Wednesday, January 30, 2013

New securityonion-snorby 20130129 package fixes a vulnerability


Snorby 2.5.6 was recently released to fix a vulnerability:
https://github.com/Snorby/snorby/blob/master/ChangeLog.md

I've packaged Snorby 2.5.6 and the new securityonion-snorby package has been tested and confirmed by the following (thanks!):
Heine Lysemose
Mark Hillick
Matt Gregory

The new package is now available in our stable repo. You can initiate the upgrade process using the graphical Update Manager or using the following one-liner:
sudo apt-get update && sudo apt-get dist-upgrade
Ubuntu recently released some MySQL updates, so you may also be prompted to update MySQL at the same time.  Please see the following for the recommended procedure for updating MySQL:
http://code.google.com/p/security-onion/wiki/MySQLUpdates

When the new securityonion-snorby package installs, it should restart Apache and, if Setup has already been run, it should run "bundle exec rake snorby:update" and restart the Snorby worker as follows (you can disregard any "Jammit Warning" messages):
Update Process

Wednesday, January 23, 2013

New securityonion-snorby package fixes multiple vulnerabilities


Snorby 2.5.4 was recently released with some vulnerability fixes:
https://github.com/Snorby/snorby/blob/master/ChangeLog.md

I've packaged Snorby 2.5.4 and the new securityonion-snorby package has been tested and confirmed by the following (thanks!):
Scott Runnels
Matt Gregory
Heine Lysemose
David Zawdie


The new package is now available in our stable repo. You can initiate the upgrade process using the graphical Update Manager or using the following one-liner:
sudo apt-get update && sudo apt-get dist-upgrade
Ubuntu recently released some MySQL updates, so you may also be prompted to update MySQL at the same time.  Please see the following for the recommended procedure for updating MySQL:

When the new securityonion-snorby package installs, it should restart Apache and, if Setup has already been run, it should run "bundle exec rake snorby:update" and restart the Snorby worker as follows (you can disregard any "Jammit Warning" messages):

Upgrade Process

Thursday, January 3, 2013

DNS Visibility with Security Onion 12.04


UPDATE 2013-10-05: See the updated version of this blog post here:
http://securityonion.blogspot.com/2013/10/got-dns-visibility.html

There have been some interesting articles recently on the value of DNS visibility for security teams:

http://blogs.cisco.com/security/tracking-malicious-activity-with-passive-dns-query-monitoring/

https://blog.damballa.com/archives/1834/trackback

http://isc.sans.edu/diary.html?storyid=13918


If you don't already have good visibility into your DNS traffic, download Security Onion 12.04 now and see how Bro and ELSA can give you point-and-click DNS visibility in minutes!


Hunting through DNS traffic with Bro and ELSA