Tuesday, April 1, 2014

New securityonion-web-page package adds a BRO_FTP query and some BRO_INTEL queries

I've updated our securityonion-web-page package to add a BRO_FTP query and also some BRO_INTEL queries for our recently added BRO_INTEL parsers:

The updated package version is as follows:
securityonion-web-page - 20120722-0ubuntu0securityonion21

This new package has been tested by the following (thanks!):
Eddy Simons
David Zawdie

Issues Resolved

Issue 506: securityonion-web-page: add FTP command query

Issue 507: securityonion-web-page: add queries for BRO_INTEL

FTP: Top Commands - group all FTP logs by FTP command

Drilling into FTP STOR command to look for data exfil
Intel: Top SRC IPs - group all Intel logs by source IP address 
Intel: Top DST IPs - group all Intel logs by destination IP address 

Intel: Top DST Ports - group all Intel logs by destination port

Intel: Top Indicators - group all Intel logs by indicator

Intel: Top Indicator Types - group all Intel logs by indicator type

Intel: Top Sources - group all Intel logs by source

The new package is now available in our stable repo.  Please see the following page for full update instructions:

If you have any questions or problems, please use our mailing list:

Want to learn more about Security Onion?  Sign up for the new expanded 2-day class in Houston TX!  For full details and to register, please see:

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:

We especially need help in answering support questions on the mailing list:

We also need help testing new packages:


No comments:

Search This Blog

Featured Post

Quick Malware Analysis: WORD MACRO --> SSLOAD --> COBALT STRIKE pcap from 2024-04-18

Thanks to Brad Duncan for sharing this pcap from 2024-04-18 on his malware traffic analysis site! Due to issues with Google flagging a warni...

Popular Posts

Blog Archive