Thursday, January 19, 2017

NetworkMiner 2.1 now available for Security Onion!

NetworkMiner 2.1 was released recently:
http://www.netresec.com/?page=Blog&month=2017-01&post=NetworkMiner-2-1-Released

I've packaged NetworkMiner 2.1 and the new package version is as follows:
securityonion-networkminer - 20170112-1ubuntu1securityonion1

This should resolve the following issue:

Issue 1060: NetworkMiner 2.1
https://github.com/Security-Onion-Solutions/security-onion/issues/1060

This package has been tested by Wes Lambert and Erik Hjelmvik.  Thanks, guys!

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Conference
Our annual Security Onion Conference will be Friday September 15, 2017:
https://securityonion.net/conference

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Wednesday, January 18, 2017

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion155 resolves an issue

The following package is now available:
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion155

This new package should resolve the following issue:

NSM: avoid loading IDS rules twice #1062
https://github.com/Security-Onion-Solutions/security-onion/issues/1062

This package has been tested by Wes Lambert.  Thanks, Wes!

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Conference
Our annual Security Onion Conference will be Friday September 15, 2017:
https://securityonion.net/conference

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Tuesday, January 17, 2017

Save the Date: Security Onion Conference 2017

Last year's Security Onion Conference was an overwhelming success!  Videos, slides, and pictures can be found here:
https://securityonion.net/conference

This year's Security Onion Conference will be held in Augusta GA on Friday September 15, 2017 (please mark your calendar!).  This is the day before BSides Augusta, so you may want to plan on attending both:
http://bsidesaugusta.org

We'll publish more details about the Security Onion Conference as they are finalized.

New ELSA packages add support for Bro rfb.log

The following packages are now available:
securityonion-elsa-extras - 20151011-1ubuntu1securityonion48
securityonion-web-page - 20141015-0ubuntu0securityonion72

These new packages should resolve the following issues:

Issue 1036: securityonion-elsa-extras: add pattern for Bro rfb.log
https://github.com/Security-Onion-Solutions/security-onion/issues/1036

Issue 1037: securityonion-web-page: add ELSA queries for Bro rfb.log
https://github.com/Security-Onion-Solutions/security-onion/issues/1037

These packages have been tested by Wes Lambert.  Thanks, Wes!

Updating
These packages are now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Monday, January 16, 2017

securityonion-http-agent - 0.3.1-0ubuntu0securityonion7 resolves an issue

The following package is now available:
securityonion-http-agent - 0.3.1-0ubuntu0securityonion7

This new package should resolve the following issue:

securityonion-http-agent: update for Bro 2.5 #1058
https://github.com/Security-Onion-Solutions/security-onion/issues/1058

This package has been tested by Wes Lambert and Patrick Schilling.  Thanks, guys!

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Thursday, January 12, 2017

securityonion-onionsalt - 20140917-0ubuntu0securityonion21 resolves an issue

The following package is now available:
securityonion-onionsalt - 20140917-0ubuntu0securityonion21

This new package should resolve the following issue:

Issue 1018: salt: use /etc/sudoers.d/ instead of directly editing /etc/sudoers
https://github.com/Security-Onion-Solutions/security-onion/issues/1018

This package has been tested by Wes Lambert.  Thanks, Wes!

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Wednesday, January 11, 2017

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion154 resolves an issue

The following package is now available:
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion154

This new package should resolve the following issue:

Issue 1055: NSM: fix spelling error
https://github.com/Security-Onion-Solutions/security-onion/issues/1055

This package has been tested by Wes Lambert.  Thanks, Wes!

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Tuesday, January 10, 2017

securityonion-rule-update - 20151201-1ubuntu1securityonion10 resolves an issue

The following package is now available:
securityonion-rule-update - 20151201-1ubuntu1securityonion10

This new package should resolve the following issue:

Issue 1054: securityonion-rule-update: Restore stdout/stderr redirect in crontab
https://github.com/Security-Onion-Solutions/security-onion/issues/1054

This package has been tested by Wes Lambert.  Thanks, Wes!

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Monday, January 9, 2017

securityonion-sostat - 20120722-0ubuntu0securityonion69 resolves an issue

The following package is now available:
securityonion-sostat - 20120722-0ubuntu0securityonion69

This new package should resolve the following issues:

sostat: update location of sostat-interface in /var/ossec/etc/ossec.conf #1056
https://github.com/Security-Onion-Solutions/security-onion/issues/1056

sostat: sostat-redacted - change "Port" to "Port " #1057
https://github.com/Security-Onion-Solutions/security-onion/issues/1057

This package has been tested by Wes Lambert.  Thanks, Wes!

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Wednesday, January 4, 2017

Pulledpork, rule-update, and several other updates available for Security Onion!

The following packages are now available:
securityonion-menu - 20121026-0ubuntu0securityonion2
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion153
securityonion-pulledpork - 0.7.2-1ubuntu1securityonion4
securityonion-rule-update - 20151201-1ubuntu1securityonion9
securityonion-setup - 20120912-0ubuntu0securityonion233
securityonion-sguild-add-user - 20120726-0ubuntu0securityonion3
securityonion-sostat - 20120722-0ubuntu0securityonion67
securityonion-squert-cron - 20120722-0ubuntu0securityonion11
securityonion-sudoers - 20161221-1ubuntu1securityonion3

These new packages should resolve the following issues:

Issue 1017: PulledPork 0.7.2
https://github.com/Security-Onion-Solutions/security-onion/issues/1017

Issue 1034: securityonion-rule-update: update for PulledPork 0.7.2
https://github.com/Security-Onion-Solutions/security-onion/issues/1034

Issue 1035: Setup: update for PulledPork 0.7.2
https://github.com/Security-Onion-Solutions/security-onion/issues/1035

Issue 1040: securityonion-sudoers: remove secure_path
https://github.com/Security-Onion-Solutions/security-onion/issues/1040

Issue 1043: NSM: create /usr/sbin/broctl
https://github.com/Security-Onion-Solutions/security-onion/issues/1043

Issue 1044: sostat: use full path for bro-cut
https://github.com/Security-Onion-Solutions/security-onion/issues/1044

Issue 1042: Move scripts from /usr/bin/ to /usr/sbin/
https://github.com/Security-Onion-Solutions/security-onion/issues/1042

These packages have been tested by Wes Lambert and Rob Bardo.  Thanks!

Updating
These packages are now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Release Notes
If you're behind a proxy, you may need to pass the -W option to PulledPork:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Proxy#pulledpork

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

UPDATE 2017-01-09: Added Release Notes regarding PulledPork's -W option.

Tuesday, January 3, 2017

Snort 2.9.9.0 now available for Security Onion!

Snort 2.9.9.0 was recently released:
http://blog.snort.org/2016/12/snort-2990-has-been-released.html

I've packaged it and the following package is now available:
securityonion-snort - 2.9.9.0-1ubuntu1securityonion1

This new package should resolve the following issue:

Issue 1031: Snort 2.9.9.0
https://github.com/Security-Onion-Solutions/security-onion/issues/1031

This package has been tested by Wes Lambert.  Thanks, Wes!

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

This update will back up each of your existing snort.conf files to snort.conf.bak and migrate your HOME_NET and EXTERNAL_NET variables.  You'll then need to do the following:

  • re-apply any other local customizations to your snort.conf file(s)
  • update ruleset and restart Snort as follows:
    sudo rule-update

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Wednesday, December 21, 2016

Squert 1.6.3 now available for Security Onion!

The following package is now available:
securityonion-squert - 20161212-1ubuntu1securityonion9

This new package should resolve the following issues:

Issue 883: Squert 1.6.3
https://github.com/Security-Onion-Solutions/security-onion/issues/883

Issue 868: Squert: Summary page, clicking country, src/dst results in empty page
https://github.com/Security-Onion-Solutions/security-onion/issues/868

Issue 958: Squert: OSSEC HIDS alerts display NIDS rules
https://github.com/Security-Onion-Solutions/security-onion/issues/958

Thanks to Wes Lambert for testing!

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

You may need to Shift-Reload in your browser and/or empty browser cache to ensure you're running the latest Squert javascript.

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Tuesday, December 20, 2016

Bro 2.5 now available for Security Onion!

Bro 2.5 was released recently:
http://blog.bro.org/2016/11/bro-25-released.html
https://www.bro.org/download/NEWS.bro.html
https://www.bro.org/download/CHANGES.bro.txt

I've packaged Bro 2.5 and also updated the securityonion-bro-scripts and securityonion-elsa-extras packages.  The new packages are as follows:
securityonion-bro - 2.5-1ubuntu1securityonion3
securityonion-bro-scripts - 20121004-0ubuntu0securityonion49
securityonion-elsa-extras - 20151011-1ubuntu1securityonion47

These packages resolve the following issues:

Issue 1023: Bro 2.5
https://github.com/Security-Onion-Solutions/security-onion/issues/1023

Issue 1028: securityonion-bro-scripts: update for Bro 2.5
https://github.com/Security-Onion-Solutions/security-onion/issues/1028

Issue 1029: securityonion-elsa-extras: update for Bro 2.5
https://github.com/Security-Onion-Solutions/security-onion/issues/1029

Thanks to Wes Lambert and Rob Bardo for testing!

Updating
These packages are now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

These updates will back up your Bro configuration.  You'll then need to do the following:

  • re-apply any local customizations to the Bro config
  • restart Bro as follows:
    sudo nsm_sensor_ps-restart --only-bro

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Monday, December 19, 2016

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion149 resolves two issues

The following package is now available:
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion149

This new package should resolve the following issues:

Issue 942: NSM: more gracefully handle large number of files in /nsm/bro/extracted
https://github.com/Security-Onion-Solutions/security-onion/issues/942

Issue 1033: NSM: only allow one instance of nsm_sensor_clean at a time
https://github.com/Security-Onion-Solutions/security-onion/issues/1033

Thanks to Wes Lambert for testing!

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Wednesday, December 14, 2016

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion145 resolves an issue

The following package is now available:
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion145

This new package should resolve the following issue:

NSM: don't chown every file in /nsm/bro/extracted #1032
https://github.com/Security-Onion-Solutions/security-onion/issues/1032

Thanks to Wes Lambert for testing!

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Tuesday, December 13, 2016

Suricata 3.2 now available for Security Onion!

Suricata 3.2 was recently released:
https://suricata-ids.org/2016/12/01/suricata-3-2-available/

I've packaged it and the following package is now available:
securityonion-suricata - 3.2-1ubuntu1securityonion2

This new package should resolve the following issue:

Issue 1026: Suricata 3.2
https://github.com/Security-Onion-Solutions/security-onion/issues/1026

This package has been tested by Wes Lambert.  Thanks, Wes!

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

This update will back up each of your existing suricata.yaml files to suricata.yaml.bak and migrate your HOME_NET and EXTERNAL_NET variables.  You'll then need to do the following:

  • re-apply any other local customizations to your suricata.yaml file(s)
  • update ruleset and restart Suricata as follows:
    sudo rule-update

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Monday, December 12, 2016

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion144 resolves an issue

The following package is now available:
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion144

This new package should resolve the following issue:

NSM: remove chown from /usr/sbin/so-bro-cron #1030
https://github.com/Security-Onion-Solutions/security-onion/issues/1030

Thanks to Wes Lambert for testing!

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Wednesday, December 7, 2016

Training Update

Our next live session of online training will be March 13, 2017 through March 16, 2017.  For more details and to register, please see:
https://securityonionsolutions.com/onlinetraining

If you need online training before then, you may want to consider our pre-recorded on-demand training:
https://securityonionsolutions.com/ondemandtraining

If you're looking for more in-depth training including lab exercises, we are starting to schedule our 4-day onsite classes for 2017:
https://securityonionsolutions.com/onsitetraining

Tuesday, December 6, 2016

securityonion-sostat - 20120722-0ubuntu0securityonion65 resolves an issue

The following package is now available:
securityonion-sostat - 20120722-0ubuntu0securityonion65

This new package should resolve the following issue:

Issue 1024: soup: when running on sensor, check to make sure master server has been updated first
https://github.com/Security-Onion-Solutions/security-onion/issues/1024

Thanks to Wes Lambert!

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Monday, December 5, 2016

CapMe 1.0.1 is now available and supports UDP traffic!

The following packages are now available:
securityonion-capme - 20121213-0ubuntu0securityonion65
securityonion-sguil-client - 20141004-0ubuntu0securityonion16
securityonion-sguil-sensor - 20141004-0ubuntu0securityonion16
securityonion-sguil-server - 20141004-0ubuntu0securityonion16

These new packages should resolve the following issue:

Issue 492: CapMe needs to handle UDP better
https://github.com/Security-Onion-Solutions/security-onion/issues/492

Thanks to Wes Lambert!

Updating
These packages are now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Release Notes
After installing the updated packages, you will need to restart sguild as follows:
sudo nsm_server_ps-restart
Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Wednesday, November 30, 2016

securityonion-setup - 20120912-0ubuntu0securityonion229 resolves 3 issues

The following package is now available:
securityonion-setup - 20120912-0ubuntu0securityonion229

This new package should resolve the following issues:

Issue 988: Setup: use lowercase of hostname when creating sensornames
https://github.com/Security-Onion-Solutions/security-onion/issues/988

Issue 1000: Setup: rename VRT to Talos
https://github.com/Security-Onion-Solutions/security-onion/issues/1000

Issue 989: Setup: postinst should check for existence of account before chown
https://github.com/Security-Onion-Solutions/security-onion/issues/989

Thanks to Wes Lambert!

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Monday, November 14, 2016

securityonion-elsa-extras - 20151011-1ubuntu1securityonion40 resolves an issue

The following package is now available:
securityonion-elsa-extras - 20151011-1ubuntu1securityonion40

This new package should resolve the following issue:

Issue 1010: securityonion-elsa-extras: Windows process enhancements
https://github.com/Security-Onion-Solutions/security-onion/issues/1010

Thanks to Brian Kellogg for submitted these new ELSA patterns!

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Monday, November 7, 2016

Suricata 3.1.3 now available for Security Onion!

Suricata 3.1.3 was recently released:
https://suricata-ids.org/2016/11/01/suricata-3-1-3-released/

I've packaged it and the following package is now available:
securityonion-suricata - 3.1.3-1ubuntu1securityonion2

This new package should resolve the following issue:

Issue 1014: Suricata 3.1.3
https://github.com/Security-Onion-Solutions/security-onion/issues/1014

This package has been tested by Wes Lambert.  Thanks, Wes!

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

This update will back up each of your existing suricata.yaml files to suricata.yaml.bak and migrate your HOME_NET and EXTERNAL_NET variables.  You'll then need to do the following:
  • re-apply any other local customizations to your suricata.yaml file(s)
  • update ruleset and restart Suricata as follows:
    sudo rule-update
Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Wednesday, October 19, 2016

securityonion-sostat - 20120722-0ubuntu0securityonion63 resolves an issue

The following package is now available:
securityonion-sostat - 20120722-0ubuntu0securityonion63

This new package should resolve the following issue:

Issue 1009: soup: change "2>1" to "2>&1"
https://github.com/Security-Onion-Solutions/security-onion/issues/1009

Thanks to Wes Lambert for testing this package.

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Tuesday, October 18, 2016

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion143 resolves two issues

The following package is now available:
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion143

This new package should resolve the following issues:

Issue 993: NSM: start/restart errors on systems with ethXX (2 or more numbers)
https://github.com/Security-Onion-Solutions/security-onion/issues/993

Issue 1005: NSM: redirect iostreams to logfile during ossec-agent restart
https://github.com/Security-Onion-Solutions/security-onion/issues/1005

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Monday, October 17, 2016

securityonion-capme - 20121213-0ubuntu0securityonion61 resolves an issue

The following package is now available:
securityonion-capme - 20121213-0ubuntu0securityonion61

This new package should resolve the following issue:

Issue 1007: CapMe: transcript data sometimes overruns the transcript window
https://github.com/Security-Onion-Solutions/security-onion/issues/1007

This package has been tested by Wes Lambert (thanks, Wes!).

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Friday, September 30, 2016

securityonion-web-page - 20141015-0ubuntu0securityonion71 resolves several issues

The following package is now available:
securityonion-web-page - 20141015-0ubuntu0securityonion71

This new package should resolve the following issues:

Issue 1001: securityonion-web-page: move Top/Bottom links to beginning of line
https://github.com/Security-Onion-Solutions/security-onion/issues/1001

Issue 1002: securityonion-web-page: fix ELSA FIREWALL_ACCESS_DENY queries
https://github.com/Security-Onion-Solutions/security-onion/issues/1002

Issue 1004: securityonion-web-page: standardize Autoruns queries
https://github.com/Security-Onion-Solutions/security-onion/issues/1004

Screenshots
Top / Bottom links are now at the beginning of the line
and Autoruns queries have been standardized


DNS - Top 100 Requests

DNS - Bottom 100 Requests


Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Thursday, September 29, 2016

securityonion-sostat - 20120722-0ubuntu0securityonion62 resolves several issues

The following package is now available:
securityonion-sostat - 20120722-0ubuntu0securityonion62

This new package should resolve the following issues:

Issue 990: sostat: Fix redirect to file issue
https://github.com/Security-Onion-Solutions/security-onion/issues/990

Issue 991: sostat: Remove redundant source call
https://github.com/Security-Onion-Solutions/security-onion/issues/991

Issue 992: sostat: Enable nullglobs to prevent string literal bug in various for loops
https://github.com/Security-Onion-Solutions/security-onion/issues/992

Issue 996: sostat: report OS version and sostat version
https://github.com/Security-Onion-Solutions/security-onion/issues/996

Issue 998: sostat: only show last run of rule-update
https://github.com/Security-Onion-Solutions/security-onion/issues/998

Issue 961: soup: remove any autoremove recommendations
https://github.com/Security-Onion-Solutions/security-onion/issues/961

Issue 962: soup: recommend upgrading to 16.04 HWE stack
https://github.com/Security-Onion-Solutions/security-onion/issues/962

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

securityonion-rule-update - 20151201-1ubuntu1securityonion7 resolves an issue

The following package is now available:
securityonion-rule-update - 20151201-1ubuntu1securityonion7

This new package should resolve the following issue:

Issue 985: rule-update should always log to /var/log/nsm/pulledpork.log
https://github.com/Security-Onion-Solutions/security-onion/issues/985

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Wednesday, September 28, 2016

securityonion-elsa-extras - 20151011-1ubuntu1securityonion38 resolves an issue

The following package is now available:
securityonion-elsa-extras - 20151011-1ubuntu1securityonion38

This new package should resolve the following issue:

Issue 997: securityonion-elsa-extras: better parsing for event id 4776
https://github.com/Security-Onion-Solutions/security-onion/issues/997

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Tuesday, September 27, 2016

securityonion-squert-cron - 20120722-0ubuntu0securityonion10 resolves an issue

The following package is now available:
securityonion-squert-cron - 20120722-0ubuntu0securityonion10

This new package should resolve the following issue:

Squert ip2c cron job should lock to prevent multiple instances #987
https://github.com/Security-Onion-Solutions/security-onion/issues/987

This package has been tested by Wes Lambert.  Thanks, Wes!

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Monday, September 26, 2016

Suricata 3.1.2 now available for Security Onion!

Suricata 3.1.2 was recently released:
https://suricata-ids.org/2016/09/07/suricata-3-1-2-released/

I've packaged it and the following package is now available:
securityonion-suricata - 3.1.2-1ubuntu1securityonion1

This new package should resolve the following issue:

Issue 994: Suricata 3.1.2
https://github.com/Security-Onion-Solutions/security-onion/issues/994

This package has been tested by Wes Lambert.  Thanks, Wes!

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

This update will back up each of your existing suricata.yaml files to suricata.yaml.bak and migrate your HOME_NET and EXTERNAL_NET variables.  You'll then need to do the following:

  • re-apply any other local customizations to your suricata.yaml file(s)
  • update ruleset and restart Suricata as follows:
    sudo rule-update

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Thursday, September 22, 2016

Tuesday, September 13, 2016

4-day Security Onion class in Columbia SC - October 25 through October 28

Our wildly popular 4-day class is coming to Columbia SC in October!  For more details and to register, please see:

https://securityonionsolutions.com/onsitetraining

Pictures from Security Onion Conference 2016












































Onion Arcade: Make Your Adversaries Cry

At Security Onion Conference 2016, I talked about Onion Arcade:
https://www.youtube.com/watch?v=AXk-Te_lMmg&list=PLljFlTO9rB15Tve-LhV5k_5_0HH37eALe&index=9

If you haven't seen it, please watch the video to understand the reasons for building Onion Arcade and how it relates to Security Onion.

For those interested, here are some higher resolution photos of the build process.

Super Nintendo SNS-101 (Mini) --> Framemeister scaler --> HDMI Monitor

Button Panel

Plexiglass


Joystick panel



Sides

Monitor VESA mount


Ground wire, lots of it!

Wiring harness for LED lights

Speaker panel


Buttons installed

Joysticks installed

Bottom of joystick panel before wiring begins

LED buttons powered up

First SNES Controller PCB soldered

First SNES Controller PCB with Joystick panel

Second SNES Controller PCB soldered

Both SNES Controller PCBs with Joystick panel

Joystick panel wiring completed

Cabinet construction begins


Back door installed

Monitor installed

Installing LED light strips in marquee 
The components barely fit 

It's Alive!

Onion Arcade FAQ

What does this have to do with Security Onion?
Please see the video for a full explanation:
https://www.youtube.com/watch?v=AXk-Te_lMmg&list=PLljFlTO9rB15Tve-LhV5k_5_0HH37eALe&index=9

Is Onion Arcade for sale?
No, it's mine, all mine!  :)

Is it running emulators/ROMs?
Nope, under the hood is a real Super Nintendo SNS-101 (Mini) and a real SNES cartridge.

Where did the artwork come from?
I found a Creative Commons licensed Mandelbrot fractal on Wikipedia and added neon logos using the Gimp graphics editor.

The Mandelbrot fractal background was created by Wolfgang Beyer with the program Ultra Fractal 3 and licensed under the Creative Commons Attribution-Share Alike 3.0 Unported license.  For more information:

https://upload.wikimedia.org/wikipedia/commons/a/a4/Mandel_zoom_11_satellite_double_spiral.jpg

https://en.wikipedia.org/wiki/File:Mandel_zoom_11_satellite_double_spiral.jpg