Tuesday, April 29, 2014

New securityonion-sostat package resolves six issues

I've updated our securityonion-sostat package to resolve six issues.

The updated package version is as follows:
securityonion-sostat - 20120722-0ubuntu0securityonion24

This new package has been tested by the following (thanks!):
David Zawdie
JP Bourget

Issues Resolved
Issue 483: sostat-redacted should redact usernames
https://code.google.com/p/security-onion/issues/detail?id=483

Issue 509: sostat-quick
https://code.google.com/p/security-onion/issues/detail?id=509

Issue 510: sostat: change "ELSA Date Range" to "ELSA Index Date Range"
https://code.google.com/p/security-onion/issues/detail?id=510

Issue 515: sostat: avoid displaying "ELSA Log Node SSH Tunnels:" if there are no SSH tunnels
https://code.google.com/p/security-onion/issues/detail?id=515

Issue 517: sostat: only display "Top 50 URLs for yesterday" if http_agent is enabled
https://code.google.com/p/security-onion/issues/detail?id=517

Issue 531: sostat: improve checking of autossh tunnels
https://code.google.com/p/security-onion/issues/detail?id=531

Updating
The new package is now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Training
Want to learn more about Security Onion?  Only two days left to sign up for the new expanded 2-day class in Houston TX!  For full details and to register, please see:
https://securityonion20140508.eventbrite.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!


Monday, April 28, 2014

New securityonion-nsmnow-admin-scripts package

I've updated our securityonion-nsmnow-admin-scripts package to resolve two issues.

The updated package version is as follows:
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion75

This new package has been tested by the following (thanks!):
David Zawdie

Issues Resolved
Issue 529: nsm: check for null dns domain before updating ossec_agent.conf
https://code.google.com/p/security-onion/issues/detail?id=529

Issue 530: nsm: change sshd_config ClientAliveInterval to 30
https://code.google.com/p/security-onion/issues/detail?id=530

Updating
The new package is now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Training
Want to learn more about Security Onion?  Only a few days left to sign up for the new expanded 2-day class in Houston TX!  For full details and to register, please see:
https://securityonion20140508.eventbrite.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

Wednesday, April 23, 2014

Only 1 week left to register for Security Onion class in Houston TX!

Want to learn more about Security Onion?  Sign up for the new and expanded 2-day class in Houston TX!

The registration deadline is April 30, so there is only 1 week left to register!

Here's a discount code good for $100 off:
lastminute52949

For full details and to register, please see:
https://securityonion20140508.eventbrite.com

Tuesday, April 22, 2014

New securityonion-setup package

I've updated our securityonion-setup package to resolve an issue.

The updated package version is as follows:
securityonion-setup - 20120912-0ubuntu0securityonion103

This new package has been tested by the following (thanks!):
David Vasil
David Zawdie

Issues Resolved
Issue 524: Setup should test connection to master server using ssh instead of nc
https://code.google.com/p/security-onion/issues/detail?id=524

Updating
The new package is now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Training
Want to learn more about Security Onion?  Only a few days left to sign up for the new expanded 2-day class in Houston TX!  For full details and to register, please see:
https://securityonion20140508.eventbrite.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

Monday, April 21, 2014

New securityonion-onionsalt package

I've updated our securityonion-onionsalt package to improve NIDS and HIDS updates.  Please see the updated OnionSalt page on our Wiki:
https://code.google.com/p/security-onion/wiki/Salt

The updated package version is as follows:
securityonion-onionsalt - 20130817-0ubuntu0securityonion10

This new package has been tested by the following (thanks!):
David Zawdie

Issues Resolved
Issue 519: onionsalt: improve ids/bro/ossec updates
https://code.google.com/p/security-onion/issues/detail?id=519

Updating
The new package is now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Training
Want to learn more about Security Onion?  Only a few days left to sign up for the new expanded 2-day class in Houston TX!  For full details and to register, please see:
https://securityonion20140508.eventbrite.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

Wednesday, April 16, 2014

Only 2 weeks left to register for Security Onion class in Houston TX!

Want to learn more about Security Onion?  Sign up for the new and expanded 2-day class in Houston TX!

The registration deadline is April 30, so there are only 2 weeks left to register!

Here's a discount code good for $100 off:
lastminute52949

For full details and to register, please see:
https://securityonion20140508.eventbrite.com

Tuesday, April 15, 2014

New securityonion-nsmnow-admin-scripts package resolves several issues

I've updated our securityonion-nsmnow-admin-scripts package to resolve several issues.  The updated package version is as follows:
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion72

This new package has been tested by the following (thanks!):
Eddy Simons
David Zawdie
inuk-x

Issues Resolved

Issue 501: /etc/init/securityonion.conf needs to check that variables were only declared once
https://code.google.com/p/security-onion/issues/detail?id=501

Issue 516: Update sysctl settings
https://code.google.com/p/security-onion/issues/detail?id=516

Issue 518: NSM scripts: run "broctl install" when (re)starting Bro
https://code.google.com/p/security-onion/issues/detail?id=518

Issue 520: Configure /etc/ssh/sshd_config with ClientAliveInterval 60 and ClientAliveCountMax 3
https://code.google.com/p/security-onion/issues/detail?id=520

Issue 521: Replace test.com domain in /etc/nsm/ossec/ossec_agent.conf
https://code.google.com/p/security-onion/issues/detail?id=521

Updating
The new package is now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Training
Want to learn more about Security Onion?  Sign up for the new expanded 2-day class in Houston TX!  For full details and to register, please see:
https://securityonion20140508.eventbrite.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

Wednesday, April 2, 2014

Tuesday, April 1, 2014

New securityonion-web-page package adds a BRO_FTP query and some BRO_INTEL queries

I've updated our securityonion-web-page package to add a BRO_FTP query and also some BRO_INTEL queries for our recently added BRO_INTEL parsers:
http://blog.securityonion.net/2014/03/new-securityonion-elsa-extras-and.html

The updated package version is as follows:
securityonion-web-page - 20120722-0ubuntu0securityonion21

This new package has been tested by the following (thanks!):
Eddy Simons
David Zawdie

Issues Resolved

Issue 506: securityonion-web-page: add FTP command query
https://code.google.com/p/security-onion/issues/detail?id=506

Issue 507: securityonion-web-page: add queries for BRO_INTEL
https://code.google.com/p/security-onion/issues/detail?id=507

Screenshots
FTP: Top Commands - group all FTP logs by FTP command

Drilling into FTP STOR command to look for data exfil
Intel: Top SRC IPs - group all Intel logs by source IP address 
Intel: Top DST IPs - group all Intel logs by destination IP address 

Intel: Top DST Ports - group all Intel logs by destination port

Intel: Top Indicators - group all Intel logs by indicator

Intel: Top Indicator Types - group all Intel logs by indicator type

Intel: Top Sources - group all Intel logs by source

Updating
The new package is now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Training
Want to learn more about Security Onion?  Sign up for the new expanded 2-day class in Houston TX!  For full details and to register, please see:
https://securityonion20140508.eventbrite.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

Search This Blog

Featured Post

Security Onion 2.4.50 now available including some new features and lots of bug fixes!

Security Onion 2.4.50 is now available! It includes some new features for our fellow defenders and lots of bug fixes! https://docs.securityo...

Popular Posts

Blog Archive