Wednesday, January 8, 2014

New securityonion-web-page package available

I've updated our securityonion-web-page package.  The updated package version is securityonion-web-page - 20120722-0ubuntu0securityonion12 and has been tested by David Zawdie.

Issues Resolved

Issue 455: securityonion-web-page: update hyperlink

Issue 456: securityonion-web-page: add example ELSA queries

This package adds a new URL ( that includes a menu on the left with some common ELSA queries.

Connections: Top SRC IPs - Top Source IP Addresses in Bro's conn.log

Connections: Top DST Ports - Top Destination Ports in Bro's conn.log

Connections: Top Services - Top Services Identified in Bro's conn.log

Connections: Port 53 groupby Service - Top Services Identified on Port 53 in Bro's conn.log

DHCP: Top Assigned IPs - Top Assigned IP Addresses seen in Bro's dhcp.log

DNS: Top Requests - Top DNS Requests seen in Bro's dns.log

DNS: Top nxdomain - Top nxdomain Responses seen in Bro's dns.log

Files: MIME Types - Top MIME Types seen in Bro's files.log

Files: Sources - Top Protocol Sources in Bro's files.log

FTP: Top arg - FTP Transactions in Bro's ftp.log

Host Logs: OSSEC Alerts - HIDS Alerts from OSSEC

Host Logs: All OSSEC Logs - Raw Logs from OSSEC (not HIDS Alerts)

Host Logs: Syslog-NG - Standard Syslog received by Syslog-NG

Host Logs: Syslog Detected by Bro - Syslog detected by Bro and logged to syslog.log

HTTP: Top User Agents - Top HTTP User Agents in Bro's http.log

HTTP: Top Sites - Top HTTP Sites in Bro's http.log

HTTP: Sites hosting EXEs - Sites hosting EXEs in Bro's http.log

Notice: Top Notice Types - Top Notice Types found in Bro's notice.log

SMTP: Top Subjects - Top Email Subject Lines in Bro's smtp.log

Snort/Suricata: Top Snort Alerts - Top IDS Alerts from Snort or Suricata

Sortware: Software Detected by Bro - Top Software Types found in Bro's software.log

Weird: Top Weird Types - Top Traffic Anomalies found in Bro's weird.log

The new package is now available in our stable repo.  Please see the following page for full update instructions:

If you have any questions or problems, please use our mailing list:

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:

We especially need help in answering support questions on the mailing list and IRC channel.  Thanks!

1 comment:

Martin Paszkiewicz said...

This is a very welcome addition! AWESOME!