Monday, March 10, 2014

New securityonion-web-page package updates OSSEC and DNS Queries

I've updated our securityonion-web-page package to resolve a few issues.  The new package is securityonion-web-page -20120722-0ubuntu0securityonion19 and it has been tested by Matt Gregory (thanks!).

Issues Resolved
Issue 495: securityonion-web-page: OSSEC logs query should exclude MARK

Issue 498: securityonion-web-page: add DNS IXFR query

Release Notes
Previously, we added a "DNS - Zone Transfers" query that would look for full zone transfers (AXFR):

This new package updates that query to also look for incremental zone transfers (IXFR) and group the results by the source IP address:
class=BRO_DNS proto="tcp" "axfr" OR "ixfr" groupby:srcip

The "Host Logs - All OSSEC Logs" query should now exclude any OSSEC --MARK-- logs as follows:
class=none program="ossec_archive" "2014" -"packets_received" -"--MARK--"

The new package is now available in our stable repo.  Please see the following page for full update instructions:

If you have any questions or problems, please use our mailing list:

Want to learn more about Security Onion?  Sign up for the new expanded 2-day class in Houston TX!  For full details and to register, please see:

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:

We especially need help in answering support questions on the mailing list:

We also need help testing new packages:


No comments:

Search This Blog

Featured Post

Sneak Peek: New Detections Feature coming in Security Onion 2.4.70!

Our latest video is a sneak peek at a NEW feature coming to our FREE and OPEN Security Onion platform in the upcoming 2.4.70 release! This n...

Popular Posts

Blog Archive