Friday, August 16, 2013

New securityonion-sguil-server and securityonion-capme packages allow tcpflow/bro rendering

New versions of our securityonion-sguil-server and securityonion-capme packages are now available! After installing these packages and restarting sguild, you'll notice that CapMe now gives you the option to choose tcpflow or bro for transcript rendering.

This update resolves the following issue:
Issue 375: Update CapMe so that the user can choose between tcpflow and Bro for transcript rendering

Thanks
Thanks to the following for testing the new packages!
Matt Gregory
David Zawdie

Upgrading
The new packages are now available in our stable repo.  Please see our Upgrade page for full upgrade instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

After installing the new packages, you'll need to restart sguild:
sudo nsm_server_ps-restart

Screenshots
New "Transcript" option defaults to "tcpflow" 
"tcpflow -cr" doesn't decode gzip decoding, so click the "close" button to go back
Select "bro" and click "submit"

Bro decodes gzip encoding
Feedback
If you have any questions or problems, please use our mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list and IRC channel.  Thanks!

No comments:

Search This Blog

Featured Post

Security Onion 2.4.50 now available including some new features and lots of bug fixes!

Security Onion 2.4.50 is now available! It includes some new features for our fellow defenders and lots of bug fixes! https://docs.securityo...

Popular Posts

Blog Archive