Friday, August 16, 2013

New securityonion-sguil-server and securityonion-capme packages allow tcpflow/bro rendering

New versions of our securityonion-sguil-server and securityonion-capme packages are now available! After installing these packages and restarting sguild, you'll notice that CapMe now gives you the option to choose tcpflow or bro for transcript rendering.

This update resolves the following issue:
Issue 375: Update CapMe so that the user can choose between tcpflow and Bro for transcript rendering

Thanks to the following for testing the new packages!
Matt Gregory
David Zawdie

The new packages are now available in our stable repo.  Please see our Upgrade page for full upgrade instructions:

After installing the new packages, you'll need to restart sguild:
sudo nsm_server_ps-restart

New "Transcript" option defaults to "tcpflow" 
"tcpflow -cr" doesn't decode gzip decoding, so click the "close" button to go back
Select "bro" and click "submit"

Bro decodes gzip encoding
If you have any questions or problems, please use our mailing list:

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:

We especially need help in answering support questions on the mailing list and IRC channel.  Thanks!

No comments:

Search This Blog

Featured Post

Quick Malware Analysis: WORD MACRO --> SSLOAD --> COBALT STRIKE pcap from 2024-04-18

Thanks to Brad Duncan for sharing this pcap from 2024-04-18 on his malware traffic analysis site! Due to issues with Google flagging a warni...

Popular Posts

Blog Archive