Friday, January 13, 2012

Security Onion 20120113 now available!

Security Onion 20120113 is now available!  This resolves the following issues:
Issue 147: Bro 2.0 integration
Issue 185: Syntax error clearing sensor data

Note that this is just the initial integration of Bro. In the future, we'll switch Sguil's http_agent to use Bro's http.log and we'll also look at using Barnyard2 to send IDS alerts to Bro to give it a better understanding of your network.

New Users
New users can download and install the 20111103 ISO image using the instructions here.  The step marked "Install Security Onion updates" will automatically install this update.

In-place Upgrade
Existing Security Onion users can perform an in-place upgrade using the following command (if you're behind a proxy, remember to set your proxy variables as described in the FAQ):
sudo -i "curl -L > ~/ && bash ~/"
Note that the upgrade script is cumulative and will upgrade any older version of Security Onion to the most recent version (including any updates in between).

Upgrade Process
sudo broctl status
Current Bro logs can be found in /nsm/bro/logs/current
If you're a fan of Security Onion, please vote for it for 2011 Toolsmith Tool of the Year!

No comments:

Search This Blog

Featured Post

Quick Malware Analysis: WORD MACRO --> SSLOAD --> COBALT STRIKE pcap from 2024-04-18

Thanks to Brad Duncan for sharing this pcap from 2024-04-18 on his malware traffic analysis site! Due to issues with Google flagging a warni...

Popular Posts

Blog Archive