Tuesday, September 23, 2014

New Bro 2.3.1 packages

Bro 2.3.1 was recently released:
http://blog.bro.org/2014/09/bro-231-release.html

I've packaged Bro 2.3.1 and it has been tested by the following (thanks!):
Eddy Simons
David Zawdie

The new package versions are as follows:

securityonion-bro - 2.3.1-0ubuntu0securityonion1
securityonion-bro-scripts - 20121004-0ubuntu0securityonion27

Issues Resolved

Issue 586: Bro 2.3.1
https://code.google.com/p/security-onion/issues/detail?id=586

Updating
The new packages are now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

These updates will back up your Bro configuration.  You'll then need to do the following:

  • re-apply any local customizations to the Bro config
  • restart Bro as follows:

sudo nsm_sensor_ps-restart --only-bro

Screenshots
Update Process

Restarting Bro after updating config

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Training
Less than 20 seats left for the 3-day Security Onion class in Richmond VA!
https://security-onion-class-20141020.eventbrite.com/

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

Monday, September 22, 2014

New securityonion-setup package resolves issue with answer file support

securityonion-setup - 20120912-0ubuntu0securityonion119 should resolve the following issue:

Issue 590: Setup: sosetup.conf SALT="yes"
https://code.google.com/p/security-onion/issues/detail?id=590

This new package has been tested by the following (thanks!):
Eddy Simons

Answer file support is still considered experimental.  You can test it using the instructions here:
https://groups.google.com/d/topic/security-onion-testing/GEMTSVFWkXA/discussion

Updating
The new package is now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Training
Less than 20 seats left for the new 3-day Security Onion class in Richmond VA!
https://security-onion-class-20141020.eventbrite.com/

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

Friday, September 12, 2014

Security Onion 12.04.5 ISO image now available

We have a new Security Onion 12.04.5 ISO image now available that contains all the latest Ubuntu and Security Onion updates as of September 8, 2014!

It should also resolve the following issues:

Issue 536: ISO: deleting desktop icons for live user sometimes doesn't work properly
https://code.google.com/p/security-onion/issues/detail?id=536

Issue 584: ISO: 14.04 HWE stack (Linux kernel 3.13)
https://code.google.com/p/security-onion/issues/detail?id=584

In short, it's the best release ever!

This new ISO image has been tested by the following (thanks!):
Eddy Simons
David Zawdie

New Users
I've updated the Installation guide to reflect the download locations for the new 12.04.5 ISO image:
https://code.google.com/p/security-onion/wiki/Installation

As always, please remember to verify the checksum of the downloaded ISO image using the instructions in the Installation guide.  Here's the MD5 for this release:
d1b46b982bf41370515689de82bd81b8

Existing Deployments
If you have existing installations based on a previous 12.04 ISO image, there is no need to download the new 12.04.5 ISO image.  You can simply continue using our standard update process to install updated packages as they are made available:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Training
$400 off the new 3-day Security Onion class in Richmond VA!
http://blog.securityonion.net/2014/09/400-off-our-new-3-day-security-onion.html

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

New securityonion-setup package adds answer file support

securityonion-setup - 20120912-0ubuntu0securityonion118 should resolve the following issue:

Issue 587: Setup: allow for automated setup using answer file
https://code.google.com/p/security-onion/issues/detail?id=587

This new package has been tested by the following (thanks!):
Eddy Simons
Karolis

Answer file support is still considered experimental.  You can test it using the instructions here:
https://groups.google.com/d/topic/security-onion-testing/GEMTSVFWkXA/discussion

Updating
The new package is now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Training
$400 off the new 3-day Security Onion class in Richmond VA!
http://blog.securityonion.net/2014/09/400-off-our-new-3-day-security-onion.html

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

New ossec-hids-server package resolves three issues

ossec-hids-server - 2.8.0-ubuntu10securityonion7 should resolve the following issues:

Issue 412: OSSEC 2.8
https://code.google.com/p/security-onion/issues/detail?id=412

Issue 573: OSSEC increase setmaxagents to 1024
https://code.google.com/p/security-onion/issues/detail?id=573

Issue 330: ossec.conf changes
https://code.google.com/p/security-onion/issues/detail?id=330

This new package has been tested by the following (thanks!):
Brian Kellogg
David Zawdie
Mike Seward

Installation Process

After installing the new OSSEC package, you'll need to double-check /var/ossec/etc/ossec.conf and add back any local customizations.  Also, if you had added any local rules to /var/ossec/rules/local_rules.xml, you'll need to do the following:
sudo cp /var/ossec/rules/local_rules.xml-2.6 /var/ossec/rules/local_rules.xml

You can then restart OSSEC as follows:
sudo service ossec-hids-server restart

Updating
The new package is now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Training
$400 off the new 3-day Security Onion class in Richmond VA!
http://blog.securityonion.net/2014/09/400-off-our-new-3-day-security-onion.html

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

Wednesday, September 10, 2014

New securityonion-nsmnow-admin-scripts package resolves two issues

securityonion-nsmnow-admin-scripts 20120724-0ubuntu0securityonion83 should resolve the following issues:

Issue 582: NSM: only run "broctl cron" if Bro is enabled
https://code.google.com/p/security-onion/issues/detail?id=582

This should avoid the situation described here:
https://groups.google.com/d/topic/security-onion/Fo4xQ7VDIyY/discussion

Issue 581: NSM: avoid filling disk if CRIT_DISK_USAGE exceeded in one day
https://code.google.com/p/security-onion/issues/detail?id=581

We still have occasional reports of disks filling up with pcaps.  I've addressed this in 3 ways:

1.  sensor-clean used to run every 5 minutes, but has been changed to run *every* minute.

2.  sensor-clean no longer ignores pcaps from the current day.  If all previous days have been removed, then it will go into the current day's directory and remove pcaps one at a time until EITHER disk is no longer critical OR there are no pcaps remaining.

3.  If sensor-clean determines that there are no pcaps remaining to purge but disk is still critical, then it will stop netsniff-ng.



This new package has been tested by David Zawdie (thanks!).

Updating
The new package is now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Training
$400 off the new 3-day Security Onion class in Richmond VA!
http://blog.securityonion.net/2014/09/400-off-our-new-3-day-security-onion.html

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

New securityonion-networkminer package

NetworkMiner 1.6.1 was recently released:
http://www.netresec.com/?page=Blog&month=2014-06&post=NetworkMiner-1-6-Released


I've packaged NetworkMiner 1.6.1 and the new package has been tested by the following (thanks!):
Brian Kellogg
David Zawdie

Issues Resolved

Issue 553: NetworkMiner 1.6.1
https://code.google.com/p/security-onion/issues/detail?id=553

Updating
The new package is now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Training
$400 off the new 3-day Security Onion class in Richmond VA!
http://blog.securityonion.net/2014/09/400-off-our-new-3-day-security-onion.html

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

Tuesday, September 9, 2014

New securityonion-et-rules package

I've updated our securityonion-et-rules package in preparation for our upcoming 12.04.5 ISO image.  This is a static set of free NIDS rules from Emerging Threats that is only used if you have LOCAL_NIDS_RULE_TUNING=yes in /etc/nsm/securityonion.conf (most users should have LOCAL_NIDS_RULE_TUNING=no which causes PulledPork to download updated rules from the Internet).

This package has been tested by the following (thanks!):
David Zawdie

Issues Resolved

Issue 572: securityonion-et-rules: update for new ISO
https://code.google.com/p/security-onion/issues/detail?id=572

Updating
The new package is now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Training
$400 off the new 3-day Security Onion class in Richmond VA!
http://blog.securityonion.net/2014/09/400-off-our-new-3-day-security-onion.html

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

New pcap samples package securityonion-samples-jackcr

Jack Crook provided a fun pcap (thanks Jack!):
https://twitter.com/dougburks/status/494829729523171328

I've put the pcap into a new package called securityonion-samples-jackcr, which will install the pcap to:
/opt/samples/jackcr/

This package has been tested by the following (thanks!):
Brian Kellogg
David Zawdie

Issues Resolved

Issue 568: New package securityonion-samples-jackcr
https://code.google.com/p/security-onion/issues/detail?id=568

Installation
This package will be included in the upcoming 12.04.5 ISO image, but it's an optional package so it won't automatically install on existing installations.  If you'd like to install this package onto your existing installation, you can use the graphical Update Manager or the following one-liner:
sudo apt-get update && sudo apt-get install securityonion-samples-jackcr

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Training
$400 off the new 3-day Security Onion class in Richmond VA!
http://blog.securityonion.net/2014/09/400-off-our-new-3-day-security-onion.html

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

Monday, September 8, 2014

$400 off our new 3-day Security Onion Training Class in Richmond VA

Our Security Onion training class is expanding to 3 days!  This new class will debut in Richmond VA next month.  If you register by Friday September 19, you can use the following discount code for $400 off!

early-bird-23698

For more details and to register, please see:
https://security-onion-class-20141020.eventbrite.com/

If you have any questions, please use the Contact link on the bottom of the Eventbrite page.

Wednesday, August 27, 2014

Ubuntu Hardware Enablement (HWE) Stacks

Summary

If you installed Security Onion using our ISO image, then you should be running the original 3.2 kernel which should be fully supported until April 2017.  However, if you installed Ubuntu and then added our PPA and packages, you may be running a Hardware Enablement (HWE) Stack that has reached End-of-life.  If this is the case, then you'll need to update to a newer HWE Stack that will continue to be supported.

Checking Your System using hwe-support-status
To check your system, run the following command:
hwe-support-status tool --verbose
For example, in the following screenshot, I'm running the command on a machine that was installed from the Security Onion ISO image.  If this is what you get, then you can disregard the rest of this blog post.

If, on the other hand, you receive output similar to the following screenshot (taken from a machine that was installed from an Ubuntu ISO image), then you'll need to update to a newer HWE Stack.

WARNING! Do NOT run the do-release-upgrade command as this will upgrade to Ubuntu 14.04, which is incompatible with our packages.  We'll be using the second "apt-get install" option to update the HWE stack.

Updating your HWE Stack
Before you update your HWE stack, make sure that you've installed all updates so that you have the new PF_RING packages that support Linux kernel 3.13:
http://blog.securityonion.net/2014/08/new-pfring-snort-suricata-bro-packages.html

You can verify that you have the new PF_RING 6.0.2 with "cat /proc/net/pf_ring/info":


Then run the apt-get command shown in *your* output of hwe-support-status.  In the hwe-support-status screenshot above, we were requested to run the following because we were just running Ubuntu Server (no GUI):
sudo apt-get install linux-generic-lts-trusty linux-image-generic-lts-trusty
Depending on how your system was installed, hwe-support-status may ask you to install additional packages.  For example, you may also be requested to update your xserver packages.  Run whatever command hwe-support-status recommends for you.

If the new HWE stack installed successfully, then reboot your system:


After rebooting and logging in, verify that you're running the new 3.13 kernel with the "uname -a" command:

You can also verify that the PF_RING kernel module got built and loaded correctly for the new 3.13 kernel:

Finally, run the hwe-support-status tool again to verify that your HWE stack is supported until April 2017:

For more information about Ubuntu HWE Stacks, please see:



Feedback
If you have any questions or problems, please use our security-onion mailing list:

Conference
Less than 30 seats left for the Security Onion conference in Augusta GA! Reserve your seat today!

Commercial Support/Training
Need training and/or commercial support?  Please see:

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:

We especially need help in answering support questions on the mailing list:

We also need help testing new packages:

Thanks!

Tuesday, August 26, 2014

New PF_RING, Snort, Suricata, Bro packages

New versions of our PF_RING, Snort, Suricata, and Bro packages are now available!  The new package versions are as follows:

securityonion-bro - 2.3-0ubuntu0securityonion10
securityonion-bro-scripts - 20121004-0ubuntu0securityonion26
securityonion-daq - 2.0.2-0ubuntu0securityonion5
securityonion-elsa-extras - 20131117-1ubuntu0securityonion43
securityonion-pfring-daq - 20121107-0ubuntu0securityonion7
securityonion-pfring-devel - 20121107-0ubuntu0securityonion7
securityonion-pfring-ld - 20120827-0ubuntu0securityonion7
securityonion-pfring-module - 20121107-0ubuntu0securityonion23
securityonion-pfring-userland - 20140805-0ubuntu0securityonion3
securityonion-snort - 2.9.6.2-0ubuntu0securityonion7
securityonion-suricata - 2.0.3-0ubuntu0securityonion2

These new packages have been tested by the following (thanks!):
Ronny Vaningh
Andrea De Pasquale
Pete Nelson
Pietro Delsante
David Zawdie
Heine Lysemose
Eddy Simons

Issues Resolved

Issue 535: PF_RING 6.0.2 SVN
https://code.google.com/p/security-onion/issues/detail?id=535

Issue 462: Snort 2.9.6.2
https://code.google.com/p/security-onion/issues/detail?id=462

Issue 567: Snort Daq 2.0.2
https://code.google.com/p/security-onion/issues/detail?id=567

Issue 465: Suricata 2.0.3
https://code.google.com/p/security-onion/issues/detail?id=465

Issue 445: Bro 2.3
https://code.google.com/p/security-onion/issues/detail?id=445

Issue 484: securityonion-bro-scripts: update APT1 scripts with Seth's changes for certificate matching
https://code.google.com/p/security-onion/issues/detail?id=484

Issue 414: Bro script should lookup interface in /etc/nsm/sensortab to obtain sensorname
https://code.google.com/p/security-onion/issues/detail?id=414

Issue 577: ELSA: update parsers for Bro 2.3 log changes
https://code.google.com/p/security-onion/issues/detail?id=577

Updating
The new packages are now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

These updates will do the following:

  • back up your Bro configuration
  • back up each of your existing snort.conf files to snort.conf.bak
  • back up each of your existing suricata.yaml files to suricata.yaml.bak

You'll then need to do the following:
  • re-apply any local customizations to the Bro/Snort/Suricata config
  • restart Bro as follows:
sudo nsm_sensor_ps-restart --only-bro
  • update ruleset and restart Snort/Suricata as follows:
sudo rule-update

Screenshots
Run "sudo soup" which first installs the new PF_RING kernel module

DKMS compiles the new kernel module

Soup then installs the remaining packages

Bro, Snort, and Suricata notify you that config files have been updated and you'll need to add back any local customizations

After adding back any local Bro customizations, restart Bro using "sudo nsm_sensor_ps-restart --only-bro"

After adding back any local snort.conf or suricata.yaml customizations, run "sudo rule-update" to download the latest ruleset for the new IDS engine

rule-update then restarts Barnyard2 and the IDS engine



Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Conference
Less than 30 seats left for the Security Onion conference in Augusta GA! Reserve your seat today!
https://securityonionconference2014.eventbrite.com

Commercial Support/Training
Need training and/or commercial support?  Please see:
http://securityonionsolutions.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

Monday, August 25, 2014

New securityonion-setup package restarts MySQL to make config changes take effect

I noticed recently that the following issue didn't actually get resolved properly:

Issue 388: Configure MySQL to create an innodb file per table to prevent ibdata1 growing indefinitely
https://code.google.com/p/security-onion/issues/detail?id=388

After troubleshooting the issue, I realized that Setup was only doing a MySQL reload and that's not picking up the new innodb_file_per_table setting, so we need to replace that with a MySQL restart.  I've updated Setup and the securityonion-setup package.  This new package has been tested by the following (thanks!):
David Zawdie
Heine Lysemose

Screenshots
Old version of Setup resulted in no per-table innodb files

New version of Setup results in an innodb file per table

Issues Resolved

Issue 576: Setup: restart MySQL to make config changes take effect
https://code.google.com/p/security-onion/issues/detail?id=576

Updating
The new package is now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Conference
Only 33 seats left for the Security Onion conference in Augusta GA! Reserve your seat today!
https://securityonionconference2014.eventbrite.com

Commercial Support/Training
Need training and/or commercial support?  Please see:
http://securityonionsolutions.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

Friday, August 22, 2014

New securityonion-nsmnow-admin-scripts package prevents update prompts for Ubuntu 14.04

Over the past few weeks, you may have seen some Ubuntu prompts to upgrade to the new Ubuntu release (Ubuntu 14.04).  For example:



We have no immediate plans to support Ubuntu 14.04, so Ryan Peck suggested some changes to avoid these Ubuntu prompts (thanks, Ryan!):
https://groups.google.com/d/topic/security-onion/_N6O0XZbcSE/discussion

I've updated the NSM package to include these changes.  The updated package version is as follows:
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion82

After installing, you should no longer receive either of the prompts shown above.  Here's an example of logging in via ssh without being prompted to upgrade to Ubuntu 14.04:


If you're running a kernel other than 3.2 (as shown above), you may still receive an Ubuntu message about updating your kernel and HWE stack.  Please do NOT do this until we release new PF_RING packages which support the new 3.13 kernel.  You can help us test the new PF_RING packages by joining the security-onion-testing Google Group and referring to this thread:
https://groups.google.com/d/topic/security-onion-testing/mKVn-GAPaIg/discussion

UPDATE 2014/08/27: Our new PF_RING packages have been released:
http://blog.securityonion.net/2014/08/new-pfring-snort-suricata-bro-packages.html

For instructions on updating your HWE stack, please see:
http://blog.securityonion.net/2014/08/ubuntu-hardware-enablement-hwe-stacks.html

This new package has been tested by the following (thanks!):
Pete Nelson
David Zawdie
Ronny Vaningh

Issues Resolved

Issue 574: NSM: prevent checking for new Ubuntu releases
https://code.google.com/p/security-onion/issues/detail?id=574

Updating
The new package is now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Conference
Only 37 seats left for the Security Onion conference in Augusta GA! Reserve your seat today!
https://securityonionconference2014.eventbrite.com

Commercial Support/Training
Need training and/or commercial support?  Please see:
http://securityonionsolutions.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

Tuesday, August 12, 2014

New securityonion-capme package resolves an issue

Ryan Peck found and fixed an issue in CapMe (thanks Ryan!):
https://groups.google.com/d/topic/security-onion/h-WFiDETBVU/discussion

I've accepted the patch and built a new securityonion-capme package.  The updated package version is as follows:
securityonion-capme - 20121213-0ubuntu0securityonion19

This new package has been tested by the following (thanks!):
Karolis
David Zawdie

Issues Resolved

Issue 570: CapMe: Ignore extra data from ELSA cli.pl
https://code.google.com/p/security-onion/issues/detail?id=570

Updating
The new package is now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Conference
Over half the seats for the Security Onion conference in Augusta GA are sold! Reserve your seat today!
https://securityonionconference2014.eventbrite.com

Commercial Support/Training
Need training and/or commercial support?  Please see:
http://securityonionsolutions.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

Friday, August 1, 2014

PF_RING, Snort, and Suricata packages have reached Release Candidate status!

Our new PF_RING/Snort/Suricata packages have reached Release Candidate status!  Since these packages are critical components, I'd like to do one final phase of testing before promoting to stable.  If at all possible, please try installing on some of your production sensors so that we can get some real world testing before promoting to stable.

Join the discussion here:
https://groups.google.com/d/topic/security-onion-testing/mKVn-GAPaIg/discussion

New securityonion-server package resolves an issue

I've built a new version of securityonion-server that resolves an issue.  The updated package version is as follows:
securityonion-server - 20120722-0ubuntu0securityonion12

This new package has been tested by the following (thanks!):
Pete Nelson

Issues Resolved

Issue 569: securityonion-server: add p0f as a dependency
https://code.google.com/p/security-onion/issues/detail?id=569

Updating
The new package is now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Commercial Support/Training
Need training and/or commercial support?  Please see:
http://securityonionsolutions.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

Wednesday, July 30, 2014

Only 1 week until Security Onion training in Sacramento CA!

We still have a few seats left for the 2-day Security Onion class in Sacramento CA (only 1 week away!).  Here's a discount code good for $200 off!
1weekleft48314

For more details and to register, please see:
https://securityonion20140807.eventbrite.com/

Monday, July 28, 2014

New securityonion-web-page package resolves two issues

I've built a new version of securityonion-web-page that resolves two issues.  The updated package version is as follows:
securityonion-web-page - 20120722-0ubuntu0securityonion23

This new package has been tested by the following (thanks!):
Eddy Simons

Issues Resolved

Issue 562: securityonion-web-page: break OSSEC alerts out into separate ELSA queries
https://code.google.com/p/security-onion/issues/detail?id=562

Issue 563: securityonion-web-page: add link for training/support
https://code.google.com/p/security-onion/issues/detail?id=563

Screenshots
Host Logs: File Changes - OSSEC File Integrity Checksum Alerts
Host Logs: OSSEC Status - OSSEC Server/Agent status messages

Updating
The new package is now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Commercial Support/Training
Need training and/or commercial support?  Please see:
http://securityonionsolutions.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

Friday, July 25, 2014

New securityonion-rule-update package resolves an issue

I've built a new version of rule-update that resolves an issue.  The updated package version is as follows:
securityonion-rule-update - 20120726-0ubuntu0securityonion22

This new package has been tested by the following (thanks!):
David Zawdie

Issues Resolved

Issue 560: rule-update: run PulledPork with -T option if ENGINE=suricata
https://code.google.com/p/security-onion/issues/detail?id=560

Updating
The new package is now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Commercial Support/Training
Need training and/or commercial support?  Please see:
http://securityonionsolutions.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

New securityonion-setup package resolves two issues

I've built a new version of Setup that resolves two issues.  The updated package version is as follows:
securityonion-setup - 20120912-0ubuntu0securityonion113

This new package has been tested by the following (thanks!):
David Zawdie
Eddy Simons

Issues Resolved

Issue 564: sosetup: avoid breaking ELSA syslog-ng.conf
https://code.google.com/p/security-onion/issues/detail?id=564

Issue 565: sosetup: run PulledPork with -T option if ENGINE=suricata
https://code.google.com/p/security-onion/issues/detail?id=565

Updating
The new package is now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Commercial Support/Training
Need commercial support/training?  Please see:
http://securityonionsolutions.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

Wednesday, July 23, 2014

$200 discount for Security Onion class in Sacramento CA

We still have a few seats left for the 2-day Security Onion class in Sacramento CA (only 2 weeks away!).  Here's a discount code good for $200 off!
2weeksleft5602

For more details and to register, please see:
https://securityonion20140807.eventbrite.com/

Tuesday, July 22, 2014

New securityonion-setup package resolves eight issues

I've built a new version of Setup that resolves eight issues.  The updated package version is as follows:
securityonion-setup - 20120912-0ubuntu0securityonion110

This new package has been tested by the following (thanks!):
Eddy Simons
David Zawdie

Issues Resolved

Issue 522: sosetup should handle more than 10 interfaces correctly
https://code.google.com/p/security-onion/issues/detail?id=522

Issue 525: sosetup: configure all available sniffing interfaces and prompt for which interfaces to enable
https://code.google.com/p/security-onion/issues/detail?id=525

Issue 527: sosetup: when choosing sensor-only and entering server name, do not allow the hostname or IP address of the sensor itself
https://code.google.com/p/security-onion/issues/detail?id=527

Issue 543: sosetup: if no Internet access, notify user that we're setting LOCAL_NIDS_RULE_TUNING=yes
https://code.google.com/p/security-onion/issues/detail?id=543

Issue 539: sosetup: support more network card naming stuff
https://code.google.com/p/security-onion/issues/detail?id=539

Issue 538: sosetup: add references to sostat, sostat-redacted and sostat-quick
https://code.google.com/p/security-onion/issues/detail?id=538

Issue 545: sosetup: add comments to /etc/nsm/securityonion.conf
https://code.google.com/p/security-onion/issues/detail?id=545

Issue 546: sosetup: change true/false options to yes/no
https://code.google.com/p/security-onion/issues/detail?id=546

Updating
The new package is now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Commercial Support/Training
Need commercial support/training?  Please see:
http://securityonionsolutions.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

Tuesday, July 15, 2014

Wednesday, July 9, 2014

Registration for the Security Onion Conference is now open

Registration for the 2014 Security Onion Conference is now open!
http://securityonionconference2014.eventbrite.com

If you register before July 31, you can use the following early bird discount code:
earlybird1447

If you have any questions about the conference, please use the Contact link at the bottom of the Eventbrite page.

Tuesday, July 8, 2014

New securityonion-pulledpork and securityonion-rule-update packages

I've updated our securityonion-pulledpork package to PulledPork 0.7.0.  I also applied a patch from Will Metcalf to allow PulledPork to request ET rules using the proper Suricata version number.  Additionally, the new version of PulledPork required a slight change to rule-update.

The updated package versions are as follows:
securityonion-pulledpork - 0.7.0-0ubuntu0securityonion5
securityonion-rule-update - 20120726-0ubuntu0securityonion21

These new packages have been tested by the following (thanks!):
David Zawdie
Heine Lysemose
Mike Pilkington
Travis Schack

Issues Resolved

Issue 390: PulledPork 0.7.0
https://code.google.com/p/security-onion/issues/detail?id=390

Issue 425: PulledPork should request ET rules using proper Suricata version
https://code.google.com/p/security-onion/issues/detail?id=425

Issue 552: rule-update: run PulledPork with -P option to process tarball
https://code.google.com/p/security-onion/issues/detail?id=552

Updating
The new packages are now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Commercial Support/Training
Need commercial support/training?  Please see:
http://securityonionsolutions.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

Monday, July 7, 2014

Introducing Security Onion Solutions, LLC

I started Security Onion in 2008 to provide a quick and easy way for folks to get up and running with intrusion detection and network security monitoring.  Over the years, it has grown to be a comprehensive platform for not only IDS and NSM, but also log management. Today, Security Onion has over 100,000 downloads and is being used by organizations around the world to help monitor and defend their networks. To help those organizations, I've started Security Onion Solutions, LLC to provide commercial support and training.

Q&A


Will Security Onion continue to be developed and supported?

Yes, Security Onion will continue to be developed and supported!  We're simply adding commercial support and training options.

I'm interested in commercial support and/or training.  How do I contact you?

Go to Security Onion Solutions and use the contact form.


Monday, June 23, 2014

New securityonion-rule-update package resolves two issues

We recently released new barnyard2 and rule-update packages:
http://blog.securityonion.net/2014/06/new-barnyard2-nsm-rule-update-and.html 

Some folks have reported a few issues since updating to these new packages, so we're releasing a new version of rule-update which should help with these issues.

The first issue is that rule-update takes longer now.  Per the barnyard2 developers, all entries in the sig_reference table must be deleted when upgrading to this new version of barnyard2.  rule-update then uses barnyard2 to re-populate this table.  Depending on the size of your Snorby database, this may take a while.  The new version of rule-update (released today) will only do a full delete of the sig_reference table once, so subsequent runs of rule-update should be much faster.

The second issue is that users running the Snort engine with the VRT ruleset are experiencing barnyard2 failing with errors like "Returned signature_id is not equal to updated signature_id".  This is due to some wrong entries in the database left by the previous version of barnyard2.  One of the barnyard2 developers wrote a MySQL script to fix these entries and I've packaged it into a shell script called so-snorby-fix-sigs and included it in today's rule-update package.  If you're running the Snort engine with the VRT ruleset, please run so-snorby-fix-sigs and follow the directions (including shutting down all barnyard2 instances).

The updated package version is as follows:
securityonion-rule-update - 20120726-0ubuntu0securityonion20

This new package has been tested by the following (thanks!):
David Zawdie

Issues Resolved

Issue 556: rule-update: add so-snorby-fix-sigs script
https://code.google.com/p/security-onion/issues/detail?id=556

Issue 557: rule-update: only delete sig_reference table once
https://code.google.com/p/security-onion/issues/detail?id=557

Updating
The new package is now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Training
Want to learn more about Security Onion?  Check out our 2-day training class:
http://blog.securityonion.net/p/training_2.html

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

Thursday, June 19, 2014

New securityonion-web-page package adds an ELSA query

I've updated our securityonion-web-page package to add a new ELSA query under the HTTP category labeled "Sites Hosting CABs".

The updated package version is as follows:
securityonion-web-page - 20120722-0ubuntu0securityonion22

This new package has been tested by the following (thanks!):
David Zawdie
Heine Lysemose

Issues Resolved

Issue 549: securityonion-web-page: add ELSA query for Sites Hosting CABs
https://code.google.com/p/security-onion/issues/detail?id=549

Updating
The new package is now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Training
Want to learn more about Security Onion?  Check out our 2-day training class:
http://blog.securityonion.net/p/training_2.html

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

Wednesday, June 18, 2014

New NSM package resolves an issue

The recently released NSM scripts had a typo:

Thanks to Andrea De Pasquale for the notification!  

I've updated the NSM package to fix the typo.  The updated package version is as follows:
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion77

This new package has been tested by the following (thanks!):
David Zawdie

Issues Resolved

Issue 555: NSM: replace "2>1" with "2>&1"

Updating
The new package is now available in our stable repo.  Please see the following page for full update instructions:

Feedback
If you have any questions or problems, please use our security-onion mailing list:

Training
Want to learn more about Security Onion?  Check out our 2-day training class:

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:

We especially need help in answering support questions on the mailing list:

We also need help testing new packages:

Thanks!

Monday, June 16, 2014

New Barnyard2, NSM, rule-update, and securityonion-server packages

You may have noticed previously that when barnyard2 started up, it would consume a large amount of CPU (on both the sensor and the server) for a while (more than a minute in some cases) while it updated Snorby's reference table.  Multiply this by several barnyard instances per interface and several interfaces per physical sensor and you now have multiple instances fighting each other for scarce CPU resources.

To alleviate this, the barnyard2 folks introduced a new option called disable_signature_reference_table that allows you to disable the reference table update on all sensors, leaving just one barnyard2 instance on the server itself to update Snorby's reference table, avoiding the duplication of effort.  I packaged the latest version of barnyard2 (version 2.1.13 Build 333) which contains this option and also updated the NSM scripts to add the new option to all barnyard2.conf files on all sensors. rule-update has been modified such that right after the master downloads new rules from the Internet, it will use barnyard2 to update Snorby's reference table.  Finally, since we're now forcing the server to use barnyard2 to update Snorby's reference table, I updated the securityonion-server metapackage to require securityonion-barnyard2 as a dependency.

The updated package versions are as follows:
securityonion-barnyard2 - 20140531-0ubuntu0securityonion1
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion76
securityonion-rule-update - 20120726-0ubuntu0securityonion15
securityonion-server - 20120722-0ubuntu0securityonion11

These new packages have been tested by the following (thanks!):
Eddy Simons
David Zawdie
Kevin Branch

Issues Resolved
Issue 294: Barnyard2-1.13
https://code.google.com/p/security-onion/issues/detail?id=294

Issue 550: securityonion-server: add barnyard2 as a dependency
https://code.google.com/p/security-onion/issues/detail?id=550

Issue 411: NSM: have only one copy of barnyard2 that updates signature
reference table
https://code.google.com/p/security-onion/issues/detail?id=411

Issue 551: rule-update: have server use barnyard2 to update Snorby
reference table
https://code.google.com/p/security-onion/issues/detail?id=551

Issue 399: rule-update should allow LOCAL_NIDS_RULE_TUNING to be yes or true
https://code.google.com/p/security-onion/issues/detail?id=399

Issue 544: rule-update: notify user if LOCAL_NIDS_RULE_TUNING=true
https://code.google.com/p/security-onion/issues/detail?id=544

Updating
The new packages are now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Training
Want to get the most out of your Security Onion deployment?  Check out our 2-day training class:
http://blog.securityonion.net/p/training_2.html

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

Thursday, June 12, 2014

New securityonion-sguil-db-purge package resolves two issues

I've updated our securityonion-sguil-db-purge package to resolve two issues.

The updated package version is as follows:
securityonion-sguil-db-purge - 20120722-0ubuntu0securityonion9

This new package has been tested by the following (thanks!):
Eddy Simons

Issues Resolved

Issue 406: sguil-db-purge needs to purge history table as well
https://code.google.com/p/security-onion/issues/detail?id=406 

Issue 428: sguil-db-purge should check for existence of tables
https://code.google.com/p/security-onion/issues/detail?id=428 

Updating
The new package is now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Training
Want to learn more about Security Onion?  Check out our 2-day training class:
http://blog.securityonion.net/p/training_2.html

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

Tuesday, June 10, 2014

Save the Date: Security Onion Conference

I recently asked the community if there was interest in a Security Onion Conference:
http://blog.securityonion.net/2014/05/security-onion-conference.html

The response was overwhelmingly positive!

The Security Onion Conference will be held in Augusta GA on Friday September 12 (please mark your calendar!).  This is the day before BSides Augusta, so you may want to plan on attending both:
http://bsidesaugusta.org

I'll publish more details about the Security Onion Conference as they are finalized.

UPDATE 2014/07/11

Registration is now open:
http://blog.securityonion.net/2014/07/registration-for-security-onion.html

CFP is now closed!  Thanks to all who responded!

June 10 - CFP Open
July 10 - CFP Closed
July 31 - Speakers selected and notified

Friday, June 6, 2014

New securityonion-sostat package resolves an issue

sostat-quick now checks for privileges.

The updated package version is as follows:
securityonion-sostat - 20120722-0ubuntu0securityonion26

This new package has been tested by the following (thanks!):
Eddy Simons
David Zawdie

Issues Resolved

Issue 537: sostat-quick: check for root
https://code.google.com/p/security-onion/issues/detail?id=537

Updating
The new package is now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Training
Want to learn what all that sostat output means?  Check out our 2-day training class:
http://blog.securityonion.net/p/training_2.html

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

Wednesday, June 4, 2014

2-day Security Onion class in Sacramento CA

Do you want to...

... learn more about Security Onion?

... get the most out of your Security Onion deployment?

... catch more bad guys and catch them faster?

In addition to the recently announced 2-day Security Onion class in Raleigh NC, we're now also offering the 2-day Security Onion class in Sacramento CA!

If you sign up before June 25, you can use the following promo code for $100 off!
earlybird56219

If you are a student or work for a non-profit and need an additional discount, please contact me using the "Contact Doug Burks" link at the bottom of the Eventbrite page.

For full details and to register, please see:
https://securityonion20140807.eventbrite.com

What do previous students say about the class?
"I highly, HIGHLY recommend attending this class.  I attended the class in Houston and it was excellent.
Doug is very knowledgeable and has an informal style of instruction that keeps the class interesting and encourages interaction with the students, and is not simply a 16 hour lecture.
I also met many interesting people and made some new contacts. All in all, if this class comes anywhere near me again ... I'll be going if I have to host a bake sale to get there." 
-- Jake Sallee 

Tuesday, June 3, 2014

New Salt and OnionSalt packages

Mike Reeves has updated his OnionSalt scripts to be compatible with the latest Salt packages.  I've packaged these scripts and copied the latest Salt packages to our stable repo.

The updated package versions are as follows:
securityonion-onionsalt - 20130817-0ubuntu0securityonion11
salt-master - 2014.1.4-2precise2
salt-minion - 2014.1.4-2precise2

This new packages have been tested by the following (thanks!):
Eddy Simons
David Zawdie

Please see the updated OnionSalt page on our Wiki:
https://code.google.com/p/security-onion/wiki/Salt

Issues Resolved
Issue 540: Update Salt packages/scripts
https://code.google.com/p/security-onion/issues/detail?id=540

Updating
The new packages are now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Training
Want to get the most out of your Security Onion deployment?  Check out our 2-day training class:
http://blog.securityonion.net/p/training_2.html

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!