├── certifi-2023.5.7-py3-none-any.whl
│ │ │ │ │ ├── charset_normalizer-3.4.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
│ │ │ │ │ ├── idna-3.4-py3-none-any.whl
│ │ │ │ │ ├── requests-2.31.0-py3-none-any.whl
│ │ │ │ │ └── urllib3-2.0.3-py3-none-any.whl
│ │ │ ├── spamhaus
│ │ │ │ ├── __init__.py
│ │ │ │ ├── requirements.txt
│ │ │ │ ├── source-packages
│ │ │ │ │ ├── PyYAML-6.0.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
│ │ │ │ │ └── dnspython-2.3.0-py3-none-any.whl
│ │ │ │ ├── spamhaus.json
│ │ │ │ ├── spamhaus.py
│ │ │ │ ├── spamhaus.yaml
│ │ │ │ └── spamhaus_test.py
│ │ │ ├── sublime
│ │ │ │ ├── README.md
│ │ │ │ ├── __init__.py
│ │ │ │ ├── requirements.txt
│ │ │ │ ├── source-packages
│ │ │ │ │ ├── PyYAML-6.0.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
│ │ │ │ │ ├── certifi-2023.5.7-py3-none-any.whl
│ │ │ │ │ ├── charset_normalizer-3.4.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
│ │ │ │ │ ├── idna-3.4-py3-none-any.whl
│ │ │ │ │ ├── requests-2.31.0-py3-none-any.whl
│ │ │ │ │ └── urllib3-2.0.3-py3-none-any.whl
│ │ │ │ ├── sublime.json
│ │ │ │ ├── sublime.py
│ │ │ │ ├── sublime.yaml
│ │ │ │ └── sublime_test.py
│ │ │ ├── threatfox
│ │ │ │ ├── README.md
│ │ │ │ ├── requirements.txt
│ │ │ │ ├── source-packages
│ │ │ │ │ ├── PyYAML-6.0.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
│ │ │ │ │ ├── certifi-2023.11.17-py3-none-any.whl
│ │ │ │ │ ├── charset_normalizer-3.4.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
│ │ │ │ │ ├── idna-3.6-py3-none-any.whl
│ │ │ │ │ ├── requests-2.31.0-py3-none-any.whl
│ │ │ │ │ └── urllib3-2.1.0-py3-none-any.whl
│ │ │ │ ├── threatfox.json
│ │ │ │ ├── threatfox.py
│ │ │ │ └── threatfox_test.py
│ │ │ ├── urlhaus
│ │ │ │ ├── __init__.py
│ │ │ │ ├── requirements.txt
│ │ │ │ ├── source-packages
│ │ │ │ │ ├── PyYAML-6.0.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
│ │ │ │ │ ├── certifi-2023.5.7-py3-none-any.whl
│ │ │ │ │ ├── charset_normalizer-3.4.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
│ │ │ │ │ ├── idna-3.4-py3-none-any.whl
│ │ │ │ │ ├── requests-2.31.0-py3-none-any.whl
│ │ │ │ │ └── urllib3-2.0.3-py3-none-any.whl
│ │ │ │ ├── urlhaus.json
│ │ │ │ ├── urlhaus.py
│ │ │ │ └── urlhaus_test.py
│ │ │ ├── urlscan
│ │ │ │ ├── README.md
│ │ │ │ ├── __init__.py
│ │ │ │ ├── requirements.txt
│ │ │ │ ├── source-packages
│ │ │ │ │ ├── PyYAML-6.0.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
│ │ │ │ │ ├── certifi-2023.5.7-py3-none-any.whl
│ │ │ │ │ ├── charset_normalizer-3.4.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
│ │ │ │ │ ├── idna-3.4-py3-none-any.whl
│ │ │ │ │ ├── requests-2.31.0-py3-none-any.whl
│ │ │ │ │ └── urllib3-2.0.3-py3-none-any.whl
│ │ │ │ ├── urlscan.json
│ │ │ │ ├── urlscan.py
│ │ │ │ ├── urlscan.yaml
│ │ │ │ └── urlscan_test.py
│ │ │ ├── virustotal
│ │ │ │ ├── README.md
│ │ │ │ ├── __init__.py
│ │ │ │ ├── requirements.txt
│ │ │ │ ├── source-packages
│ │ │ │ │ ├── PyYAML-6.0.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
│ │ │ │ │ ├── certifi-2023.5.7-py3-none-any.whl
│ │ │ │ │ ├── charset_normalizer-3.4.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
│ │ │ │ │ ├── idna-3.4-py3-none-any.whl
│ │ │ │ │ ├── requests-2.31.0-py3-none-any.whl
│ │ │ │ │ └── urllib3-2.0.3-py3-none-any.whl
│ │ │ │ ├── virustotal.json
│ │ │ │ ├── virustotal.py
│ │ │ │ ├── virustotal.yaml
│ │ │ │ └── virustotal_test.py
│ │ │ └── whoislookup
│ │ │ │ ├── __init__.py
│ │ │ │ ├── requirements.txt
│ │ │ │ ├── source-packages
│ │ │ │ ├── certifi-2023.5.7-py3-none-any.whl
│ │ │ │ ├── charset_normalizer-3.4.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
│ │ │ │ ├── idna-3.4-py3-none-any.whl
│ │ │ │ ├── python_dateutil-2.8.2-py2.py3-none-any.whl
│ │ │ │ ├── requests-2.31.0-py3-none-any.whl
│ │ │ │ ├── setuptools-80.1.0-py3-none-any.whl
│ │ │ │ ├── six-1.16.0-py2.py3-none-any.whl
│ │ │ │ ├── typing_extensions-4.6.3-py3-none-any.whl
│ │ │ │ ├── urllib3-2.0.3-py3-none-any.whl
│ │ │ │ └── whoisit-2.7.0.tar.gz
│ │ │ │ ├── whoislookup.json
│ │ │ │ ├── whoislookup.py
│ │ │ │ └── whoislookup_test.py
│ │ └── sensoroni.json
│ ├── init.sls
│ ├── map.jinja
│ ├── soc_sensoroni.yaml
│ ├── sostatus.sls
│ └── tools
│ │ └── sbin
│ │ ├── so-sensoroni-restart
│ │ ├── so-sensoroni-start
│ │ └── so-sensoroni-stop
├── setup
│ └── highstate_cron.sls
├── soc
│ ├── config.sls
│ ├── defaults.map.jinja
│ ├── defaults.yaml
│ ├── disabled.sls
│ ├── enabled.sls
│ ├── files
│ │ ├── bin
│ │ │ └── salt-relay.sh
│ │ └── soc
│ │ │ ├── analytics.js
│ │ │ ├── banner.md
│ │ │ ├── custom.js
│ │ │ ├── custom_roles
│ │ │ ├── detections_custom_repo_template_readme.jinja
│ │ │ ├── motd.md
│ │ │ ├── sigma_final_pipeline.yaml
│ │ │ ├── sigma_so_pipeline.yaml
│ │ │ ├── so-detections-backup.py
│ │ │ ├── so-detections-backup_test.py
│ │ │ └── soc.json.jinja
│ ├── init.sls
│ ├── merged.map.jinja
│ ├── soc_soc.yaml
│ ├── sostatus.sls
│ └── tools
│ │ └── sbin
│ │ ├── so-detections-runtime-status
│ │ ├── so-soc-restart
│ │ ├── so-soc-start
│ │ └── so-soc-stop
├── ssl
│ ├── init.sls
│ └── remove.sls
├── stig
│ ├── defaults.yaml
│ ├── disabled.sls
│ ├── enabled.sls
│ ├── files
│ │ └── sos-oscap.xml
│ ├── init.sls
│ ├── map.jinja
│ ├── schedule.sls
│ └── soc_stig.yaml
├── strelka
│ ├── backend
│ │ ├── config.sls
│ │ ├── disabled.sls
│ │ ├── enabled.sls
│ │ ├── files
│ │ │ ├── backend.yaml.jinja
│ │ │ ├── logging.yaml.jinja
│ │ │ ├── passwords.dat.jinja
│ │ │ └── taste
│ │ │ │ └── taste.yara
│ │ ├── init.sls
│ │ └── sostatus.sls
│ ├── compile_yara
│ │ └── compile_yara.py
│ ├── config.sls
│ ├── coordinator
│ │ ├── config.sls
│ │ ├── disabled.sls
│ │ ├── enabled.sls
│ │ ├── init.sls
│ │ └── sostatus.sls
│ ├── defaults.yaml
│ ├── filecheck
│ │ ├── filecheck
│ │ └── filecheck.yaml.jinja
│ ├── filestream
│ │ ├── config.sls
│ │ ├── disabled.sls
│ │ ├── enabled.sls
│ │ ├── files
│ │ │ └── filestream.yaml.jinja
│ │ ├── init.sls
│ │ └── sostatus.sls
│ ├── frontend
│ │ ├── config.sls
│ │ ├── disabled.sls
│ │ ├── enabled.sls
│ │ ├── files
│ │ │ └── frontend.yaml.jinja
│ │ ├── init.sls
│ │ └── sostatus.sls
│ ├── gatekeeper
│ │ ├── config.sls
│ │ ├── disabled.sls
│ │ ├── enabled.sls
│ │ ├── init.sls
│ │ └── sostatus.sls
│ ├── init.sls
│ ├── manager.sls
│ ├── manager
│ │ ├── config.sls
│ │ ├── disabled.sls
│ │ ├── enabled.sls
│ │ ├── files
│ │ │ └── manager.yaml.jinja
│ │ ├── init.sls
│ │ └── sostatus.sls
│ ├── map.jinja
│ ├── rules
│ │ └── compiled
│ │ │ └── DO.NOT.TOUCH
│ ├── soc_strelka.yaml
│ └── tools
│ │ └── sbin
│ │ ├── so-strelka-restart
│ │ ├── so-strelka-start
│ │ └── so-strelka-stop
├── suricata
│ ├── classification
│ │ └── classification.config
│ ├── config.sls
│ ├── cron
│ │ ├── so-suricata-eve-clean
│ │ └── surilogcompress
│ ├── defaults.yaml
│ ├── disabled.sls
│ ├── enabled.sls
│ ├── files
│ │ ├── suricata.yaml.jinja
│ │ └── threshold.conf.jinja
│ ├── init.sls
│ ├── manager.sls
│ ├── map.jinja
│ ├── pcap.sls
│ ├── soc_suricata.yaml
│ ├── sostatus.sls
│ ├── suricata_mdengine.yaml
│ ├── thresholding
│ │ └── sids.yaml
│ └── tools
│ │ ├── sbin
│ │ ├── so-suricata-reload-rules
│ │ ├── so-suricata-restart
│ │ ├── so-suricata-start
│ │ └── so-suricata-stop
│ │ └── sbin_jinja
│ │ └── so-suricata-testrule
├── systemd
│ └── reload.sls
├── tcpreplay
│ └── init.sls
├── telegraf
│ ├── config.sls
│ ├── defaults.yaml
│ ├── disabled.sls
│ ├── enabled.sls
│ ├── etc
│ │ └── telegraf.conf
│ ├── init.sls
│ ├── map.jinja
│ ├── node_config.json.jinja
│ ├── scripts
│ │ ├── agentstatus.sh
│ │ ├── checkfiles.sh
│ │ ├── eps.sh
│ │ ├── esindexsize.sh
│ │ ├── features.sh
│ │ ├── influxdbsize.sh
│ │ ├── lasthighstate.sh
│ │ ├── oldpcap.sh
│ │ ├── os.sh
│ │ ├── raid.sh
│ │ ├── redis.sh
│ │ ├── sostatus.sh
│ │ ├── stenoloss.sh
│ │ ├── suriloss.sh
│ │ ├── zeekcaptureloss.sh
│ │ └── zeekloss.sh
│ ├── soc_telegraf.yaml
│ ├── sostatus.sls
│ └── tools
│ │ └── sbin
│ │ ├── so-telegraf-restart
│ │ ├── so-telegraf-start
│ │ └── so-telegraf-stop
├── top.sls
├── utility
│ ├── bin
│ │ └── eval
│ └── init.sls
├── vars
│ ├── desktop.map.jinja
│ ├── elasticsearch.map.jinja
│ ├── eval.map.jinja
│ ├── fleet.map.jinja
│ ├── globals.map.jinja
│ ├── heavynode.map.jinja
│ ├── idh.map.jinja
│ ├── import.map.jinja
│ ├── init.map.jinja
│ ├── logstash.map.jinja
│ ├── manager.map.jinja
│ ├── managersearch.map.jinja
│ ├── receiver.map.jinja
│ ├── searchnode.map.jinja
│ ├── sensor.map.jinja
│ └── standalone.map.jinja
├── versionlock
│ ├── defaults.yaml
│ ├── init.sls
│ ├── map.jinja
│ └── soc_versionlock.yaml
└── zeek
│ ├── config.map.jinja
│ ├── config.sls
│ ├── cron
│ ├── packetloss.sh
│ └── zeek_clean
│ ├── defaults.yaml
│ ├── disabled.sls
│ ├── enabled.sls
│ ├── files
│ ├── local.zeek.jinja
│ ├── networks.cfg.jinja
│ ├── node.cfg.jinja
│ └── zeekctl.cfg.jinja
│ ├── init.sls
│ ├── policy
│ ├── custom
│ │ ├── README
│ │ └── filters
│ │ │ └── conn
│ ├── cve-2020-0601
│ │ ├── COPYING
│ │ ├── __load__.zeek
│ │ └── cve-2020-0601.zeek
│ ├── intel
│ │ ├── __load__.zeek
│ │ └── intel.dat
│ └── securityonion
│ │ ├── add-interface-to-logs.bro
│ │ ├── apt1
│ │ ├── __load__.zeek
│ │ ├── apt1-certs.dat
│ │ ├── apt1-fqdn.dat
│ │ └── apt1-md5.dat
│ │ ├── bpfconf.zeek
│ │ ├── community-id-extended.zeek
│ │ ├── communityid.zeek
│ │ ├── conn-add-sensorname.bro
│ │ ├── file-extraction
│ │ ├── __load__.zeek
│ │ └── extract.zeek
│ │ └── json-logs
│ │ └── __load__.bro
│ ├── soc_zeek.yaml
│ ├── sostatus.sls
│ └── tools
│ └── sbin
│ ├── so-zeek-restart
│ ├── so-zeek-start
│ ├── so-zeek-stats
│ └── so-zeek-stop
├── setup
├── files
│ └── intel.dat
├── install_scripts
│ └── 99-so-checksum-offload-disable
├── public_keys
│ └── salt.pem
├── so-functions
├── so-preflight
├── so-setup
├── so-variables
├── so-verify
└── so-whiptail
├── sigs
├── securityonion-2.4.10-20230815.iso.sig
├── securityonion-2.4.10-20230821.iso.sig
├── securityonion-2.4.100-20240829.iso.sig
├── securityonion-2.4.100-20240903.iso.sig
├── securityonion-2.4.110-20241004.iso.sig
├── securityonion-2.4.110-20241010.iso.sig
├── securityonion-2.4.111-20241217.iso.sig
├── securityonion-2.4.120-20250212.iso.sig
├── securityonion-2.4.130-20250311.iso.sig
├── securityonion-2.4.140-20250324.iso.sig
├── securityonion-2.4.141-20250331.iso.sig
├── securityonion-2.4.150-20250512.iso.sig
├── securityonion-2.4.150-20250522.iso.sig
├── securityonion-2.4.160-20250625.iso.sig
├── securityonion-2.4.20-20231006.iso.sig
├── securityonion-2.4.20-20231012.iso.sig
├── securityonion-2.4.30-20231113.iso.sig
├── securityonion-2.4.30-20231117.iso.sig
├── securityonion-2.4.30-20231121.iso.sig
├── securityonion-2.4.30-20231204.iso.sig
├── securityonion-2.4.30-20231219.iso.sig
├── securityonion-2.4.30-20231228.iso.sig
├── securityonion-2.4.40-20240116.iso.sig
├── securityonion-2.4.5-20230807.iso.sig
├── securityonion-2.4.50-20240220.iso.sig
├── securityonion-2.4.60-20240320.iso.sig
├── securityonion-2.4.70-20240529.iso.sig
├── securityonion-2.4.80-20240624.iso.sig
└── securityonion-2.4.90-20240729.iso.sig
├── so-desktop-install
├── so-setup-network
└── tests
└── validation.sh
/.github/ISSUE_TEMPLATE/config.yml:
--------------------------------------------------------------------------------
1 | blank_issues_enabled: false
2 | contact_links:
3 | - name: Security Onion Discussions
4 | url: https://securityonion.com/discussions
5 | about: Please ask and answer questions here
6 |
--------------------------------------------------------------------------------
/.github/workflows/leaktest.yml:
--------------------------------------------------------------------------------
1 | name: leak-test
2 |
3 | on: [pull_request]
4 |
5 | jobs:
6 | build:
7 | runs-on: ubuntu-latest
8 |
9 | steps:
10 | - uses: actions/checkout@v2
11 | with:
12 | fetch-depth: '0'
13 |
14 | - name: Gitleaks
15 | uses: gitleaks/gitleaks-action@v1.6.0
16 | with:
17 | config-path: .github/.gitleaks.toml
18 |
--------------------------------------------------------------------------------
/HOTFIX:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/HOTFIX
--------------------------------------------------------------------------------
/VERSION:
--------------------------------------------------------------------------------
1 | 2.4.160
2 |
--------------------------------------------------------------------------------
/assets/images/screenshots/alerts.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/assets/images/screenshots/alerts.png
--------------------------------------------------------------------------------
/assets/images/screenshots/analyzers/echotrail.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/assets/images/screenshots/analyzers/echotrail.png
--------------------------------------------------------------------------------
/assets/images/screenshots/analyzers/elasticsearch.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/assets/images/screenshots/analyzers/elasticsearch.png
--------------------------------------------------------------------------------
/assets/images/screenshots/analyzers/sublime.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/assets/images/screenshots/analyzers/sublime.png
--------------------------------------------------------------------------------
/assets/images/screenshots/cases-comments.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/assets/images/screenshots/cases-comments.png
--------------------------------------------------------------------------------
/assets/images/screenshots/dashboards.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/assets/images/screenshots/dashboards.png
--------------------------------------------------------------------------------
/assets/images/screenshots/hunt.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/assets/images/screenshots/hunt.png
--------------------------------------------------------------------------------
/assets/images/verified-commit-1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/assets/images/verified-commit-1.png
--------------------------------------------------------------------------------
/files/firewall/ports/ports.local.yaml:
--------------------------------------------------------------------------------
1 | firewall:
2 | ports:
3 |
--------------------------------------------------------------------------------
/files/salt/master/salt-master.service:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=The Salt Master Server
3 | Documentation=man:salt-master(1) file:///usr/share/doc/salt/html/contents.html https://docs.saltstack.com/en/latest/contents.html
4 | After=network.target
5 |
6 | [Service]
7 | LimitNOFILE=100000
8 | Type=notify
9 | NotifyAccess=all
10 | ExecStart=/usr/bin/salt-master
11 | Restart=always
12 |
13 | [Install]
14 | WantedBy=multi-user.target
--------------------------------------------------------------------------------
/pillar/elasticsearch/eval.sls:
--------------------------------------------------------------------------------
1 | elasticsearch:
2 | templates:
3 |
--------------------------------------------------------------------------------
/pillar/elasticsearch/index_templates.sls:
--------------------------------------------------------------------------------
1 | elasticsearch:
2 | index_settings:
3 |
--------------------------------------------------------------------------------
/pillar/elasticsearch/manager.sls:
--------------------------------------------------------------------------------
1 | elasticsearch:
2 | templates:
3 |
--------------------------------------------------------------------------------
/pillar/elasticsearch/search.sls:
--------------------------------------------------------------------------------
1 | elasticsearch:
2 | templates:
3 |
--------------------------------------------------------------------------------
/pillar/firewall/addfirewall.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 |
3 | # This script adds ip addresses to specific rule sets defined by the user
4 | local_salt_dir=/opt/so/saltstack/local
5 | POLICY=$1
6 | IPADDRESS=$2
7 |
8 | if grep -q $2 "$local_salt_dir/pillar/firewall/$1.sls"; then
9 | echo "Firewall Rule Already There"
10 | else
11 | echo " - $2" >> $local_salt_dir/pillar/firewall/$1.sls
12 | salt-call state.apply firewall queue=True
13 | fi
--------------------------------------------------------------------------------
/pillar/healthcheck/eval.sls:
--------------------------------------------------------------------------------
1 | healthcheck:
2 | enabled: False
3 | schedule: 300
4 | checks:
5 | - zeek
6 |
--------------------------------------------------------------------------------
/pillar/healthcheck/sensor.sls:
--------------------------------------------------------------------------------
1 | healthcheck:
2 | enabled: False
3 | schedule: 300
4 | checks:
5 | - zeek
6 |
--------------------------------------------------------------------------------
/pillar/healthcheck/standalone.sls:
--------------------------------------------------------------------------------
1 | healthcheck:
2 | enabled: False
3 | schedule: 300
4 | checks:
5 | - zeek
6 |
--------------------------------------------------------------------------------
/pillar/kafka/nodes.sls:
--------------------------------------------------------------------------------
1 | kafka:
2 | nodes:
--------------------------------------------------------------------------------
/pillar/logstash/init.sls:
--------------------------------------------------------------------------------
1 | logstash:
2 | docker_options:
3 | port_bindings:
4 | - 0.0.0.0:3765:3765
5 | - 0.0.0.0:5044:5044
6 | - 0.0.0.0:5055:5055
7 | - 0.0.0.0:5056:5056
8 | - 0.0.0.0:5644:5644
9 | - 0.0.0.0:6050:6050
10 | - 0.0.0.0:6051:6051
11 | - 0.0.0.0:6052:6052
12 | - 0.0.0.0:6053:6053
13 | - 0.0.0.0:9600:9600
14 |
--------------------------------------------------------------------------------
/pillar/patch/needs_restarting.sls:
--------------------------------------------------------------------------------
1 | mine_functions:
2 | needs_restarting.check: []
3 |
--------------------------------------------------------------------------------
/pillar/zeek/init.sls:
--------------------------------------------------------------------------------
1 | zeek:
2 |
--------------------------------------------------------------------------------
/salt/backup/defaults.yaml:
--------------------------------------------------------------------------------
1 | backup:
2 | locations:
3 | - /opt/so/saltstack/local
4 | - /etc/pki
5 | - /etc/salt
6 | - /nsm/kratos
7 | - /nsm/hydra
8 | destination: "/nsm/backup"
--------------------------------------------------------------------------------
/salt/backup/map.jinja:
--------------------------------------------------------------------------------
1 | {% import_yaml 'backup/defaults.yaml' as BACKUP_DEFAULTS %}
2 | {% set BACKUP_MERGED = salt['pillar.get']('backup', BACKUP_DEFAULTS.backup, merge=true, merge_nested_lists=true) %}
3 |
--------------------------------------------------------------------------------
/salt/backup/soc_backup.yaml:
--------------------------------------------------------------------------------
1 | backup:
2 | locations:
3 | description: List of locations to back up to the destination.
4 | helpLink: backup.html
5 | global: True
6 | destination:
7 | description: Directory to store the configuration backups in.
8 | helpLink: backup.html
9 | global: True
10 |
--------------------------------------------------------------------------------
/salt/bpf/defaults.yaml:
--------------------------------------------------------------------------------
1 | bpf:
2 | pcap: []
3 | suricata: []
4 | zeek: []
5 |
--------------------------------------------------------------------------------
/salt/bpf/macros.jinja:
--------------------------------------------------------------------------------
1 | {% macro remove_comments(bpfmerged, app) %}
2 |
3 | {# remove comments from the bpf #}
4 | {% for bpf in bpfmerged[app] %}
5 | {% if bpf.strip().startswith('#') %}
6 | {% do bpfmerged[app].pop(loop.index0) %}
7 | {% endif %}
8 | {% endfor %}
9 |
10 | {% endmacro %}
11 |
--------------------------------------------------------------------------------
/salt/bpf/suricata.map.jinja:
--------------------------------------------------------------------------------
1 | {% import_yaml 'bpf/defaults.yaml' as BPFDEFAULTS %}
2 | {% set BPFMERGED = salt['pillar.get']('bpf', BPFDEFAULTS.bpf, merge=True) %}
3 | {% import 'bpf/macros.jinja' as MACROS %}
4 |
5 | {{ MACROS.remove_comments(BPFMERGED, 'suricata') }}
6 |
7 | {% set SURICATABPF = BPFMERGED.suricata %}
8 |
--------------------------------------------------------------------------------
/salt/bpf/zeek.map.jinja:
--------------------------------------------------------------------------------
1 | {% import_yaml 'bpf/defaults.yaml' as BPFDEFAULTS %}
2 | {% set BPFMERGED = salt['pillar.get']('bpf', BPFDEFAULTS.bpf, merge=True) %}
3 | {% import 'bpf/macros.jinja' as MACROS %}
4 |
5 | {{ MACROS.remove_comments(BPFMERGED, 'zeek') }}
6 |
7 | {% set ZEEKBPF = BPFMERGED.zeek %}
8 |
--------------------------------------------------------------------------------
/salt/ca/dirs.sls:
--------------------------------------------------------------------------------
1 | pki_issued_certs:
2 | file.directory:
3 | - name: /etc/pki/issued_certs
4 | - makedirs: True
5 |
--------------------------------------------------------------------------------
/salt/ca/remove.sls:
--------------------------------------------------------------------------------
1 | pki_private_key:
2 | file.absent:
3 | - name: /etc/pki/ca.key
4 |
5 | pki_public_ca_crt:
6 | file.absent:
7 | - name: /etc/pki/ca.crt
8 |
--------------------------------------------------------------------------------
/salt/common/files/99-reserved-ports.conf:
--------------------------------------------------------------------------------
1 | net.ipv4.ip_local_reserved_ports=55000,57314,47760-47860
--------------------------------------------------------------------------------
/salt/common/files/daemon.json:
--------------------------------------------------------------------------------
1 | {
2 | "registry-mirrors": [
3 | "https://:5000"
4 | ],
5 | "bip": "172.17.0.1/24",
6 | "default-address-pools": [
7 | {
8 | "base": "172.17.0.0/24",
9 | "size": 24
10 | }
11 | ]
12 | }
13 |
--------------------------------------------------------------------------------
/salt/common/files/soversion:
--------------------------------------------------------------------------------
1 | {%- set VERSION = salt['pillar.get']('global:soversion') -%}
2 | {{ VERSION }}
3 |
--------------------------------------------------------------------------------
/salt/common/files/vimrc:
--------------------------------------------------------------------------------
1 | " Activates filetype detection
2 | filetype plugin indent on
3 |
4 | " Sets .sls files to use YAML syntax highlighting
5 | autocmd BufNewFile,BufRead *.sls set syntax=yaml
6 |
--------------------------------------------------------------------------------
/salt/common/tools/sbin/so-pcap-import:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #
3 | # Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
4 | # or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
5 | # https://securityonion.net/license; you may not use this file except in compliance with the
6 | # Elastic License 2.0.
7 |
8 |
9 |
10 | $(dirname $0)/so-import-pcap $@
11 |
--------------------------------------------------------------------------------
/salt/cron/dead.sls:
--------------------------------------------------------------------------------
1 | {% from "cron/map.jinja" import cronmap %}
2 |
3 | crond_service:
4 | service.dead:
5 | - name: {{ cronmap.service }}
6 | - enable: True
7 |
--------------------------------------------------------------------------------
/salt/cron/map.jinja:
--------------------------------------------------------------------------------
1 | {% set cronmap = salt['grains.filter_by']({
2 | 'Debian': {
3 | 'service': 'cron',
4 | },
5 | 'RedHat': {
6 | 'service': 'crond',
7 | },
8 | }) %}
9 |
--------------------------------------------------------------------------------
/salt/cron/running.sls:
--------------------------------------------------------------------------------
1 | {% from "cron/map.jinja" import cronmap %}
2 |
3 | crond_service:
4 | service.running:
5 | - name: {{ cronmap.service }}
6 | - enable: True
7 | - unless: pgrep soup
8 |
--------------------------------------------------------------------------------
/salt/desktop/files/00-background:
--------------------------------------------------------------------------------
1 | # Specify the dconf path
2 | [org/gnome/desktop/background]
3 |
4 | # Specify the path to the desktop background image file
5 | picture-uri='file:///usr/local/share/backgrounds/so-wallpaper.jpg'
6 |
7 | # Specify one of the rendering options for the background image:
8 | picture-options='zoom'
9 |
--------------------------------------------------------------------------------
/salt/desktop/files/session.jinja:
--------------------------------------------------------------------------------
1 | # This file is managed by Salt in the desktop.xwindows state
2 | # It will not be overwritten if it already exists
3 |
4 | [User]
5 | Session=gnome-classic
6 | Icon=/home/{{USERNAME}}/.face
7 | SystemAccount=false
8 |
--------------------------------------------------------------------------------
/salt/desktop/files/so-lockscreen.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/desktop/files/so-lockscreen.jpg
--------------------------------------------------------------------------------
/salt/desktop/files/so-wallpaper.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/desktop/files/so-wallpaper.jpg
--------------------------------------------------------------------------------
/salt/desktop/init.sls:
--------------------------------------------------------------------------------
1 | include:
2 | - desktop.xwindows
3 | {# If the master is 'salt' then the minion hasn't been configured and isn't connected to the grid. #}
4 | {# We need this since the trusted-ca state uses mine data. #}
5 | {% if grains.master != 'salt' %}
6 | - desktop.trusted-ca
7 | {% endif %}
8 |
--------------------------------------------------------------------------------
/salt/docker/files/iptables-disabled.conf:
--------------------------------------------------------------------------------
1 | [Service]
2 | ExecStart=
3 | ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --iptables=false
4 |
--------------------------------------------------------------------------------
/salt/elastalert/files/custom/placeholder:
--------------------------------------------------------------------------------
1 | THIS IS A PLACEHOLDER FILE
--------------------------------------------------------------------------------
/salt/elastalert/files/elastalert_config.yaml.jinja:
--------------------------------------------------------------------------------
1 | {{ elastalert_config | yaml(False) }}
2 |
--------------------------------------------------------------------------------
/salt/elastalert/files/predefined/jira_auth.yaml:
--------------------------------------------------------------------------------
1 | {% if elastalert.get('jira_user', '') | length > 0 and elastalert.get('jira_pass', '') | length > 0 %}
2 | user: {{ elastalert.jira_user }}
3 | password: {{ elastalert.jira_pass }}
4 | {% else %}
5 | apikey: {{ elastalert.get('jira_api_key', '') }}
6 | {% endif %}
--------------------------------------------------------------------------------
/salt/elastalert/files/predefined/smtp_auth.yaml:
--------------------------------------------------------------------------------
1 | user: {{ elastalert.get('smtp_user', '') }}
2 | password: {{ elastalert.get('smtp_pass', '') }}
3 |
--------------------------------------------------------------------------------
/salt/elastic-fleet-package-registry/defaults.yaml:
--------------------------------------------------------------------------------
1 | elastic_fleet_package_registry:
2 | enabled: False
3 |
--------------------------------------------------------------------------------
/salt/elastic-fleet-package-registry/soc_elastic-fleet-package-registry.yaml:
--------------------------------------------------------------------------------
1 | elastic_fleet_package_registry:
2 | enabled:
3 | description: Enables or disables the Fleet package registry process. This process must remain enabled to allow Elastic Agent packages to be updated.
4 | advanced: True
5 |
--------------------------------------------------------------------------------
/salt/elasticagent/defaults.yaml:
--------------------------------------------------------------------------------
1 | elasticagent:
2 | enabled: False
--------------------------------------------------------------------------------
/salt/elasticagent/soc_elasticagent.yaml:
--------------------------------------------------------------------------------
1 | elasticagent:
2 | enabled:
3 | description: Enables or disables the Elastic Agent process. This process must remain enabled to allow collection of node events.
4 | advanced: True
5 |
--------------------------------------------------------------------------------
/salt/elasticfleet/files/certs/placeholder:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/elasticfleet/files/certs/placeholder
--------------------------------------------------------------------------------
/salt/elasticfleet/files/so_agent-installers/readme:
--------------------------------------------------------------------------------
1 | SO-Generated installers will be found under Salt local
2 |
3 |
--------------------------------------------------------------------------------
/salt/elasticfleet/files/soc/elastic-defend-disabled-filters.yaml:
--------------------------------------------------------------------------------
1 | '9EDAA51C-BB12-49D9-8748-2B61371F2E7D':
2 | Date: '10/10/2024'
3 | Notes: 'Example Disabled Filter - Leave this entry here, just copy and paste as needed.'
--------------------------------------------------------------------------------
/salt/elasticsearch/base-template.json.jinja:
--------------------------------------------------------------------------------
1 | {{ TEMPLATE_CONFIG | tojson(true) }}
2 |
--------------------------------------------------------------------------------
/salt/elasticsearch/files/curl.config.template:
--------------------------------------------------------------------------------
1 | user = "{{ salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', 'NO_USER_SET') }}:{{ salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', 'NO_PW_SET') }}"
2 |
--------------------------------------------------------------------------------
/salt/elasticsearch/files/elasticsearch.yaml.jinja:
--------------------------------------------------------------------------------
1 | {{ ESCONFIG | yaml(False) }}
2 |
--------------------------------------------------------------------------------
/salt/elasticsearch/files/ingest/beats.common:
--------------------------------------------------------------------------------
1 | {
2 | "description" : "beats.common",
3 | "processors" : [
4 | { "pipeline": { "if": "ctx.winlog?.channel == 'Microsoft-Windows-Sysmon/Operational'", "name": "sysmon" } },
5 | { "pipeline": { "if": "ctx.winlog?.channel != 'Microsoft-Windows-Sysmon/Operational' && ctx.containsKey('winlog')", "name":"win.eventlogs" } },
6 | { "pipeline": { "name": "common" } }
7 | ]
8 | }
--------------------------------------------------------------------------------
/salt/elasticsearch/files/ingest/kismet.ad_hoc:
--------------------------------------------------------------------------------
1 | {
2 | "processors": [
3 | {
4 | "rename": {
5 | "field": "message2.kismet_device_base_macaddr",
6 | "target_field": "network.wireless.bssid"
7 | }
8 | }
9 | ]
10 | }
--------------------------------------------------------------------------------
/salt/elasticsearch/files/ingest/kismet.bridged:
--------------------------------------------------------------------------------
1 | {
2 | "processors": [
3 | {
4 | "rename": {
5 | "field": "message2.kismet_device_base_macaddr",
6 | "target_field": "client.mac"
7 | }
8 | },
9 | {
10 | "rename": {
11 | "field": "message2.dot11_device.dot11_device_last_bssid",
12 | "target_field": "network.wireless.bssid"
13 | }
14 | }
15 | ]
16 | }
--------------------------------------------------------------------------------
/salt/elasticsearch/files/ingest/kismet.device:
--------------------------------------------------------------------------------
1 | {
2 | "processors": [
3 | {
4 | "pipeline": {
5 | "name": "kismet.client"
6 | }
7 | }
8 | ]
9 | }
--------------------------------------------------------------------------------
/salt/elasticsearch/files/ingest/kismet.wds:
--------------------------------------------------------------------------------
1 | {
2 | "processors": [
3 | {
4 | "rename": {
5 | "field": "message2.kismet_device_base_macaddr",
6 | "target_field": "client.mac"
7 | }
8 | }
9 | ]
10 | }
--------------------------------------------------------------------------------
/salt/elasticsearch/files/ingest/suricata.dnp3:
--------------------------------------------------------------------------------
1 | {
2 | "description" : "suricata.dnp3",
3 | "processors" : [
4 | { "rename": { "field": "message2.proto", "target_field": "network.transport", "ignore_missing": true } },
5 | { "rename": { "field": "message2.app_proto", "target_field": "network.protocol", "ignore_missing": true } },
6 | { "pipeline": { "name": "common" } }
7 | ]
8 | }
9 |
--------------------------------------------------------------------------------
/salt/elasticsearch/files/ingest/suricata.nfs:
--------------------------------------------------------------------------------
1 | {
2 | "description" : "suricata.nfs",
3 | "processors" : [
4 | { "rename": { "field": "message2.proto", "target_field": "network.transport", "ignore_missing": true } },
5 | { "rename": { "field": "message2.app_proto", "target_field": "network.protocol", "ignore_missing": true } },
6 | { "pipeline": { "name": "common" } }
7 | ]
8 | }
9 |
--------------------------------------------------------------------------------
/salt/elasticsearch/files/ingest/suricata.sip:
--------------------------------------------------------------------------------
1 | {
2 | "description" : "suricata.sip",
3 | "processors" : [
4 | { "rename": { "field": "message2.proto", "target_field": "network.transport", "ignore_missing": true } },
5 | { "rename": { "field": "message2.app_proto", "target_field": "network.protocol", "ignore_missing": true } },
6 | { "pipeline": { "name": "common" } }
7 | ]
8 | }
9 |
--------------------------------------------------------------------------------
/salt/elasticsearch/templates/component/elastic-agent/logs-soc@package.json:
--------------------------------------------------------------------------------
1 | {
2 | "template": {},
3 | "_meta": {
4 | "package": {
5 | "name": "log"
6 | },
7 | "managed_by": "fleet",
8 | "managed": true
9 | }
10 | }
--------------------------------------------------------------------------------
/salt/elasticsearch/templates/component/elastic-agent/logs@custom.json:
--------------------------------------------------------------------------------
1 | {
2 | "template": {
3 | "settings": {
4 | "index": {
5 | "number_of_replicas": "0"
6 | }
7 | }
8 | }
9 | }
--------------------------------------------------------------------------------
/salt/elasticsearch/templates/component/elastic-agent/metrics@custom.json:
--------------------------------------------------------------------------------
1 | {
2 | "template": {
3 | "settings": {
4 | "index": {
5 | "number_of_replicas": "0"
6 | }
7 | }
8 | }
9 | }
--------------------------------------------------------------------------------
/salt/elasticsearch/templates/component/so/case-settings.json:
--------------------------------------------------------------------------------
1 | {
2 | "template": {},
3 | "version": 1,
4 | "_meta": {
5 | "description": "default settings for common Security Onion Cases indices"
6 | }
7 | }
--------------------------------------------------------------------------------
/salt/elasticsearch/templates/component/so/common-settings.json:
--------------------------------------------------------------------------------
1 | {
2 | "template": {},
3 | "version": 1,
4 | "_meta": {
5 | "description": "default settings for common Security Onion indices"
6 | }
7 | }
--------------------------------------------------------------------------------
/salt/elasticsearch/templates/component/so/detection-settings.json:
--------------------------------------------------------------------------------
1 | {
2 | "template": {},
3 | "version": 1,
4 | "_meta": {
5 | "description": "default settings for common Security Onion Detections indices"
6 | }
7 | }
--------------------------------------------------------------------------------
/salt/elasticsearch/templates/index/custom/place_custom_template_in_local:
--------------------------------------------------------------------------------
1 | # Reference /usr/share/logstash/pipeline.custom/templates/YOURTEMPLATE.json
2 | # For custom logstash templates, they should be placed in /opt/so/saltstack/local/salt/logstash/pipelines/templates/custom/
3 |
--------------------------------------------------------------------------------
/salt/elasticsearch/tools/sbin/so-elasticsearch-wait:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | . /usr/sbin/so-common
4 |
5 | wait_for_web_response "https://localhost:9200/_cat/indices/.kibana*" "green open" 300 "curl -K /opt/so/conf/elasticsearch/curl.config"
6 |
--------------------------------------------------------------------------------
/salt/global/defaults.yaml:
--------------------------------------------------------------------------------
1 | global:
2 | pcapengine: STENO
3 | pipeline: REDIS
--------------------------------------------------------------------------------
/salt/global/map.jinja:
--------------------------------------------------------------------------------
1 | {% import_yaml 'global/defaults.yaml' as GLOBALDEFAULTS %}
2 | {% set GLOBALMERGED = salt['pillar.get']('global', GLOBALDEFAULTS.global, merge=True) %}
3 |
--------------------------------------------------------------------------------
/salt/host/soc_host.yaml:
--------------------------------------------------------------------------------
1 | host:
2 | mainint:
3 | description: Main interface of the grid host.
4 | helpLink: host.html
5 | mainip:
6 | description: Main IP address of the grid host.
7 | helpLink: host.html
--------------------------------------------------------------------------------
/salt/hydra/files/hydra.yaml.jinja:
--------------------------------------------------------------------------------
1 | {{ HYDRAMERGED.config | yaml(false) }}
2 |
--------------------------------------------------------------------------------
/salt/idh/idh.conf.jinja:
--------------------------------------------------------------------------------
1 | {{ OPENCANARYCONFIG | tojson(True) | replace("_x_", ".") }}
2 |
--------------------------------------------------------------------------------
/salt/idh/skins/http/custom/basicCustomLogin/403.html:
--------------------------------------------------------------------------------
1 | <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
2 | <html><head>
3 | <title>403 Forbidden</title>
4 | </head><body>
5 | <h1>Forbidden</h1>
6 | <p>You don't have permission to access [[URL]]
7 | on this server.</p>
8 | <hr>
9 | <address>[[BANNER]] Server</address>
10 | </body></html>
11 |
--------------------------------------------------------------------------------
/salt/idh/skins/http/custom/basicCustomLogin/404.html:
--------------------------------------------------------------------------------
1 | <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
2 | <html><head>
3 | <title>404 Not Found</title>
4 | </head><body>
5 | <h1>Not Found</h1>
6 | <p>The requested URL [[URL]] was not found on this server.</p>
7 | <hr>
8 | <address>[[BANNER]] Server</address>
9 | </body></html>
10 |
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/basicLogin/403.html:
--------------------------------------------------------------------------------
1 | <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
2 | <html><head>
3 | <title>403 Forbidden</title>
4 | </head><body>
5 | <h1>Forbidden</h1>
6 | <p>You don't have permission to access [[URL]]
7 | on this server.</p>
8 | <hr>
9 | <address>[[BANNER]] Server</address>
10 | </body></html>
11 |
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/basicLogin/404.html:
--------------------------------------------------------------------------------
1 | <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
2 | <html><head>
3 | <title>404 Not Found</title>
4 | </head><body>
5 | <h1>Not Found</h1>
6 | <p>The requested URL [[URL]] was not found on this server.</p>
7 | <hr>
8 | <address>[[BANNER]] Server</address>
9 | </body></html>
10 |
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/403.html:
--------------------------------------------------------------------------------
1 | <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
2 | <html><head>
3 | <title>403 Forbidden</title>
4 | </head><body>
5 | <h1>Forbidden</h1>
6 | <p>You don't have permission to access [[URL]]
7 | on this server.</p>
8 | <hr>
9 | <address>[[BANNER]] Server</address>
10 | </body></html>
11 |
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/404.html:
--------------------------------------------------------------------------------
1 | <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
2 | <html><head>
3 | <title>404 Not Found</title>
4 | </head><body>
5 | <h1>Not Found</h1>
6 | <p>The requested URL [[URL]] was not found on this server.</p>
7 | <hr>
8 | <address>[[BANNER]] Server</address>
9 | </body></html>
10 |
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/fonts/roboto.woff:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/fonts/roboto.woff
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/02.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/02.jpg
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/favicon.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/favicon.ico
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/icon_dsm_16.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/icon_dsm_16.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/icon_dsm_32.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/icon_dsm_32.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/icon_dsm_48.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/icon_dsm_48.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/icon_dsm_64.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/icon_dsm_64.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/icon_dsm_96.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/icon_dsm_96.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/icon_tile.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/icon_tile.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/bt_dropdown.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/bt_dropdown.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/bt_grid_dropdown.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/bt_grid_dropdown.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/bt_pagebar.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/bt_pagebar.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/c_icon_general.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/c_icon_general.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/category_expand.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/category_expand.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/checkbox.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/checkbox.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/col-move-bottom.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/col-move-bottom.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/date_dropdown.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/date_dropdown.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/date_prev_next.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/date_prev_next.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/dropdown_menu_parent.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/dropdown_menu_parent.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/dropdown_menu_tick.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/dropdown_menu_tick.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/fieldset_expand.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/fieldset_expand.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/icon_advanced_search.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/icon_advanced_search.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/icon_error.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/icon_error.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/icon_filter.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/icon_filter.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/icon_information.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/icon_information.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/icon_loading.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/icon_loading.gif
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/icon_search.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/icon_search.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/icon_search_clear.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/icon_search_clear.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/icon_success.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/icon_success.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/radio_button.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/radio_button.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/shadow_category.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/shadow_category.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/shadow_footbar.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/shadow_footbar.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/superbox_button_cancel.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/superbox_button_cancel.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/tab_arrow.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/tab_arrow.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/tab_shadow.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/tab_shadow.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/tree_arrow.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/tree_arrow.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/trigger.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/trigger.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/trigger_date.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/Components/trigger_date.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/modules/ExternalDevices/images/tray_icon_device.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/modules/ExternalDevices/images/tray_icon_device.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/modules/FileTaskMonitor/images/tray_icon_bgtask.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/modules/FileTaskMonitor/images/tray_icon_bgtask.gif
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/modules/FileTaskMonitor/images/tray_icon_bgtask.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/modules/FileTaskMonitor/images/tray_icon_bgtask.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/modules/FileTaskMonitor/images/tray_icon_download.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/modules/FileTaskMonitor/images/tray_icon_download.gif
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/modules/FileTaskMonitor/images/tray_icon_download.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/modules/FileTaskMonitor/images/tray_icon_download.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/modules/FileTaskMonitor/images/tray_icon_upload.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/modules/FileTaskMonitor/images/tray_icon_upload.gif
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/modules/FileTaskMonitor/images/tray_icon_upload.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/modules/FileTaskMonitor/images/tray_icon_upload.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/modules/PollingTask/images/tray_icon_disk_port.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/modules/PollingTask/images/tray_icon_disk_port.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/modules/ThumbConvertProgress/images/tray_icon_creating_thumbnail.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/modules/ThumbConvertProgress/images/tray_icon_creating_thumbnail.gif
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/modules/ThumbConvertProgress/images/tray_icon_creating_thumbnail.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/modules/ThumbConvertProgress/images/tray_icon_creating_thumbnail.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/bt_bugs.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/bt_bugs.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/bt_dsm_mobile.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/bt_dsm_mobile.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/components/icon_error.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/components/icon_error.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/components/icon_image_selector.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/components/icon_image_selector.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/components/status_fail.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/components/status_fail.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/components/status_loading.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/components/status_loading.gif
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/components/status_success.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/components/status_success.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/desktop/add_one.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/desktop/add_one.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/desktop/icon_app_category.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/desktop/icon_app_category.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/desktop/spotlight.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/desktop/spotlight.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/desktop/taskbar_spinner.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/desktop/taskbar_spinner.gif
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/dsm5_badge_num.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/dsm5_badge_num.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/dsm5_notification_num.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/dsm5_notification_num.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/dsmv5_wizard_bkg_v_01.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/dsmv5_wizard_bkg_v_01.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/dsmv5_wizard_bkg_v_02.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/dsmv5_wizard_bkg_v_02.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/folder.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/folder.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/icon_drag_add.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/icon_drag_add.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/icon_drag_ban.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/icon_drag_ban.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/icon_question.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/icon_question.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/item_drag_status.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/item_drag_status.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/dark/0.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/dark/0.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/dark/1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/dark/1.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/dark/2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/dark/2.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/dark/3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/dark/3.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/dark/4.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/dark/4.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/dark/5dot.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/dark/5dot.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/dark/DSM.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/dark/DSM.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/dark/beta.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/dark/beta.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/dark/copyright_2014.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/dark/copyright_2014.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/dark/copyright_2015.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/dark/copyright_2015.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/dark/synology.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/dark/synology.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/icon_phone.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/icon_phone.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/icon_pw.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/icon_pw.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/icon_user.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/icon_user.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/light/0.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/light/0.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/light/1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/light/1.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/light/2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/light/2.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/light/3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/light/3.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/light/4.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/light/4.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/light/5dot.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/light/5dot.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/light/DSM.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/light/DSM.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/light/beta.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/light/beta.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/light/copyright_2014.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/light/copyright_2014.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/light/copyright_2015.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/light/copyright_2015.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/light/synology.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/light/synology.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/login_bkg_highlight_bottom.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/login_bkg_highlight_bottom.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/login_bkg_highlight_top.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/login_bkg_highlight_top.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/weather/login_icon_weather_cloudy.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/weather/login_icon_weather_cloudy.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/weather/login_icon_weather_cold.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/weather/login_icon_weather_cold.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/weather/login_icon_weather_fog.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/weather/login_icon_weather_fog.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/weather/login_icon_weather_hail.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/weather/login_icon_weather_hail.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/weather/login_icon_weather_moon.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/weather/login_icon_weather_moon.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/weather/login_icon_weather_moon_clouds.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/weather/login_icon_weather_moon_clouds.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/weather/login_icon_weather_rain.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/weather/login_icon_weather_rain.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/weather/login_icon_weather_snow.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/weather/login_icon_weather_snow.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/weather/login_icon_weather_sun.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/weather/login_icon_weather_sun.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/weather/login_icon_weather_sun_clouds.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/weather/login_icon_weather_sun_clouds.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/weather/login_icon_weather_thunder.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/weather/login_icon_weather_thunder.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/weather/login_icon_weather_tornado.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/weather/login_icon_weather_tornado.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/weather/login_icon_weather_windy.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/login/weather/login_icon_weather_windy.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_CMS.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_CMS.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_backup.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_backup.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_business.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_business.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_community.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_community.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_connect.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_connect.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_contact.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_contact.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_directory_service.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_directory_service.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_dsm_apps.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_dsm_apps.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_expansion.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_expansion.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_external_devices.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_external_devices.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_file_services.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_file_services.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_general.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_general.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_groups.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_groups.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_hardware_and_power.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_hardware_and_power.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_hdd_management.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_hdd_management.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_hot_spare.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_hot_spare.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_info_center.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_info_center.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_installed.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_installed.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_iscsi_lun.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_iscsi_lun.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_iscsi_target.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_iscsi_target.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_login_style.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_login_style.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_media_library.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_media_library.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_network.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_network.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_networkmap.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_networkmap.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_notifications.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_notifications.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_overview.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_overview.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_performance.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_performance.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_portal.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_portal.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_privilege.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_privilege.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_process.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_process.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_public_access.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_public_access.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_purchases.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_purchases.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_quickconnect.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_quickconnect.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_raid_group.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_raid_group.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_recommend.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_recommend.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_region.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_region.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_security.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_security.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_shared_folders.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_shared_folders.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_speed.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_speed.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_ssd_cache.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_ssd_cache.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_syslog.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_syslog.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_task_scheduler.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_task_scheduler.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_terminal_and_SNMP.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_terminal_and_SNMP.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_update_and_reset.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_update_and_reset.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_users.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_users.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_utilities.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_utilities.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_volume.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_volume.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_web_server.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_web_server.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_wireless.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/module_list_icon/c_icon_wireless.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/rt_button.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/rt_button.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/shadow_footbar.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/shadow_footbar.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/taskbar/more_apps.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/taskbar/more_apps.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/taskbar/showdesktop.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/taskbar/showdesktop.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/taskbar/taskbar_bg.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/taskbar/taskbar_bg.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/taskbar/taskbar_bt.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/taskbar/taskbar_bt.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/taskbar/taskbar_bt_apps.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/taskbar/taskbar_bt_apps.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/taskbar/taskbar_bt_widgets_shadow.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/taskbar/taskbar_bt_widgets_shadow.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/taskbar/taskbar_shadow.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/taskbar/taskbar_shadow.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/taskbar/taskbar_split.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/taskbar/taskbar_split.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/taskbar/tray_icon_notification.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/taskbar/tray_icon_notification.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/taskbar/tray_icon_pilot_view.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/taskbar/tray_icon_pilot_view.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/taskbar/tray_icon_search.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/taskbar/tray_icon_search.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/taskbar/tray_icon_user_menu.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/taskbar/tray_icon_user_menu.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/taskbar/tray_icon_widget.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/taskbar/tray_icon_widget.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/taskbar/user_menu_about.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/taskbar/user_menu_about.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/taskbar/user_menu_logout.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/taskbar/user_menu_logout.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/taskbar/user_menu_options.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/taskbar/user_menu_options.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/taskbar/user_menu_restart.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/taskbar/user_menu_restart.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/taskbar/user_menu_shutdown.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/taskbar/user_menu_shutdown.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/widget_window/widget_rt_button.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/widget_window/widget_rt_button.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/wizard_bkg_h.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/dsm/resources/images/wizard_bkg_h.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/scrollbar/scrollbar_black_h.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/scrollbar/scrollbar_black_h.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/scrollbar/scrollbar_black_v.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/scrollbar/scrollbar_black_v.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/scrollbar/scrollbar_white_h.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/scrollbar/scrollbar_white_h.png
--------------------------------------------------------------------------------
/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/scrollbar/scrollbar_white_v.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/idh/skins/http/opencanary/nasLogin/static/img/synohdpack/images/scrollbar/scrollbar_white_v.png
--------------------------------------------------------------------------------
/salt/idstools/defaults.yaml:
--------------------------------------------------------------------------------
1 | idstools:
2 | enabled: False
3 | config:
4 | urls: []
5 | ruleset: ETOPEN
6 | oinkcode: ""
7 | sids:
8 | enabled: []
9 | disabled: []
10 | modify: []
11 |
--------------------------------------------------------------------------------
/salt/idstools/etc/modify.conf:
--------------------------------------------------------------------------------
1 | {%- set modify_sids = salt['pillar.get']('idstools:sids:modify', {}) -%}
2 | # idstools-rulecat - modify.conf
3 |
4 | # Format: <sid> "<from>" "<to>"
5 |
6 | # Example changing the seconds for rule 2019401 to 3600.
7 | #2019401 "seconds \d+" "seconds 3600"
8 | {%- if modify_sids != None %}
9 | {%- for sid in modify_sids %}
10 | {{ sid }}
11 | {%- endfor %}
12 | {%- endif %}
--------------------------------------------------------------------------------
/salt/idstools/rules/local.rules:
--------------------------------------------------------------------------------
1 | # Add your custom Suricata rules in this file.
--------------------------------------------------------------------------------
/salt/influxdb/buckets.json.jinja:
--------------------------------------------------------------------------------
1 | {{ INFLUXMERGED.buckets | json }}
--------------------------------------------------------------------------------
/salt/influxdb/config.yaml.jinja:
--------------------------------------------------------------------------------
1 | {{ INFLUXMERGED.config | yaml(false) }}
--------------------------------------------------------------------------------
/salt/influxdb/curl.config.jinja:
--------------------------------------------------------------------------------
1 | header = "Authorization: Token {{ salt['pillar.get']('influxdb:token') }}"
2 |
--------------------------------------------------------------------------------
/salt/influxdb/metrics_link.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/influxdb/metrics_link.txt
--------------------------------------------------------------------------------
/salt/kafka/files/managed_node_pillar.jinja:
--------------------------------------------------------------------------------
1 | kafka:
2 | nodes:
3 | {% for node, values in COMBINED_KAFKANODES.items() %}
4 | {{ node }}:
5 | ip: {{ values['ip'] }}
6 | nodeid: {{ values['nodeid'] }}
7 | {%- if values['role'] != none %}
8 | role: {{ values['role'] }}
9 | {%- endif %}
10 | {% endfor %}
--------------------------------------------------------------------------------
/salt/kafka/reset.sls:
--------------------------------------------------------------------------------
1 | # Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
2 | # or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
3 | # https://securityonion.net/license; you may not use this file except in compliance with the
4 | # Elastic License 2.0.
5 |
6 | wipe_kafka_data:
7 | file.absent:
8 | - name: /nsm/kafka/data/
9 | - force: True
--------------------------------------------------------------------------------
/salt/kibana/custom/PUT YOU CUSTOM DASHBOARDS HERE:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/kibana/custom/PUT YOU CUSTOM DASHBOARDS HERE
--------------------------------------------------------------------------------
/salt/kibana/etc/kibana.yml.jinja:
--------------------------------------------------------------------------------
1 | {{ KIBANACONFIG | yaml(False) }}
2 |
--------------------------------------------------------------------------------
/salt/kibana/files/curl.config.template:
--------------------------------------------------------------------------------
1 | user = "{{ salt['pillar.get']('elasticsearch:auth:users:so_kibana_user:user', 'NO_USER_SET') }}:{{ salt['pillar.get']('elasticsearch:auth:users:so_kibana_user:pass', 'NO_PW_SET') }}"
2 |
--------------------------------------------------------------------------------
/salt/kibana/files/securitySolution_saved_objects.ndjson:
--------------------------------------------------------------------------------
1 | {"attributes": {"securitySolution:defaultIndex": ["apm-*-transaction*", "traces-apm*", "auditbeat-*", "endgame-*", "filebeat-*", "logs-*", "packetbeat-*", "winlogbeat-*", "*:so-*"]}}
2 |
--------------------------------------------------------------------------------
/salt/kratos/files/kratos.yaml.jinja:
--------------------------------------------------------------------------------
1 | {{ KRATOSMERGED.config | yaml(false) }}
2 |
--------------------------------------------------------------------------------
/salt/kratos/files/oidc.jsonnet:
--------------------------------------------------------------------------------
1 | local claims = std.extVar('claims');
2 | {
3 | identity: {
4 | traits: {
5 | email: if 'email' in claims then claims.email else claims.preferred_username
6 | },
7 | },
8 | }
--------------------------------------------------------------------------------
/salt/logrotate/etc/rotate.conf.jinja:
--------------------------------------------------------------------------------
1 | {%- for file, opts in CONFIG.items() %}
2 | {{ file | replace("_x_", ".")}}
3 | {
4 | {%- for opt in opts %}
5 | {{ opt }}
6 | {%- endfor %}
7 | }
8 | {%- endfor %}
9 |
--------------------------------------------------------------------------------
/salt/logrotate/tools/sbin/common-rotate:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | /usr/sbin/logrotate -f /opt/so/conf/logrotate/common-rotate.conf > /dev/null 2>&1
3 |
--------------------------------------------------------------------------------
/salt/logstash/etc/certs/Put.Your.Certs.Here.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/logstash/etc/certs/Put.Your.Certs.Here.txt
--------------------------------------------------------------------------------
/salt/logstash/etc/jvm.options:
--------------------------------------------------------------------------------
1 | -Dlog4j2.formatMsgNoLookups=true
2 |
--------------------------------------------------------------------------------
/salt/logstash/etc/logstash.yml:
--------------------------------------------------------------------------------
1 | {{ LOGSTASH_MERGED.config | yaml(False) | replace("_x_", ".") }}
2 |
--------------------------------------------------------------------------------
/salt/logstash/etc/pipelines.yml.jinja:
--------------------------------------------------------------------------------
1 | {%- for assigned_pipeline in ASSIGNED_PIPELINES %}
2 | - pipeline.id: {{ assigned_pipeline }}
3 | path.config: "/usr/share/logstash/pipelines/{{ assigned_pipeline }}/"
4 | {% endfor -%}
5 |
--------------------------------------------------------------------------------
/salt/logstash/pipelines/config/custom/place_custom_config_in_local:
--------------------------------------------------------------------------------
1 | # For custom logstash configs, they should be placed in /opt/so/saltstack/local/salt/logstash/pipelines/config/custom/
2 |
--------------------------------------------------------------------------------
/salt/manager/defaults.yaml:
--------------------------------------------------------------------------------
1 | manager:
2 | reposync:
3 | enabled: True
4 | hour: 3
5 | minute: 0
6 | additionalCA: ''
7 | insecureSkipVerify: False
8 |
--------------------------------------------------------------------------------
/salt/manager/elasticsearch.sls:
--------------------------------------------------------------------------------
1 | elastic_curl_config_distributed:
2 | file.managed:
3 | - name: /opt/so/saltstack/local/salt/elasticsearch/curl.config
4 | - source: salt://elasticsearch/files/curl.config.template
5 | - template: jinja
6 | - mode: 640
7 | - show_changes: False
8 |
--------------------------------------------------------------------------------
/salt/manager/files/add_minion.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 |
3 | # This script adds pillar and schedule files securely
4 | local_salt_dir=/opt/so/saltstack/local
5 | MINION=$1
6 |
7 | echo "Adding $1"
8 | cp /tmp/$MINION/pillar/$MINION.sls $local_salt_dir/pillar/minions/
9 | if [ "$(ls -A /tmp/$MINION/schedules/)" ]; then
10 | cp /tmp/$MINION/schedules/* $local_salt_dir/salt/patch/os/schedules/
11 | fi
12 | rm -rf /tmp/$MINION
--------------------------------------------------------------------------------
/salt/manager/files/mirror.txt:
--------------------------------------------------------------------------------
1 | https://repo.securityonion.net/file/so-repo/prod/2.4/oracle/9
2 | https://repo-alt.securityonion.net/prod/2.4/oracle/9
--------------------------------------------------------------------------------
/salt/manager/files/repodownload.conf:
--------------------------------------------------------------------------------
1 | [main]
2 | gpgcheck=1
3 | installonly_limit=3
4 | clean_requirements_on_remove=True
5 | best=True
6 | skip_if_unavailable=False
7 | cachedir=/opt/so/conf/reposync/cache
8 | keepcache=0
9 | [securityonionsync]
10 | name=Security Onion Repo repo
11 | mirrorlist=file:///opt/so/conf/reposync/mirror.txt
12 | enabled=1
13 | gpgcheck=1
--------------------------------------------------------------------------------
/salt/manager/files/so-api.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/manager/files/so-api.py
--------------------------------------------------------------------------------
/salt/manager/glue.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/manager/glue.py
--------------------------------------------------------------------------------
/salt/manager/kibana.sls:
--------------------------------------------------------------------------------
1 | kibana_curl_config_distributed:
2 | file.managed:
3 | - name: /opt/so/conf/kibana/curl.config
4 | - source: salt://kibana/files/curl.config.template
5 | - template: jinja
6 | - mode: 600
7 | - show_changes: False
8 | - makedirs: True
--------------------------------------------------------------------------------
/salt/motd/init.sls:
--------------------------------------------------------------------------------
1 | {% from 'allowed_states.map.jinja' import allowed_states %}
2 | {% if sls in allowed_states %}
3 |
4 | so_motd:
5 | file.managed:
6 | - name: /etc/motd
7 | - source: salt://motd/files/so_motd.jinja
8 | - template: jinja
9 |
10 | {% else %}
11 |
12 | {{sls}}_state_not_allowed:
13 | test.fail_without_changes:
14 | - name: {{sls}}_state_not_allowed
15 |
16 | {% endif %}
--------------------------------------------------------------------------------
/salt/nginx/defaults.yaml:
--------------------------------------------------------------------------------
1 | nginx:
2 | enabled: False
3 | external_suricata: False
4 | ssl:
5 | replace_cert: False
6 | config:
7 | throttle_login_burst: 12
8 | throttle_login_rate: 20
9 |
--------------------------------------------------------------------------------
/salt/nginx/ssl/ssl.crt:
--------------------------------------------------------------------------------
1 | # Replace this text with the text from the .crt
--------------------------------------------------------------------------------
/salt/nginx/ssl/ssl.key:
--------------------------------------------------------------------------------
1 | # Replace this text with the text from the .key
--------------------------------------------------------------------------------
/salt/ntp/chrony.conf:
--------------------------------------------------------------------------------
1 |
2 | # NTP server list
3 | {%- for SERVER in NTPCONFIG.servers %}
4 | server {{ SERVER }} iburst
5 | {%- endfor %}
6 |
7 | # Config options
8 | driftfile /var/lib/chrony/drift
9 | makestep 1.0 3
10 | rtcsync
11 | logdir /var/log/chrony
12 |
--------------------------------------------------------------------------------
/salt/ntp/config.map.jinja:
--------------------------------------------------------------------------------
1 | {% import_yaml 'ntp/defaults.yaml' as NTP with context %}
2 |
3 | {% set NTPCONFIG = salt['pillar.get']('ntp:config', default=NTP.ntp.config, merge=True) %}
4 |
--------------------------------------------------------------------------------
/salt/ntp/defaults.yaml:
--------------------------------------------------------------------------------
1 | ntp:
2 | config:
3 | servers:
4 | - 0.pool.ntp.org
5 | - 1.pool.ntp.org
--------------------------------------------------------------------------------
/salt/ntp/soc_ntp.yaml:
--------------------------------------------------------------------------------
1 | ntp:
2 | config:
3 | servers:
4 | description: NTP Server List
5 | title: NTP Servers
6 | helpLink: ntp.html
7 |
--------------------------------------------------------------------------------
/salt/patch/needs_restarting.sls:
--------------------------------------------------------------------------------
1 | needs_restarting:
2 | module.run:
3 | - mine.send:
4 | - name: needs_restarting.check
5 | - order: last
6 |
--------------------------------------------------------------------------------
/salt/patch/os/init.sls:
--------------------------------------------------------------------------------
1 | include:
2 | - patch.needs_restarting
3 |
4 | patch_os:
5 | pkg.uptodate:
6 | - name: patch_os
7 | - refresh: True
8 |
--------------------------------------------------------------------------------
/salt/patch/os/schedules/example_schedule.yml:
--------------------------------------------------------------------------------
1 | patch:
2 | os:
3 | schedule:
4 | - Tuesday:
5 | - '15:00'
6 | - Thursday:
7 | - '03:00'
8 | - Saturday:
9 | - '01:00'
10 | - '15:00'
11 |
--------------------------------------------------------------------------------
/salt/patch/os/schedules/map.jinja:
--------------------------------------------------------------------------------
1 | {% import_yaml 'patch/defaults.yaml' as PATCHDEFAULTS %}
2 | {% set PATCHMERGED = salt['pillar.get']('patch', PATCHDEFAULTS.patch, merge=true) %}
3 |
--------------------------------------------------------------------------------
/salt/pcap/defaults.yaml:
--------------------------------------------------------------------------------
1 | pcap:
2 | enabled: False
3 | config:
4 | maxdirectoryfiles: 30000
5 | diskfreepercentage: 10
6 | blocks: 2048
7 | preallocate_file_mb: 4096
8 | aiops: 128
9 | pin_to_cpu: False
10 | cpus_to_pin_to: []
11 | disks: []
12 |
--------------------------------------------------------------------------------
/salt/pipeline/load.sls:
--------------------------------------------------------------------------------
1 | load_elastic_pipelines:
2 | cmd.run:
3 | - name: /usr/sbin/so-filebeat-module-setup
4 |
--------------------------------------------------------------------------------
/salt/podman/files/podman.socket:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Podman API Socket
3 | Documentation=man:podman-api(1)
4 |
5 | [Socket]
6 | ListenStream=%t/podman/podman.sock
7 | SocketMode=0660
8 |
9 | [Install]
10 | WantedBy=sockets.target
11 |
--------------------------------------------------------------------------------
/salt/registry/defaults.yaml:
--------------------------------------------------------------------------------
1 | registry:
2 | enabled: False
3 |
--------------------------------------------------------------------------------
/salt/registry/soc_registry.yaml:
--------------------------------------------------------------------------------
1 | registry:
2 | enabled:
3 | description: Enables or disables the Docker registry on the manager node. WARNING - If this process is disabled the grid will malfunction and a manual effort may be needed to re-enable the setting.
4 | advanced: True
5 |
--------------------------------------------------------------------------------
/salt/repo/client/init.sls:
--------------------------------------------------------------------------------
1 | {% from 'vars/globals.map.jinja' import GLOBALS %}
2 | {% if GLOBALS.os == 'OEL' %}
3 | include:
4 | - repo.client.oracle
5 | {% endif %}
--------------------------------------------------------------------------------
/salt/salt/etc/minion.d/mine_functions.conf.jinja:
--------------------------------------------------------------------------------
1 | mine_interval: 25
2 | mine_functions:
3 | network.ip_addrs:
4 | - interface: {{ pillar.host.mainint }}
5 | {%- if grains.role in ['so-eval','so-import','so-manager','so-managersearch','so-standalone'] %}
6 | x509.get_pem_entries:
7 | - glob_path: '/etc/pki/ca.crt'
8 | {% endif -%}
9 |
--------------------------------------------------------------------------------
/salt/salt/files/beacons.conf.jinja:
--------------------------------------------------------------------------------
1 | {% if CHECKS -%}
2 | beacons:
3 | {%- for check in CHECKS %}
4 | {{ check }}:
5 | - disable_during_state_run: True
6 | - interval: {{ SCHEDULE }}
7 | {%- endfor %}
8 | {%- endif %}
9 |
--------------------------------------------------------------------------------
/salt/salt/init.sls:
--------------------------------------------------------------------------------
1 | {% if grains.oscodename == 'focal' %}
2 | saltpymodules:
3 | pkg.installed:
4 | - pkgs:
5 | - python3-docker
6 | {% endif %}
7 |
8 | salt_bootstrap:
9 | file.managed:
10 | - name: /usr/sbin/bootstrap-salt.sh
11 | - source: salt://salt/scripts/bootstrap-salt.sh
12 | - mode: 755
13 | - show_changes: False
14 |
--------------------------------------------------------------------------------
/salt/salt/lasthighstate.sls:
--------------------------------------------------------------------------------
1 | lasthighstate:
2 | file.touch:
3 | - name: /opt/so/log/salt/lasthighstate
4 | - order: last
--------------------------------------------------------------------------------
/salt/salt/master.defaults.yaml:
--------------------------------------------------------------------------------
1 | # version cannot be used elsewhere in this pillar as soup is grepping for it to determine if Salt needs to be patched
2 | salt:
3 | master:
4 | version: '3006.9'
5 |
--------------------------------------------------------------------------------
/salt/salt/minion-state-apply-test.sls:
--------------------------------------------------------------------------------
1 | minion-state-apply-test:
2 | file.touch:
3 | - name: /opt/so/log/salt/state-apply-test
4 | - order: first
--------------------------------------------------------------------------------
/salt/salt/minion.defaults.yaml:
--------------------------------------------------------------------------------
1 | # version cannot be used elsewhere in this pillar as soup is grepping for it to determine if Salt needs to be patched
2 | salt:
3 | minion:
4 | version: '3006.9'
5 | check_threshold: 3600 # in seconds, threshold used for so-salt-minion-check. any value less than 600 seconds may cause a lot of salt-minion restarts since the job to touch the file occurs every 5-8 minutes by default
6 |
--------------------------------------------------------------------------------
/salt/salt/module_packages/docker/certifi-2024.7.4-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/salt/module_packages/docker/certifi-2024.7.4-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/salt/module_packages/docker/charset_normalizer-3.3.2-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/salt/module_packages/docker/charset_normalizer-3.3.2-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
--------------------------------------------------------------------------------
/salt/salt/module_packages/docker/docker-7.1.0-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/salt/module_packages/docker/docker-7.1.0-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/salt/module_packages/docker/idna-3.7-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/salt/module_packages/docker/idna-3.7-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/salt/module_packages/docker/requests-2.32.3-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/salt/module_packages/docker/requests-2.32.3-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/salt/module_packages/docker/urllib3-2.2.2-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/salt/module_packages/docker/urllib3-2.2.2-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/salt/patch/x509_v2/init.sls:
--------------------------------------------------------------------------------
1 | patch_x509_v2_state_module:
2 | file.replace:
3 | - name: /opt/saltstack/salt/lib/python3.10/site-packages/salt/states/x509_v2.py
4 | - pattern: 'res = __salt__\["state.single"\]\("file.managed", name, test=test, \*\*kwargs\)'
5 | - repl: 'res = __salt__["state.single"]("file.managed", name, test=test, concurrent=True, **kwargs)'
6 | - backup: .bak
7 |
--------------------------------------------------------------------------------
/salt/schedule.sls:
--------------------------------------------------------------------------------
1 | highstate_schedule:
2 | schedule.present:
3 | - function: state.highstate
4 | - minutes: 15
5 | - maxrunning: 1
6 |
--------------------------------------------------------------------------------
/salt/sensor/soc_sensor.yaml:
--------------------------------------------------------------------------------
1 | sensor:
2 | interface:
3 | description: Main sensor monitoring interface.
4 | helpLink: network.html
5 | readonly: True
6 | mtu:
7 | description: Maximum Transmission Unit (MTU) of the sensor monitoring interface.
8 | helpLink: network.html
9 | readonly: True
10 |
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/echotrail/echotrail.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Echotrail",
3 | "version": "0.1",
4 | "author": "Security Onion Solutions",
5 | "description": "This analyzer queries Echotrail to see if a related filename, hash, or commandline is considered malicious.",
6 | "supportedTypes" : ["filename","hash","commandline"],
7 | "baseUrl": "https://api.echotrail.io/insights/"
8 | }
9 |
10 |
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/echotrail/echotrail.yaml:
--------------------------------------------------------------------------------
1 | base_url: "{{ salt['pillar.get']('sensoroni:analyzers:echotrail:base_url', 'https://api.echotrail.io/insights/') }}"
2 | api_key: "{{ salt['pillar.get']('sensoroni:analyzers:echotrail:api_key', '') }}"
3 |
4 |
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/echotrail/requirements.txt:
--------------------------------------------------------------------------------
1 | requests>=2.31.0
2 | pyyaml>=6.0
3 |
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/echotrail/source-packages/PyYAML-6.0.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/echotrail/source-packages/PyYAML-6.0.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/echotrail/source-packages/certifi-2023.11.17-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/echotrail/source-packages/certifi-2023.11.17-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/echotrail/source-packages/charset_normalizer-3.4.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/echotrail/source-packages/charset_normalizer-3.4.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/echotrail/source-packages/idna-3.6-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/echotrail/source-packages/idna-3.6-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/echotrail/source-packages/requests-2.31.0-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/echotrail/source-packages/requests-2.31.0-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/echotrail/source-packages/urllib3-2.1.0-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/echotrail/source-packages/urllib3-2.1.0-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/elasticsearch/elasticsearch.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Elasticsearch",
3 | "version": "0.1",
4 | "author": "Security Onion Solutions",
5 | "description": "Queries an Elasticsearch instance for specified field values.",
6 | "supportedTypes": ["hash", "ip", "domain", "other"]
7 | }
8 |
9 |
10 |
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/elasticsearch/requirements.txt:
--------------------------------------------------------------------------------
1 | requests>=2.31.0
2 | pyyaml>=6.0
3 | urllib3>=2.1.0
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/elasticsearch/source-packages/PyYAML-6.0.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/elasticsearch/source-packages/PyYAML-6.0.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/elasticsearch/source-packages/certifi-2023.11.17-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/elasticsearch/source-packages/certifi-2023.11.17-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/elasticsearch/source-packages/charset_normalizer-3.4.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/elasticsearch/source-packages/charset_normalizer-3.4.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/elasticsearch/source-packages/idna-3.6-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/elasticsearch/source-packages/idna-3.6-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/elasticsearch/source-packages/requests-2.31.0-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/elasticsearch/source-packages/requests-2.31.0-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/elasticsearch/source-packages/urllib3-2.1.0-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/elasticsearch/source-packages/urllib3-2.1.0-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/emailrep/README.md:
--------------------------------------------------------------------------------
1 | # EmailRep
2 |
3 | ## Description
4 | Submit an email address to EmailRepIO for analysis.
5 |
6 | ## Configuration Requirements
7 |
8 | ``api_key`` - API key used for communication with the EmailRepIO API
9 |
10 | This value should be set in the ``sensoroni`` pillar, like so:
11 |
12 | ```
13 | sensoroni:
14 | analyzers:
15 | emailrep:
16 | api_key: $yourapikey
17 | ```
18 |
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/emailrep/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/emailrep/__init__.py
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/emailrep/emailrep.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "EmailRep",
3 | "version": "0.1",
4 | "author": "Security Onion Solutions",
5 | "description": "This analyzer queries the EmailRep API for email address reputation information",
6 | "supportedTypes" : ["email", "mail"]
7 | }
8 |
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/emailrep/emailrep.yaml:
--------------------------------------------------------------------------------
1 | base_url: https://emailrep.io/
2 | api_key: "{{ salt['pillar.get']('sensoroni:analyzers:emailrep:api_key', '') }}"
3 |
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/emailrep/requirements.txt:
--------------------------------------------------------------------------------
1 | requests>=2.31.0
2 | pyyaml>=6.0
3 |
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/emailrep/source-packages/PyYAML-6.0.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/emailrep/source-packages/PyYAML-6.0.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/emailrep/source-packages/certifi-2023.5.7-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/emailrep/source-packages/certifi-2023.5.7-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/emailrep/source-packages/charset_normalizer-3.4.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/emailrep/source-packages/charset_normalizer-3.4.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/emailrep/source-packages/idna-3.4-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/emailrep/source-packages/idna-3.4-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/emailrep/source-packages/requests-2.31.0-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/emailrep/source-packages/requests-2.31.0-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/emailrep/source-packages/urllib3-2.0.3-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/emailrep/source-packages/urllib3-2.0.3-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/greynoise/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/greynoise/__init__.py
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/greynoise/greynoise.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Greynoise IP Analyzer",
3 | "version": "0.1",
4 | "author": "Security Onion Solutions",
5 | "description": "This analyzer queries Greynoise for context around an IP address",
6 | "supportedTypes" : ["ip"]
7 | }
8 |
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/greynoise/greynoise.yaml:
--------------------------------------------------------------------------------
1 | base_url: https://api.greynoise.io/
2 | api_key: "{{ salt['pillar.get']('sensoroni:analyzers:greynoise:api_key', '') }}"
3 | api_version: "{{ salt['pillar.get']('sensoroni:analyzers:greynoise:api_version', 'community') }}"
4 |
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/greynoise/requirements.txt:
--------------------------------------------------------------------------------
1 | requests>=2.31.0
2 | pyyaml>=6.0
3 |
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/greynoise/source-packages/PyYAML-6.0.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/greynoise/source-packages/PyYAML-6.0.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/greynoise/source-packages/certifi-2023.5.7-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/greynoise/source-packages/certifi-2023.5.7-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/greynoise/source-packages/charset_normalizer-3.4.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/greynoise/source-packages/charset_normalizer-3.4.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/greynoise/source-packages/idna-3.4-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/greynoise/source-packages/idna-3.4-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/greynoise/source-packages/requests-2.31.0-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/greynoise/source-packages/requests-2.31.0-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/greynoise/source-packages/urllib3-2.0.3-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/greynoise/source-packages/urllib3-2.0.3-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/localfile/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/localfile/__init__.py
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/localfile/localfile.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Local File Analyzer",
3 | "version": "0.1",
4 | "author": "Security Onion Solutions",
5 | "description": "This analyzer queries one or more local CSV files for a value, then returns all columns within matching rows.",
6 | "supportedTypes" : ["domain", "hash", "ip", "other", "url"]
7 | }
8 |
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/localfile/localfile.yaml:
--------------------------------------------------------------------------------
1 | file_path: {{ salt['pillar.get']('sensoroni:analyzers:localfile:file_path', '') }}
2 |
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/localfile/localfile_test.csv:
--------------------------------------------------------------------------------
1 | indicator,description,reference
2 | abcd1234,This is a test!,Testing
3 | abcd1234,This is another test!,Testing
4 | 192.168.1.1,Yet another test!,Testing
5 |
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/localfile/requirements.txt:
--------------------------------------------------------------------------------
1 | requests>=2.31.0
2 | pyyaml>=6.0
3 |
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/localfile/source-packages/PyYAML-6.0.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/localfile/source-packages/PyYAML-6.0.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/localfile/source-packages/certifi-2023.5.7-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/localfile/source-packages/certifi-2023.5.7-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/localfile/source-packages/charset_normalizer-3.4.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/localfile/source-packages/charset_normalizer-3.4.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/localfile/source-packages/idna-3.4-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/localfile/source-packages/idna-3.4-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/localfile/source-packages/requests-2.31.0-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/localfile/source-packages/requests-2.31.0-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/localfile/source-packages/urllib3-2.0.3-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/localfile/source-packages/urllib3-2.0.3-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/malwarebazaar/README.md:
--------------------------------------------------------------------------------
1 | # Malwarebazaar
2 |
3 | ## Description
4 | Submit a gimphash, hash, tlsh, telfhash to Malwarebazaar for analysis.
5 |
6 |
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/malwarebazaar/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/malwarebazaar/__init__.py
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/malwarebazaar/malwarebazaar.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Malwarebazaar",
3 | "version": "0.1",
4 | "author": "Security Onion Solutions",
5 | "description": "This analyzer queries Malwarebazaar to see if a hash, gimphash, tlsh, or telfhash is considered malicious.",
6 | "supportedTypes" : ["gimphash","hash","tlsh", "telfhash"],
7 | "baseUrl": "https://mb-api.abuse.ch/api/v1/"
8 | }
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/malwarebazaar/requirements.txt:
--------------------------------------------------------------------------------
1 | requests>=2.31.0
2 | pyyaml>=6.0
3 |
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/malwarebazaar/source-packages/PyYAML-6.0.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/malwarebazaar/source-packages/PyYAML-6.0.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/malwarebazaar/source-packages/certifi-2023.11.17-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/malwarebazaar/source-packages/certifi-2023.11.17-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/malwarebazaar/source-packages/charset_normalizer-3.4.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/malwarebazaar/source-packages/charset_normalizer-3.4.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/malwarebazaar/source-packages/idna-3.6-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/malwarebazaar/source-packages/idna-3.6-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/malwarebazaar/source-packages/requests-2.31.0-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/malwarebazaar/source-packages/requests-2.31.0-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/malwarebazaar/source-packages/urllib3-2.1.0-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/malwarebazaar/source-packages/urllib3-2.1.0-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/malwarehashregistry/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/malwarehashregistry/__init__.py
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/malwarehashregistry/malwarehashregistry.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Team Cymru Malware Hash Registry",
3 | "version": "0.1",
4 | "author": "Security Onion Solutions",
5 | "description": "This analyzer queries Team Cymru's Malware Hash registry for hashes to determine if the associated files are considered malicious.",
6 | "supportedTypes" : ["hash"]
7 | }
8 |
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/malwarehashregistry/requirements.txt:
--------------------------------------------------------------------------------
1 | requests>=2.31.0
2 | python-whois>=0.9.5
3 |
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/malwarehashregistry/source-packages/certifi-2023.5.7-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/malwarehashregistry/source-packages/certifi-2023.5.7-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/malwarehashregistry/source-packages/charset_normalizer-3.4.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/malwarehashregistry/source-packages/charset_normalizer-3.4.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/malwarehashregistry/source-packages/idna-3.4-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/malwarehashregistry/source-packages/idna-3.4-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/malwarehashregistry/source-packages/python_dateutil-2.9.0.post0-py2.py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/malwarehashregistry/source-packages/python_dateutil-2.9.0.post0-py2.py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/malwarehashregistry/source-packages/python_whois-0.9.5-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/malwarehashregistry/source-packages/python_whois-0.9.5-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/malwarehashregistry/source-packages/requests-2.31.0-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/malwarehashregistry/source-packages/requests-2.31.0-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/malwarehashregistry/source-packages/six-1.17.0-py2.py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/malwarehashregistry/source-packages/six-1.17.0-py2.py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/malwarehashregistry/source-packages/urllib3-2.0.3-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/malwarehashregistry/source-packages/urllib3-2.0.3-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/otx/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/otx/__init__.py
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/otx/otx.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Alienvault OTX",
3 | "version": "0.1",
4 | "author": "Security Onion Solutions",
5 | "description": "This analyzer queries Alienvault OTX for a domain, hash, IP, or URL, then returns a report for it.",
6 | "supportedTypes" : ["domain", "hash", "ip", "url"]
7 | }
8 |
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/otx/otx.yaml:
--------------------------------------------------------------------------------
1 | base_url: https://otx.alienvault.com/api/v1/
2 | api_key: "{{ salt['pillar.get']('sensoroni:analyzers:otx:api_key', '') }}"
3 |
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/otx/requirements.txt:
--------------------------------------------------------------------------------
1 | requests>=2.31.0
2 | pyyaml>=6.0
3 |
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/otx/source-packages/PyYAML-6.0.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/otx/source-packages/PyYAML-6.0.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/otx/source-packages/certifi-2023.5.7-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/otx/source-packages/certifi-2023.5.7-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/otx/source-packages/charset_normalizer-3.4.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/otx/source-packages/charset_normalizer-3.4.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/otx/source-packages/idna-3.4-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/otx/source-packages/idna-3.4-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/otx/source-packages/requests-2.31.0-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/otx/source-packages/requests-2.31.0-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/otx/source-packages/urllib3-2.0.3-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/otx/source-packages/urllib3-2.0.3-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/pulsedive/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/pulsedive/__init__.py
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/pulsedive/pulsedive.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Pulsedive",
3 | "version": "0.1",
4 | "author": "Security Onion Solutions",
5 | "description": "This analyzer queries Pulsedive for context around an observable",
6 | "supportedTypes": ["domain", "ip", "hash", "uri_path", "url", "user-agent"]
7 | }
8 |
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/pulsedive/pulsedive.yaml:
--------------------------------------------------------------------------------
1 | base_url: https://pulsedive.com/api/
2 | api_key: "{{ salt['pillar.get']('sensoroni:analyzers:pulsedive:api_key', '') }}"
3 |
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/pulsedive/requirements.txt:
--------------------------------------------------------------------------------
1 | requests>=2.31.0
2 | pyyaml>=6.0
3 |
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/pulsedive/source-packages/PyYAML-6.0.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/pulsedive/source-packages/PyYAML-6.0.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/pulsedive/source-packages/certifi-2023.5.7-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/pulsedive/source-packages/certifi-2023.5.7-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/pulsedive/source-packages/charset_normalizer-3.4.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/pulsedive/source-packages/charset_normalizer-3.4.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/pulsedive/source-packages/idna-3.4-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/pulsedive/source-packages/idna-3.4-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/pulsedive/source-packages/requests-2.31.0-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/pulsedive/source-packages/requests-2.31.0-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/pulsedive/source-packages/urllib3-2.0.3-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/pulsedive/source-packages/urllib3-2.0.3-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/spamhaus/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/spamhaus/__init__.py
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/spamhaus/requirements.txt:
--------------------------------------------------------------------------------
1 | dnspython>=2.2.1
2 | pyyaml>=6.0
3 |
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/spamhaus/source-packages/PyYAML-6.0.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/spamhaus/source-packages/PyYAML-6.0.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/spamhaus/source-packages/dnspython-2.3.0-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/spamhaus/source-packages/dnspython-2.3.0-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/spamhaus/spamhaus.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Spamhaus",
3 | "version": "0.1",
4 | "author": "Security Onion Solutions",
5 | "description": "This analyzer queries Spamhaus to see if an IP is considered malicious.",
6 | "supportedTypes" : ["ip"]
7 | }
8 |
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/spamhaus/spamhaus.yaml:
--------------------------------------------------------------------------------
1 | lookup_host: zen.spamhaus.org
2 | nameservers: ["{{ salt['pillar.get']('sensoroni:analyzers:spamhaus:nameserver', '') }}"]
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/sublime/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/sublime/__init__.py
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/sublime/requirements.txt:
--------------------------------------------------------------------------------
1 | requests>=2.27.1
2 | pyyaml>=6.0
3 |
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/sublime/source-packages/PyYAML-6.0.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/sublime/source-packages/PyYAML-6.0.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/sublime/source-packages/certifi-2023.5.7-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/sublime/source-packages/certifi-2023.5.7-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/sublime/source-packages/charset_normalizer-3.4.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/sublime/source-packages/charset_normalizer-3.4.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/sublime/source-packages/idna-3.4-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/sublime/source-packages/idna-3.4-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/sublime/source-packages/requests-2.31.0-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/sublime/source-packages/requests-2.31.0-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/sublime/source-packages/urllib3-2.0.3-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/sublime/source-packages/urllib3-2.0.3-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/sublime/sublime.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Sublime",
3 | "version": "0.1",
4 | "author": "Security Onion Solutions",
5 | "description": "This analyzer analyzes an email with Sublime Security to determine if it is considered malicious.",
6 | "supportedTypes" : ["eml"]
7 | }
8 |
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/threatfox/README.md:
--------------------------------------------------------------------------------
1 | # Threatfox
2 |
3 | ## Description
4 | Submit a domain, hash, IP, or URL to Threatfox for analysis.
5 |
6 |
7 |
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/threatfox/requirements.txt:
--------------------------------------------------------------------------------
1 | requests>=2.31.0
2 | pyyaml>=6.0
3 |
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/threatfox/source-packages/PyYAML-6.0.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/threatfox/source-packages/PyYAML-6.0.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/threatfox/source-packages/certifi-2023.11.17-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/threatfox/source-packages/certifi-2023.11.17-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/threatfox/source-packages/charset_normalizer-3.4.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/threatfox/source-packages/charset_normalizer-3.4.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/threatfox/source-packages/idna-3.6-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/threatfox/source-packages/idna-3.6-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/threatfox/source-packages/requests-2.31.0-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/threatfox/source-packages/requests-2.31.0-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/threatfox/source-packages/urllib3-2.1.0-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/threatfox/source-packages/urllib3-2.1.0-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/threatfox/threatfox.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Threatfox",
3 | "version": "0.1",
4 | "author": "Security Onion Solutions",
5 | "description": "This analyzer queries Threatfox to see if a domain, hash, or IP is considered malicious.",
6 | "supportedTypes" : ["domain","hash","ip"],
7 | "baseUrl": "https://threatfox-api.abuse.ch/api/v1/"
8 | }
9 |
10 |
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/urlhaus/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/urlhaus/__init__.py
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/urlhaus/requirements.txt:
--------------------------------------------------------------------------------
1 | requests>=2.31.0
2 | pyyaml>=6.0
3 |
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/urlhaus/source-packages/PyYAML-6.0.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/urlhaus/source-packages/PyYAML-6.0.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/urlhaus/source-packages/certifi-2023.5.7-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/urlhaus/source-packages/certifi-2023.5.7-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/urlhaus/source-packages/charset_normalizer-3.4.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/urlhaus/source-packages/charset_normalizer-3.4.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/urlhaus/source-packages/idna-3.4-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/urlhaus/source-packages/idna-3.4-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/urlhaus/source-packages/requests-2.31.0-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/urlhaus/source-packages/requests-2.31.0-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/urlhaus/source-packages/urllib3-2.0.3-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/urlhaus/source-packages/urllib3-2.0.3-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/urlhaus/urlhaus.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Urlhaus",
3 | "version": "0.1",
4 | "author": "Security Onion Solutions",
5 | "description": "This analyzer queries URLHaus to see if a URL is considered malicious.",
6 | "supportedTypes" : ["url"],
7 | "baseUrl": "https://urlhaus-api.abuse.ch/v1/url/"
8 | }
9 |
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/urlscan/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/urlscan/__init__.py
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/urlscan/requirements.txt:
--------------------------------------------------------------------------------
1 | requests>=2.31.0
2 | pyyaml>=6.0
3 |
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/urlscan/source-packages/PyYAML-6.0.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/urlscan/source-packages/PyYAML-6.0.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/urlscan/source-packages/certifi-2023.5.7-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/urlscan/source-packages/certifi-2023.5.7-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/urlscan/source-packages/charset_normalizer-3.4.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/urlscan/source-packages/charset_normalizer-3.4.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/urlscan/source-packages/idna-3.4-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/urlscan/source-packages/idna-3.4-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/urlscan/source-packages/requests-2.31.0-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/urlscan/source-packages/requests-2.31.0-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/urlscan/source-packages/urllib3-2.0.3-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/urlscan/source-packages/urllib3-2.0.3-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/urlscan/urlscan.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Urlscan",
3 | "version": "0.1",
4 | "author": "Security Onion Solutions",
5 | "description": "This analyzer submits a URL to Urlscan for context around an observable.",
6 | "supportedTypes" : ["url"]
7 | }
8 |
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/urlscan/urlscan.yaml:
--------------------------------------------------------------------------------
1 | base_url: https://urlscan.io/api/v1/
2 | api_key: "{{ salt['pillar.get']('sensoroni:analyzers:urlscan:api_key', '') }}"
3 | enabled: "{{ salt['pillar.get']('sensoroni:analyzers:urlscan:enabled', 'False') }}"
4 | visibility: "{{ salt['pillar.get']('sensoroni:analyzers:urlscan:visibility', 'public') }}"
5 | timeout: "{{ salt['pillar.get']('sensoroni:analyzers:urlscan:visibility', '180') }}"
6 |
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/virustotal/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/virustotal/__init__.py
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/virustotal/requirements.txt:
--------------------------------------------------------------------------------
1 | requests>=2.31.0
2 | pyyaml>=6.0
3 |
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/virustotal/source-packages/PyYAML-6.0.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/virustotal/source-packages/PyYAML-6.0.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/virustotal/source-packages/certifi-2023.5.7-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/virustotal/source-packages/certifi-2023.5.7-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/virustotal/source-packages/charset_normalizer-3.4.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/virustotal/source-packages/charset_normalizer-3.4.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/virustotal/source-packages/idna-3.4-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/virustotal/source-packages/idna-3.4-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/virustotal/source-packages/requests-2.31.0-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/virustotal/source-packages/requests-2.31.0-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/virustotal/source-packages/urllib3-2.0.3-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/virustotal/source-packages/urllib3-2.0.3-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/virustotal/virustotal.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "VirusTotal",
3 | "version": "0.1",
4 | "author": "Security Onion Solutions",
5 | "description": "This analyzer queries VirusTotal to see if a string value is considered malicious.",
6 | "supportedTypes" : ["domain", "hash", "ip", "url"]
7 | }
8 |
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/virustotal/virustotal.yaml:
--------------------------------------------------------------------------------
1 | base_url: https://www.virustotal.com/api/v3/search?query=
2 | api_key: "{{ salt['pillar.get']('sensoroni:analyzers:virustotal:api_key', '') }}"
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/whoislookup/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/whoislookup/__init__.py
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/whoislookup/requirements.txt:
--------------------------------------------------------------------------------
1 | requests>=2.31.0
2 | whoisit>=2.7.0
3 |
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/whoislookup/source-packages/certifi-2023.5.7-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/whoislookup/source-packages/certifi-2023.5.7-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/whoislookup/source-packages/charset_normalizer-3.4.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/whoislookup/source-packages/charset_normalizer-3.4.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/whoislookup/source-packages/idna-3.4-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/whoislookup/source-packages/idna-3.4-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/whoislookup/source-packages/python_dateutil-2.8.2-py2.py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/whoislookup/source-packages/python_dateutil-2.8.2-py2.py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/whoislookup/source-packages/requests-2.31.0-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/whoislookup/source-packages/requests-2.31.0-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/whoislookup/source-packages/setuptools-80.1.0-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/whoislookup/source-packages/setuptools-80.1.0-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/whoislookup/source-packages/six-1.16.0-py2.py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/whoislookup/source-packages/six-1.16.0-py2.py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/whoislookup/source-packages/typing_extensions-4.6.3-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/whoislookup/source-packages/typing_extensions-4.6.3-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/whoislookup/source-packages/urllib3-2.0.3-py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/whoislookup/source-packages/urllib3-2.0.3-py3-none-any.whl
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/whoislookup/source-packages/whoisit-2.7.0.tar.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/sensoroni/files/analyzers/whoislookup/source-packages/whoisit-2.7.0.tar.gz
--------------------------------------------------------------------------------
/salt/sensoroni/files/analyzers/whoislookup/whoislookup.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "WHOIS",
3 | "version": "0.1",
4 | "author": "Security Onion Solutions",
5 | "description": "This analyzer performs a query to an RDAP server for WHOIS-like domain information.",
6 | "supportedTypes" : ["domain"]
7 | }
8 |
--------------------------------------------------------------------------------
/salt/setup/highstate_cron.sls:
--------------------------------------------------------------------------------
1 | post_setup_cron:
2 | cron.present:
3 | - name: 'PATH=$PATH:/usr/sbin salt-call state.highstate'
4 | - identifier: post_setup_cron
5 | - user: root
6 | - minute: '*/5'
7 | - identifier: post_setup_cron
8 |
--------------------------------------------------------------------------------
/salt/soc/files/soc/analytics.js:
--------------------------------------------------------------------------------
1 | (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
2 | new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
3 | j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
4 | 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
5 | })(window,document,'script','dataLayer','GTM-TM46SL7T');
6 |
--------------------------------------------------------------------------------
/salt/soc/files/soc/banner.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/soc/files/soc/banner.md
--------------------------------------------------------------------------------
/salt/soc/files/soc/custom.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/soc/files/soc/custom.js
--------------------------------------------------------------------------------
/salt/soc/files/soc/custom_roles:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/soc/files/soc/custom_roles
--------------------------------------------------------------------------------
/salt/soc/files/soc/sigma_final_pipeline.yaml:
--------------------------------------------------------------------------------
1 | name: Security Onion - Final Pipeline
2 | priority: 95
3 | transformations:
4 | - id: override_field_name_mapping
5 | type: field_name_mapping
6 | mapping:
7 | FieldNameToOverride: NewFieldName
8 |
--------------------------------------------------------------------------------
/salt/soc/files/soc/soc.json.jinja:
--------------------------------------------------------------------------------
1 | {% from 'soc/merged.map.jinja' import SOCMERGED -%}
2 | {{ SOCMERGED.config | json(sort_keys=True, indent=4 * ' ') }}
3 |
--------------------------------------------------------------------------------
/salt/stig/defaults.yaml:
--------------------------------------------------------------------------------
1 | stig:
2 | enabled: False
3 | run_interval: 12
--------------------------------------------------------------------------------
/salt/strelka/backend/files/backend.yaml.jinja:
--------------------------------------------------------------------------------
1 | {{ BACKENDCONFIG | yaml(false) }}
2 |
--------------------------------------------------------------------------------
/salt/strelka/backend/files/logging.yaml.jinja:
--------------------------------------------------------------------------------
1 | {{ LOGGINGCONFIG | yaml(false) }}
2 |
--------------------------------------------------------------------------------
/salt/strelka/backend/files/passwords.dat.jinja:
--------------------------------------------------------------------------------
1 | {{ PASSWORDS | join('\n') }}
2 |
--------------------------------------------------------------------------------
/salt/strelka/filecheck/filecheck.yaml.jinja:
--------------------------------------------------------------------------------
1 | filecheck:
2 | {{ FILECHECKCONFIG | yaml(false) | indent(width=2) }}
3 |
--------------------------------------------------------------------------------
/salt/strelka/filestream/files/filestream.yaml.jinja:
--------------------------------------------------------------------------------
1 | {{ FILESTREAMCONFIG | yaml(false) }}
2 |
--------------------------------------------------------------------------------
/salt/strelka/frontend/files/frontend.yaml.jinja:
--------------------------------------------------------------------------------
1 | {{ FRONTENDCONFIG | yaml(false) }}
2 |
--------------------------------------------------------------------------------
/salt/strelka/manager/files/manager.yaml.jinja:
--------------------------------------------------------------------------------
1 | {{ MANAGERCONFIG | yaml(false) }}
2 |
--------------------------------------------------------------------------------
/salt/strelka/rules/compiled/DO.NOT.TOUCH:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/strelka/rules/compiled/DO.NOT.TOUCH
--------------------------------------------------------------------------------
/salt/suricata/cron/surilogcompress:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # Gzip the eve logs
4 | find /nsm/suricata/eve*.json -type f -printf '%T@\t%p\n' | sort -t #39;\t' -g | head -n -1 | cut -d #39;\t' -f 2 | xargs nice gzip >/dev/null 2>&1
5 |
6 | # TODO Add stats log
--------------------------------------------------------------------------------
/salt/suricata/files/suricata.yaml.jinja:
--------------------------------------------------------------------------------
1 | %YAML 1.1
2 | ---
3 | {{ suricata_config | yaml(False) }}
--------------------------------------------------------------------------------
/salt/suricata/thresholding/sids.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/salt/suricata/thresholding/sids.yaml
--------------------------------------------------------------------------------
/salt/systemd/reload.sls:
--------------------------------------------------------------------------------
1 | systemd_reload:
2 | module.run:
3 | - service.systemctl_reload: []
--------------------------------------------------------------------------------
/salt/telegraf/node_config.json.jinja:
--------------------------------------------------------------------------------
1 | {% from 'vars/globals.map.jinja' import GLOBALS -%}
2 | {
3 | {%- if grains.role in ['so-standalone', 'so-eval', 'so-sensor', 'so-heavynode', ] %}
4 | "monint": "{{ salt['pillar.get']('sensor:interface', '') }}",
5 | {%- endif %}
6 | "manint": "{{ GLOBALS.main_interface }}"
7 | }
8 |
--------------------------------------------------------------------------------
/salt/vars/desktop.map.jinja:
--------------------------------------------------------------------------------
1 | {% set ROLE_GLOBALS = {} %}
2 |
--------------------------------------------------------------------------------
/salt/vars/fleet.map.jinja:
--------------------------------------------------------------------------------
1 | {% set ROLE_GLOBALS = {} %}
2 |
--------------------------------------------------------------------------------
/salt/vars/idh.map.jinja:
--------------------------------------------------------------------------------
1 | {% set ROLE_GLOBALS = {} %}
--------------------------------------------------------------------------------
/salt/vars/init.map.jinja:
--------------------------------------------------------------------------------
1 | {% set PILLAR = pillar %} {# store the in-memory pillar data #}
2 | {% set GRAINS = grains %} {# store the in-memory grain data #}
3 |
--------------------------------------------------------------------------------
/salt/vars/logstash.map.jinja:
--------------------------------------------------------------------------------
1 | {% import 'vars/init.map.jinja' as INIT %}
2 |
3 | {%
4 |
5 | set LOGSTASH_GLOBALS = {
6 | 'logstash': {
7 | 'nodes': INIT.PILLAR.logstash.get('nodes', {})
8 | }
9 | }
10 |
11 | %}
12 |
--------------------------------------------------------------------------------
/salt/vars/receiver.map.jinja:
--------------------------------------------------------------------------------
1 | {% set ROLE_GLOBALS = {} %}
2 |
--------------------------------------------------------------------------------
/salt/vars/sensor.map.jinja:
--------------------------------------------------------------------------------
1 | {% set ROLE_GLOBALS = {} %}
2 |
3 | {% set SENSOR_GLOBALS = {
4 | 'sensor': {
5 | 'interface': pillar.sensor.interface
6 | }
7 | }
8 | %}
9 |
10 | {% do salt['defaults.merge'](ROLE_GLOBALS, SENSOR_GLOBALS, merge_lists=False, in_place=True) %}
11 |
--------------------------------------------------------------------------------
/salt/versionlock/defaults.yaml:
--------------------------------------------------------------------------------
1 | versionlock:
2 | hold: []
3 |
--------------------------------------------------------------------------------
/salt/versionlock/soc_versionlock.yaml:
--------------------------------------------------------------------------------
1 | versionlock:
2 | hold:
3 | description: List of packages to prevent from upgrading. To reduce the frequency of required reboots, add 'kernel' to this list for RedHat based OS families. For Debian, please see the documentation.
4 | global: True
5 | forcedType: "[]string"
6 | multiline: True
7 | helpLink: versionlock.html
8 |
--------------------------------------------------------------------------------
/salt/zeek/cron/packetloss.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | /usr/bin/docker exec so-zeek env -i PATH=/bin:/usr/bin:/sbin:/usr/sbin:/opt/bin:/usr/local/bin:/usr/local/sbin /opt/zeek/bin/zeekctl netstats | awk '{print $(NF-2),$(NF-1),$NF}' | awk -F '[ =]' '{RCVD += $2;DRP += $4;TTL += $6} END { print "rcvd: " RCVD, "dropped: " DRP, "total: " TTL}' >> /nsm/zeek/logs/packetloss.log 2>&1
3 |
--------------------------------------------------------------------------------
/salt/zeek/files/local.zeek.jinja:
--------------------------------------------------------------------------------
1 | ##! Local site policy.
2 |
3 | {%- set ALLOWEDOPTIONS = [ '@load', '@load-sigs', 'redef' ] %}
4 |
5 | {%- for k, v in LOCAL.items() | sort %}
6 | {%- if k|lower in ALLOWEDOPTIONS %}
7 | {%- for li in v %}
8 | {{ k }} {{ li }}
9 | {%- endfor %}
10 | {%- endif %}
11 | {%- endfor %}
12 |
--------------------------------------------------------------------------------
/salt/zeek/files/networks.cfg.jinja:
--------------------------------------------------------------------------------
1 | {%- if NETWORKS.HOME_NET %}
2 | {%- for HN in NETWORKS.HOME_NET %}
3 | {{ HN }}
4 | {%- endfor %}
5 | {%- endif %}
6 |
--------------------------------------------------------------------------------
/salt/zeek/policy/custom/README:
--------------------------------------------------------------------------------
1 | # Place custom policies in /opt/so/saltstack/local/salt/zeek/policy/custom/
2 |
--------------------------------------------------------------------------------
/salt/zeek/policy/cve-2020-0601/__load__.zeek:
--------------------------------------------------------------------------------
1 | @load ./cve-2020-0601
2 |
--------------------------------------------------------------------------------
/salt/zeek/policy/intel/__load__.zeek:
--------------------------------------------------------------------------------
1 | @load frameworks/intel/seen
2 | @load frameworks/intel/do_notice
3 | @load frameworks/files/hash-all-files
4 | redef Intel::read_files += {
5 | "/opt/zeek/share/zeek/policy/intel/intel.dat"
6 | };
--------------------------------------------------------------------------------
/salt/zeek/policy/intel/intel.dat:
--------------------------------------------------------------------------------
1 | #fields indicator indicator_type meta.source meta.do_notice
2 | # EXAMPLES:
3 | #66.32.119.38 Intel::ADDR Test Address T
4 | #www.honeynet.org Intel::DOMAIN Test Domain T
5 | #4285358dd748ef74cb8161108e11cb73 Intel::FILE_HASH Test MD5 T
6 |
--------------------------------------------------------------------------------
/salt/zeek/policy/securityonion/apt1/__load__.zeek:
--------------------------------------------------------------------------------
1 | @load frameworks/intel/seen
2 | @load frameworks/intel/do_notice
3 | @load frameworks/files/hash-all-files
4 |
5 | redef Intel::read_files += {
6 | fmt("%s/apt1-fqdn.dat", @DIR),
7 | fmt("%s/apt1-md5.dat", @DIR),
8 | fmt("%s/apt1-certs.dat", @DIR)
9 | };
10 |
--------------------------------------------------------------------------------
/salt/zeek/policy/securityonion/conn-add-sensorname.bro:
--------------------------------------------------------------------------------
1 | global sensorname = "{{ grains.host }}";
2 |
3 | redef record Conn::Info += {
4 | sensorname: string &log &optional;
5 | };
6 |
7 | event connection_state_remove(c: connection)
8 | {
9 | c$conn$sensorname = sensorname;
10 | }
11 |
--------------------------------------------------------------------------------
/salt/zeek/policy/securityonion/file-extraction/__load__.zeek:
--------------------------------------------------------------------------------
1 | @load ./extract
2 |
--------------------------------------------------------------------------------
/salt/zeek/policy/securityonion/json-logs/__load__.bro:
--------------------------------------------------------------------------------
1 | @load tuning/json-logs
2 | redef LogAscii::json_timestamps = JSON::TS_ISO8601;
3 | redef LogAscii::use_json = T;
4 |
--------------------------------------------------------------------------------
/setup/files/intel.dat:
--------------------------------------------------------------------------------
1 | #fields indicator indicator_type meta.source meta.do_notice
2 | # EXAMPLES:
3 | #66.32.119.38 Intel::ADDR Test Address T
4 | #www.honeynet.org Intel::DOMAIN Test Domain T
5 | #4285358dd748ef74cb8161108e11cb73 Intel::FILE_HASH Test MD5 T
6 |
--------------------------------------------------------------------------------
/sigs/securityonion-2.4.10-20230815.iso.sig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/sigs/securityonion-2.4.10-20230815.iso.sig
--------------------------------------------------------------------------------
/sigs/securityonion-2.4.10-20230821.iso.sig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/sigs/securityonion-2.4.10-20230821.iso.sig
--------------------------------------------------------------------------------
/sigs/securityonion-2.4.100-20240829.iso.sig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/sigs/securityonion-2.4.100-20240829.iso.sig
--------------------------------------------------------------------------------
/sigs/securityonion-2.4.100-20240903.iso.sig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/sigs/securityonion-2.4.100-20240903.iso.sig
--------------------------------------------------------------------------------
/sigs/securityonion-2.4.110-20241004.iso.sig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/sigs/securityonion-2.4.110-20241004.iso.sig
--------------------------------------------------------------------------------
/sigs/securityonion-2.4.110-20241010.iso.sig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/sigs/securityonion-2.4.110-20241010.iso.sig
--------------------------------------------------------------------------------
/sigs/securityonion-2.4.111-20241217.iso.sig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/sigs/securityonion-2.4.111-20241217.iso.sig
--------------------------------------------------------------------------------
/sigs/securityonion-2.4.120-20250212.iso.sig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/sigs/securityonion-2.4.120-20250212.iso.sig
--------------------------------------------------------------------------------
/sigs/securityonion-2.4.130-20250311.iso.sig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/sigs/securityonion-2.4.130-20250311.iso.sig
--------------------------------------------------------------------------------
/sigs/securityonion-2.4.140-20250324.iso.sig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/sigs/securityonion-2.4.140-20250324.iso.sig
--------------------------------------------------------------------------------
/sigs/securityonion-2.4.141-20250331.iso.sig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/sigs/securityonion-2.4.141-20250331.iso.sig
--------------------------------------------------------------------------------
/sigs/securityonion-2.4.150-20250512.iso.sig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/sigs/securityonion-2.4.150-20250512.iso.sig
--------------------------------------------------------------------------------
/sigs/securityonion-2.4.150-20250522.iso.sig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/sigs/securityonion-2.4.150-20250522.iso.sig
--------------------------------------------------------------------------------
/sigs/securityonion-2.4.160-20250625.iso.sig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/sigs/securityonion-2.4.160-20250625.iso.sig
--------------------------------------------------------------------------------
/sigs/securityonion-2.4.20-20231006.iso.sig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/sigs/securityonion-2.4.20-20231006.iso.sig
--------------------------------------------------------------------------------
/sigs/securityonion-2.4.20-20231012.iso.sig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/sigs/securityonion-2.4.20-20231012.iso.sig
--------------------------------------------------------------------------------
/sigs/securityonion-2.4.30-20231113.iso.sig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/sigs/securityonion-2.4.30-20231113.iso.sig
--------------------------------------------------------------------------------
/sigs/securityonion-2.4.30-20231117.iso.sig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/sigs/securityonion-2.4.30-20231117.iso.sig
--------------------------------------------------------------------------------
/sigs/securityonion-2.4.30-20231121.iso.sig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/sigs/securityonion-2.4.30-20231121.iso.sig
--------------------------------------------------------------------------------
/sigs/securityonion-2.4.30-20231204.iso.sig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/sigs/securityonion-2.4.30-20231204.iso.sig
--------------------------------------------------------------------------------
/sigs/securityonion-2.4.30-20231219.iso.sig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/sigs/securityonion-2.4.30-20231219.iso.sig
--------------------------------------------------------------------------------
/sigs/securityonion-2.4.30-20231228.iso.sig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/sigs/securityonion-2.4.30-20231228.iso.sig
--------------------------------------------------------------------------------
/sigs/securityonion-2.4.40-20240116.iso.sig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/sigs/securityonion-2.4.40-20240116.iso.sig
--------------------------------------------------------------------------------
/sigs/securityonion-2.4.5-20230807.iso.sig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/sigs/securityonion-2.4.5-20230807.iso.sig
--------------------------------------------------------------------------------
/sigs/securityonion-2.4.50-20240220.iso.sig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/sigs/securityonion-2.4.50-20240220.iso.sig
--------------------------------------------------------------------------------
/sigs/securityonion-2.4.60-20240320.iso.sig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/sigs/securityonion-2.4.60-20240320.iso.sig
--------------------------------------------------------------------------------
/sigs/securityonion-2.4.70-20240529.iso.sig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/sigs/securityonion-2.4.70-20240529.iso.sig
--------------------------------------------------------------------------------
/sigs/securityonion-2.4.80-20240624.iso.sig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/sigs/securityonion-2.4.80-20240624.iso.sig
--------------------------------------------------------------------------------
/sigs/securityonion-2.4.90-20240729.iso.sig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2f1e6fd625a3ebfd2ea0906dacf5ed32227d4541/sigs/securityonion-2.4.90-20240729.iso.sig
--------------------------------------------------------------------------------