Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-04-29 03:38:51 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
1448 commits 8 branches 18 tags 388 MiB
Commit graph

19 commits

Author SHA1 Message Date
trixam
dceaa984c9
Update update.sh 
Download rules via URL
 2021-04-21 12:44:36 +02:00
Andrea De Pasquale
87a27e4f2b Suricata: use suricata-update for rule management 
As a bonus we can now run "suricata-update" using docker-exec,
triggering both a rule update and a Suricata rule reload.
 2020-11-30 17:56:14 +01:00
Marco Ochse
2ecef8c607
enable MQTT 
as eagle eyed by @adepasquale
 2020-11-27 19:07:12 +01:00
Andrea De Pasquale
73a5847753 Suricata: update suricata.yaml config to 6.0.x 
Merge in the latest updates from suricata-6.0.x while at the same time
keeping the custom T-Pot configuration.

https://github.com/OISF/suricata/blob/suricata-6.0.0/suricata.yaml.in
 2020-11-26 19:16:01 +01:00
Andrea De Pasquale
0010f99662 Suricata: disable eve.stats since it's unused 
Prevent the error below by disabling stats globally and in eve-log:

<Error> - [ERRCODE: SC_ERR_STATS_LOG_GENERIC(278)] - eve.stats: stats are disabled globally: set stats.enabled to true.
 2020-11-25 17:07:49 +01:00
Andrea De Pasquale
e2f76c44cb Suricata: update suricata.yaml config to 5.x 
Merge in the latest updates from suricata-5.x while at the same time
keeping the custom T-Pot configuration.

https://github.com/OISF/suricata/blob/master-5.0.x/suricata.yaml.in
 2020-11-25 15:51:41 +01:00
Brian Lechthaler
b1d8e293de
add DockerHub back in cap filter 
see https://github.com/telekom-security/tpotce/pull/691#issuecomment-688648225
 2020-09-08 10:45:58 -07:00
Brian Lechthaler
7fdf9edb60
Update Suricata Capture Filter for New Docker Repo 2020-09-07 19:57:15 -07:00
t3chn0m4g3
680194adf7 prep for new listbot FQDN 2020-05-12 09:19:09 +00:00
Marco Ochse
cbefe6a074
Update capture-filter.bpf 2020-04-22 17:49:59 +02:00
t3chn0m4g3
f11ad6b523 tweaking 
ELK 7.6.0 is not ready for production, however it works if APM is enabled (disabled in config, so image wont build as precaution)
Remove SISSDEN from ewsposter, suricata
Bump suricata to 5.0.1
Alpine now support suricata incl. enabled JA3 support, move back to Alpine install
 2020-02-14 15:28:06 +00:00
t3chn0m4g3
78135df9e7 Bump Suricata to 5.0.0 2019-10-22 15:20:23 +00:00
t3chn0m4g3
28f5491977 bump suricata to 4.1.4 2019-06-07 13:00:20 +00:00
t3chn0m4g3
c7e9015a5a Bump Suricata to 4.1.3 
Build with Rust
Enable JA3
Enable more protocols
Improve payload logging
... and more.
 2019-03-26 16:26:47 +00:00
t3chn0m4g3
e8d8773863 tweaking 2019-03-19 11:08:23 +00:00
listbot
6467a03d19 fix suricata ref location 2019-02-28 20:59:20 +00:00
Marco Ochse
38fce345cf tweaking 
fix condition when no internet connection is available
check internet connection before download of rules and avoid errors
check internet connection before setting up capture filters (with FQDNs, resulted in endless restart of suricata) and unset capture filters if no internet connection is available
 2018-05-23 13:02:19 +00:00
Marco Ochse
df6e4dcd44 update logrotating, cleanup.sh, add Suricata ET Pro support, tweaking 2018-03-30 16:41:46 +00:00
Marco Ochse
0d5d80b1e3 include docker repos 
... skip emobility since it is a dev repo
 2017-10-13 18:58:14 +00:00