The new package version are as follows:
securityonion-setup - 20120912-0ubuntu0securityonion132
securityonion-sostat - 20120722-0ubuntu0securityonion33
securityonion-web-page - 20141015-0ubuntu0securityonion22
securityonion-elsa-extras - 20131117-1ubuntu0securityonion58
Issue 703: Move from Google Code to Github
Security Onion has moved to Github, so some of the hyperlinks in Setup and sostat had to be updated.
Issue 706: Add Josh Brower's ELSA parsers for process logs and sysmon
If you have Windows machines with OSSEC agents on them and process auditing enabled, ELSA now parses those "new process" logs.
Issue 709: Add fear.nothing's ELSA parsers for pfSense
If you're running pfSense firewalls and send their logs to Security Onion via syslog, ELSA will now parse them.
Issue 710: securityonion-web-page: add ELSA queries for Firewall logs
and Windows Processes
Since ELSA is now parsing firewall logs and Windows processes, we provide some additional ELSA queries to slice and dice those logs. See screenshots below.
|Host Logs - Windows Processes|
|Firewall - Top SRC IPs Allowed|
|Firewall - Top DST IPs Allowed|
|Firewall - Top SRC IPs Denied|
|Firewall - Top DST IPs Denied|
The new packages are now available in our stable repo. Please see the following page for full update instructions:
If you have any questions or problems, please use our security-onion mailing list:
Need training? We have 3-hour online classes and also a 4-day onsite class coming up in Houston. Please see:
Need commercial support? Please see:
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams: