Wednesday, December 7, 2016

Training Update

Our next live session of online training will be March 13, 2017 through March 16, 2017.  For more details and to register, please see:
https://securityonionsolutions.com/onlinetraining

If you need online training before then, you may want to consider our pre-recorded on-demand training:
https://securityonionsolutions.com/ondemandtraining

If you're looking for more in-depth training including lab exercises, we are starting to schedule our 4-day onsite classes for 2017:
https://securityonionsolutions.com/onsitetraining

Tuesday, December 6, 2016

securityonion-sostat - 20120722-0ubuntu0securityonion65 resolves an issue

The following package is now available:
securityonion-sostat - 20120722-0ubuntu0securityonion65

This new package should resolve the following issue:

Issue 1024: soup: when running on sensor, check to make sure master server has been updated first
https://github.com/Security-Onion-Solutions/security-onion/issues/1024

Thanks to Wes Lambert!

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Monday, December 5, 2016

CapMe 1.0.1 is now available and supports UDP traffic!

The following packages are now available:
securityonion-capme - 20121213-0ubuntu0securityonion65
securityonion-sguil-client - 20141004-0ubuntu0securityonion16
securityonion-sguil-sensor - 20141004-0ubuntu0securityonion16
securityonion-sguil-server - 20141004-0ubuntu0securityonion16

These new packages should resolve the following issue:

Issue 492: CapMe needs to handle UDP better
https://github.com/Security-Onion-Solutions/security-onion/issues/492

Thanks to Wes Lambert!

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Release Notes
After installing the updated packages, you will need to restart sguild as follows:
sudo nsm_server_ps-restart
Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Wednesday, November 30, 2016

securityonion-setup - 20120912-0ubuntu0securityonion229 resolves 3 issues

The following package is now available:
securityonion-setup - 20120912-0ubuntu0securityonion229

This new package should resolve the following issues:

Issue 988: Setup: use lowercase of hostname when creating sensornames
https://github.com/Security-Onion-Solutions/security-onion/issues/988

Issue 1000: Setup: rename VRT to Talos
https://github.com/Security-Onion-Solutions/security-onion/issues/1000

Issue 989: Setup: postinst should check for existence of account before chown
https://github.com/Security-Onion-Solutions/security-onion/issues/989

Thanks to Wes Lambert!

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Monday, November 14, 2016

securityonion-elsa-extras - 20151011-1ubuntu1securityonion40 resolves an issue

The following package is now available:
securityonion-elsa-extras - 20151011-1ubuntu1securityonion40

This new package should resolve the following issue:

Issue 1010: securityonion-elsa-extras: Windows process enhancements
https://github.com/Security-Onion-Solutions/security-onion/issues/1010

Thanks to Brian Kellogg for submitted these new ELSA patterns!

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Monday, November 7, 2016

Suricata 3.1.3 now available for Security Onion!

Suricata 3.1.3 was recently released:
https://suricata-ids.org/2016/11/01/suricata-3-1-3-released/

I've packaged it and the following package is now available:
securityonion-suricata - 3.1.3-1ubuntu1securityonion2

This new package should resolve the following issue:

Issue 1014: Suricata 3.1.3
https://github.com/Security-Onion-Solutions/security-onion/issues/1014

This package has been tested by Wes Lambert.  Thanks, Wes!

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

This update will back up each of your existing suricata.yaml files to suricata.yaml.bak and migrate your HOME_NET and EXTERNAL_NET variables.  You'll then need to do the following:
  • re-apply any other local customizations to your suricata.yaml file(s)
  • update ruleset and restart Suricata as follows:
    sudo rule-update
Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Wednesday, October 19, 2016

securityonion-sostat - 20120722-0ubuntu0securityonion63 resolves an issue

The following package is now available:
securityonion-sostat - 20120722-0ubuntu0securityonion63

This new package should resolve the following issue:

Issue 1009: soup: change "2>1" to "2>&1"
https://github.com/Security-Onion-Solutions/security-onion/issues/1009

Thanks to Wes Lambert for testing this package.

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Tuesday, October 18, 2016

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion143 resolves two issues

The following package is now available:
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion143

This new package should resolve the following issues:

Issue 993: NSM: start/restart errors on systems with ethXX (2 or more numbers)
https://github.com/Security-Onion-Solutions/security-onion/issues/993

Issue 1005: NSM: redirect iostreams to logfile during ossec-agent restart
https://github.com/Security-Onion-Solutions/security-onion/issues/1005

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Monday, October 17, 2016

securityonion-capme - 20121213-0ubuntu0securityonion61 resolves an issue

The following package is now available:
securityonion-capme - 20121213-0ubuntu0securityonion61

This new package should resolve the following issue:

Issue 1007: CapMe: transcript data sometimes overruns the transcript window
https://github.com/Security-Onion-Solutions/security-onion/issues/1007

This package has been tested by Wes Lambert (thanks, Wes!).

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Friday, September 30, 2016

securityonion-web-page - 20141015-0ubuntu0securityonion71 resolves several issues

The following package is now available:
securityonion-web-page - 20141015-0ubuntu0securityonion71

This new package should resolve the following issues:

Issue 1001: securityonion-web-page: move Top/Bottom links to beginning of line
https://github.com/Security-Onion-Solutions/security-onion/issues/1001

Issue 1002: securityonion-web-page: fix ELSA FIREWALL_ACCESS_DENY queries
https://github.com/Security-Onion-Solutions/security-onion/issues/1002

Issue 1004: securityonion-web-page: standardize Autoruns queries
https://github.com/Security-Onion-Solutions/security-onion/issues/1004

Screenshots
Top / Bottom links are now at the beginning of the line
and Autoruns queries have been standardized


DNS - Top 100 Requests

DNS - Bottom 100 Requests


Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Thursday, September 29, 2016

securityonion-sostat - 20120722-0ubuntu0securityonion62 resolves several issues

The following package is now available:
securityonion-sostat - 20120722-0ubuntu0securityonion62

This new package should resolve the following issues:

Issue 990: sostat: Fix redirect to file issue
https://github.com/Security-Onion-Solutions/security-onion/issues/990

Issue 991: sostat: Remove redundant source call
https://github.com/Security-Onion-Solutions/security-onion/issues/991

Issue 992: sostat: Enable nullglobs to prevent string literal bug in various for loops
https://github.com/Security-Onion-Solutions/security-onion/issues/992

Issue 996: sostat: report OS version and sostat version
https://github.com/Security-Onion-Solutions/security-onion/issues/996

Issue 998: sostat: only show last run of rule-update
https://github.com/Security-Onion-Solutions/security-onion/issues/998

Issue 961: soup: remove any autoremove recommendations
https://github.com/Security-Onion-Solutions/security-onion/issues/961

Issue 962: soup: recommend upgrading to 16.04 HWE stack
https://github.com/Security-Onion-Solutions/security-onion/issues/962

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

securityonion-rule-update - 20151201-1ubuntu1securityonion7 resolves an issue

The following package is now available:
securityonion-rule-update - 20151201-1ubuntu1securityonion7

This new package should resolve the following issue:

Issue 985: rule-update should always log to /var/log/nsm/pulledpork.log
https://github.com/Security-Onion-Solutions/security-onion/issues/985

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Wednesday, September 28, 2016

securityonion-elsa-extras - 20151011-1ubuntu1securityonion38 resolves an issue

The following package is now available:
securityonion-elsa-extras - 20151011-1ubuntu1securityonion38

This new package should resolve the following issue:

Issue 997: securityonion-elsa-extras: better parsing for event id 4776
https://github.com/Security-Onion-Solutions/security-onion/issues/997

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Tuesday, September 27, 2016

securityonion-squert-cron - 20120722-0ubuntu0securityonion10 resolves an issue

The following package is now available:
securityonion-squert-cron - 20120722-0ubuntu0securityonion10

This new package should resolve the following issue:

Squert ip2c cron job should lock to prevent multiple instances #987
https://github.com/Security-Onion-Solutions/security-onion/issues/987

This package has been tested by Wes Lambert.  Thanks, Wes!

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Monday, September 26, 2016

Suricata 3.1.2 now available for Security Onion!

Suricata 3.1.2 was recently released:
https://suricata-ids.org/2016/09/07/suricata-3-1-2-released/

I've packaged it and the following package is now available:
securityonion-suricata - 3.1.2-1ubuntu1securityonion1

This new package should resolve the following issue:

Issue 994: Suricata 3.1.2
https://github.com/Security-Onion-Solutions/security-onion/issues/994

This package has been tested by Wes Lambert.  Thanks, Wes!

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

This update will back up each of your existing suricata.yaml files to suricata.yaml.bak and migrate your HOME_NET and EXTERNAL_NET variables.  You'll then need to do the following:

  • re-apply any other local customizations to your suricata.yaml file(s)
  • update ruleset and restart Suricata as follows:
    sudo rule-update

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Thursday, September 22, 2016

Tuesday, September 13, 2016

4-day Security Onion class in Columbia SC - October 25 through October 28

Our wildly popular 4-day class is coming to Columbia SC in October!  For more details and to register, please see:

https://securityonionsolutions.com/onsitetraining

Pictures from Security Onion Conference 2016












































Onion Arcade: Make Your Adversaries Cry

At Security Onion Conference 2016, I talked about Onion Arcade:
https://www.youtube.com/watch?v=AXk-Te_lMmg&list=PLljFlTO9rB15Tve-LhV5k_5_0HH37eALe&index=9

If you haven't seen it, please watch the video to understand the reasons for building Onion Arcade and how it relates to Security Onion.

For those interested, here are some higher resolution photos of the build process.

Super Nintendo SNS-101 (Mini) --> Framemeister scaler --> HDMI Monitor

Button Panel

Plexiglass


Joystick panel



Sides

Monitor VESA mount


Ground wire, lots of it!

Wiring harness for LED lights

Speaker panel


Buttons installed

Joysticks installed

Bottom of joystick panel before wiring begins

LED buttons powered up

First SNES Controller PCB soldered

First SNES Controller PCB with Joystick panel

Second SNES Controller PCB soldered

Both SNES Controller PCBs with Joystick panel

Joystick panel wiring completed

Cabinet construction begins


Back door installed

Monitor installed

Installing LED light strips in marquee 
The components barely fit 

It's Alive!

Onion Arcade FAQ

What does this have to do with Security Onion?
Please see the video for a full explanation:
https://www.youtube.com/watch?v=AXk-Te_lMmg&list=PLljFlTO9rB15Tve-LhV5k_5_0HH37eALe&index=9

Is Onion Arcade for sale?
No, it's mine, all mine!  :)

Is it running emulators/ROMs?
Nope, under the hood is a real Super Nintendo SNS-101 (Mini) and a real SNES cartridge.

Where did the artwork come from?
I found a Creative Commons licensed Mandelbrot fractal on Wikipedia and added neon logos using the Gimp graphics editor.

The Mandelbrot fractal background was created by Wolfgang Beyer with the program Ultra Fractal 3 and licensed under the Creative Commons Attribution-Share Alike 3.0 Unported license.  For more information:

https://upload.wikimedia.org/wikipedia/commons/a/a4/Mandel_zoom_11_satellite_double_spiral.jpg

https://en.wikipedia.org/wiki/File:Mandel_zoom_11_satellite_double_spiral.jpg