Tuesday, April 29, 2014

New securityonion-sostat package resolves six issues

I've updated our securityonion-sostat package to resolve six issues.

The updated package version is as follows:
securityonion-sostat - 20120722-0ubuntu0securityonion24

This new package has been tested by the following (thanks!):
David Zawdie
JP Bourget

Issues Resolved
Issue 483: sostat-redacted should redact usernames
https://code.google.com/p/security-onion/issues/detail?id=483

Issue 509: sostat-quick
https://code.google.com/p/security-onion/issues/detail?id=509

Issue 510: sostat: change "ELSA Date Range" to "ELSA Index Date Range"
https://code.google.com/p/security-onion/issues/detail?id=510

Issue 515: sostat: avoid displaying "ELSA Log Node SSH Tunnels:" if there are no SSH tunnels
https://code.google.com/p/security-onion/issues/detail?id=515

Issue 517: sostat: only display "Top 50 URLs for yesterday" if http_agent is enabled
https://code.google.com/p/security-onion/issues/detail?id=517

Issue 531: sostat: improve checking of autossh tunnels
https://code.google.com/p/security-onion/issues/detail?id=531

Updating
The new package is now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Training
Want to learn more about Security Onion?  Only two days left to sign up for the new expanded 2-day class in Houston TX!  For full details and to register, please see:
https://securityonion20140508.eventbrite.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!


Monday, April 28, 2014

New securityonion-nsmnow-admin-scripts package

I've updated our securityonion-nsmnow-admin-scripts package to resolve two issues.

The updated package version is as follows:
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion75

This new package has been tested by the following (thanks!):
David Zawdie

Issues Resolved
Issue 529: nsm: check for null dns domain before updating ossec_agent.conf
https://code.google.com/p/security-onion/issues/detail?id=529

Issue 530: nsm: change sshd_config ClientAliveInterval to 30
https://code.google.com/p/security-onion/issues/detail?id=530

Updating
The new package is now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Training
Want to learn more about Security Onion?  Only a few days left to sign up for the new expanded 2-day class in Houston TX!  For full details and to register, please see:
https://securityonion20140508.eventbrite.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

Wednesday, April 23, 2014

Only 1 week left to register for Security Onion class in Houston TX!

Want to learn more about Security Onion?  Sign up for the new and expanded 2-day class in Houston TX!

The registration deadline is April 30, so there is only 1 week left to register!

Here's a discount code good for $100 off:
lastminute52949

For full details and to register, please see:
https://securityonion20140508.eventbrite.com

Tuesday, April 22, 2014

New securityonion-setup package

I've updated our securityonion-setup package to resolve an issue.

The updated package version is as follows:
securityonion-setup - 20120912-0ubuntu0securityonion103

This new package has been tested by the following (thanks!):
David Vasil
David Zawdie

Issues Resolved
Issue 524: Setup should test connection to master server using ssh instead of nc
https://code.google.com/p/security-onion/issues/detail?id=524

Updating
The new package is now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Training
Want to learn more about Security Onion?  Only a few days left to sign up for the new expanded 2-day class in Houston TX!  For full details and to register, please see:
https://securityonion20140508.eventbrite.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

Monday, April 21, 2014

New securityonion-onionsalt package

I've updated our securityonion-onionsalt package to improve NIDS and HIDS updates.  Please see the updated OnionSalt page on our Wiki:
https://code.google.com/p/security-onion/wiki/Salt

The updated package version is as follows:
securityonion-onionsalt - 20130817-0ubuntu0securityonion10

This new package has been tested by the following (thanks!):
David Zawdie

Issues Resolved
Issue 519: onionsalt: improve ids/bro/ossec updates
https://code.google.com/p/security-onion/issues/detail?id=519

Updating
The new package is now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Training
Want to learn more about Security Onion?  Only a few days left to sign up for the new expanded 2-day class in Houston TX!  For full details and to register, please see:
https://securityonion20140508.eventbrite.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

Wednesday, April 16, 2014

Only 2 weeks left to register for Security Onion class in Houston TX!

Want to learn more about Security Onion?  Sign up for the new and expanded 2-day class in Houston TX!

The registration deadline is April 30, so there are only 2 weeks left to register!

Here's a discount code good for $100 off:
lastminute52949

For full details and to register, please see:
https://securityonion20140508.eventbrite.com

Tuesday, April 15, 2014

New securityonion-nsmnow-admin-scripts package resolves several issues

I've updated our securityonion-nsmnow-admin-scripts package to resolve several issues.  The updated package version is as follows:
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion72

This new package has been tested by the following (thanks!):
Eddy Simons
David Zawdie
inuk-x

Issues Resolved

Issue 501: /etc/init/securityonion.conf needs to check that variables were only declared once
https://code.google.com/p/security-onion/issues/detail?id=501

Issue 516: Update sysctl settings
https://code.google.com/p/security-onion/issues/detail?id=516

Issue 518: NSM scripts: run "broctl install" when (re)starting Bro
https://code.google.com/p/security-onion/issues/detail?id=518

Issue 520: Configure /etc/ssh/sshd_config with ClientAliveInterval 60 and ClientAliveCountMax 3
https://code.google.com/p/security-onion/issues/detail?id=520

Issue 521: Replace test.com domain in /etc/nsm/ossec/ossec_agent.conf
https://code.google.com/p/security-onion/issues/detail?id=521

Updating
The new package is now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Training
Want to learn more about Security Onion?  Sign up for the new expanded 2-day class in Houston TX!  For full details and to register, please see:
https://securityonion20140508.eventbrite.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

Wednesday, April 2, 2014

Tuesday, April 1, 2014

New securityonion-web-page package adds a BRO_FTP query and some BRO_INTEL queries

I've updated our securityonion-web-page package to add a BRO_FTP query and also some BRO_INTEL queries for our recently added BRO_INTEL parsers:
http://blog.securityonion.net/2014/03/new-securityonion-elsa-extras-and.html

The updated package version is as follows:
securityonion-web-page - 20120722-0ubuntu0securityonion21

This new package has been tested by the following (thanks!):
Eddy Simons
David Zawdie

Issues Resolved

Issue 506: securityonion-web-page: add FTP command query
https://code.google.com/p/security-onion/issues/detail?id=506

Issue 507: securityonion-web-page: add queries for BRO_INTEL
https://code.google.com/p/security-onion/issues/detail?id=507

Screenshots
FTP: Top Commands - group all FTP logs by FTP command

Drilling into FTP STOR command to look for data exfil
Intel: Top SRC IPs - group all Intel logs by source IP address 
Intel: Top DST IPs - group all Intel logs by destination IP address 

Intel: Top DST Ports - group all Intel logs by destination port

Intel: Top Indicators - group all Intel logs by indicator

Intel: Top Indicator Types - group all Intel logs by indicator type

Intel: Top Sources - group all Intel logs by source

Updating
The new package is now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Training
Want to learn more about Security Onion?  Sign up for the new expanded 2-day class in Houston TX!  For full details and to register, please see:
https://securityonion20140508.eventbrite.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

Search This Blog

Featured Post

Quick Malware Analysis: WORD MACRO --> SSLOAD --> COBALT STRIKE pcap from 2024-04-18

Thanks to Brad Duncan for sharing this pcap from 2024-04-18 on his malware traffic analysis site! Due to issues with Google flagging a warni...

Popular Posts

Blog Archive