Wednesday, January 7, 2015

New ELSA packages parse country code out of Bro conn.log

I've updated the ELSA packages to parse the responder country code out of the Bro conn.log.  The new packages are as follows:

securityonion-elsa-extras - 20131117-1ubuntu0securityonion53
securityonion-web-page - 20141015-0ubuntu0securityonion13

These new packages should resolve the following issues:

Issue 656: ELSA: update parser for bro_conn to parse country code

Issue 659: securityonion-web-page: add ELSA query for bro_conn groupby:resp_country_code

These new packages have been tested by David Zawdie (thanks!).

Update process

Connections - Groupby Resp Country: group connections by responder country code

The new packages are now available in our stable repo.  Please see the following page for full update instructions:

If you have any questions or problems, please use our security-onion mailing list:

Commercial Support
Need training and/or commercial support?  Please see:

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:


No comments:

Search This Blog

Featured Post

Security Onion 2.4.50 now available including some new features and lots of bug fixes!

Security Onion 2.4.50 is now available! It includes some new features for our fellow defenders and lots of bug fixes! https://docs.securityo...

Popular Posts

Blog Archive