Tuesday, April 1, 2014

New securityonion-web-page package adds a BRO_FTP query and some BRO_INTEL queries

I've updated our securityonion-web-page package to add a BRO_FTP query and also some BRO_INTEL queries for our recently added BRO_INTEL parsers:

The updated package version is as follows:
securityonion-web-page - 20120722-0ubuntu0securityonion21

This new package has been tested by the following (thanks!):
Eddy Simons
David Zawdie

Issues Resolved

Issue 506: securityonion-web-page: add FTP command query

Issue 507: securityonion-web-page: add queries for BRO_INTEL

FTP: Top Commands - group all FTP logs by FTP command

Drilling into FTP STOR command to look for data exfil
Intel: Top SRC IPs - group all Intel logs by source IP address 
Intel: Top DST IPs - group all Intel logs by destination IP address 

Intel: Top DST Ports - group all Intel logs by destination port

Intel: Top Indicators - group all Intel logs by indicator

Intel: Top Indicator Types - group all Intel logs by indicator type

Intel: Top Sources - group all Intel logs by source

The new package is now available in our stable repo.  Please see the following page for full update instructions:

If you have any questions or problems, please use our mailing list:

Want to learn more about Security Onion?  Sign up for the new expanded 2-day class in Houston TX!  For full details and to register, please see:

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:

We especially need help in answering support questions on the mailing list:

We also need help testing new packages:


No comments:

Search This Blog

Featured Post

Security Onion 2.4.50 now available including some new features and lots of bug fixes!

Security Onion 2.4.50 is now available! It includes some new features for our fellow defenders and lots of bug fixes! https://docs.securityo...

Popular Posts

Blog Archive