Thursday, April 28, 2016

securityonion-squert-cron - 20120722-0ubuntu0securityonion6 resolves 3 issues

securityonion-squert-cron - 20120722-0ubuntu0securityonion6 is now available and should resolve the following issues:

Issue 890: Squert ip2c cron job should sleep a random number of minutes
https://github.com/Security-Onion-Solutions/security-onion/issues/890

Issue 899: Squert ip2c cron job should run as a non-root user
https://github.com/Security-Onion-Solutions/security-onion/issues/899

Issue 903: Squert ip2c cron job should log to a log file
https://github.com/Security-Onion-Solutions/security-onion/issues/903

Wes Lambert tested this package.  Thanks, Wes!

Updating
This new package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Our next round of online classes is coming up in a few weeks:
http://blog.securityonion.net/2016/03/next-round-of-security-onion-online.html

Conference
Security Onion Conference will be on Friday September 9 and CFP is open!
http://blog.securityonion.net/2016/03/security-onion-conference-2016-cfp.html

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Wednesday, April 27, 2016

securityonion-setup - 20120912-0ubuntu0securityonion207 adds more debug info and input validation

Wes Lambert submitted a Pull Request to add additional debug info and input validation:
https://github.com/Security-Onion-Solutions/securityonion-setup/pull/11

I've merged this Pull Request and created a new package:
securityonion-setup - 20120912-0ubuntu0securityonion207

This package should resolve the following issue:
https://github.com/Security-Onion-Solutions/security-onion/issues/902

James Taylor tested this package.  Thanks, James!

Updating
This new package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Our next round of online classes is coming up in a few weeks:
http://blog.securityonion.net/2016/03/next-round-of-security-onion-online.html

Conference
Security Onion Conference will be on Friday September 9 and CFP is open!
http://blog.securityonion.net/2016/03/security-onion-conference-2016-cfp.html

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Tuesday, April 26, 2016

New ELSA packages resolve 2 issues

Martin Holste committed some fixes for ELSA email recently:
https://github.com/mcholste/elsa/commit/d6b57293ea2d83d35fc530e8d8071539013b3469
https://github.com/mcholste/elsa/commit/9ea0a9d6ed589297094b97c514f29e20eab0c567
https://github.com/mcholste/elsa/commit/6ad7966897a6c18573788d657cc6e28147dc9880

I've built a new ELSA package with all the latest fixes:
securityonion-elsa - 1205chartsjsd3-1ubuntu1securityonion7

Also, Harvii submitted a pull request to remove a non-ASCII character from securityonion-elsa-reset-archive:
https://github.com/Security-Onion-Solutions/securityonion-elsa-extras/pull/16

I've merged the pull request and the new package is as follows:
securityonion-elsa-extras - 20151011-1ubuntu1securityonion28

These packages should resolve the following issues:

Issue 881: ELSA: remove non-ascii character from securityonion-elsa-reset-archive
https://github.com/Security-Onion-Solutions/security-onion/issues/881

Issue 882: ELSA: fix email
https://github.com/Security-Onion-Solutions/security-onion/issues/882

Wes Lambert tested these packages.  Thanks, Wes!

Updating
These new packages are now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Our next round of online classes is coming up in a few weeks:
http://blog.securityonion.net/2016/03/next-round-of-security-onion-online.html

Conference
Security Onion Conference will be on Friday September 9 and CFP is open!
http://blog.securityonion.net/2016/03/security-onion-conference-2016-cfp.html

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Monday, April 25, 2016

Suricata 3.0.1 now available for Security Onion!

Suricata 3.0.1 was recently released:
https://suricata-ids.org/2016/04/04/suricata-3-0-1-released/

I've packaged Suricata 3.0.1 and the new package version is:
securityonion-suricata - 3.0.1-1ubuntu1securityonion1

This resolves the following issue:

Issue 896: Suricata 3.0.1
https://github.com/Security-Onion-Solutions/security-onion/issues/896

Wes Lambert and wingmanjt tested this package.  Thanks, guys!

Updating
This new package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

This update will back up each of your existing suricata.yaml files to suricata.yaml.bak and migrate your HOME_NET and EXTERNAL_NET variables.  You'll then need to do the following:

  • re-apply any other local customizations to your snort.conf file(s)
  • update ruleset and restart Suricata as follows:
    sudo rule-update

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Our next round of online classes is coming up in a few weeks:
http://blog.securityonion.net/2016/03/next-round-of-security-onion-online.html

Conference
Security Onion Conference will be on Friday September 9 and CFP is open!
http://blog.securityonion.net/2016/03/security-onion-conference-2016-cfp.html

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Snort 2.9.8.2 now available for Security Onion!

Snort 2.9.8.2 was recently released:
http://blog.snort.org/2016/03/snort-2982-has-been-released.html

I've packaged Snort 2.9.8.2 and the new package version is as follows:
securityonion-snort - 2.9.8.2-1ubuntu1securityonion1

This resolves the following issue:

Issue 893: Snort 2.9.8.2
https://github.com/Security-Onion-Solutions/security-onion/issues/893

Wes Lambert tested this package.  Thanks, Wes!

Updating
This new package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

This update will back up each of your existing snort.conf files to snort.conf.bak and migrate your HOME_NET and EXTERNAL_NET variables.  You'll then need to do the following:

  • re-apply any other local customizations to your snort.conf file(s)
  • update ruleset and restart Snort as follows:
    sudo rule-update

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Our next round of online classes is coming up in a few weeks:
http://blog.securityonion.net/2016/03/next-round-of-security-onion-online.html

Conference
Security Onion Conference will be on Friday September 9 and CFP is open!
http://blog.securityonion.net/2016/03/security-onion-conference-2016-cfp.html

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Thanks!

Tuesday, April 12, 2016

securityonion-rule-update - 20151201-1ubuntu1securityonion2 resolves an issue

David J. Bianco found an issue in the securityonion-rule-update package and submitted a Pull Request.  Thanks, David!

I merged the Pull Request and built a new package.  securityonion-rule-update - 20151201-1ubuntu1securityonion2 is now available and should resolve the following issue:

securityonion-rule-update: avoid su error #892
https://github.com/Security-Onion-Solutions/security-onion/issues/892

This package has been tested by Wes Lambert.  Thanks, Wes!

Updating
This new package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Our next round of online classes is in May:
http://blog.securityonion.net/2016/03/next-round-of-security-onion-online.html

Conference
Security Onion Conference will be on Friday September 9 and CFP is open!
http://blog.securityonion.net/2016/03/security-onion-conference-2016-cfp.html

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Thanks!

Monday, April 11, 2016

securityonion-setup - 20120912-0ubuntu0securityonion206 resolves two issues

securityonion-setup - 20120912-0ubuntu0securityonion206 is now available and should resolve the following issues:

Issue 891: Setup: fix errors when sensors add firewall rules
https://github.com/Security-Onion-Solutions/security-onion/issues/891

Issue 894: Setup: remove old keyring files
https://github.com/Security-Onion-Solutions/security-onion/issues/894

Updating
This new package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
We have an upcoming online class in May:
http://blog.securityonion.net/2016/03/next-round-of-security-onion-online.html

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Thanks!

Monday, March 28, 2016

Security Onion 14.04.4.1 ISO image now available!

We have a new Security Onion 14.04.4.1 ISO image now available that contains all the latest Ubuntu and Security Onion updates as of March 19, 2016!

This resolves the following issue:

14.04.4.1 ISO image #861
https://github.com/Security-Onion-Solutions/security-onion/issues/861

This new ISO image has been tested by the following (thanks!):
Wes Lambert
James Taylor
L.T. Easterly

New Users
I've updated the Verify_ISO page for the new ISO image:
https://github.com/Security-Onion-Solutions/security-onion/blob/master/Verify_ISO.md

Please remember to verify the signature of the downloaded ISO image using the instructions on that page.

Existing Deployments
If you have existing installations based on a previous 14.04 ISO image, there is no need to download the new ISO image.  You can simply continue using our standard update process to install updated packages as they are made available:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Release Notes
For more information about this release, please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Security-Onion-14.04-Release-Notes

Training
This new ISO image will be used in our upcoming online class in May:
http://blog.securityonion.net/2016/03/next-round-of-security-onion-online.html

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Need Support?
If you have questions or problems, please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Friday, March 18, 2016

Thursday, March 17, 2016

securityonion-setup - 20120912-0ubuntu0securityonion203 resolves an issue

securityonion-setup - 20120912-0ubuntu0securityonion203 is now available and should resolve the following issue:

Issue 876: Setup: division by 0 error on SNIFFING_INTERFACES
https://github.com/Security-Onion-Solutions/security-onion/issues/876

Updating
This new package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion 301 is tomorrow:
http://blog.securityonion.net/2016/02/next-round-of-security-onion-online_26.html

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Thanks!

Tuesday, March 15, 2016

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion132 resolves an issue

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion132 is now available and should resolve the following issue:

Issue 866: NSM: Squert object_mappings table has wrong permissions
https://github.com/Security-Onion-Solutions/security-onion/issues/866

This package was tested by Wes Lambert.  Thanks, Wes!

Updating
This new package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
The next round of online training sessions starts tomorrow:
http://blog.securityonion.net/2016/02/next-round-of-security-onion-online_26.html

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Thanks!

Monday, March 14, 2016

securityonion-setup - 20120912-0ubuntu0securityonion201 resolves four issues

securityonion-setup - 20120912-0ubuntu0securityonion201 is now available and should resolve the following issues:

Issue 865: Setup: only open port 22 in ufw firewall
https://github.com/Security-Onion-Solutions/security-onion/issues/865

Issue 860: Setup: disable noisy SURICATA events
https://github.com/Security-Onion-Solutions/security-onion/issues/860

Issue 735: Setup: Production Mode should automatically configure PF_RING instances based on number of CPU cores
https://github.com/Security-Onion-Solutions/security-onion/issues/735

Issue 874: Setup: add -w option to write out sosetup.conf file
https://github.com/Security-Onion-Solutions/security-onion/issues/874

This package was tested by Wes Lambert.  Thanks, Wes!

Updating
This new package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
The next round of online training sessions starts tomorrow:
http://blog.securityonion.net/2016/02/next-round-of-security-onion-online_26.html

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Thanks!

Thursday, March 10, 2016

securityonion-sostat - 20120722-0ubuntu0securityonion52 resolves two issues

securityonion-sostat - 20120722-0ubuntu0securityonion52 is now available and should resolve the following issues:

Issue 785: sostat: show number of available updates
https://github.com/Security-Onion-Solutions/security-onion/issues/785

Issue 792: soup: add note about running on master server before running on sensor
https://github.com/Security-Onion-Solutions/security-onion/issues/792

Wes Lambert submitted pull requests for these changes and tested the resulting package.  Thanks, Wes!

Updating
This new package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
The next round of online training sessions starts in just a few days:
http://blog.securityonion.net/2016/02/next-round-of-security-onion-online_26.html

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Thanks!

Wednesday, March 9, 2016

securityonion-pulledpork - 0.7.0-0ubuntu0securityonion6 resolves an issue

securityonion-pulledpork - 0.7.0-0ubuntu0securityonion6 is now available and should resolve the following issue:

Issue 832: pulledpork.pl refinement
https://github.com/Security-Onion-Solutions/security-onion/issues/832

Wes Lambert tested this package.  Thanks, Wes!

Updating
This new package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
The next round of online training sessions starts in just a few days:
http://blog.securityonion.net/2016/02/next-round-of-security-onion-online_26.html

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Thanks!

Security Onion Conference 2016 CFP

Security Onion Conference 2016 will be held in Augusta GA on Friday September 9 (please mark your calendar!).  This is the day before BSides Augusta, so you may want to plan on attending both:
http://bsidesaugusta.org

I'll publish more details about the Security Onion Conference as they are finalized.

If you have a topic you'd like to present at this year's conference, please submit here:
https://docs.google.com/forms/d/1DcCl1jS4miqCwYL876LYtA1m14RueG_22CrpvecvIbk/viewform

We want to hear from you!

How are you...
...using Security Onion to fight evil?
...handling lots of traffic using Security Onion?
...integrating Security Onion with other technologies?
...automating common tasks with your own scripts?

Each talk should be 30 minutes with an additional 10 minutes for questions.

March 9 - CFP Open
June 1 - CFP Closed
July 1 - Speakers selected and notified
September 9 - Security Onion Conference

Tuesday, March 8, 2016

Reminder: Upgrade from Security Onion 12.04 to 14.04

Security Onion 14.04 was released over one month ago:
http://blog.securityonion.net/2016/01/security-onion-140431-iso-image-now.html

The feedback has been overwhelmingly positive!

If you're still running the old Security Onion 12.04, you should start making plans to upgrade:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrading-from-12.04-to-14.04

securityonion-capme - 20121213-0ubuntu0securityonion35 resolves an issue

securityonion-capme - 20121213-0ubuntu0securityonion35 is now available and should resolve the following issue:

Issue 862: securityonion-capme: merge timestamp changes from Wes Lambert
https://github.com/Security-Onion-Solutions/security-onion/issues/862

Robert Bardo tested this package.  Thanks, Rob!

Updating
This new package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
The next round of online training sessions starts in just a few days:
http://blog.securityonion.net/2016/02/next-round-of-security-onion-online_26.html

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Thanks!

Friday, February 26, 2016

Next Round of Security Onion Online Training Sessions - March 15 through March 18

The next round of online training sessions will be held Tuesday March 15 through Friday March 18!

Please note that we'll be using the new Security Onion 14.04:
http://blog.securityonion.net/2016/01/security-onion-140431-iso-image-now.html

For more information and to register, please see:
https://attendee.gototraining.com/9z73w/catalog/8119062504158470144

Friday, February 19, 2016

securityonion-sostat - 20120722-0ubuntu0securityonion51 resolves two issues

securityonion-sostat - 20120722-0ubuntu0securityonion51 is now available and should resolve the following issues:

Issue 849: sostat: check timezone and warn if not UTC
https://github.com/Security-Onion-Solutions/security-onion/issues/849

Issue 858: sostat: check default_start_time_offset
https://github.com/Security-Onion-Solutions/security-onion/issues/858

Wes Lambert tested this package.  Thanks, Wes!

Updating
This new package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
The next round of online training sessions starts in just a few days:
http://blog.securityonion.net/2016/02/next-round-of-security-onion-online.html

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Thanks!

Thursday, February 18, 2016

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion130 resolves an issue

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion130 is now available and should resolve the following issue:

Issue 859: NSM: mkdir -p /var/run/nsm/ before trying to chown
https://github.com/Security-Onion-Solutions/security-onion/issues/859

Wes Lambert and Rob Bardo tested this package.  Thanks, guys!

Updating
This new package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
The next round of online training sessions starts in just a few days:
http://blog.securityonion.net/2016/02/next-round-of-security-onion-online.html

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Thanks!

Wednesday, February 17, 2016

Monday, February 15, 2016

Save the Date: Security Onion Conference 2016

Last year's Security Onion Conference was an overwhelming success!

This year's Security Onion Conference will be held in Augusta GA on Friday September 9 (please mark your calendar!).  This is the day before BSides Augusta, so you may want to plan on attending both:
http://bsidesaugusta.org

I'll publish more details about the Security Onion Conference as they are finalized.

PF_RING 6.2 now available for Security Onion 14.04

The following packages are now available for Security Onion 14.04:

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion129
securityonion-pfring-daq - 20121107-0ubuntu0securityonion12
securityonion-pfring-devel - 20121107-0ubuntu0securityonion9
securityonion-pfring-ld - 20120827-0ubuntu0securityonion9
securityonion-pfring-module - 20121107-0ubuntu0securityonion25
securityonion-pfring-userland - 20160204-1ubuntu1securityonion2

These new packages should resolve the following issues:

Issue 835: PF_RING 6.2
https://github.com/Security-Onion-Solutions/security-onion/issues/835

Issue 853: NSM: if BPF file is empty, omit option from snort/suricata command
https://github.com/Security-Onion-Solutions/security-onion/issues/853

Issue 854: NSM: improve check for snort/suricata
https://github.com/Security-Onion-Solutions/security-onion/issues/854

Issue 855: NSM: remove old references to disable_signature_reference
https://github.com/Security-Onion-Solutions/security-onion/issues/855

Wes Lambert and Kevin Branch tested these packages.  Thanks, guys!

Updating
The new packages are now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
The next round of online training sessions is coming up soon:
http://blog.securityonion.net/2016/02/next-round-of-security-onion-online.html

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Thanks!

Thursday, February 11, 2016

NetworkMiner 2.0 now available for Security Onion 14.04

NetworkMiner 2.0 was released recently:
http://www.netresec.com/?page=Blog&month=2016-02&post=NetworkMiner-2-0-Released

I've packaged NetworkMiner 2.0 and the new package version is as follows:
securityonion-networkminer - 20160210-1ubuntu1securityonion1

This should resolve the following issue:
https://github.com/Security-Onion-Solutions/security-onion/issues/857

Wes Lambert and Erik Hjelmvik tested this package.  Thanks, guys!

Screenshots


Updating
This new package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
The next round of online training sessions is coming up soon:
http://blog.securityonion.net/2016/02/next-round-of-security-onion-online.html

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Thanks!

Wednesday, February 10, 2016

securityonion-capme - 20121213-0ubuntu0securityonion32 resolves several security issues

John Menerick (https://github.com/lordappsec) found several issues in CapME (thanks, John!):
https://github.com/Security-Onion-Solutions/securityonion-capme/issues/1
https://github.com/Security-Onion-Solutions/securityonion-capme/issues/2
https://github.com/Security-Onion-Solutions/securityonion-capme/issues/3
https://github.com/Security-Onion-Solutions/securityonion-capme/issues/4
https://github.com/Security-Onion-Solutions/securityonion-capme/issues/5
https://github.com/Security-Onion-Solutions/securityonion-capme/issues/6
https://github.com/Security-Onion-Solutions/securityonion-capme/issues/7
https://github.com/Security-Onion-Solutions/securityonion-capme/issues/8
https://github.com/Security-Onion-Solutions/securityonion-capme/issues/9
https://github.com/Security-Onion-Solutions/securityonion-capme/issues/10

I've updated CapME and the new version is as follows:

securityonion-capme - 20121213-0ubuntu0securityonion32

This new package should resolve the following issue:

Issue 856: securityonion-capme needs additional input validation in index.php
https://github.com/Security-Onion-Solutions/security-onion/issues/856

Wes Lambert tested this package.  Thanks, Wes!

Updating
These new packages are now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
The next round of online training sessions is coming up soon:
http://blog.securityonion.net/2016/02/next-round-of-security-onion-online.html

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Thanks!

Suricata 3.0 STABLE now available for Security Onion 14.04!

Suricata 3.0 STABLE was recently released:
http://suricata-ids.org/2016/01/27/suricata-3-0-available/

I've packaged Suricata 3.0 STABLE for Security Onion 14.04 and the new package is as follows:
securityonion-suricata - 3.0stable-1ubuntu1securityonion1

This resolves the following issue:

Issue 847: Suricata 3.0
https://github.com/Security-Onion-Solutions/security-onion/issues/847

Wes Lambert tested this package.  Thanks, Wes!

Updating
These new packages are now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

This update will back up each of your existing suricata.yaml files to suricata.yaml.bak and migrate your HOME_NET and EXTERNAL_NET variables.  You'll then need to do the following:

  • re-apply any other local customizations to your suricata.yaml file(s)
  • update ruleset and restart Suricata as follows:
    sudo rule-update

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
The next round of online training sessions is coming up soon:
http://blog.securityonion.net/2016/02/next-round-of-security-onion-online.html

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Thanks!

Wednesday, February 3, 2016

securityonion-setup - 20120912-0ubuntu0securityonion194 resolves two issues

securityonion-setup - 20120912-0ubuntu0securityonion194 is now available and resolves the following issues:

Setup: X11 error when running via ssh -X
https://github.com/Security-Onion-Solutions/security-onion/issues/846

Setup: master-only shouldn't show Snort/Bro in final confirmation screen
https://github.com/Security-Onion-Solutions/security-onion/issues/848

Wes Lambert tested this package.  Thanks, Wes!

Updating
These new packages are now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
The next round of online training sessions will be in February:
http://blog.securityonion.net/2016/02/next-round-of-security-onion-online.html

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Thanks!

Tuesday, February 2, 2016

Next Round of Security Onion Online Training Sessions - February 22 through February 25

The next round of online training sessions will be held Monday February 22 through Thursday February 25!

Please note that we'll be using the new Security Onion 14.04:
http://blog.securityonion.net/2016/01/security-onion-140431-iso-image-now.html

For more information and to register, please see:
https://attendee.gototraining.com/9z73w/catalog/8119062504158470144

securityonion-capme - 20121213-0ubuntu0securityonion31 resolves an issue

securityonion-capme - 20121213-0ubuntu0securityonion31 is now available and resolves the following issue:

securityonion-capme: remove include config from callback
https://github.com/Security-Onion-Solutions/security-onion/issues/840

Wes Lambert tested this package.  Thanks, Wes!

Updating
These new packages are now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
The next round of online training sessions will be in February.  Please stay tuned for the announcement.

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Thanks!

Monday, February 1, 2016

securityonion-elsa - 1205chartsjsd3-1ubuntu1securityonion6 resolves issue with map dashboard

Brian Haugli found an issue when rendering ELSA dashboards with maps:

Issue 842: securityonion-elsa: map dashboard displays empty screen
https://github.com/Security-Onion-Solutions/security-onion/issues/842

Martin Holste fixed the bug and I've packaged the fix. The following packages are now available in our stable repo:
securityonion-elsa - 1205chartsjsd3-1ubuntu1securityonion6
securityonion-elsa-extras - 20151011-1ubuntu1securityonion27

Screenshots

Suppose you want to create an ELSA dashboard based on the "Connections - Groupby Resp Country" query:



Click the ELSA drop-down menu and then click Dashboards.  The Dashboards window appears:



Click "Create/import new dashboard".  "Create New Dashboard" window appears.  Specify your desired Title and Alias and then set Auth to "Any authenticated user":



Click the Submit button to return to the Dashboards window:



Click the Actions drop-down menu and then click Edit.  On the Edit page, click "Add Chart".  "Create New Chart" window appears.  Specify your desired Title, set Type to "Map", then add your Label and Query.  Note that the query specifically excludes results where the responder country code is null ("-"):


 Click the Submit button and then click "Finished Editing".  Dashboard appears:



Updating
These new packages are now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
The next round of online training sessions will be in February.  Please stay tuned for the announcement.

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Thanks!

Saturday, January 23, 2016

securityonion-setup - 20120912-0ubuntu0securityonion192 resolves an issue

Wes Lambert found an issue with the new version of Setup:

Issue 845: Setup: Production Mode - Custom - not enabling some services properly
https://github.com/Security-Onion-Solutions/security-onion/issues/845

securityonion-setup - 20120912-0ubuntu0securityonion192 resolves this issue.

Updating
This new package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
We have online training classes starting next Monday:
http://blog.securityonion.net/2016/01/next-round-of-security-onion-online.html

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Thanks!

Friday, January 22, 2016

Security Onion 14.04.3.1 Screenshot Tour

Below is a quick screenshot tour of the new Security Onion 14.04.3.1 ISO image.

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!

Training
We have online training classes starting next Monday:

Commercial Support
Need commercial support?  Please see:

Feedback
If you have any questions or problems, please use our security-onion mailing list:

Thanks!


ISO Boot Menu

Boot splash

Installer - Welcome

Installer - Preparing

Installer - Installation Type (now with LVM)

Installer - Verify disk changes

Installer - Time Zone

Installer - Keyboard Layout

Installer - hostname, username, and password

Installer - Copying files

Installer - Installation Complete

Installer - ready to reboot

GRUB Boot Menu

Login screen

Desktop

Installing updates with soup

Setup - Welcome

Setup - Network Interfaces
 
Setup - Management Interface 
Setup - IP Address for Management Interface

Setup - Monitor (sniffing) interfaces 
Setup - Monitor (sniffing) interfaces 
Setup - Verify Choices

Setup - Network Configuration Complete

Reboot and log back in

Run Setup Phase 2

Setup - Welcome

Setup - Skip Network Configuration

Setup - Evaluation Mode or Production Mode

Setup - Monitor (sniffing) interface

Setup - Username

Setup - Password

Setup - Confirm Password

Setup - Confirm Options

Setup - Progress Bar

Setup - Complete

Setup - sostat

Setup - Rules

Setup - links

Setup - commercial support

Verifying services 
Replaying pcaps to create traffic

Launching Squert web interface

Logging into Squert

Squert Main Page

Squert - drilling into a NIDS alert

Squert - viewing NIDS alert payload

Squert - viewing full packet capture

Squert - Geoip Mapping

Squert - Top Signatures

Squert - Top IP Addresses

Squert - Top Countries

Squert - Top Ports

Squert - Sankey Diagram

Logging into Sguil

Sguil - selecting networks (sensors)

Sguil RealTime Events tab

Sguil - pivoting from a NIDS alert to full packet capture

Pivoting from a NIDS alert and sending pcap to Wireshark

Pivoting from a NIDS alert and sending pcap to NetworkMiner

Pivoting from a NIDS alert and decoding gzip-encoded data using Bro

Logging into ELSA 
ELSA - Connections - Top SRC IPs

ELSA - Connections - Top DST IPs

ELSA - Connections - Top DST Ports

ELSA - Connections - Top Services

ELSA - Connections - Groupby Protocol

ELSA - Connections - Groupby Responder's Country Code

ELSA - DHCP - Top Assigned IPs

ELSA - DHCP - DHCP Servers


ELSA - DNS - Top Query Type

ELSA - DNS - Top Return Code

ELSA - Top nxdomain

ELSA - Files - MIME Types

ELSA - FTP - Top arg

ELSA - HTTP - Top DST Ports

ELSA - HTTP - Top MIME Types

ELSA - HTTP - Top User Agents

ELSA - HTTP - Top Sites

ELSA - HTTP - Sites hosting EXEs

ELSA - HTTP - Sites hosting CABs

ELSA - HTTP - Sites Hosting JARs

ELSA - HTTP - Sites hosting SWFs

ELSA - HTTP - Sites hosting ZIPs

ELSA - Kerberos - Top Services

ELSA - Notices - Top Notice Types 
ELSA - SMTP - Top Subjects

ELSA - Snort/Suricata - Top NIDS Alerts

ELSA - Software - Software Detected by Bro

ELSA - SSL - Top Hostnames