Brian Kellogg sent some patches for our ossec_agent for Sguil and I've updated the package. The new package has been tested by David Zawdie and Brian Kellogg (thanks!).
The new package version is:
securityonion-sguil-agent-ossec - 20120726-0ubuntu0securityonion15
Issues Resolved
Issue 705: ossec_agent: improvements from Brian Kellogg
https://github.com/Security-Onion-Solutions/security-onion/issues/705
Issue 716: ossec_agent: tighten regex to only look for -> anchored to hostname or IP
https://github.com/Security-Onion-Solutions/security-onion/issues/716
Issue 717: ossec_agent: send alerts to sguild immediately instead of waiting for next alert
https://github.com/Security-Onion-Solutions/security-onion/issues/717
Updating
The new package is now available in our stable repo. Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade
Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists
Training
Need training? We have 3-hour online classes this week:
http://securityonionsolutions.com
Commercial Support
Need commercial support? Please see:
http://securityonionsolutions.com
Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://github.com/Security-Onion-Solutions/security-onion/wiki/TeamMembers
Thanks!
Thursday, May 21, 2015
Wednesday, May 20, 2015
New NSM package resolves three issues
I've updated our NSM package and it has been tested by David Zawdie (thanks!).
The new package version is:
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion118
Issues Resolved
Issue 241: NSM scripts should have a timeout period when stopping services
https://github.com/Security-Onion-Solutions/security-onion/issues/241
Issue 392: Patch for lib-nsm-common-utils from Mark Seiden
https://github.com/Security-Onion-Solutions/security-onion/issues/392
Issue 714: nsm_server_user-disable
https://github.com/Security-Onion-Solutions/security-onion/issues/714
Updating
The new package is now available in our stable repo. Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade
Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists
Training
Need training? We have 3-hour online classes this week:
http://securityonionsolutions.com
Commercial Support
Need commercial support? Please see:
http://securityonionsolutions.com
Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://github.com/Security-Onion-Solutions/security-onion/wiki/TeamMembers
Thanks!
The new package version is:
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion118
Issues Resolved
Issue 241: NSM scripts should have a timeout period when stopping services
https://github.com/Security-Onion-Solutions/security-onion/issues/241
Issue 392: Patch for lib-nsm-common-utils from Mark Seiden
https://github.com/Security-Onion-Solutions/security-onion/issues/392
Issue 714: nsm_server_user-disable
https://github.com/Security-Onion-Solutions/security-onion/issues/714
Updating
The new package is now available in our stable repo. Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade
Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists
Training
Need training? We have 3-hour online classes this week:
http://securityonionsolutions.com
Commercial Support
Need commercial support? Please see:
http://securityonionsolutions.com
Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://github.com/Security-Onion-Solutions/security-onion/wiki/TeamMembers
Thanks!
Tuesday, May 19, 2015
Sphinxsearch 2.1.9
I've updated our Sphinxsearch package to 2.1.9 and it has been tested by David Zawdie (thanks!).
The new package version is:
sphinxsearch - 2.1.9-release-0ubuntu15~precise
Issues Resolved
Issue 718: Sphinx 2.1.9
https://github.com/Security-Onion-Solutions/security-onion/issues/718
Updating
The new package is now available in our stable repo. Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade
Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists
Training
Need training? We have 3-hour online classes this week:
http://securityonionsolutions.com
Commercial Support
Need commercial support? Please see:
http://securityonionsolutions.com
Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://github.com/Security-Onion-Solutions/security-onion/wiki/TeamMembers
Thanks!
The new package version is:
sphinxsearch - 2.1.9-release-0ubuntu15~precise
Issues Resolved
Issue 718: Sphinx 2.1.9
https://github.com/Security-Onion-Solutions/security-onion/issues/718
Updating
The new package is now available in our stable repo. Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade
Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists
Training
Need training? We have 3-hour online classes this week:
http://securityonionsolutions.com
Commercial Support
Need commercial support? Please see:
http://securityonionsolutions.com
Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://github.com/Security-Onion-Solutions/security-onion/wiki/TeamMembers
Thanks!
Monday, May 18, 2015
Suricata 2.0.8
Suricata 2.0.8 was recently released:
http://suricata-ids.org/2015/05/06/suricata-2-0-8-available/
I've packaged Suricata 2.0.8 and it has been tested by David Zawdie (thanks!).
The new package version is:
securityonion-suricata - 2.0.8-0ubuntu0securityonion1
Issues Resolved
Issue 725: Suricata 2.0.8
https://github.com/Security-Onion-Solutions/security-onion/issues/725
Updating
The new package is now available in our stable repo. Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade
This update will back up each of your existing suricata.yaml files to suricata.yaml.bak and migrate the HOME_NET and EXTERNAL_NET variables. You'll then need to do the following:
Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists
Training
Need training? We have 3-hour online classes this week:
http://securityonionsolutions.com
Commercial Support
Need commercial support? Please see:
http://securityonionsolutions.com
Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://github.com/Security-Onion-Solutions/security-onion/wiki/TeamMembers
Thanks!
http://suricata-ids.org/2015/05/06/suricata-2-0-8-available/
I've packaged Suricata 2.0.8 and it has been tested by David Zawdie (thanks!).
The new package version is:
securityonion-suricata - 2.0.8-0ubuntu0securityonion1
Issues Resolved
Issue 725: Suricata 2.0.8
https://github.com/Security-Onion-Solutions/security-onion/issues/725
Updating
The new package is now available in our stable repo. Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade
This update will back up each of your existing suricata.yaml files to suricata.yaml.bak and migrate the HOME_NET and EXTERNAL_NET variables. You'll then need to do the following:
- re-apply any other local customizations to suricata.yaml
- update ruleset and restart Suricata as follows:
sudo rule-update
Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists
Training
Need training? We have 3-hour online classes this week:
http://securityonionsolutions.com
Commercial Support
Need commercial support? Please see:
http://securityonionsolutions.com
Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://github.com/Security-Onion-Solutions/security-onion/wiki/TeamMembers
Thanks!
Saturday, May 9, 2015
Testers Needed!
We have lots of new packages queued up for release, but we need your help testing them!
If you're not already a member of our security-onion-testing group, please join and then click the following links for testing guidelines.
ELSA rev1205
https://groups.google.com/d/topic/security-onion-testing/OHhNEapIUgE/discussion
Suricata 2.0.8
https://groups.google.com/d/topic/security-onion-testing/WKeR1RViDlc/discussion
ossec_agent
https://groups.google.com/d/topic/security-onion-testing/N5gpeSHmIlk/discussion
Sphinxsearch 2.1.9
https://groups.google.com/d/topic/security-onion-testing/VWjichsRqPw/discussion
NSM
https://groups.google.com/d/topic/security-onion-testing/-cbA8FgH7lg/discussion
Setup
https://groups.google.com/d/topic/security-onion-testing/PBY2wJH9ruo/discussion
As you test each package, please add your test results to the thread.
Thanks in advance for your time and effort!
If you're not already a member of our security-onion-testing group, please join and then click the following links for testing guidelines.
ELSA rev1205
https://groups.google.com/d/topic/security-onion-testing/OHhNEapIUgE/discussion
Suricata 2.0.8
https://groups.google.com/d/topic/security-onion-testing/WKeR1RViDlc/discussion
ossec_agent
https://groups.google.com/d/topic/security-onion-testing/N5gpeSHmIlk/discussion
Sphinxsearch 2.1.9
https://groups.google.com/d/topic/security-onion-testing/VWjichsRqPw/discussion
NSM
https://groups.google.com/d/topic/security-onion-testing/-cbA8FgH7lg/discussion
Setup
https://groups.google.com/d/topic/security-onion-testing/PBY2wJH9ruo/discussion
As you test each package, please add your test results to the thread.
Thanks in advance for your time and effort!
Friday, May 1, 2015
Security Onion Conference 2015 CFP
Security Onion Conference 2015 will be held in Augusta GA on Friday September 11 (please mark your calendar!). This is the day before BSides Augusta, so you may want to plan on attending both:
http://bsidesaugusta.org
I'll publish more details about the Security Onion Conference as they are finalized.
If you have a topic you'd like to present at this year's conference, please submit here:
https://docs.google.com/forms/d/1AnREgxc4rMqqWX6pVwG2zaTQ5U2jPGUH02Wq74IiiUU
We want to hear from you!
How are you...
...using Security Onion to fight evil?
...handling lots of traffic using Security Onion?
...integrating Security Onion with other technologies?
...automating common tasks with your own scripts?
Each talk should be 30-35 minutes with an additional 10 minutes for questions.
May 1 - CFP Open
June 1 - CFP Closed
July 1 - Speakers selected and notified
UPDATE 2015-07-10 Registration is now open!
http://security-onion-conference-2015.eventbrite.com/
http://bsidesaugusta.org
I'll publish more details about the Security Onion Conference as they are finalized.
If you have a topic you'd like to present at this year's conference, please submit here:
https://docs.google.com/forms/d/1AnREgxc4rMqqWX6pVwG2zaTQ5U2jPGUH02Wq74IiiUU
We want to hear from you!
How are you...
...using Security Onion to fight evil?
...handling lots of traffic using Security Onion?
...integrating Security Onion with other technologies?
...automating common tasks with your own scripts?
Each talk should be 30-35 minutes with an additional 10 minutes for questions.
UPDATE 2015-07-10 Registration is now open!
http://security-onion-conference-2015.eventbrite.com/