From 55387949d4792cece20a5cf369c4e32d17f6a5a5 Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Wed, 11 Oct 2023 15:48:47 -0400
Subject: [PATCH 01/11] remove unused file

---
 so-logstash/bin/docker-entrypoint.old | 18 ------------------
 1 file changed, 18 deletions(-)
 delete mode 100644 so-logstash/bin/docker-entrypoint.old

diff --git a/so-logstash/bin/docker-entrypoint.old b/so-logstash/bin/docker-entrypoint.old
deleted file mode 100644
index 19a3c0a8..00000000
--- a/so-logstash/bin/docker-entrypoint.old
+++ /dev/null
@@ -1,18 +0,0 @@
-#!/bin/bash -e
-
-. /usr/share/logstash/rulesets
-
-rsync --update -raz /usr/share/logstash/pipeline.so/ /usr/share/logstash/pipeline/
-
-if [[ $FREQ == 1 ]]; then
-  rsync --update -raz /usr/share/logstash/pipeline.freq/ /usr/share/logstash/pipeline/
-fi
-if [[ $DSTATS == 1 ]]; then
-  rsync --update -raz /usr/share/logstash/pipeline.dstats/ /usr/share/logstash/pipeline/
-fi
-
-if [[ -z $1 ]] || [[ ${1:0:1} == '-' ]] ; then
-  exec logstash $@
-else
-  exec $@
-fi

From e60304147e6acf7a8c1c547685b8332fcd71c525 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Tue, 12 Dec 2023 12:29:08 -0500
Subject: [PATCH 02/11] Add Geo Support

---
 so-suricata/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/so-suricata/Dockerfile b/so-suricata/Dockerfile
index 8baa3f75..491702d4 100644
--- a/so-suricata/Dockerfile
+++ b/so-suricata/Dockerfile
@@ -22,7 +22,7 @@ RUN dnf -y install oraclelinux-developer-release-el9
 RUN dnf repolist
 RUN dnf -y install autoconf automake diffutils file-devel gcc gcc-c++ git \
                jansson-devel jq libcap-ng-devel libevent-devel \
-               libmaxminddb-devel libnet-devel libnetfilter_queue-devel \
+               libmaxminddb-devel libmaxminddb libnet-devel libnetfilter_queue-devel \
                libnfnetlink-devel libpcap-devel libtool libyaml-devel \
                lua-devel lz4-devel make nss-devel pcre-devel pcre2-devel pkgconfig \
                python3-devel python3-sphinx python3-yaml sudo which cargo \
@@ -33,7 +33,7 @@ RUN mkdir /suricata
 WORKDIR /suricata
 
 RUN curl -vO https://www.openinfosecfoundation.org/download/suricata-$SURIVERSION.tar.gz && tar zxvf suricata-$SURIVERSION.tar.gz && \
-    cd suricata-$SURIVERSION && ./configure --enable-rust --enable-luajit --prefix=/opt/suricata --sysconfdir=/etc --disable-gccmarch-native --localstatedir=/var && make -j4
+    cd suricata-$SURIVERSION && ./configure --enable-rust --enable-luajit --prefix=/opt/suricata --sysconfdir=/etc --disable-gccmarch-native --localstatedir=/var --enable-geoip && make -j4
 RUN mkdir suriinstall && cd suricata-$SURIVERSION && make install DESTDIR=/suricata/suriinstall && make install-conf DESTDIR=/suricata/suriinstall && rm -rf /suricata/suriinstall/var/run
 
 FROM ghcr.io/security-onion-solutions/oraclelinux:9

From bc28ffeabd860827266538e234b8693b89a731aa Mon Sep 17 00:00:00 2001
From: weslambert <wlambertts@gmail.com>
Date: Tue, 12 Dec 2023 16:00:42 -0500
Subject: [PATCH 03/11] Additional integrations

---
 .../scripts/supported-integrations.txt                       | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/so-elastic-fleet-package-registry/scripts/supported-integrations.txt b/so-elastic-fleet-package-registry/scripts/supported-integrations.txt
index 31e72ad7..9975402c 100644
--- a/so-elastic-fleet-package-registry/scripts/supported-integrations.txt
+++ b/so-elastic-fleet-package-registry/scripts/supported-integrations.txt
@@ -44,6 +44,7 @@ pfsense-
 pulse_connect_secure-
 redis-
 sentinel_one-
+snort-
 snyk-
 sonicwall_firewall-
 sophos-
@@ -53,9 +54,13 @@ system-
 tcp-
 tenable_sc-
 ti_abusech-
+ti_anomali-
+ti_cybersixgill-
+ti_maltiverse-
 ti_misp-
 ti_otx-
 ti_recordedfuture-
+ti_threatq-
 udp-
 vsphere-
 windows-

From c1d72f9610c3f004c684e6d977309c54af3bcb9e Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Wed, 13 Dec 2023 08:34:47 -0500
Subject: [PATCH 04/11] Update Dockerfile

---
 so-suricata/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/so-suricata/Dockerfile b/so-suricata/Dockerfile
index 491702d4..5018ab3b 100644
--- a/so-suricata/Dockerfile
+++ b/so-suricata/Dockerfile
@@ -44,7 +44,7 @@ LABEL description="Suricata running in a docker with AF_Packet for use with Secu
 COPY --from=builder /suricata/suriinstall/ /
 
 RUN yum -y install epel-release bash libpcap iproute && \
-    yum -y install luajit libnet jansson libyaml cargo rustc nss nss-devel && \
+    yum -y install luajit libnet jansson libyaml cargo rustc nss nss-devel libmaxminddb && \
     yum -y erase epel-release && yum clean all && rm -rf /var/cache/yum && \
     groupadd --gid 940 suricata && \
     adduser --uid 940 --gid 940 --home-dir /etc/suricata --no-create-home suricata && \

From d9b66c97b6446f25764ef7188bac5af152a65026 Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Wed, 13 Dec 2023 10:08:52 -0500
Subject: [PATCH 05/11] upgrade cla action

---
 .github/workflows/contrib.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/contrib.yml b/.github/workflows/contrib.yml
index 1cb3b773..395675b4 100644
--- a/.github/workflows/contrib.yml
+++ b/.github/workflows/contrib.yml
@@ -11,7 +11,7 @@ jobs:
     steps:
       - name: "Contributor Check"
         if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
-        uses: cla-assistant/github-action@v2.1.3-beta
+        uses: cla-assistant/github-action@v2.3.1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           PERSONAL_ACCESS_TOKEN : ${{ secrets.PERSONAL_ACCESS_TOKEN }}

From 56dee13932264e9da833ad59f700a908f6cff3ec Mon Sep 17 00:00:00 2001
From: weslambert <wlambertts@gmail.com>
Date: Wed, 13 Dec 2023 10:36:37 -0500
Subject: [PATCH 06/11] Remove Maltiverse

---
 .../scripts/supported-integrations.txt                           | 1 -
 1 file changed, 1 deletion(-)

diff --git a/so-elastic-fleet-package-registry/scripts/supported-integrations.txt b/so-elastic-fleet-package-registry/scripts/supported-integrations.txt
index 9975402c..3428f69f 100644
--- a/so-elastic-fleet-package-registry/scripts/supported-integrations.txt
+++ b/so-elastic-fleet-package-registry/scripts/supported-integrations.txt
@@ -56,7 +56,6 @@ tenable_sc-
 ti_abusech-
 ti_anomali-
 ti_cybersixgill-
-ti_maltiverse-
 ti_misp-
 ti_otx-
 ti_recordedfuture-

From 01ef143d6c20560a0f7269530a6d558aeb620c6f Mon Sep 17 00:00:00 2001
From: weslambert <wlambertts@gmail.com>
Date: Wed, 13 Dec 2023 10:37:13 -0500
Subject: [PATCH 07/11] Don't remove snort integration

---
 so-elastic-fleet-package-registry/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/so-elastic-fleet-package-registry/Dockerfile b/so-elastic-fleet-package-registry/Dockerfile
index 7a873906..a6bd3da1 100644
--- a/so-elastic-fleet-package-registry/Dockerfile
+++ b/so-elastic-fleet-package-registry/Dockerfile
@@ -23,7 +23,7 @@ RUN chmod +x /scripts/supported-integrations.sh && bash /scripts/supported-integ
 # Cleanup unneeded packages, keeping the two most recent versons of each one
 # Except for endpoint packages, keep all versions
 RUN cd /packages/package-storage/ \
-&& rm -rf suricata-* zeek-* snort-* dga-* endpoint*dev* endpoint*next* *preview* *beta* \
+&& rm -rf suricata-* zeek-* dga-* endpoint*dev* endpoint*next* *preview* *beta* \
 && cd /packages/package-storage/ && LIST=$(ls --ignore="endpoint-*" | awk -F'[-]' '{print $1}' | sort | uniq ) \
 && for item in $LIST; do ls $item-*.zip | cut -d '-' -f 2 | tr - \~ | sort -V | tr \~ - | head -n-2 | xargs -I {} echo "$item-"{} |  xargs -r rm -fr; done
 

From 7d9111ca038462356c6f12d26f57858dc53071f5 Mon Sep 17 00:00:00 2001
From: weslambert <wlambertts@gmail.com>
Date: Mon, 8 Jan 2024 15:58:45 -0500
Subject: [PATCH 08/11] Allow preview and beta packages

---
 so-elastic-fleet-package-registry/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/so-elastic-fleet-package-registry/Dockerfile b/so-elastic-fleet-package-registry/Dockerfile
index a6bd3da1..e5e0112c 100644
--- a/so-elastic-fleet-package-registry/Dockerfile
+++ b/so-elastic-fleet-package-registry/Dockerfile
@@ -23,7 +23,7 @@ RUN chmod +x /scripts/supported-integrations.sh && bash /scripts/supported-integ
 # Cleanup unneeded packages, keeping the two most recent versons of each one
 # Except for endpoint packages, keep all versions
 RUN cd /packages/package-storage/ \
-&& rm -rf suricata-* zeek-* dga-* endpoint*dev* endpoint*next* *preview* *beta* \
+&& rm -rf suricata-* zeek-* dga-* endpoint*dev* endpoint*next* \
 && cd /packages/package-storage/ && LIST=$(ls --ignore="endpoint-*" | awk -F'[-]' '{print $1}' | sort | uniq ) \
 && for item in $LIST; do ls $item-*.zip | cut -d '-' -f 2 | tr - \~ | sort -V | tr \~ - | head -n-2 | xargs -I {} echo "$item-"{} |  xargs -r rm -fr; done
 

From b819c99a25e7101639855877ea67c5d2dd0b77a4 Mon Sep 17 00:00:00 2001
From: weslambert <wlambertts@gmail.com>
Date: Mon, 8 Jan 2024 15:59:29 -0500
Subject: [PATCH 09/11] Add additional integrations

---
 .../scripts/supported-integrations.txt                   | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/so-elastic-fleet-package-registry/scripts/supported-integrations.txt b/so-elastic-fleet-package-registry/scripts/supported-integrations.txt
index 3428f69f..afb080d1 100644
--- a/so-elastic-fleet-package-registry/scripts/supported-integrations.txt
+++ b/so-elastic-fleet-package-registry/scripts/supported-integrations.txt
@@ -8,6 +8,9 @@ carbonblack_edr-
 checkpoint-
 cisco_asa-
 cisco_duo-
+cisco_ftd-
+cisco_ios-
+cisco_ise-
 cisco_meraki-
 cisco_umbrella-
 cloudflare-
@@ -26,6 +29,7 @@ github-
 google_workspace-
 http_endpoint-
 httpjson-
+iis-
 juniper-
 juniper_srx-
 kafka_log-
@@ -34,16 +38,20 @@ log-
 m365_defender-
 microsoft_defender_endpoint-
 microsoft_dhcp-
+microsoft_sqlserver-
 mimecast-
+mysql-
 netflow-
 o365-
 okta-
 osquery_manager-
 panw-
 pfsense-
+proofpoint_tap-
 pulse_connect_secure-
 redis-
 sentinel_one-
+squid-
 snort-
 snyk-
 sonicwall_firewall-
@@ -56,6 +64,7 @@ tenable_sc-
 ti_abusech-
 ti_anomali-
 ti_cybersixgill-
+ti_maltiverse-
 ti_misp-
 ti_otx-
 ti_recordedfuture-

From c54e2e6ebec70afbe2a88968b3f5603dbe9e5e2f Mon Sep 17 00:00:00 2001
From: Josh Brower <josh@defensivedepth.com>
Date: Wed, 10 Jan 2024 21:13:55 -0500
Subject: [PATCH 10/11] Upgrade Navigator

---
 so-nginx/Dockerfile                 | 4 ++--
 so-soctopus/so-soctopus/playbook.py | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/so-nginx/Dockerfile b/so-nginx/Dockerfile
index 14f3af24..bd2c07cd 100644
--- a/so-nginx/Dockerfile
+++ b/so-nginx/Dockerfile
@@ -16,7 +16,7 @@
 # Navigator build stage
 FROM ghcr.io/security-onion-solutions/node:16-alpine as navigator-builder
 
-ARG NAVIGATOR_VERSION=4.8.2
+ARG NAVIGATOR_VERSION=4.9.1
 
 RUN apk add git && \
     git config --global advice.detachedHead false && \
@@ -27,7 +27,7 @@ WORKDIR /attack-navigator/nav-app/
 RUN npm ci && npx ng build
 
 # Delete base href line from index html to fix url path issues
-RUN sed -i '/<base href="\/">/d' ./dist/index.html
+RUN sed -i '/<base href="\/"\/>/d' ./dist/index.html
 
 ###################################
 
diff --git a/so-soctopus/so-soctopus/playbook.py b/so-soctopus/so-soctopus/playbook.py
index e68b4b99..40d55d05 100644
--- a/so-soctopus/so-soctopus/playbook.py
+++ b/so-soctopus/so-soctopus/playbook.py
@@ -206,7 +206,7 @@ def navigator_update():
             if custom_field['id'] == 15 and (custom_field['value']):
                 technique_id = custom_field['value'][0]
                 technique_payload.append(
-                    {"techniqueID": technique_id, "color": "#5AADFF", "comment": "", "enabled": True, "metadata": []})
+                    {"techniqueID": technique_id, "score": 100, "comment": "", "enabled": True, "metadata": []})
 
     try:
         with open('/etc/playbook/nav_layer_playbook.json') as nav_layer_r:
@@ -233,7 +233,7 @@ def navigator_update():
                 "hideDisabled": False,
                 "techniques": technique_payload,
                 "gradient": {
-                    "colors": ["#ff6666", "#ffe766", "#8ec843"],
+                    "colors": ["#ffffff00", "#66b1ffff"],
                     "minValue": 0,
                     "maxValue": 100
                 },

From b991edf59c381931b6e9c272581d9837961f87ec Mon Sep 17 00:00:00 2001
From: weslambert <wlambertts@gmail.com>
Date: Fri, 19 Jan 2024 14:44:33 -0500
Subject: [PATCH 11/11] Additional Integrations #4

---
 .../scripts/supported-integrations.txt                        | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/so-elastic-fleet-package-registry/scripts/supported-integrations.txt b/so-elastic-fleet-package-registry/scripts/supported-integrations.txt
index afb080d1..35e8d641 100644
--- a/so-elastic-fleet-package-registry/scripts/supported-integrations.txt
+++ b/so-elastic-fleet-package-registry/scripts/supported-integrations.txt
@@ -13,6 +13,8 @@ cisco_ios-
 cisco_ise-
 cisco_meraki-
 cisco_umbrella-
+citrix_adc-
+citrix_waf-
 cloudflare-
 crowdstrike-
 darktrace-
@@ -42,6 +44,7 @@ microsoft_sqlserver-
 mimecast-
 mysql-
 netflow-
+nginx-
 o365-
 okta-
 osquery_manager-
@@ -72,6 +75,7 @@ ti_threatq-
 udp-
 vsphere-
 windows-
+winlog-
 zscaler_zia-
 zscaler_zpa-
 1password-