Security Onion Blog

Tuesday, March 31, 2015

Four package updates

I've updated four packages to resolve a few issues and these new packages have been tested by Josh Brower (thanks!).

The new package version are as follows:
securityonion-setup - 20120912-0ubuntu0securityonion132
securityonion-sostat - 20120722-0ubuntu0securityonion33
securityonion-web-page - 20141015-0ubuntu0securityonion22
securityonion-elsa-extras - 20131117-1ubuntu0securityonion58

Issues Resolved

Issue 703: Move from Google Code to Github
https://github.com/Security-Onion-Solutions/security-onion/issues/703
Security Onion has moved to Github, so some of the hyperlinks in Setup and sostat had to be updated.

Issue 706: Add Josh Brower's ELSA parsers for process logs and sysmon
https://github.com/Security-Onion-Solutions/security-onion/issues/706
If you have Windows machines with OSSEC agents on them and process auditing enabled, ELSA now parses those "new process" logs.

Issue 709: Add fear.nothing's ELSA parsers for pfSense
https://github.com/Security-Onion-Solutions/security-onion/issues/709
If you're running pfSense firewalls and send their logs to Security Onion via syslog, ELSA will now parse them.

Issue 710: securityonion-web-page: add ELSA queries for Firewall logs
and Windows Processes
https://github.com/Security-Onion-Solutions/security-onion/issues/710
Since ELSA is now parsing firewall logs and Windows processes, we provide some additional ELSA queries to slice and dice those logs.  See screenshots below.

Screenshots
Host Logs - Windows Processes

Firewall - Top SRC IPs Allowed

Firewall - Top DST IPs Allowed

Firewall - Top SRC IPs Denied

Firewall - Top DST IPs Denied


Updating
The new packages are now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Training
Need training?  We have 3-hour online classes and also a 4-day onsite class coming up in Houston.  Please see:
http://securityonionsolutions.com

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://github.com/Security-Onion-Solutions/security-onion/wiki/TeamMembers

Thanks!

at
Labels: , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Search This Blog

Featured Post

Registration Now Open for Augusta Cyber Week 2024!

Registration is now open for Augusta Cyber Week in beautiful Augusta GA from September 30, 2024 through October 5, 2024! This includes: 4-da...

Popular Posts

Blog Archive