lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-17 18:14:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
14,844 Commits 1 Branch 0 Tags
Commit Graph

142 Commits

Author SHA1 Message Date
Josh Soref
20a3c3da38
Spelling (#5885) 2022-07-18 13:59:03 +02:00
Markus Reiter
2bf4f44c4a
Fix EmergingThreats documentation URL. (#5530) 2022-01-31 14:06:39 +01:00
Ad Schellevis
c30e535ac9 IDPS - ET Pro telemetry 5 uses the new name scheme of version 6, which we accidentially didn't take under account when migrating ET-open. make sure we do fetch the new rulesets as being published for 6 (related to https://github.com/opnsense/core/pull/5482) 2022-01-17 18:28:27 +01:00
Ad Schellevis
fb041467bf
IDPS : fix typo in https://github.com/opnsense/core/pull/5413 2022-01-08 21:17:01 +00:00
Bryce Verdier
26df508f07
Services / Intrusion detection - downloader.py style fixes (#5413) 2021-12-23 19:41:05 +01:00
Ad Schellevis
67910fbfea Services: Intrusion Detection - rule downloads : gently log when connectivity issues appear. 2021-12-10 17:23:37 +01:00
kulikov-a
e7bccd6824
change severity (#5395) 2021-12-08 08:38:05 +01:00
kulikov-a
035dc45063
IDPS: handle empty metadata value (#5357) 2021-11-15 17:09:26 +01:00
Ad Schellevis
c28567ec1d IDPS: support multiple policy property in metadata, closes https://github.com/opnsense/core/issues/5350 
o allow repetitive metadata tags to be used, representing them as multiline options. Since \n can't exist in rules it should be rather save to concat repeating entries
o convert multiline items in the UI (rule info) (convert \n --> <br/>)
 2021-11-14 18:59:43 +01:00
Ad Schellevis
1c34b86cb5 IDPS: hook et-open to suricata 5 ruleset including migration, brings 41eefdd105 back in 2021-10-28 14:21:22 +02:00
kulikov-a
3f73088673
rulecache.py: skip empty metadata (#5148) 2021-08-08 11:12:48 +02:00
Ad Schellevis
eb921d8e07 Services / Intrusion detection: add new Abuse.ch feed ThreatFox to detect indicators of compromise 2021-03-09 10:16:18 +01:00
kulikov-a
8953d038e5
rulecache.py: make manual rule status boolean (#4758) 2021-02-26 14:02:38 +01:00
Ad Schellevis
2696e42d3a Service / Intrusion Detection / Policies: type error in 'enabled' field (bool vs str), closes https://github.com/opnsense/core/issues/4753 2021-02-25 20:02:59 +01:00
Ad Schellevis
b465a418a0 IDS policies not mnatching categories. since categories isn't a metadata field, our parser seems to miss the field content. In this case it should be safe to assume if a metadata field isn't found we can look in the rule properties if it's there. there likely aren't overlapping properties in this case. closes https://github.com/opnsense/core/issues/4695 2021-02-11 11:25:17 +01:00
Ad Schellevis
f79c311abf IDS: prevent flowbits:noalert from being dropped. closes https://github.com/opnsense/core/issues/4687 2021-02-08 19:35:15 +01:00
Ad Schellevis
0101becd99 IDPS: make sure rule overwrites use unique config sections. closes https://github.com/opnsense/core/issues/4667 
We might consider a unique constraint as well, but since duplicates themselves don't hurt that much, this might be good enough.
 2021-02-03 16:25:47 +01:00
Ad Schellevis
41eefdd105 IDPS: revert content part of 09f74fe1ce7b4805c1bb8354e5d0c5b98955497b until ETPro telemetry ships new content. 2021-01-07 20:32:21 +01:00
Ad Schellevis
be13b6f9e3 IDPS: minor fixes and improvements for new policy feature (https://github.com/opnsense/core/issues/4445). 
o feedback matched policy so we can easily find affective choice in the rule tab
o remove installed_action, installed_status since these values aren't valid anymore
o while here, set <pre/> tag width to a maximum to avoid overflow in alert page

Since values need to be persisted in order to return on query requests, single rule edits can lead to a bit odd behaviour (not toggling until after apply), since modifications are advised to be performed using policies, we will keep this for now.
(the alternative is to hook apply after these changes, which also isn't a great solution)
 2020-12-08 17:20:06 +01:00
Ad Schellevis
74a64ce187 IDPS: bug in policy parser preventing ruleset filter to function. for https://github.com/opnsense/core/issues/4445 2020-11-23 17:48:10 +01:00
Ad Schellevis
1221542a43 IDPS: deprecate filter option on file downloads in favour of new policy option. migrates exsting filters to policies while there. for https://github.com/opnsense/core/issues/4445 2020-11-23 16:42:41 +01:00
Ad Schellevis
a0c043e693 IDS: work in progress policy editor for https://github.com/opnsense/core/issues/4445 
With this commit policies functionally work, but there's still some refactoring todo.
o migrate download filters to a policy
o remove download filter option
o point to policies in the download section
o (maybe) move single rule overwrites to policies as well.
 2020-11-09 15:02:14 +01:00
Ad Schellevis
cfd5949995 IDPS: re-create rule cache after rule deployment, used update_local_changes() before, but this has the downside of missing the database changes, although create() is slower, it simplifies code to just rebuild after depolym 
ent. ref a222eda2c7 (commitcomment-42320374)
 2020-09-15 11:50:45 +02:00
Ad Schellevis
f082239c5c IDPS: rulecache parse error on invalid metadata, for https://github.com/opnsense/core/issues/4302 2020-08-27 09:56:25 +02:00
Ad Schellevis
5d8302f3c3 IDPS: allow search for status enabled/disabled. 
o one constraint, it will only show "applied" status (since apply flushes to disk)

for https://github.com/opnsense/core/issues/4280
 2020-08-23 19:08:27 +02:00
Ad Schellevis
c122fc622b IDPS: bugfix new rulecache parser (408df257cc), missing escape char. 2020-06-04 16:33:36 +02:00
Ad Schellevis
e08000afbd IDPS: extent rule search with metadata fields (pivot property/value store) and show results on rule info. 2020-06-04 16:16:56 +02:00
Ad Schellevis
27964002c5 IDPS: deprecate classtype in rules table, move functionality to new metadata_histogram table, which contains the relevant rule metadata properties including classtype. 
also removes endpoint /api/ids/settings/listRuleClasstypes
 2020-06-01 16:37:23 +02:00
Ad Schellevis
73f02a14c4 IDPS: support querying of metadata fields, move classtype to new rule_properties table as well. 
backwards compatible with existing ui functionality, contains some cleanups in the same area to increase reability
 2020-05-28 20:31:45 +02:00
Ad Schellevis
408df257cc IDPS: cleanup list_rules() in rulecache and parse all (metadata) tokens while there 2020-05-25 19:35:41 +02:00
Tra5is
aeb6d2b0c3
When enabling rules prefixed with '# ' consume the extra space (#4129) 2020-05-25 08:57:05 +02:00
Ad Schellevis
2d052a9bde IDPS: simplify download parser a bit further as suggested by @Tra5is (38ea28d0ad) 2020-05-15 18:53:16 +02:00
Ad Schellevis
38ea28d0ad IDPS: rule download, less sensitive rule parsing. for https://github.com/opnsense/core/pull/4115 2020-05-15 11:36:42 +02:00
Ad Schellevis
09f74fe1ce IDS: point Emerging threats open rules to suricata 5 and add a migration for the rules that moved. Includes a small patch to the rule management scripts, so we can support deprecated sets (which should be removed). 2019-12-06 15:47:18 +01:00
Ad Schellevis
16eca2b900 IDSi / rule download, unescape filename , closes https://github.com/opnsense/plugins/issues/1585 2019-11-20 08:57:50 +01:00
Ad Schellevis
10a3012520 IDS: rule downloader, catch UnicodeDecodeError and log. 2019-11-19 08:54:00 +01:00
Ad Schellevis
7a5a573288 IDS/IPS: rule-updater. When there's nothing to download, required (extra) files where removed on update, while here, also make sure that required files are also downloaded when not on disk yet. 
ETPro Telemetry uses this to collect its own sids, so we only communicate communicate about alerts actually in this specific set.
 2019-07-26 21:36:42 +02:00
Ad Schellevis
11d64579ce python3, use symlink in already converted scripts 2019-05-13 13:00:49 +02:00
Ad Schellevis
df4fe1c683 IDS, missing cleanup after rule installation, for https://github.com/opnsense/core/issues/3472 2019-05-08 11:47:54 +02:00
Ad Schellevis
a71d32808d IDS, convert python scripts from 2 to 3 2019-04-05 14:56:02 +02:00
Ad Schellevis
6de00487f2 IDS, skip flowbits:noalert rules in "filter_frop", for https://github.com/opnsense/core/issues/3386 2019-04-05 10:53:25 +02:00
Ad Schellevis
02b16dcc03 ids, rule-updater.py, cleanup unused 2019-02-16 11:51:11 +01:00
Ad Schellevis
7b758564cf IDS, support required rules/files in metadata package, closes https://github.com/opnsense/core/issues/3228 2019-02-12 21:22:09 +01:00
Ad Schellevis
692faae42c IDS/IPS, less extensive logging. 
- version info and rules might be cached, only log the uncached actions (first try)
 2019-02-08 20:37:32 +01:00
Franco Fichtner
86c7f6242c src: fix lint-exec pass 2019-01-14 08:14:06 +01:00
Ad Schellevis
923f1982f7 IDS/abuse.ch, remove non functional dyre_sslipblacklist.rules and use new location for Feodo Tracker (currently defunct) 2018-12-16 18:11:27 +01:00
Ad Schellevis
b3082fcf68 IDS/rule downloader, improve logging 2018-12-10 09:16:52 +01:00
Ad Schellevis
b38a76a265 IDS/IPS, prevent duplicate download of same target filename, support overlays. for https://github.com/opnsense/core/issues/2885 2018-11-06 20:05:09 +01:00
Ad Schellevis
416b05afa6 IDS/IPS, use content-disposition, for https://github.com/opnsense/core/issues/2885 2018-11-06 20:04:05 +01:00
Ad Schellevis
534c918a4e IDS/ruledownload, improve logging a bit. log http return code when download failed 2018-11-05 21:14:52 +01:00