Thursday, May 21, 2015

New securityonion-sguil-agent-ossec package resolves three issues

Brian Kellogg sent some patches for our ossec_agent for Sguil and I've updated the package.  The new package has been tested by David Zawdie and Brian Kellogg (thanks!).

The new package version is:
securityonion-sguil-agent-ossec - 20120726-0ubuntu0securityonion15

Issues Resolved

Issue 705: ossec_agent: improvements from Brian Kellogg
https://github.com/Security-Onion-Solutions/security-onion/issues/705

Issue 716: ossec_agent: tighten regex to only look for -> anchored to hostname or IP
https://github.com/Security-Onion-Solutions/security-onion/issues/716

Issue 717: ossec_agent: send alerts to sguild immediately instead of waiting for next alert
https://github.com/Security-Onion-Solutions/security-onion/issues/717

Updating
The new package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Training
Need training?  We have 3-hour online classes this week:
http://securityonionsolutions.com

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://github.com/Security-Onion-Solutions/security-onion/wiki/TeamMembers

Thanks!

Wednesday, May 20, 2015

New NSM package resolves three issues

I've updated our NSM package and it has been tested by David Zawdie (thanks!).

The new package version is:
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion118

Issues Resolved

Issue 241: NSM scripts should have a timeout period when stopping services
https://github.com/Security-Onion-Solutions/security-onion/issues/241

Issue 392: Patch for lib-nsm-common-utils from Mark Seiden
https://github.com/Security-Onion-Solutions/security-onion/issues/392

Issue 714: nsm_server_user-disable
https://github.com/Security-Onion-Solutions/security-onion/issues/714

Updating
The new package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Training
Need training?  We have 3-hour online classes this week:
http://securityonionsolutions.com

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://github.com/Security-Onion-Solutions/security-onion/wiki/TeamMembers

Thanks!

Tuesday, May 19, 2015

Sphinxsearch 2.1.9

I've updated our Sphinxsearch package to 2.1.9 and it has been tested by David Zawdie (thanks!).

The new package version is:
sphinxsearch - 2.1.9-release-0ubuntu15~precise

Issues Resolved
Issue 718: Sphinx 2.1.9
https://github.com/Security-Onion-Solutions/security-onion/issues/718

Updating
The new package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Training
Need training?  We have 3-hour online classes this week:
http://securityonionsolutions.com

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://github.com/Security-Onion-Solutions/security-onion/wiki/TeamMembers

Thanks!

Monday, May 18, 2015

Suricata 2.0.8

Suricata 2.0.8 was recently released:
http://suricata-ids.org/2015/05/06/suricata-2-0-8-available/

I've packaged Suricata 2.0.8 and it has been tested by David Zawdie (thanks!).

The new package version is:
securityonion-suricata - 2.0.8-0ubuntu0securityonion1

Issues Resolved

Issue 725: Suricata 2.0.8
https://github.com/Security-Onion-Solutions/security-onion/issues/725

Updating
The new package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

This update will back up each of your existing suricata.yaml files to suricata.yaml.bak and migrate the HOME_NET and EXTERNAL_NET variables.  You'll then need to do the following:


  • re-apply any other local customizations to suricata.yaml
  • update ruleset and restart Suricata as follows:
    sudo rule-update


Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Training
Need training?  We have 3-hour online classes this week:
http://securityonionsolutions.com

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://github.com/Security-Onion-Solutions/security-onion/wiki/TeamMembers

Thanks!

Saturday, May 9, 2015

Testers Needed!

We have lots of new packages queued up for release, but we need your help testing them!

If you're not already a member of our security-onion-testing group, please join and then click the following links for testing guidelines.

ELSA rev1205
https://groups.google.com/d/topic/security-onion-testing/OHhNEapIUgE/discussion

Suricata 2.0.8
https://groups.google.com/d/topic/security-onion-testing/WKeR1RViDlc/discussion

ossec_agent
https://groups.google.com/d/topic/security-onion-testing/N5gpeSHmIlk/discussion

Sphinxsearch 2.1.9
https://groups.google.com/d/topic/security-onion-testing/VWjichsRqPw/discussion

NSM
https://groups.google.com/d/topic/security-onion-testing/-cbA8FgH7lg/discussion

Setup
https://groups.google.com/d/topic/security-onion-testing/PBY2wJH9ruo/discussion

As you test each package, please add your test results to the thread.

Thanks in advance for your time and effort!

Friday, May 1, 2015

Security Onion Conference 2015 CFP

Security Onion Conference 2015 will be held in Augusta GA on Friday September 11 (please mark your calendar!).  This is the day before BSides Augusta, so you may want to plan on attending both:
http://bsidesaugusta.org

I'll publish more details about the Security Onion Conference as they are finalized.

If you have a topic you'd like to present at this year's conference, please submit here:
https://docs.google.com/forms/d/1AnREgxc4rMqqWX6pVwG2zaTQ5U2jPGUH02Wq74IiiUU

We want to hear from you!  

How are you...
...using Security Onion to fight evil?
...handling lots of traffic using Security Onion?
...integrating Security Onion with other technologies?
...automating common tasks with your own scripts?

Each talk should be 30-35 minutes with an additional 10 minutes for questions.

May 1 - CFP Open
June 1 - CFP Closed
July 1 - Speakers selected and notified

UPDATE 2015-07-10 Registration is now open!
http://security-onion-conference-2015.eventbrite.com/