Wednesday, January 7, 2015

New ELSA packages parse country code out of Bro conn.log

I've updated the ELSA packages to parse the responder country code out of the Bro conn.log.  The new packages are as follows:

securityonion-elsa-extras - 20131117-1ubuntu0securityonion53
securityonion-web-page - 20141015-0ubuntu0securityonion13

These new packages should resolve the following issues:

Issue 656: ELSA: update parser for bro_conn to parse country code
https://code.google.com/p/security-onion/issues/detail?id=656

Issue 659: securityonion-web-page: add ELSA query for bro_conn groupby:resp_country_code
https://code.google.com/p/security-onion/issues/detail?id=659

These new packages have been tested by David Zawdie (thanks!).

Screenshots
Update process

Connections - Groupby Resp Country: group connections by responder country code

Updating
The new packages are now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Commercial Support
Need training and/or commercial support?  Please see:
http://securityonionsolutions.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

Thanks!

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.