Friday, August 16, 2013

New securityonion-sguil-server and securityonion-capme packages allow tcpflow/bro rendering

New versions of our securityonion-sguil-server and securityonion-capme packages are now available! After installing these packages and restarting sguild, you'll notice that CapMe now gives you the option to choose tcpflow or bro for transcript rendering.

This update resolves the following issue:
Issue 375: Update CapMe so that the user can choose between tcpflow and Bro for transcript rendering

Thanks
Thanks to the following for testing the new packages!
Matt Gregory
David Zawdie

Upgrading
The new packages are now available in our stable repo.  Please see our Upgrade page for full upgrade instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

After installing the new packages, you'll need to restart sguild:
sudo nsm_server_ps-restart

Screenshots
New "Transcript" option defaults to "tcpflow" 
"tcpflow -cr" doesn't decode gzip decoding, so click the "close" button to go back
Select "bro" and click "submit"

Bro decodes gzip encoding
Feedback
If you have any questions or problems, please use our mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list and IRC channel.  Thanks!

No comments:

Search This Blog

Featured Post

Security Onion 2.4.110 Hurricane Helene Edition now available including new AI Summary feature and much more!

Hurricane Helene Update On Friday, September 27, Hurricane Helene hit Augusta GA. All of our team members are safe, but many folks had signi...

Popular Posts

Blog Archive