Tuesday, March 31, 2015

Four package updates

I've updated four packages to resolve a few issues and these new packages have been tested by Josh Brower (thanks!).

The new package version are as follows:
securityonion-setup - 20120912-0ubuntu0securityonion132
securityonion-sostat - 20120722-0ubuntu0securityonion33
securityonion-web-page - 20141015-0ubuntu0securityonion22
securityonion-elsa-extras - 20131117-1ubuntu0securityonion58

Issues Resolved

Issue 703: Move from Google Code to Github
Security Onion has moved to Github, so some of the hyperlinks in Setup and sostat had to be updated.

Issue 706: Add Josh Brower's ELSA parsers for process logs and sysmon
If you have Windows machines with OSSEC agents on them and process auditing enabled, ELSA now parses those "new process" logs.

Issue 709: Add fear.nothing's ELSA parsers for pfSense
If you're running pfSense firewalls and send their logs to Security Onion via syslog, ELSA will now parse them.

Issue 710: securityonion-web-page: add ELSA queries for Firewall logs
and Windows Processes
Since ELSA is now parsing firewall logs and Windows processes, we provide some additional ELSA queries to slice and dice those logs.  See screenshots below.

Host Logs - Windows Processes

Firewall - Top SRC IPs Allowed

Firewall - Top DST IPs Allowed

Firewall - Top SRC IPs Denied

Firewall - Top DST IPs Denied

The new packages are now available in our stable repo.  Please see the following page for full update instructions:

If you have any questions or problems, please use our security-onion mailing list:

Need training?  We have 3-hour online classes and also a 4-day onsite class coming up in Houston.  Please see:

Commercial Support
Need commercial support?  Please see:

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:


No comments:

Search This Blog

Featured Post

New Security Onion Online Training Class - Detection Engineering with Security Onion!

We've just added an exciting new course to our online Security Onion 2.4 training catalog! It's called "Detection Engineering w...

Popular Posts

Blog Archive