Wednesday, January 8, 2014

New securityonion-web-page package available

I've updated our securityonion-web-page package.  The updated package version is securityonion-web-page - 20120722-0ubuntu0securityonion12 and has been tested by David Zawdie.

Issues Resolved

Issue 455: securityonion-web-page: update hyperlink
https://code.google.com/p/security-onion/issues/detail?id=455

Issue 456: securityonion-web-page: add example ELSA queries
https://code.google.com/p/security-onion/issues/detail?id=456

This package adds a new URL (https://your.security.onion.hostname/elsa/) that includes a menu on the left with some common ELSA queries.

Screenshots
Connections: Top SRC IPs - Top Source IP Addresses in Bro's conn.log

Connections: Top DST Ports - Top Destination Ports in Bro's conn.log

Connections: Top Services - Top Services Identified in Bro's conn.log

Connections: Port 53 groupby Service - Top Services Identified on Port 53 in Bro's conn.log

DHCP: Top Assigned IPs - Top Assigned IP Addresses seen in Bro's dhcp.log

DNS: Top Requests - Top DNS Requests seen in Bro's dns.log

DNS: Top nxdomain - Top nxdomain Responses seen in Bro's dns.log

Files: MIME Types - Top MIME Types seen in Bro's files.log

Files: Sources - Top Protocol Sources in Bro's files.log

FTP: Top arg - FTP Transactions in Bro's ftp.log

Host Logs: OSSEC Alerts - HIDS Alerts from OSSEC

Host Logs: All OSSEC Logs - Raw Logs from OSSEC (not HIDS Alerts)

Host Logs: Syslog-NG - Standard Syslog received by Syslog-NG

Host Logs: Syslog Detected by Bro - Syslog detected by Bro and logged to syslog.log

HTTP: Top User Agents - Top HTTP User Agents in Bro's http.log

HTTP: Top Sites - Top HTTP Sites in Bro's http.log

HTTP: Sites hosting EXEs - Sites hosting EXEs in Bro's http.log

Notice: Top Notice Types - Top Notice Types found in Bro's notice.log

SMTP: Top Subjects - Top Email Subject Lines in Bro's smtp.log

Snort/Suricata: Top Snort Alerts - Top IDS Alerts from Snort or Suricata

Sortware: Software Detected by Bro - Top Software Types found in Bro's software.log

Weird: Top Weird Types - Top Traffic Anomalies found in Bro's weird.log


Updating
The new package is now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list and IRC channel.  Thanks!

1 comment:

Martin Paszkiewicz said...

This is a very welcome addition! AWESOME!

Search This Blog

Featured Post

Did You Know Security Onion Scales to the Enterprise?

Did you know Security Onion scales to the enterprise? Security Onion is designed to scale from simple standalone deployments all the way up ...

Popular Posts

Blog Archive