Security Onion Blog

Wednesday, May 25, 2016

securityonion-capme - 20121213-0ubuntu0securityonion47 resolves 5 issues

I've updated the following package:

securityonion-capme - 20121213-0ubuntu0securityonion47

This package should resolve the following issues:

Issue 736: CapMe: Debug information occasionally gets rendered inside the transcript
https://github.com/Security-Onion-Solutions/security-onion/issues/736

Issue 738: CapMe: handle large pcaps more gracefully
https://github.com/Security-Onion-Solutions/security-onion/issues/738

Issue 916: CapMe: Check for gzip encoding and automatically switch to Bro transcript
https://github.com/Security-Onion-Solutions/security-onion/issues/916

Issue 922: CapMe: Handle sguild failure more gracefully
https://github.com/Security-Onion-Solutions/security-onion/issues/922

Issue 493: CapMe: send credentials interactively to avoid exposing on command line
https://github.com/Security-Onion-Solutions/security-onion/issues/493

Wes Lambert and Robert Bardo tested this package.  Thanks, guys!

Screenshots


The CapMe submission form now includes a new field called Max Xscript Bytes (which defaults to 500,000) and the default Output option is now "auto".

With Output set to "auto", CapMe will check for gzip encoding and, if found, will automatically switch to the Bro transcript to decode the gzip. 

If the transcript is larger than the Max Xscript Bytes setting (500,000 bytes by default), CapMe will display this at the bottom of the transcript.

 Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
The next round of online classes will be in July:
https://attendee.gototraining.com/9z73w/catalog/8119062504158470144

Conference
Security Onion Conference will be on Friday September 9 and CFP is open!
http://blog.securityonion.net/2016/03/security-onion-conference-2016-cfp.html

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Search This Blog

Featured Post

New Security Onion Online Training Class - Detection Engineering with Security Onion!

We've just added an exciting new course to our online Security Onion 2.4 training catalog! It's called "Detection Engineering w...

Popular Posts

Blog Archive