Wednesday, December 3, 2014

ELSA now parses Bro's RADIUS, SNMP, and X.509 logs

I've added ELSA parsers for Bro RADIUS, SNMP, and X.509 logs.  The new packages are as follows:

securityonion-elsa-extras - 20131117-1ubuntu0securityonion50
securityonion-web-page - 20141015-0ubuntu0securityonion10

These new packages should resolve the following issues:

Issue 513: securityonion-elsa-extras: when adding sources to
syslog-ng.conf, do not search-and-replace using "log"
https://code.google.com/p/security-onion/issues/detail?id=513

Issue 575: ELSA: parsers for new Bro logs added in Bro 2.3
https://code.google.com/p/security-onion/issues/detail?id=575

Issue 578: securityonion-web-page: add ELSA queries for new Bro 2.3 logs
https://code.google.com/p/security-onion/issues/detail?id=578

These new packages have been tested by the following (thanks!):
Eddy Simons
David Zawdie

Screenshots
Update Process 

X.509 logs grouped by Certificate Key Length

X.509 logs grouped by Certificate Key Algorithm

X.509 logs grouped by Certificate Signature Algorithm

X.509 logs grouped by Certificate Key Type

SNMP logs grouped by Community
RADIUS logs grouped by username


Updating
The new packages are now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Training
Need training?  Please see:
https://security-onion-class-20141215.eventbrite.com/

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.