Tuesday, March 31, 2015

Four package updates

I've updated four packages to resolve a few issues and these new packages have been tested by Josh Brower (thanks!).

The new package version are as follows:
securityonion-setup - 20120912-0ubuntu0securityonion132
securityonion-sostat - 20120722-0ubuntu0securityonion33
securityonion-web-page - 20141015-0ubuntu0securityonion22
securityonion-elsa-extras - 20131117-1ubuntu0securityonion58

Issues Resolved

Issue 703: Move from Google Code to Github
https://github.com/Security-Onion-Solutions/security-onion/issues/703
Security Onion has moved to Github, so some of the hyperlinks in Setup and sostat had to be updated.

Issue 706: Add Josh Brower's ELSA parsers for process logs and sysmon
https://github.com/Security-Onion-Solutions/security-onion/issues/706
If you have Windows machines with OSSEC agents on them and process auditing enabled, ELSA now parses those "new process" logs.

Issue 709: Add fear.nothing's ELSA parsers for pfSense
https://github.com/Security-Onion-Solutions/security-onion/issues/709
If you're running pfSense firewalls and send their logs to Security Onion via syslog, ELSA will now parse them.

Issue 710: securityonion-web-page: add ELSA queries for Firewall logs
and Windows Processes
https://github.com/Security-Onion-Solutions/security-onion/issues/710
Since ELSA is now parsing firewall logs and Windows processes, we provide some additional ELSA queries to slice and dice those logs.  See screenshots below.

Screenshots
Host Logs - Windows Processes

Firewall - Top SRC IPs Allowed

Firewall - Top DST IPs Allowed

Firewall - Top SRC IPs Denied

Firewall - Top DST IPs Denied


Updating
The new packages are now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Training
Need training?  We have 3-hour online classes and also a 4-day onsite class coming up in Houston.  Please see:
http://securityonionsolutions.com

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://github.com/Security-Onion-Solutions/security-onion/wiki/TeamMembers

Thanks!

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.