Tuesday, October 9, 2018

securityonion-onionsalt - 20140917-0ubuntu0securityonion27 now available for Security Onion 16.04!

The following package is now available:
securityonion-onionsalt - 20140917-0ubuntu0securityonion27

This should resolve the following issues:

onionsalt: modify enforced packages #1336
https://github.com/Security-Onion-Solutions/security-onion/issues/1336

Thanks
Thanks to Wes Lambert for testing this new package!

Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade

Conference
Registration is now open for our annual Security Onion Conference in Augusta GA!
http://socaugusta2018.eventbrite.com/

Training
We have a 4-day Security Onion training class coming up in Augusta, Georgia!  If you can't make it to this onsite class, we have a new online training platform!  For more information and other training options, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!

Tuesday, October 2, 2018

CyberChef 8.7.0 now available for Security Onion 16.04!

The following package is now available:
securityonion-web-page - 20141015-0ubuntu0securityonion84

This should resolve the following issues:

securityonion-web-page: Cyberchef 8.7.0 #1341
https://github.com/Security-Onion-Solutions/security-onion/issues/1341

CyberChef 8.7.0

Thanks
Thanks to the CyberChef team for CyberChef 8.7.0!
Thanks to Wes Lambert for testing this new package!

Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade

Conference
Registration is now open for our annual Security Onion Conference in Augusta GA!
http://socaugusta2018.eventbrite.com/

Training
We have a 4-day Security Onion training class coming up in Augusta, Georgia!  If you can't make it to this onsite class, we have a new online training platform!  For more information and other training options, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!

Monday, October 1, 2018

Wazuh 3.6.1, Elastic 6.4.1, and associated components are now available for Security Onion 16.04!

The following are now available for Security Onion 14.04 and 16.04:
Elastic 6.4.1 and associated Docker images

The following are now available for Security Onion 16.04:
Wazuh 3.6.1 (packaged as ossec-hids-server - 3.6.1.23-ubuntu1securityonion1)
securityonion-elastic - 20180130-1ubuntu1securityonion137
securityonion-setup - 20120912-0ubuntu0securityonion277
securityonion-sguil-agent-ossec - 20120726-0ubuntu0securityonion19

Wazuh can analyze sysmon logs and generate HIDS alerts

This should resolve the following issues:

Issue 708: Wazuh 3.6.1
https://github.com/Security-Onion-Solutions/security-onion/issues/708

Issue 707: OSSEC: add decoders/rules for sysmon
https://github.com/Security-Onion-Solutions/security-onion/issues/707

Issue 852: OSSEC: remove Snorby logs from ossec.conf
https://github.com/Security-Onion-Solutions/security-onion/issues/852

Issue 1328: securityonion-sguil-agent-ossec: update for Wazuh
https://github.com/Security-Onion-Solutions/security-onion/issues/1328

Issue 1329: securityonion-elastic: update for Wazuh
https://github.com/Security-Onion-Solutions/security-onion/issues/1329

Issue 1315: securityonion-elastic: so-elastic-reset workaround disabled wildcard delete
https://github.com/Security-Onion-Solutions/security-onion/issues/1315

Issue 1319: securityonion-elastic: add ES node listing and removal scripts
https://github.com/Security-Onion-Solutions/security-onion/issues/1319

Issue 1327: securityonion-elastic: increase default logstash heap for Eval Mode
https://github.com/Security-Onion-Solutions/security-onion/issues/1327

Issue 1330: so-allow: allowing an OSSEC agent should allow both UDP and TCP traffic
https://github.com/Security-Onion-Solutions/security-onion/issues/1330

Issue 1331: Elastic 6.4.1
https://github.com/Security-Onion-Solutions/security-onion/issues/1331

Thanks
Thanks to the Wazuh team for Wazuh 3.6.1!
Thanks to the Elastic team for Elastic 6.4.1!
Thanks to Wes Lambert for his work on these updates!

Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade

Conference
Registration is now open for our annual Security Onion Conference in Augusta GA!
http://socaugusta2018.eventbrite.com/

Training
We have a 4-day Security Onion training class coming up in Augusta, Georgia!  If you can't make it to this onsite class, we have a new online training platform!  For more information and other training options, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!

Dustin Lee has joined Security Onion Solutions LLC as Principal Engineer

We're excited to announce that Dustin Lee has joined Security Onion Solutions LLC as Principal Engineer!

Congratulations, Dustin, and welcome aboard!

Thursday, September 20, 2018

securityonion-sostat - 20120722-0ubuntu0securityonion111 now available for Security Onion 16.04!

The following package is now available:
securityonion-sostat - 20120722-0ubuntu0securityonion111

This should resolve the following issues:

sostat: adjust FREQ_SERVER_RESPONSE to accommodate updates #1332
https://github.com/Security-Onion-Solutions/security-onion/issues/1332

Thanks
Thanks to Wes Lambert for updating sostat and testing this new package!

Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade

Conference
Registration is now open for our annual Security Onion Conference in Augusta GA!
http://socaugusta2018.eventbrite.com/

Training
We have a 4-day Security Onion training class coming up in Augusta, Georgia!  If you can't make it to this onsite class, we have a new online training platform!  For more information and other training options, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!

Monday, September 10, 2018

securityonion-sostat - 20120722-0ubuntu0securityonion110 now available for Security Onion 16.04!

The following package is now available:
securityonion-sostat - 20120722-0ubuntu0securityonion110

This should resolve the following issues:

sostat: provide PF_RING loss as percentage #1318
https://github.com/Security-Onion-Solutions/security-onion/issues/1318

Screenshots

sostat now shows PF_RING packet loss as a percentage

Thanks
Thanks to Wes Lambert for updating sostat and testing this new package!

Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade

Conference
Registration is now open for our annual Security Onion Conference in Augusta GA!
http://socaugusta2018.eventbrite.com/

Training
We have 4-day Security Onion training classes coming up in Maryland and Georgia!  If you can't make it to any of these onsite classes, we have a new online training platform!  For more information and other training options, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!

securityonion-setup - 20120912-0ubuntu0securityonion276 now available for Security Onion 16.04!

The following package is now available:
securityonion-setup - 20120912-0ubuntu0securityonion276

This should resolve the following issues:

so-allow: fix verbiage for ES REST Endpoint #1325
https://github.com/Security-Onion-Solutions/security-onion/issues/1325

securityonion-setup: increase MySQL open files limit #1322
https://github.com/Security-Onion-Solutions/security-onion/issues/1322

Screenshots

MySQL open_files_limit

so-allow

Thanks
Thanks to Wes Lambert for updating so-allow and testing this new package!

Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade

Conference
Registration is now open for our annual Security Onion Conference in Augusta GA!
http://socaugusta2018.eventbrite.com/

Training
We have 4-day Security Onion training classes coming up in Maryland and Georgia!  If you can't make it to any of these onsite classes, we have a new online training platform!  For more information and other training options, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!

Tuesday, September 4, 2018

Security Onion 16.04.5.2 now available!

Security Onion 16.04.5.2 is now available!




Issues Resolved

Issue 1317: pinguybuilder: increment version to 16.04.5.2
https://github.com/Security-Onion-Solutions/security-onion/issues/1317

Issue 1304: 16.04.5.2 ISO image
https://github.com/Security-Onion-Solutions/security-onion/issues/1304

Release Notes
For more information about this release, please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/16.04.5.2

Security Onion 14.04 EOL Reminder
As a reminder, all new development is now on Security Onion 16.04 and Security Onion 14.04 will reach EOL on November 30, 2018:
https://blog.securityonion.net/2018/06/6-month-eol-notice-for-security-onion.html

After that date, we will not provide any support for Security Onion 14.04.  Please plan to upgrade or replace any existing 14.04 systems before that date.

Installation Guide
We've updated the Installation guide to reflect the download locations for the new ISO image:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Installation

Existing Deployments
If you have existing 16.04 installations, there is no need to download the new ISO image.  You can simply continue using our standard update process to install updated packages as they are made available:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

If you have existing installations of Security Onion 14.04, you can upgrade from 14.04 to 16.04:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrading-from-14.04-to-16.04

Thanks
Thanks to Wes Lambert for testing this new ISO image!

Conference
Registration is now open for our annual Security Onion Conference in Augusta GA!
http://socaugusta2018.eventbrite.com/

Training
We have 4-day Security Onion training classes coming up in Maryland and Georgia!  If you can't make it to any of these onsite classes, we have a new online training platform!  For more information and other training options, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Screenshot Tour

ISO Boot Menu

ISO Live Desktop

After ISO installer completes, reboot and login

Next, run Setup

Welcome to Setup

Configure network interfaces, reboot, then run Setup again, and skip network configuration

Evaluation Mode vs Production Mode

Interface Selection

Creating User Account

Setting Password

Confirming Password

Confirming Setup Options

Setup Complete

so-COMPONENT-VERB scripts

CyberChef 8.5.0

NetworkMiner 2.3.2

Bro 2.5.5

Single Sign On (SSO) for Squert, Kibana, and CapMe

Squert

Kibana with default dark theme

To switch to light dashboards, run so-elastic-configure-kibana-dashboards-light

Kibana with light theme

To return to default dark theme, run so-elastic-configure-kibana-dashboards

Kibana back to default dark theme

Help

Bro Notices

ElastAlert

HIDS Alerts

NIDS Alerts

Connections

DCE/RPC

DHCP

DNP3

DNS

Files

FTP 
HTTP


Intel

IRC

Kerberos

Modbus

MySQL

NTLM

PE

RADIUS

RDP

RFB

SIP

SMB

SMTP

SNMP

Software

SSH

SSL

Syslog

Tunnels

Weird

X.509

Autoruns

Beats

OSSEC Logs

Sysmon

DomainStats - Baby Domains

PFSense Firewall Logs

Frequency Analysis

Syslog