Wednesday, July 30, 2014

Only 1 week until Security Onion training in Sacramento CA!

We still have a few seats left for the 2-day Security Onion class in Sacramento CA (only 1 week away!).  Here's a discount code good for $200 off!
1weekleft48314

For more details and to register, please see:
https://securityonion20140807.eventbrite.com/

Monday, July 28, 2014

New securityonion-web-page package resolves two issues

I've built a new version of securityonion-web-page that resolves two issues.  The updated package version is as follows:
securityonion-web-page - 20120722-0ubuntu0securityonion23

This new package has been tested by the following (thanks!):
Eddy Simons

Issues Resolved

Issue 562: securityonion-web-page: break OSSEC alerts out into separate ELSA queries
https://code.google.com/p/security-onion/issues/detail?id=562

Issue 563: securityonion-web-page: add link for training/support
https://code.google.com/p/security-onion/issues/detail?id=563

Screenshots
Host Logs: File Changes - OSSEC File Integrity Checksum Alerts
Host Logs: OSSEC Status - OSSEC Server/Agent status messages

Updating
The new package is now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Commercial Support/Training
Need training and/or commercial support?  Please see:
http://securityonionsolutions.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

Friday, July 25, 2014

New securityonion-rule-update package resolves an issue

I've built a new version of rule-update that resolves an issue.  The updated package version is as follows:
securityonion-rule-update - 20120726-0ubuntu0securityonion22

This new package has been tested by the following (thanks!):
David Zawdie

Issues Resolved

Issue 560: rule-update: run PulledPork with -T option if ENGINE=suricata
https://code.google.com/p/security-onion/issues/detail?id=560

Updating
The new package is now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Commercial Support/Training
Need training and/or commercial support?  Please see:
http://securityonionsolutions.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

New securityonion-setup package resolves two issues

I've built a new version of Setup that resolves two issues.  The updated package version is as follows:
securityonion-setup - 20120912-0ubuntu0securityonion113

This new package has been tested by the following (thanks!):
David Zawdie
Eddy Simons

Issues Resolved

Issue 564: sosetup: avoid breaking ELSA syslog-ng.conf
https://code.google.com/p/security-onion/issues/detail?id=564

Issue 565: sosetup: run PulledPork with -T option if ENGINE=suricata
https://code.google.com/p/security-onion/issues/detail?id=565

Updating
The new package is now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Commercial Support/Training
Need commercial support/training?  Please see:
http://securityonionsolutions.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

Wednesday, July 23, 2014

$200 discount for Security Onion class in Sacramento CA

We still have a few seats left for the 2-day Security Onion class in Sacramento CA (only 2 weeks away!).  Here's a discount code good for $200 off!
2weeksleft5602

For more details and to register, please see:
https://securityonion20140807.eventbrite.com/

Tuesday, July 22, 2014

New securityonion-setup package resolves eight issues

I've built a new version of Setup that resolves eight issues.  The updated package version is as follows:
securityonion-setup - 20120912-0ubuntu0securityonion110

This new package has been tested by the following (thanks!):
Eddy Simons
David Zawdie

Issues Resolved

Issue 522: sosetup should handle more than 10 interfaces correctly
https://code.google.com/p/security-onion/issues/detail?id=522

Issue 525: sosetup: configure all available sniffing interfaces and prompt for which interfaces to enable
https://code.google.com/p/security-onion/issues/detail?id=525

Issue 527: sosetup: when choosing sensor-only and entering server name, do not allow the hostname or IP address of the sensor itself
https://code.google.com/p/security-onion/issues/detail?id=527

Issue 543: sosetup: if no Internet access, notify user that we're setting LOCAL_NIDS_RULE_TUNING=yes
https://code.google.com/p/security-onion/issues/detail?id=543

Issue 539: sosetup: support more network card naming stuff
https://code.google.com/p/security-onion/issues/detail?id=539

Issue 538: sosetup: add references to sostat, sostat-redacted and sostat-quick
https://code.google.com/p/security-onion/issues/detail?id=538

Issue 545: sosetup: add comments to /etc/nsm/securityonion.conf
https://code.google.com/p/security-onion/issues/detail?id=545

Issue 546: sosetup: change true/false options to yes/no
https://code.google.com/p/security-onion/issues/detail?id=546

Updating
The new package is now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Commercial Support/Training
Need commercial support/training?  Please see:
http://securityonionsolutions.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

Tuesday, July 15, 2014

Wednesday, July 9, 2014

Registration for the Security Onion Conference is now open

Registration for the 2014 Security Onion Conference is now open!
http://securityonionconference2014.eventbrite.com

If you register before July 31, you can use the following early bird discount code:
earlybird1447

If you have any questions about the conference, please use the Contact link at the bottom of the Eventbrite page.

Tuesday, July 8, 2014

New securityonion-pulledpork and securityonion-rule-update packages

I've updated our securityonion-pulledpork package to PulledPork 0.7.0.  I also applied a patch from Will Metcalf to allow PulledPork to request ET rules using the proper Suricata version number.  Additionally, the new version of PulledPork required a slight change to rule-update.

The updated package versions are as follows:
securityonion-pulledpork - 0.7.0-0ubuntu0securityonion5
securityonion-rule-update - 20120726-0ubuntu0securityonion21

These new packages have been tested by the following (thanks!):
David Zawdie
Heine Lysemose
Mike Pilkington
Travis Schack

Issues Resolved

Issue 390: PulledPork 0.7.0
https://code.google.com/p/security-onion/issues/detail?id=390

Issue 425: PulledPork should request ET rules using proper Suricata version
https://code.google.com/p/security-onion/issues/detail?id=425

Issue 552: rule-update: run PulledPork with -P option to process tarball
https://code.google.com/p/security-onion/issues/detail?id=552

Updating
The new packages are now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Commercial Support/Training
Need commercial support/training?  Please see:
http://securityonionsolutions.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

Monday, July 7, 2014

Introducing Security Onion Solutions, LLC

I started Security Onion in 2008 to provide a quick and easy way for folks to get up and running with intrusion detection and network security monitoring.  Over the years, it has grown to be a comprehensive platform for not only IDS and NSM, but also log management. Today, Security Onion has over 100,000 downloads and is being used by organizations around the world to help monitor and defend their networks. To help those organizations, I've started Security Onion Solutions, LLC to provide commercial support and training.

Q&A


Will Security Onion continue to be developed and supported?

Yes, Security Onion will continue to be developed and supported!  We're simply adding commercial support and training options.

I'm interested in commercial support and/or training.  How do I contact you?

Go to Security Onion Solutions and use the contact form.