Issues Resolved
Issue 455: securityonion-web-page: update hyperlink
https://code.google.com/p/security-onion/issues/detail?id=455
Issue 456: securityonion-web-page: add example ELSA queries
https://code.google.com/p/security-onion/issues/detail?id=456
This package adds a new URL (https://your.security.onion.hostname/elsa/) that includes a menu on the left with some common ELSA queries.
Screenshots
 |
| Connections: Top SRC IPs - Top Source IP Addresses in Bro's conn.log |
 |
| Connections: Top DST Ports - Top Destination Ports in Bro's conn.log |
 |
| Connections: Top Services - Top Services Identified in Bro's conn.log |
 |
| Connections: Port 53 groupby Service - Top Services Identified on Port 53 in Bro's conn.log |
 |
| DHCP: Top Assigned IPs - Top Assigned IP Addresses seen in Bro's dhcp.log |
 |
| DNS: Top Requests - Top DNS Requests seen in Bro's dns.log |
 |
| DNS: Top nxdomain - Top nxdomain Responses seen in Bro's dns.log |
 |
| Files: MIME Types - Top MIME Types seen in Bro's files.log |
 |
| Files: Sources - Top Protocol Sources in Bro's files.log |
 |
| FTP: Top arg - FTP Transactions in Bro's ftp.log |
 |
| Host Logs: OSSEC Alerts - HIDS Alerts from OSSEC |
 |
| Host Logs: All OSSEC Logs - Raw Logs from OSSEC (not HIDS Alerts) |
 |
| Host Logs: Syslog-NG - Standard Syslog received by Syslog-NG |
 |
| Host Logs: Syslog Detected by Bro - Syslog detected by Bro and logged to syslog.log |
 |
| HTTP: Top User Agents - Top HTTP User Agents in Bro's http.log |
 |
| HTTP: Top Sites - Top HTTP Sites in Bro's http.log |
 |
| HTTP: Sites hosting EXEs - Sites hosting EXEs in Bro's http.log |
 |
| Notice: Top Notice Types - Top Notice Types found in Bro's notice.log |
 |
| SMTP: Top Subjects - Top Email Subject Lines in Bro's smtp.log |
 |
| Snort/Suricata: Top Snort Alerts - Top IDS Alerts from Snort or Suricata |
 |
| Sortware: Software Detected by Bro - Top Software Types found in Bro's software.log |
 |
| Weird: Top Weird Types - Top Traffic Anomalies found in Bro's weird.log |
Updating
The new package is now available in our stable repo. Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade
Feedback
If you have any questions or problems, please use our mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists
Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers
We especially need help in answering support questions on the mailing list and IRC channel. Thanks!
1 comment:
This is a very welcome addition! AWESOME!
Post a Comment