Issues Resolved
Issue 495: securityonion-web-page: OSSEC logs query should exclude MARK
https://code.google.com/p/security-onion/issues/detail?id=495
Issue 498: securityonion-web-page: add DNS IXFR query
https://code.google.com/p/security-onion/issues/detail?id=498
Release Notes
Previously, we added a "DNS - Zone Transfers" query that would look for full zone transfers (AXFR):
http://blog.securityonion.net/2014/02/new-securityonion-web-page-package-adds_19.html
This new package updates that query to also look for incremental zone transfers (IXFR) and group the results by the source IP address:
class=BRO_DNS proto="tcp" "axfr" OR "ixfr" groupby:srcip
The "Host Logs - All OSSEC Logs" query should now exclude any OSSEC --MARK-- logs as follows:
class=none program="ossec_archive" "2014" -"packets_received" -"--MARK--"
Updating
The new package is now available in our stable repo. Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade
Feedback
If you have any questions or problems, please use our mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists
Training
Want to learn more about Security Onion? Sign up for the new expanded 2-day class in Houston TX! For full details and to register, please see:
https://securityonion20140508.eventbrite.com
Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers
We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion
We also need help testing new packages:
http://groups.google.com/group/security-onion-testing
Thanks!
No comments:
Post a Comment