I've updated our securityonion-sostat package to resolve six issues.
The updated package version is as follows:
securityonion-sostat - 20120722-0ubuntu0securityonion24
This new package has been tested by the following (thanks!):
David Zawdie
JP Bourget
Issues Resolved
Issue 483: sostat-redacted should redact usernames
https://code.google.com/p/security-onion/issues/detail?id=483
Issue 509: sostat-quick
https://code.google.com/p/security-onion/issues/detail?id=509
Issue 510: sostat: change "ELSA Date Range" to "ELSA Index Date Range"
https://code.google.com/p/security-onion/issues/detail?id=510
Issue 515: sostat: avoid displaying "ELSA Log Node SSH Tunnels:" if there are no SSH tunnels
https://code.google.com/p/security-onion/issues/detail?id=515
Issue 517: sostat: only display "Top 50 URLs for yesterday" if http_agent is enabled
https://code.google.com/p/security-onion/issues/detail?id=517
Issue 531: sostat: improve checking of autossh tunnels
https://code.google.com/p/security-onion/issues/detail?id=531
Updating
The new package is now available in our stable repo. Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade
Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists
Training
Want to learn more about Security Onion? Only two days left to sign up for the new expanded 2-day class in Houston TX! For full details and to register, please see:
https://securityonion20140508.eventbrite.com
Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers
We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion
We also need help testing new packages:
http://groups.google.com/group/security-onion-testing
Thanks!
Tuesday, April 29, 2014
Monday, April 28, 2014
New securityonion-nsmnow-admin-scripts package
I've updated our securityonion-nsmnow-admin-scripts package to resolve two issues.
The updated package version is as follows:
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion75
This new package has been tested by the following (thanks!):
David Zawdie
Issues Resolved
Issue 529: nsm: check for null dns domain before updating ossec_agent.conf
https://code.google.com/p/security-onion/issues/detail?id=529
Issue 530: nsm: change sshd_config ClientAliveInterval to 30
https://code.google.com/p/security-onion/issues/detail?id=530
Updating
The new package is now available in our stable repo. Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade
Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists
Training
Want to learn more about Security Onion? Only a few days left to sign up for the new expanded 2-day class in Houston TX! For full details and to register, please see:
https://securityonion20140508.eventbrite.com
Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers
We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion
We also need help testing new packages:
http://groups.google.com/group/security-onion-testing
Thanks!
The updated package version is as follows:
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion75
This new package has been tested by the following (thanks!):
David Zawdie
Issues Resolved
Issue 529: nsm: check for null dns domain before updating ossec_agent.conf
https://code.google.com/p/security-onion/issues/detail?id=529
Issue 530: nsm: change sshd_config ClientAliveInterval to 30
https://code.google.com/p/security-onion/issues/detail?id=530
Updating
The new package is now available in our stable repo. Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade
Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists
Training
Want to learn more about Security Onion? Only a few days left to sign up for the new expanded 2-day class in Houston TX! For full details and to register, please see:
https://securityonion20140508.eventbrite.com
Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers
We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion
We also need help testing new packages:
http://groups.google.com/group/security-onion-testing
Thanks!
Wednesday, April 23, 2014
Only 1 week left to register for Security Onion class in Houston TX!
Want to learn more about Security Onion? Sign up for the new and expanded 2-day class in Houston TX!
The registration deadline is April 30, so there is only 1 week left to register!
Here's a discount code good for $100 off:
lastminute52949
For full details and to register, please see:
https://securityonion20140508.eventbrite.com
The registration deadline is April 30, so there is only 1 week left to register!
Here's a discount code good for $100 off:
lastminute52949
For full details and to register, please see:
https://securityonion20140508.eventbrite.com
Tuesday, April 22, 2014
New securityonion-setup package
I've updated our securityonion-setup package to resolve an issue.
The updated package version is as follows:
securityonion-setup - 20120912-0ubuntu0securityonion103
This new package has been tested by the following (thanks!):
David Vasil
David Zawdie
Issues Resolved
Issue 524: Setup should test connection to master server using ssh instead of nc
https://code.google.com/p/security-onion/issues/detail?id=524
Updating
The new package is now available in our stable repo. Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade
Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists
Training
Want to learn more about Security Onion? Only a few days left to sign up for the new expanded 2-day class in Houston TX! For full details and to register, please see:
https://securityonion20140508.eventbrite.com
Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers
We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion
We also need help testing new packages:
http://groups.google.com/group/security-onion-testing
Thanks!
The updated package version is as follows:
securityonion-setup - 20120912-0ubuntu0securityonion103
This new package has been tested by the following (thanks!):
David Vasil
David Zawdie
Issues Resolved
Issue 524: Setup should test connection to master server using ssh instead of nc
https://code.google.com/p/security-onion/issues/detail?id=524
Updating
The new package is now available in our stable repo. Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade
Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists
Training
Want to learn more about Security Onion? Only a few days left to sign up for the new expanded 2-day class in Houston TX! For full details and to register, please see:
https://securityonion20140508.eventbrite.com
Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers
We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion
We also need help testing new packages:
http://groups.google.com/group/security-onion-testing
Thanks!
Monday, April 21, 2014
New securityonion-onionsalt package
I've updated our securityonion-onionsalt package to improve NIDS and HIDS updates. Please see the updated OnionSalt page on our Wiki:
https://code.google.com/p/security-onion/wiki/Salt
The updated package version is as follows:
securityonion-onionsalt - 20130817-0ubuntu0securityonion10
This new package has been tested by the following (thanks!):
David Zawdie
Issues Resolved
Issue 519: onionsalt: improve ids/bro/ossec updates
https://code.google.com/p/security-onion/issues/detail?id=519
Updating
The new package is now available in our stable repo. Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade
Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists
Training
Want to learn more about Security Onion? Only a few days left to sign up for the new expanded 2-day class in Houston TX! For full details and to register, please see:
https://securityonion20140508.eventbrite.com
Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers
We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion
We also need help testing new packages:
http://groups.google.com/group/security-onion-testing
Thanks!
https://code.google.com/p/security-onion/wiki/Salt
The updated package version is as follows:
securityonion-onionsalt - 20130817-0ubuntu0securityonion10
This new package has been tested by the following (thanks!):
David Zawdie
Issues Resolved
Issue 519: onionsalt: improve ids/bro/ossec updates
https://code.google.com/p/security-onion/issues/detail?id=519
Updating
The new package is now available in our stable repo. Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade
Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists
Training
Want to learn more about Security Onion? Only a few days left to sign up for the new expanded 2-day class in Houston TX! For full details and to register, please see:
https://securityonion20140508.eventbrite.com
Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers
We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion
We also need help testing new packages:
http://groups.google.com/group/security-onion-testing
Thanks!
Wednesday, April 16, 2014
Only 2 weeks left to register for Security Onion class in Houston TX!
Want to learn more about Security Onion? Sign up for the new and expanded 2-day class in Houston TX!
The registration deadline is April 30, so there are only 2 weeks left to register!
Here's a discount code good for $100 off:
lastminute52949
For full details and to register, please see:
https://securityonion20140508.eventbrite.com
The registration deadline is April 30, so there are only 2 weeks left to register!
Here's a discount code good for $100 off:
lastminute52949
For full details and to register, please see:
https://securityonion20140508.eventbrite.com
Tuesday, April 15, 2014
New securityonion-nsmnow-admin-scripts package resolves several issues
I've updated our securityonion-nsmnow-admin-scripts package to resolve several issues. The updated package version is as follows:
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion72
This new package has been tested by the following (thanks!):
Eddy Simons
David Zawdie
inuk-x
Issues Resolved
Issue 501: /etc/init/securityonion.conf needs to check that variables were only declared once
https://code.google.com/p/security-onion/issues/detail?id=501
Issue 516: Update sysctl settings
https://code.google.com/p/security-onion/issues/detail?id=516
Issue 518: NSM scripts: run "broctl install" when (re)starting Bro
https://code.google.com/p/security-onion/issues/detail?id=518
Issue 520: Configure /etc/ssh/sshd_config with ClientAliveInterval 60 and ClientAliveCountMax 3
https://code.google.com/p/security-onion/issues/detail?id=520
Issue 521: Replace test.com domain in /etc/nsm/ossec/ossec_agent.conf
https://code.google.com/p/security-onion/issues/detail?id=521
Updating
The new package is now available in our stable repo. Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade
Feedback
If you have any questions or problems, please use our mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists
Training
Want to learn more about Security Onion? Sign up for the new expanded 2-day class in Houston TX! For full details and to register, please see:
https://securityonion20140508.eventbrite.com
Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers
We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion
We also need help testing new packages:
http://groups.google.com/group/security-onion-testing
Thanks!
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion72
This new package has been tested by the following (thanks!):
Eddy Simons
David Zawdie
inuk-x
Issues Resolved
Issue 501: /etc/init/securityonion.conf needs to check that variables were only declared once
https://code.google.com/p/security-onion/issues/detail?id=501
Issue 516: Update sysctl settings
https://code.google.com/p/security-onion/issues/detail?id=516
Issue 518: NSM scripts: run "broctl install" when (re)starting Bro
https://code.google.com/p/security-onion/issues/detail?id=518
Issue 520: Configure /etc/ssh/sshd_config with ClientAliveInterval 60 and ClientAliveCountMax 3
https://code.google.com/p/security-onion/issues/detail?id=520
Issue 521: Replace test.com domain in /etc/nsm/ossec/ossec_agent.conf
https://code.google.com/p/security-onion/issues/detail?id=521
Updating
The new package is now available in our stable repo. Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade
Feedback
If you have any questions or problems, please use our mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists
Training
Want to learn more about Security Onion? Sign up for the new expanded 2-day class in Houston TX! For full details and to register, please see:
https://securityonion20140508.eventbrite.com
Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers
We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion
We also need help testing new packages:
http://groups.google.com/group/security-onion-testing
Thanks!
Wednesday, April 2, 2014
Need Security Onion training? Only 4 weeks left to sign up!
Don't miss the new expanded 2-day Security Onion training class in Houston TX! Last day to sign up is April 30!
https://securityonion20140508.eventbrite.com/
https://securityonion20140508.eventbrite.com/
Tuesday, April 1, 2014
New securityonion-web-page package adds a BRO_FTP query and some BRO_INTEL queries
I've updated our securityonion-web-page package to add a BRO_FTP query and also some BRO_INTEL queries for our recently added BRO_INTEL parsers:
http://blog.securityonion.net/2014/03/new-securityonion-elsa-extras-and.html
The updated package version is as follows:
securityonion-web-page - 20120722-0ubuntu0securityonion21
This new package has been tested by the following (thanks!):
Eddy Simons
David Zawdie
Issues Resolved
Issue 506: securityonion-web-page: add FTP command query
https://code.google.com/p/security-onion/issues/detail?id=506
Issue 507: securityonion-web-page: add queries for BRO_INTEL
https://code.google.com/p/security-onion/issues/detail?id=507
Screenshots
Updating
The new package is now available in our stable repo. Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade
Feedback
If you have any questions or problems, please use our mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists
Training
Want to learn more about Security Onion? Sign up for the new expanded 2-day class in Houston TX! For full details and to register, please see:
https://securityonion20140508.eventbrite.com
Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers
We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion
We also need help testing new packages:
http://groups.google.com/group/security-onion-testing
Thanks!
http://blog.securityonion.net/2014/03/new-securityonion-elsa-extras-and.html
The updated package version is as follows:
securityonion-web-page - 20120722-0ubuntu0securityonion21
This new package has been tested by the following (thanks!):
Eddy Simons
David Zawdie
Issues Resolved
Issue 506: securityonion-web-page: add FTP command query
https://code.google.com/p/security-onion/issues/detail?id=506
Issue 507: securityonion-web-page: add queries for BRO_INTEL
https://code.google.com/p/security-onion/issues/detail?id=507
Screenshots
 |
| FTP: Top Commands - group all FTP logs by FTP command |
 |
| Drilling into FTP STOR command to look for data exfil |
 |
| Intel: Top SRC IPs - group all Intel logs by source IP address |
 |
| Intel: Top DST IPs - group all Intel logs by destination IP address |
 |
| Intel: Top DST Ports - group all Intel logs by destination port |
 |
| Intel: Top Indicators - group all Intel logs by indicator |
 |
| Intel: Top Indicator Types - group all Intel logs by indicator type |
 |
| Intel: Top Sources - group all Intel logs by source |
Updating
The new package is now available in our stable repo. Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade
Feedback
If you have any questions or problems, please use our mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists
Training
Want to learn more about Security Onion? Sign up for the new expanded 2-day class in Houston TX! For full details and to register, please see:
https://securityonion20140508.eventbrite.com
Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers
We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion
We also need help testing new packages:
http://groups.google.com/group/security-onion-testing
Thanks!