Wednesday, January 8, 2014

New securityonion-web-page package available

I've updated our securityonion-web-page package.  The updated package version is securityonion-web-page - 20120722-0ubuntu0securityonion12 and has been tested by David Zawdie.

Issues Resolved

Issue 455: securityonion-web-page: update hyperlink
https://code.google.com/p/security-onion/issues/detail?id=455

Issue 456: securityonion-web-page: add example ELSA queries
https://code.google.com/p/security-onion/issues/detail?id=456

This package adds a new URL (https://your.security.onion.hostname/elsa/) that includes a menu on the left with some common ELSA queries.

Screenshots
Connections: Top SRC IPs - Top Source IP Addresses in Bro's conn.log

Connections: Top DST Ports - Top Destination Ports in Bro's conn.log

Connections: Top Services - Top Services Identified in Bro's conn.log

Connections: Port 53 groupby Service - Top Services Identified on Port 53 in Bro's conn.log

DHCP: Top Assigned IPs - Top Assigned IP Addresses seen in Bro's dhcp.log

DNS: Top Requests - Top DNS Requests seen in Bro's dns.log

DNS: Top nxdomain - Top nxdomain Responses seen in Bro's dns.log

Files: MIME Types - Top MIME Types seen in Bro's files.log

Files: Sources - Top Protocol Sources in Bro's files.log

FTP: Top arg - FTP Transactions in Bro's ftp.log

Host Logs: OSSEC Alerts - HIDS Alerts from OSSEC

Host Logs: All OSSEC Logs - Raw Logs from OSSEC (not HIDS Alerts)

Host Logs: Syslog-NG - Standard Syslog received by Syslog-NG

Host Logs: Syslog Detected by Bro - Syslog detected by Bro and logged to syslog.log

HTTP: Top User Agents - Top HTTP User Agents in Bro's http.log

HTTP: Top Sites - Top HTTP Sites in Bro's http.log

HTTP: Sites hosting EXEs - Sites hosting EXEs in Bro's http.log

Notice: Top Notice Types - Top Notice Types found in Bro's notice.log

SMTP: Top Subjects - Top Email Subject Lines in Bro's smtp.log

Snort/Suricata: Top Snort Alerts - Top IDS Alerts from Snort or Suricata

Sortware: Software Detected by Bro - Top Software Types found in Bro's software.log

Weird: Top Weird Types - Top Traffic Anomalies found in Bro's weird.log


Updating
The new package is now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list and IRC channel.  Thanks!

1 comment:

Martin Paszkiewicz said...

This is a very welcome addition! AWESOME!

Search This Blog

Featured Post

Quick Malware Analysis: WORD MACRO --> SSLOAD --> COBALT STRIKE pcap from 2024-04-18

Thanks to Brad Duncan for sharing this pcap from 2024-04-18 on his malware traffic analysis site! Due to issues with Google flagging a warni...

Popular Posts

Blog Archive