Security Onion Blog

Friday, February 21, 2014

New securityonion-squert package updates to Squert 1.2.0

Paul Halliday recently released Squert 1.2.0:
http://www.squertproject.org/
https://github.com/int13h/squert

He also recorded a couple of videos showcasing some of the new features recently added to Squert:
Changes v1.1.6: http://www.youtube.com/watch?v=_eheJv0MJDY
Changes v1.1.9: http://www.youtube.com/watch?v=QkgrigopfQA

I've packaged Squert 1.2.0 as securityonion-squert - 20140216-0ubuntu0securityonion2 and the package has been tested by the following (thanks!):
Heine Lysemose
David Zawdie
Matt Gregory

Issues Resolved

Issue 448: When changing time zone in Squert, it needs to revert to UTC when requesting transcripts
https://code.google.com/p/security-onion/issues/detail?id=448

Release Notes

  • When you update the package, it will copy new files into place and then display "Updating database".  Please do not cancel or interrupt this process.
  • You no longer have to hardcode your Sguil credentials in config.php.
  • You may need to Shift-Reload in your browser and/or empty browser cache to ensure you're running the latest Squert javascript.
  • Timestamps are displayed in UTC by default, but you can change this by clicking the arrows to the right of the timeline.  De-select UTC, then specify your local timezone offset.  Then click the "save TZ" button to save your preference into the database and click "Update" to refresh the page with the new timestamps.

Screenshots
Do not cancel or interrupt the database update

Events tab

GeoIP mapping

Pivoting on an event and requesting a TCP transcript with the TX button

Summary tab

Views tab

Updating
The new package is now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Search This Blog

Featured Post

New Security Onion Online Training Class - Detection Engineering with Security Onion!

We've just added an exciting new course to our online Security Onion 2.4 training catalog! It's called "Detection Engineering w...

Popular Posts

Blog Archive