Tuesday, February 3, 2015

New ELSA packages parse additional fields out of Bro dns.log

Pietro Delsante contributed some updated parsers for Bro and BIND DNS logs (thanks, Pietro!) and I've updated the securityonion-elsa-extras package with these new parsers.  I've also updated the securityonion-web-page package to include some new ELSA queries for these newly exposed BRO_DNS fields.  The new packages are as follows:

securityonion-elsa-extras - 20131117-1ubuntu0securityonion56
securityonion-web-page - 20141015-0ubuntu0securityonion15

These new packages should resolve the following issues:

Issue 668: ELSA: pdbtool errors

Issue 669: ELSA: update parsers for Bro DNS and BIND

Issue 670: securityonion-web-page: add queries for updated bro_dns parser

Issue 685: securityonion-web-page: update links

These new packages have been tested by Pietro Delsante and David Zawdie (thanks!).


Update process

DNS - Top Query Class

DNS - Top Query Type

DNS - Top Return Code

The new packages are now available in our stable repo.  Please see the following page for full update instructions:

If you have any questions or problems, please use our security-onion mailing list:

Commercial Support
Need training and/or commercial support?  Please see:

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are now available in our CafePress store!


No comments:

Search This Blog

Featured Post

Quick Malware Analysis: WORD MACRO --> SSLOAD --> COBALT STRIKE pcap from 2024-04-18

Thanks to Brad Duncan for sharing this pcap from 2024-04-18 on his malware traffic analysis site! Due to issues with Google flagging a warni...

Popular Posts

Blog Archive