Monday, June 18, 2018

securityonion-sostat - 20120722-0ubuntu0securityonion106 now available for Security Onion 16.04!

securityonion-sostat - 20120722-0ubuntu0securityonion106 is now available for Security Onion 16.04 and should resolve the following issues:

soup: install HWE metapackages if necessary #1258
https://github.com/Security-Onion-Solutions/security-onion/issues/1258

Thanks
Thanks to Wes Lambert for testing this new package!

Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade

Training
We have 4-day Security Onion training classes coming up in Maryland and Georgia!  For more information and other training options, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!

Wednesday, June 13, 2018

securityonion-setup - 20120912-0ubuntu0securityonion270 now available for Security Onion 16.04!

securityonion-setup - 20120912-0ubuntu0securityonion270 is now available for Security Onion 16.04 and should resolve the following issues:

Setup: remove ELSA references from so-email #1257
https://github.com/Security-Onion-Solutions/security-onion/issues/1257

Thanks
Thanks to Wes Lambert for testing this new package!

Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade

Training
We have 4-day Security Onion training classes coming up in Maryland and Georgia!  For more information and other training options, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!

Tuesday, June 12, 2018

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion176 now available for Security Onion 16.04!

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion176 is now available for Security Onion 16.04 and should resolve the following issues:

NSM: securityonion.service should set TimeoutStartSec=300 #1253
https://github.com/Security-Onion-Solutions/security-onion/issues/1253

Thanks
Thanks to Wes Lambert for testing this new package!

Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade

Training
We have 4-day Security Onion training classes coming up in Maryland and Georgia!  For more information and other training options, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!

Monday, June 11, 2018

Bro 2.5.4 now available for Security Onion 14.04 and 16.04!

Bro 2.5.4 was released recently:
https://twitter.com/Bro_IDS/status/1004136143384764416
https://www.bro.org/download/NEWS.bro.html
https://www.bro.org/download/CHANGES.bro.txt

The following 14.04 packages are now available:
securityonion-bro - 2.5.4-1ubuntu1securityonion1
securityonion-bro-scripts - 20121004-0ubuntu0securityonion57

The following 16.04 packages are now available:
securityonion-bro - 2.5.4-1ubuntu1securityonion2
securityonion-bro-scripts - 20121004-0ubuntu0securityonion58

These new packages should resolve the following issues:

Bro 2.5.4 #1255
https://github.com/Security-Onion-Solutions/security-onion/issues/1255

Thanks
Thanks to the Bro team for Bro 2.5.4!
Thanks to Wes Lambert for testing these new packages!

Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade

Training
We have 4-day Security Onion training classes coming up in Maryland and Georgia!  For more information and other training options, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!

Friday, June 8, 2018

Security Onion is over 600,000 downloads!

We recently surpassed 600,000 downloads of our Security Onion ISO image!  Of course, this number does not include folks who install their preferred flavor of Ubuntu and then install our packages on top of that.

Thanks to the entire community for your support!

Tuesday, June 5, 2018

Security Onion Conference 2018 CFP

This year's Security Onion Conference will be held in Augusta, GA on Friday, October 19, 2018 (please mark your calendar!). Registration will open in August.

CFP

Want to speak at Security Onion Conference? We want to hear from you!

How are you...
...using Security Onion to fight evil?
...handling lots of traffic using Security Onion?
...consuming host telemetry with Security Onion?
...integrating Security Onion with other technologies?
...automating common tasks with your own scripts?

Each talk should be 30 minutes with an additional 10 minutes for questions.

Submit your talk here!
https://securityonion.net/cfp

Schedule

June 5 - CFP open
July 5 - CFP closes
July 29 - Speakers selected and notified
August 2 - Registration opens
October 15-18 - Security Onion 4-day training in Augusta
October 19 - Security Onion Conference
October 20 - BSidesAugusta

Friday, June 1, 2018

6 month EOL notice for Security Onion 14.04

Yesterday we released Security Onion 16.04 and announced that all new development will now be on 16.04:
https://blog.securityonion.net/2018/05/security-onion-160441-iso-image-now.html

Security Onion 14.04 will reach EOL on November 30, 2018.  After that date, we will not provide any support for 14.04.  Please plan to upgrade or replace any existing 14.04 systems before that date.

If you have existing installations of 14.04, you can upgrade to 16.04:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrading-from-14.04-to-16.04

Want us to upgrade your deployment for you?  Please contact Security Onion Solutions for pricing and scheduling:
https://securityonionsolutions.com

Thursday, May 31, 2018

Security Onion 16.04.4.1 ISO image now available!

We're pleased to announce that Security Onion 16.04.4.1 RC2 has been promoted to RELEASE status!


This release resolves the following issues:

Issue 1247: Ubuntu 16.04 Xenial Support
https://github.com/Security-Onion-Solutions/security-onion/issues/1247

Issue 1202: CapMe: purge pcap symlinks older than 24 hours
https://github.com/Security-Onion-Solutions/security-onion/issues/1202

Issue 1169: Squert: remove search link from context menu
https://github.com/Security-Onion-Solutions/security-onion/issues/1169

Issue 875: Allow mysql root password
https://github.com/Security-Onion-Solutions/security-onion/issues/875

Release Notes
ELSA, Argus, and PRADS are no longer included in Security Onion.

For more information about this release, please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/16.04.4.1

Security Onion 14.04 EOL Notice
All new development will now be on Security Onion 16.04.  Security Onion 14.04 will reach EOL on November 30, 2018.  After that date, we will not provide any support for Security Onion 14.04.  Please plan to upgrade or replace any existing 14.04 systems before that date.

Installation Guide
We've updated the Installation guide to reflect the download locations for the new ISO image:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Installation

Existing Deployments
If you have existing installations of Security Onion 14.04, you can upgrade to 16.04:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrading-from-14.04-to-16.04

Want us to upgrade your deployment for you?  Please contact Security Onion Solutions for pricing and scheduling:
https://securityonionsolutions.com

Training
We also offer onsite and online training!  For pricing and availability, please see:
https://securityonionsolutions.com

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Thanks!

Monday, May 14, 2018

securityonion-rule-update - 20151201-1ubuntu1securityonion13 now available for Security Onion!

The following package is now available:
securityonion-rule-update - 20151201-1ubuntu1securityonion13

This package should resolve the following issues:

rule-update: update distro in pulledpork.conf #1250
https://github.com/Security-Onion-Solutions/security-onion/issues/1250

Thanks
Thanks to ledingtech for notifying us of this issue!
Thanks to Wes Lambert for testing the new package!

Conference
Our annual Security Onion Conference will be Friday October 19, 2018:
https://securityonion.net/conference

Training
We offer onsite and online training:
https://securityonionsolutions.com

We have onsite classes scheduled in Columbia MD and Augusta GA with an Early Bird discount good until May 21!
https://blog.securityonion.net/2018/04/security-onion-basic-and-advanced.html

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!

Wednesday, May 2, 2018

Security Onion Presentation and Demo in Portsmouth, NH on Wednesday 5/23

Doug Burks will be presenting a case study using the latest version of Security Onion at SEA-TUG in Portsmouth, NH on Wednesday 5/23.  The event is free, but please register here:
https://www.meetup.com/SEA-TUG/events/249384026/

This presentation will NOT be recorded, so we hope to see you there!

Tuesday, May 1, 2018

Security Onion 14.04.5.13 ISO image now available!

We have a new Security Onion 14.04.5.13 ISO image now available that contains all the latest Ubuntu and Security Onion updates as of April 25, 2018!  This includes Elastic Stack 6.2.4 (and all related Docker images).  Also, gedit has been added to this release.


This resolves the following issue:

Issue 1243: 14.04.5.13 ISO image
https://github.com/Security-Onion-Solutions/security-onion/issues/1243

This new ISO image has been tested by Wes Lambert.  Thanks, Wes!

New Installations
We've updated the Verify_ISO page for the new ISO image:
https://github.com/Security-Onion-Solutions/security-onion/blob/master/Verify_ISO.md

Please remember to verify the signature of the downloaded ISO image using the instructions on that page.

Existing Deployments
If you have existing installations based on a previous 14.04 ISO image, there is no need to download the new ISO image.  You can simply continue using our standard update process to install updated packages as they are made available:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Release Notes
For more information about this release, please see:
https://securityonion.net/wiki/14.04.5.13

Conference
Our annual Security Onion Conference will be Friday October 19, 2018:
https://securityonion.net/conference

Training
We offer onsite and online training:
https://securityonionsolutions.com

We have onsite classes scheduled in Columbia MD and Augusta GA with an Early Bird discount good until May 21!
https://blog.securityonion.net/2018/04/security-onion-basic-and-advanced.html

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!

Thursday, April 26, 2018

Security Onion Basic and Advanced Training Classes in Columbia MD!

In addition to our recently announced 4-day Basic class in Augusta GA, we've just opened registration for two more classes!  Both of these classes will be in Columbia MD.  One we will be our 4-day Basic Class and the other will be our new 4-day Advanced Class!

The following discount code is good for 10% off any of these three training classes!
earlybird

This discount code expires on May 21, so register today!

For more details and to register, please see:
https://securityonionsolutions.com/onsitetraining

securityonion-desktop-gnome - 20180411-1ubuntu1securityonion7 now available for Security Onion!

The following package is now available:
securityonion-desktop-gnome - 20180411-1ubuntu1securityonion7

This package should resolve the following issues:

securityonion-desktop-gnome: add gedit #1241
https://github.com/Security-Onion-Solutions/security-onion/issues/1241

This package installs the Gnome Flashback desktop environment and a utility to switch from XFCE to Gnome Flashback.  This will help to ensure full support until we're ready to move off of Ubuntu 14.04.  The following page on our Wiki has instructions for either migrating from XFCE to Gnome Flashback OR totally disabling the GUI altogether:
https://securityonion.net/wiki/Desktop

Thanks
Thanks to Wes Lambert for testing the new package!

Training
We offer onsite and online training:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!

Wednesday, April 25, 2018

Elastic 6.2.4 and securityonion-elastic - 20180130-1ubuntu1securityonion78 now available for Security Onion!

The following are now available for Security Onion:


  • Elastic 6.2.4 Docker images
  • securityonion-elastic - 20180130-1ubuntu1securityonion78


This should resolve the following issue:

Elastic Stack 6.2.4 #1238
https://github.com/Security-Onion-Solutions/security-onion/issues/1238

Thanks
Thanks to the Elastic team for the Elastic Stack!
Thanks to Wes Lambert for testing!

Updating
If you have pre-release Elastic installations (Technology Previews, Alpha, Beta, RC1, RC2, etc.), we don't officially support upgrading to newer releases, but you can try the steps listed here:
https://securityonion.net/wiki/Elastic-RC4

Otherwise, if you are currently running our GA release (Elastic 6.2.3), you should be able to update using the standard update instructions:
https://securityonion.net/wiki/Upgrade

Training
We have a 4-day Security Onion training class coming up in Augusta, GA!  For this and other training options, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!

Thursday, April 19, 2018

Security Onion 4-day Training Class in Augusta GA with Early Bird Discount

Our wildly popular 4-day onsite training class has been scheduled for Augusta GA in October!  This training class is the same week as the Security Onion Conference and BSidesAugusta, so please consider attending all three events.

The following discount code is good for 10% off this training class only!
earlybird

This discount code expires on May 21, so register today!

For more details and to register, please see:
https://securityonionsolutions.com/onsitetraining

Wednesday, April 18, 2018

Security Onion 14.04.5.12 ISO image now available!

We have a new Security Onion 14.04.5.12 ISO image now available that contains all the latest Ubuntu and Security Onion updates as of April 16, 2018 and switches from the XFCE desktop environment to Gnome Flashback!  For more information about the Gnome Flashback desktop environment, please see:
https://blog.securityonion.net/2018/04/securityonion-desktop-gnome-20180411.html
https://securityonion.net/wiki/Desktop

This resolves the following issue:

Issue 1237: 14.04.5.12 ISO image
https://github.com/Security-Onion-Solutions/security-onion/issues/1237

This new ISO image has been tested by Wes Lambert.  Thanks, Wes!

New Installations
We've updated the Verify_ISO page for the new ISO image:
https://github.com/Security-Onion-Solutions/security-onion/blob/master/Verify_ISO.md

Please remember to verify the signature of the downloaded ISO image using the instructions on that page.

Existing Deployments
If you have existing installations based on a previous 14.04 ISO image, there is no need to download the new ISO image.  You can simply continue using our standard update process to install updated packages as they are made available:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Release Notes
For more information about this release, please see:
https://securityonion.net/wiki/14.04.5.12

Conference
Our annual Security Onion Conference will be Friday October 19, 2018:
https://securityonion.net/conference

Training
We offer onsite and online training:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!

securityonion-desktop-gnome - 20180411-1ubuntu1securityonion6 now available for Security Onion!

The following package is now available:
securityonion-desktop-gnome - 20180411-1ubuntu1securityonion6

This package should resolve the following issues:

securityonion-desktop-gnome - switch from XFCE to Gnome Flashback #1236
https://github.com/Security-Onion-Solutions/security-onion/issues/1236

This package installs the Gnome Flashback desktop environment and a utility to switch from XFCE to Gnome Flashback.  This will help to ensure full support until we're ready to move off of Ubuntu 14.04.  The following page on our Wiki has instructions for either migrating from XFCE to Gnome Flashback OR totally disabling the GUI altogether:
https://securityonion.net/wiki/Desktop

Thanks
Thanks to Wes Lambert for testing the new package!

Training
We offer onsite and online training:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!

Thursday, April 12, 2018

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion166 now available for Security Onion!

The following package is now available:
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion166

This package should resolve the following issues:

Issue 1227: NSM: change print_version to print_nsmnow_version
https://github.com/Security-Onion-Solutions/security-onion/issues/1227

Issue 1234: NSM: sensor cleanup fails when there are a high number of pcaps
https://github.com/Security-Onion-Solutions/security-onion/issues/1234

Thanks
Thanks to Wes Lambert for testing the new package!

Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade

Training
We offer onsite and online training:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!

Wednesday, April 11, 2018

NetworkMiner 2.3 now available for Security Onion!

NetworkMiner 2.3 was released recently:
http://www.netresec.com/?page=Blog&month=2018-04&post=NetworkMiner-2-3-Released

The following package is now available:
securityonion-networkminer - 20180410-1ubuntu1securityonion1

This package should resolve the following issues:

NetworkMiner 2.3 #1231
https://github.com/Security-Onion-Solutions/security-onion/issues/1231

Thanks
Thanks to Erik Hjelmvik for NetworkMiner 2.3!
Thanks to Wes Lambert for testing the new package!

Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade

Training
We offer onsite and online training:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!

Monday, April 9, 2018

6 month EOL notice for ELSA

This morning we released an updated Setup package and ISO image that both default to Elastic instead of ELSA:

https://blog.securityonion.net/2018/04/securityonion-setup-20120912.html


https://blog.securityonion.net/2018/04/security-onion-elastic-stack-general.html

ELSA will reach End Of Life (EOL) on October 9, 2018.  After that date, we will no longer provide updates or support of any kind for ELSA.

For more information, please see:

https://github.com/Security-Onion-Solutions/security-onion/wiki/ELSA#eol

https://github.com/Security-Onion-Solutions/security-onion/wiki/ELSA-to-Elastic

Security Onion Elastic Stack General Availability Release and Security Onion 14.04.5.11 ISO Image!

Over 1,000 git commits...

Over 12 months of integration work...

3 Technology Preview releases, 1 Alpha Release, 3 Beta releases, 4 Release Candidates...

Today we're excited to announce that our Elastic Stack integration has now reached General Availability (GA)!  This includes a new 14.04.5.11 ISO image that contains these GA components and all the latest Ubuntu and Security Onion updates as of March 28, 2018!


We'd like to say thanks to the following for their contributions to our Elastic Stack integration!
  • Elastic.co
  • Justin Henderson
  • Mark Baggett
  • Our entire Security Onion community for testing and feedback

GA Highlights

Issues Resolved

Issue 1225: 14.04.5.11 ISO image
https://github.com/Security-Onion-Solutions/security-onion/issues/1225

This new ISO image has been tested by Wes Lambert.  Thanks, Wes!

Known Issues
For known issues, please see the todo list for our next Elastic release:
https://github.com/Security-Onion-Solutions/security-onion/issues/1221

Release Notes
For more information about this release, please see:
https://securityonion.net/wiki/14.04.5.11
https://securityonion.net/wiki/elastic

New Installations
We've updated the Verify_ISO page for the new ISO image:
https://github.com/Security-Onion-Solutions/security-onion/blob/master/Verify_ISO.md

Please remember to verify the signature of the downloaded ISO image using the instructions on that page.

Please note the following minimum hardware requirements for the Elastic stack:
  • 2 CPU cores
  • 8GB RAM
For more information, please see the Hardware Requirements page on our Wiki:
https://securityonion.net/wiki/Hardware

Existing Deployments
If you have existing Elastic installations (Technology Preview, Alpha, Beta, or Release Candidate), we don't officially support upgrading to this GA release, but you can try the steps listed here:
https://securityonion.net/wiki/elastic-rc4

For best results, please perform a fresh installation using this new ISO image.

ELSA EOL
Please note that ELSA will reach End Of Life on October 9, 2018.  After that date, we will not provide any updates or any support for ELSA.  Please plan to migrate from ELSA to Elastic at your earliest convenience.  For best results, please perform a fresh Elastic installation on new hardware designed to meet Elastic hardware requirements.

Training
We offer both onsite and online training!  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Previous Releases
To see our progress over the last few months, please see the previous announcements:
https://blog.securityonion.net/2017/03/towards-elk-on-security-onion.html
https://blog.securityonion.net/2017/06/towards-elastic-on-security-onion.html
https://blog.securityonion.net/2017/07/towards-elastic-on-security-onion.html
https://blog.securityonion.net/2017/09/elastic-stack-alpha-release-and.html
https://blog.securityonion.net/2017/11/elastic-stack-beta-release-and-security.html
https://blog.securityonion.net/2017/11/elastic-stack-beta-2-release-and.html
https://blog.securityonion.net/2017/12/security-onion-elastic-stack-beta-3.html
https://blog.securityonion.net/2018/01/security-onion-elastic-stack-release.html
https://blog.securityonion.net/2018/02/security-onion-elastic-stack-release.html
https://blog.securityonion.net/2018/03/security-onion-elastic-stack-release.html
https://blog.securityonion.net/2018/03/security-onion-elastic-stack-release_28.html

Screenshot Tour
Security Onion 14.04.5.11 0328

Welcome to Setup

Network Configuration

Service Configuration

Evaluation Mode or Production Mode

Sniffing Interface Selection

Creating User Account

Setting Password

Confirming Password

Confirming Options

Setup Complete

Lots of new control scripts with naming convention of so-COMPONENT-VERB

Apache Single Sign On (SSO) for Squert, CapMe, and Kibana

Squert

CapMe

Kibana

Help

Bro Notices

ElastAlert

OSSEC Alerts

NIDS Alerts

Connections

DCE/RPC

DHCP

DNP3

DNS

Files

FTP

HTTP

Intel

IRC

Kerberos

Modbus

MySQL

NTLM

PE

RADIUS

RDP

RFB

SIP

SMB

SMTP

SNMP

Software

SSH

SSL

Syslog

Tunnels

Weird

X.509

Autoruns

Beats

OSSEC

Sysmon

Baby Domains

Firewall

Frequency Analysis

Stats

Syslog