http://sourceforge.net/p/sguil/mailman/message/32230854/
http://www.squertproject.org/summaryofchangesforsquertversion130
http://www.squertproject.org/summaryofchangesforsquertversion140
http://www.squertproject.org/summaryofchangesforsquertversion150
I've updated our packages to include both of these releases. The new package versions are as follows:
securityonion-capme - 20121213-0ubuntu0securityonion20
securityonion-http-agent - 0.3.1-0ubuntu0securityonion6
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion88
securityonion-ossec-rules - 20120726-0ubuntu0securityonion4
securityonion-setup - 20120912-0ubuntu0securityonion125
securityonion-sguil-agent-ossec - 20120726-0ubuntu0securityonion4
securityonion-sguil-client - 20141004-0ubuntu0securityonion7
securityonion-sguil-sensor - 20141004-0ubuntu0securityonion7
securityonion-sguil-server - 20141004-0ubuntu0securityonion7
securityonion-squert - 20141015-0ubuntu0securityonion3
Issues Resolved
Issue 287: Sguil 0.9
https://code.google.com/p/security-onion/issues/detail?id=287
Issue 622: Update http_agent for Sguil 0.9 and move from SSL to TLS
https://code.google.com/p/security-onion/issues/detail?id=622
Issue 623: Update ossec_agent for Sguil 0.9 and move from SSL to TLS
https://code.google.com/p/security-onion/issues/detail?id=623
Issue 624: Update CapMe for Sguil 0.9 and move from SSL to TLS
https://code.google.com/p/security-onion/issues/detail?id=624
Issue 625: Update NSM for Sguil 0.9
https://code.google.com/p/security-onion/issues/detail?id=625
Issue 626: Update Setup for Sguil 0.9
https://code.google.com/p/security-onion/issues/detail?id=626
Issue 491: Squert 1.5.0
https://code.google.com/p/security-onion/issues/detail?id=491
Issue 638: securityonion-ossec-rules: add rule to ignore Squert POST
https://code.google.com/p/security-onion/issues/detail?id=638
Release Notes
Please note that the Squert interface has changed quite a bit from the previous version. In particular:
- To drill into an event to see the payload of the event, click on the value in the Status (ST) column.
- To generate a full pcap transcript, click on the value in the "Event ID" column.
Updating
The new packages are now available in our stable repo. Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade
Updating packages using "sudo soup" |
The new OSSEC rules package will prompt you to restart OSSEC |
The new securityonion-sguil-sensor package will prompt you to restart sensor services |
The new securityonion-sguil-server package will update your database and import your autocat rules |
The new securityonion-sguil-server package will then prompt you to restart server services |
The new securityonion-squert package will update your database |
Restarting OSSEC using "sudo service ossec-hids-server restart" |
Restarting server and sensor processes using "sudo service nsm restart" |
The Sguil client is now updated to 0.9... |
...and includes an AutoCat Rule Builder... |
...and an AutoCat Viewer |
Squert has been updated to 1.5.0 |
Squert Event tab |
In Squert, you can now pivot to ELSA |
Pivoting from IP address in Squert to an ELSA query for the IP |
Squert now allows you to color code IP addresses |
Color-coded IP address |
Squert AutoCat Viewer |
Squert Summary tab including GeoIP mapping |
Squert Views tab with Sankey Diagram |
Thanks
Thanks to the following for testing!
Eddy Simons
Mike Pilkington
Landon Lewis
David Zawdie
Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists
Commercial Support
Need commercial support? Please see:
http://securityonionsolutions.com
Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers
We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion
We also need help testing new packages:
http://groups.google.com/group/security-onion-testing
Thanks!