Monday, March 10, 2014

New securityonion-web-page package updates OSSEC and DNS Queries

I've updated our securityonion-web-page package to resolve a few issues.  The new package is securityonion-web-page -20120722-0ubuntu0securityonion19 and it has been tested by Matt Gregory (thanks!).

Issues Resolved
Issue 495: securityonion-web-page: OSSEC logs query should exclude MARK
https://code.google.com/p/security-onion/issues/detail?id=495

Issue 498: securityonion-web-page: add DNS IXFR query
https://code.google.com/p/security-onion/issues/detail?id=498

Release Notes
Previously, we added a "DNS - Zone Transfers" query that would look for full zone transfers (AXFR):
http://blog.securityonion.net/2014/02/new-securityonion-web-page-package-adds_19.html

This new package updates that query to also look for incremental zone transfers (IXFR) and group the results by the source IP address:
class=BRO_DNS proto="tcp" "axfr" OR "ixfr" groupby:srcip

The "Host Logs - All OSSEC Logs" query should now exclude any OSSEC --MARK-- logs as follows:
class=none program="ossec_archive" "2014" -"packets_received" -"--MARK--"

Updating
The new package is now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Training
Want to learn more about Security Onion?  Sign up for the new expanded 2-day class in Houston TX!  For full details and to register, please see:
https://securityonion20140508.eventbrite.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

No comments:

Search This Blog

Featured Post

Did You Know Security Onion Scales to the Enterprise?

Did you know Security Onion scales to the enterprise? Security Onion is designed to scale from simple standalone deployments all the way up ...

Popular Posts

Blog Archive