I've updated our securityonion-sostat package to resolve six issues.
The updated package version is as follows:
securityonion-sostat - 20120722-0ubuntu0securityonion24
This new package has been tested by the following (thanks!):
David Zawdie
JP Bourget
Issues Resolved
Issue 483: sostat-redacted should redact usernames
https://code.google.com/p/security-onion/issues/detail?id=483
Issue 509: sostat-quick
https://code.google.com/p/security-onion/issues/detail?id=509
Issue 510: sostat: change "ELSA Date Range" to "ELSA Index Date Range"
https://code.google.com/p/security-onion/issues/detail?id=510
Issue 515: sostat: avoid displaying "ELSA Log Node SSH Tunnels:" if there are no SSH tunnels
https://code.google.com/p/security-onion/issues/detail?id=515
Issue 517: sostat: only display "Top 50 URLs for yesterday" if http_agent is enabled
https://code.google.com/p/security-onion/issues/detail?id=517
Issue 531: sostat: improve checking of autossh tunnels
https://code.google.com/p/security-onion/issues/detail?id=531
Updating
The new package is now available in our stable repo. Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade
Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists
Training
Want to learn more about Security Onion? Only two days left to sign up for the new expanded 2-day class in Houston TX! For full details and to register, please see:
https://securityonion20140508.eventbrite.com
Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers
We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion
We also need help testing new packages:
http://groups.google.com/group/security-onion-testing
Thanks!
Tuesday, April 29, 2014
Monday, April 28, 2014
New securityonion-nsmnow-admin-scripts package
I've updated our securityonion-nsmnow-admin-scripts package to resolve two issues.
The updated package version is as follows:
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion75
This new package has been tested by the following (thanks!):
David Zawdie
Issues Resolved
Issue 529: nsm: check for null dns domain before updating ossec_agent.conf
https://code.google.com/p/security-onion/issues/detail?id=529
Issue 530: nsm: change sshd_config ClientAliveInterval to 30
https://code.google.com/p/security-onion/issues/detail?id=530
Updating
The new package is now available in our stable repo. Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade
Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists
Training
Want to learn more about Security Onion? Only a few days left to sign up for the new expanded 2-day class in Houston TX! For full details and to register, please see:
https://securityonion20140508.eventbrite.com
Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers
We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion
We also need help testing new packages:
http://groups.google.com/group/security-onion-testing
Thanks!
The updated package version is as follows:
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion75
This new package has been tested by the following (thanks!):
David Zawdie
Issues Resolved
Issue 529: nsm: check for null dns domain before updating ossec_agent.conf
https://code.google.com/p/security-onion/issues/detail?id=529
Issue 530: nsm: change sshd_config ClientAliveInterval to 30
https://code.google.com/p/security-onion/issues/detail?id=530
Updating
The new package is now available in our stable repo. Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade
Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists
Training
Want to learn more about Security Onion? Only a few days left to sign up for the new expanded 2-day class in Houston TX! For full details and to register, please see:
https://securityonion20140508.eventbrite.com
Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers
We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion
We also need help testing new packages:
http://groups.google.com/group/security-onion-testing
Thanks!
Wednesday, April 23, 2014
Only 1 week left to register for Security Onion class in Houston TX!
Want to learn more about Security Onion? Sign up for the new and expanded 2-day class in Houston TX!
The registration deadline is April 30, so there is only 1 week left to register!
Here's a discount code good for $100 off:
lastminute52949
For full details and to register, please see:
https://securityonion20140508.eventbrite.com
The registration deadline is April 30, so there is only 1 week left to register!
Here's a discount code good for $100 off:
lastminute52949
For full details and to register, please see:
https://securityonion20140508.eventbrite.com
Tuesday, April 22, 2014
New securityonion-setup package
I've updated our securityonion-setup package to resolve an issue.
The updated package version is as follows:
securityonion-setup - 20120912-0ubuntu0securityonion103
This new package has been tested by the following (thanks!):
David Vasil
David Zawdie
Issues Resolved
Issue 524: Setup should test connection to master server using ssh instead of nc
https://code.google.com/p/security-onion/issues/detail?id=524
Updating
The new package is now available in our stable repo. Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade
Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists
Training
Want to learn more about Security Onion? Only a few days left to sign up for the new expanded 2-day class in Houston TX! For full details and to register, please see:
https://securityonion20140508.eventbrite.com
Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers
We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion
We also need help testing new packages:
http://groups.google.com/group/security-onion-testing
Thanks!
The updated package version is as follows:
securityonion-setup - 20120912-0ubuntu0securityonion103
This new package has been tested by the following (thanks!):
David Vasil
David Zawdie
Issues Resolved
Issue 524: Setup should test connection to master server using ssh instead of nc
https://code.google.com/p/security-onion/issues/detail?id=524
Updating
The new package is now available in our stable repo. Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade
Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists
Training
Want to learn more about Security Onion? Only a few days left to sign up for the new expanded 2-day class in Houston TX! For full details and to register, please see:
https://securityonion20140508.eventbrite.com
Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers
We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion
We also need help testing new packages:
http://groups.google.com/group/security-onion-testing
Thanks!
Monday, April 21, 2014
New securityonion-onionsalt package
I've updated our securityonion-onionsalt package to improve NIDS and HIDS updates. Please see the updated OnionSalt page on our Wiki:
https://code.google.com/p/security-onion/wiki/Salt
The updated package version is as follows:
securityonion-onionsalt - 20130817-0ubuntu0securityonion10
This new package has been tested by the following (thanks!):
David Zawdie
Issues Resolved
Issue 519: onionsalt: improve ids/bro/ossec updates
https://code.google.com/p/security-onion/issues/detail?id=519
Updating
The new package is now available in our stable repo. Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade
Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists
Training
Want to learn more about Security Onion? Only a few days left to sign up for the new expanded 2-day class in Houston TX! For full details and to register, please see:
https://securityonion20140508.eventbrite.com
Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers
We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion
We also need help testing new packages:
http://groups.google.com/group/security-onion-testing
Thanks!
https://code.google.com/p/security-onion/wiki/Salt
The updated package version is as follows:
securityonion-onionsalt - 20130817-0ubuntu0securityonion10
This new package has been tested by the following (thanks!):
David Zawdie
Issues Resolved
Issue 519: onionsalt: improve ids/bro/ossec updates
https://code.google.com/p/security-onion/issues/detail?id=519
Updating
The new package is now available in our stable repo. Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade
Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists
Training
Want to learn more about Security Onion? Only a few days left to sign up for the new expanded 2-day class in Houston TX! For full details and to register, please see:
https://securityonion20140508.eventbrite.com
Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers
We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion
We also need help testing new packages:
http://groups.google.com/group/security-onion-testing
Thanks!
Wednesday, April 16, 2014
Only 2 weeks left to register for Security Onion class in Houston TX!
Want to learn more about Security Onion? Sign up for the new and expanded 2-day class in Houston TX!
The registration deadline is April 30, so there are only 2 weeks left to register!
Here's a discount code good for $100 off:
lastminute52949
For full details and to register, please see:
https://securityonion20140508.eventbrite.com
The registration deadline is April 30, so there are only 2 weeks left to register!
Here's a discount code good for $100 off:
lastminute52949
For full details and to register, please see:
https://securityonion20140508.eventbrite.com
Tuesday, April 15, 2014
New securityonion-nsmnow-admin-scripts package resolves several issues
I've updated our securityonion-nsmnow-admin-scripts package to resolve several issues. The updated package version is as follows:
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion72
This new package has been tested by the following (thanks!):
Eddy Simons
David Zawdie
inuk-x
Issues Resolved
Issue 501: /etc/init/securityonion.conf needs to check that variables were only declared once
https://code.google.com/p/security-onion/issues/detail?id=501
Issue 516: Update sysctl settings
https://code.google.com/p/security-onion/issues/detail?id=516
Issue 518: NSM scripts: run "broctl install" when (re)starting Bro
https://code.google.com/p/security-onion/issues/detail?id=518
Issue 520: Configure /etc/ssh/sshd_config with ClientAliveInterval 60 and ClientAliveCountMax 3
https://code.google.com/p/security-onion/issues/detail?id=520
Issue 521: Replace test.com domain in /etc/nsm/ossec/ossec_agent.conf
https://code.google.com/p/security-onion/issues/detail?id=521
Updating
The new package is now available in our stable repo. Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade
Feedback
If you have any questions or problems, please use our mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists
Training
Want to learn more about Security Onion? Sign up for the new expanded 2-day class in Houston TX! For full details and to register, please see:
https://securityonion20140508.eventbrite.com
Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers
We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion
We also need help testing new packages:
http://groups.google.com/group/security-onion-testing
Thanks!
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion72
This new package has been tested by the following (thanks!):
Eddy Simons
David Zawdie
inuk-x
Issues Resolved
Issue 501: /etc/init/securityonion.conf needs to check that variables were only declared once
https://code.google.com/p/security-onion/issues/detail?id=501
Issue 516: Update sysctl settings
https://code.google.com/p/security-onion/issues/detail?id=516
Issue 518: NSM scripts: run "broctl install" when (re)starting Bro
https://code.google.com/p/security-onion/issues/detail?id=518
Issue 520: Configure /etc/ssh/sshd_config with ClientAliveInterval 60 and ClientAliveCountMax 3
https://code.google.com/p/security-onion/issues/detail?id=520
Issue 521: Replace test.com domain in /etc/nsm/ossec/ossec_agent.conf
https://code.google.com/p/security-onion/issues/detail?id=521
Updating
The new package is now available in our stable repo. Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade
Feedback
If you have any questions or problems, please use our mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists
Training
Want to learn more about Security Onion? Sign up for the new expanded 2-day class in Houston TX! For full details and to register, please see:
https://securityonion20140508.eventbrite.com
Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers
We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion
We also need help testing new packages:
http://groups.google.com/group/security-onion-testing
Thanks!
Wednesday, April 2, 2014
Need Security Onion training? Only 4 weeks left to sign up!
Don't miss the new expanded 2-day Security Onion training class in Houston TX! Last day to sign up is April 30!
https://securityonion20140508.eventbrite.com/
https://securityonion20140508.eventbrite.com/
Tuesday, April 1, 2014
New securityonion-web-page package adds a BRO_FTP query and some BRO_INTEL queries
I've updated our securityonion-web-page package to add a BRO_FTP query and also some BRO_INTEL queries for our recently added BRO_INTEL parsers:
http://blog.securityonion.net/2014/03/new-securityonion-elsa-extras-and.html
The updated package version is as follows:
securityonion-web-page - 20120722-0ubuntu0securityonion21
This new package has been tested by the following (thanks!):
Eddy Simons
David Zawdie
Issues Resolved
Issue 506: securityonion-web-page: add FTP command query
https://code.google.com/p/security-onion/issues/detail?id=506
Issue 507: securityonion-web-page: add queries for BRO_INTEL
https://code.google.com/p/security-onion/issues/detail?id=507
Screenshots
Updating
The new package is now available in our stable repo. Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade
Feedback
If you have any questions or problems, please use our mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists
Training
Want to learn more about Security Onion? Sign up for the new expanded 2-day class in Houston TX! For full details and to register, please see:
https://securityonion20140508.eventbrite.com
Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers
We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion
We also need help testing new packages:
http://groups.google.com/group/security-onion-testing
Thanks!
http://blog.securityonion.net/2014/03/new-securityonion-elsa-extras-and.html
The updated package version is as follows:
securityonion-web-page - 20120722-0ubuntu0securityonion21
This new package has been tested by the following (thanks!):
Eddy Simons
David Zawdie
Issues Resolved
Issue 506: securityonion-web-page: add FTP command query
https://code.google.com/p/security-onion/issues/detail?id=506
Issue 507: securityonion-web-page: add queries for BRO_INTEL
https://code.google.com/p/security-onion/issues/detail?id=507
Screenshots
FTP: Top Commands - group all FTP logs by FTP command |
Drilling into FTP STOR command to look for data exfil |
Intel: Top SRC IPs - group all Intel logs by source IP address |
Intel: Top DST IPs - group all Intel logs by destination IP address |
Intel: Top DST Ports - group all Intel logs by destination port |
Intel: Top Indicators - group all Intel logs by indicator |
Intel: Top Indicator Types - group all Intel logs by indicator type |
Intel: Top Sources - group all Intel logs by source |
Updating
The new package is now available in our stable repo. Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade
Feedback
If you have any questions or problems, please use our mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists
Training
Want to learn more about Security Onion? Sign up for the new expanded 2-day class in Houston TX! For full details and to register, please see:
https://securityonion20140508.eventbrite.com
Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers
We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion
We also need help testing new packages:
http://groups.google.com/group/security-onion-testing
Thanks!
Subscribe to:
Posts (Atom)
Search This Blog
Featured Post
State of the Onion 2024
We usually have our State of the Onion at the annual Security Onion Conference, but we had to cancel the conference due to Hurricane Helene ...
Popular Posts
-
Thanks to all who attended the Zeek webinar on May 27! For those weren't able to join, the recording should be available soon and we wi...
-
Introduction Recent events have forced us to change course on the base operating system (OS) for Security Onion 2.4. On 6/21/2023, Red Hat ...
-
Introduction Jeffrey Medsger reported several command injection and SQL injection vulnerabilities in Squert. Wes Lambert also discovered s...
Blog Archive
- December 2024 (2)
- November 2024 (1)
- October 2024 (9)
- September 2024 (16)
- August 2024 (3)
- July 2024 (7)
- June 2024 (5)
- May 2024 (2)
- April 2024 (7)
- March 2024 (5)
- February 2024 (3)
- January 2024 (3)
- December 2023 (15)
- November 2023 (27)
- October 2023 (18)
- September 2023 (3)
- August 2023 (8)
- July 2023 (4)
- June 2023 (3)
- May 2023 (2)
- April 2023 (4)
- March 2023 (4)
- February 2023 (5)
- January 2023 (3)
- December 2022 (5)
- November 2022 (2)
- October 2022 (9)
- September 2022 (3)
- August 2022 (8)
- July 2022 (7)
- June 2022 (9)
- May 2022 (14)
- April 2022 (7)
- March 2022 (6)
- February 2022 (11)
- January 2022 (12)
- December 2021 (19)
- November 2021 (25)
- October 2021 (22)
- September 2021 (23)
- August 2021 (30)
- July 2021 (13)
- June 2021 (4)
- May 2021 (3)
- April 2021 (4)
- March 2021 (7)
- February 2021 (5)
- January 2021 (4)
- December 2020 (13)
- November 2020 (5)
- October 2020 (12)
- September 2020 (3)
- August 2020 (6)
- July 2020 (8)
- June 2020 (5)
- May 2020 (9)
- April 2020 (11)
- March 2020 (7)
- February 2020 (4)
- January 2020 (1)
- December 2019 (6)
- November 2019 (4)
- October 2019 (8)
- September 2019 (7)
- August 2019 (7)
- July 2019 (4)
- June 2019 (7)
- May 2019 (20)
- April 2019 (8)
- March 2019 (7)
- February 2019 (7)
- January 2019 (12)
- December 2018 (12)
- November 2018 (13)
- October 2018 (10)
- September 2018 (4)
- August 2018 (16)
- July 2018 (11)
- June 2018 (13)
- May 2018 (4)
- April 2018 (11)
- March 2018 (9)
- February 2018 (10)
- January 2018 (9)
- December 2017 (7)
- November 2017 (7)
- October 2017 (9)
- September 2017 (4)
- August 2017 (7)
- July 2017 (5)
- June 2017 (8)
- May 2017 (4)
- April 2017 (2)
- March 2017 (1)
- February 2017 (3)
- January 2017 (15)
- December 2016 (9)
- November 2016 (3)
- October 2016 (5)
- September 2016 (13)
- August 2016 (12)
- July 2016 (10)
- June 2016 (7)
- May 2016 (7)
- April 2016 (7)
- March 2016 (10)
- February 2016 (13)
- January 2016 (10)
- December 2015 (1)
- November 2015 (1)
- October 2015 (3)
- September 2015 (5)
- August 2015 (7)
- July 2015 (7)
- June 2015 (12)
- May 2015 (6)
- April 2015 (6)
- March 2015 (6)
- February 2015 (10)
- January 2015 (11)
- December 2014 (5)
- November 2014 (3)
- October 2014 (6)
- September 2014 (20)
- August 2014 (7)
- July 2014 (10)
- June 2014 (10)
- May 2014 (3)
- April 2014 (9)
- March 2014 (6)
- February 2014 (9)
- January 2014 (8)
- December 2013 (5)
- November 2013 (2)
- October 2013 (7)
- September 2013 (5)
- August 2013 (7)
- July 2013 (9)
- June 2013 (7)
- May 2013 (11)
- April 2013 (3)
- March 2013 (3)
- February 2013 (3)
- January 2013 (3)
- December 2012 (3)
- November 2012 (1)
- October 2012 (1)
- September 2012 (1)
- August 2012 (2)
- May 2012 (4)
- April 2012 (6)
- March 2012 (8)
- February 2012 (4)
- January 2012 (13)
- December 2011 (9)
- November 2011 (8)
- October 2011 (8)
- September 2011 (8)
- July 2011 (4)
- June 2011 (5)
- May 2011 (2)
- April 2011 (1)
- February 2011 (1)
- January 2011 (11)
- November 2010 (4)
- October 2010 (8)
- August 2010 (1)
- July 2010 (2)
- June 2010 (1)
- May 2010 (1)
- April 2010 (2)
- February 2010 (3)
- January 2010 (1)
- September 2009 (1)
- August 2009 (3)
- July 2009 (4)
- June 2009 (3)
- May 2009 (1)
- April 2009 (8)
- February 2009 (1)
- January 2009 (9)
- November 2008 (2)
- October 2008 (4)
- September 2008 (3)