Monday, August 3, 2015

Bro 2.4 now available for Security Onion!

Bro 2.4 was recently released:
http://blog.bro.org/2015/06/bro-24-released.html

I've packaged Bro 2.4 and updated the securityonion-bro-scripts, securityonion-elsa-extras, and securityonion-capme packages.  The new packages are as follows:
securityonion-bro - 2.4-0ubuntu0securityonion2
securityonion-bro-scripts - 20121004-0ubuntu0securityonion43
securityonion-elsa-extras - 20131117-1ubuntu0securityonion99
securityonion-capme - 20121213-0ubuntu0securityonion23  
These packages resolve the following issues:

Issue 743: Bro 2.4
https://github.com/Security-Onion-Solutions/security-onion/issues/743

Issue 752: securityonion-bro-scripts: update sensortab.bro for Bro 2.4
https://github.com/Security-Onion-Solutions/security-onion/issues/752

Issue 753: securityonion-bro-scripts: update shellshock module for Bro 2.4
https://github.com/Security-Onion-Solutions/security-onion/issues/753

Issue 754: securityonion-bro-scripts: update extract.bro for Bro 2.4
https://github.com/Security-Onion-Solutions/security-onion/issues/754

Issue 762: securityonion-elsa-extras: update bro_conn parser for Bro 2.4
https://github.com/Security-Onion-Solutions/security-onion/issues/762

Issue 765: securityonion-elsa-extras: update bro_intel parser for Bro 2.4
https://github.com/Security-Onion-Solutions/security-onion/issues/765

Issue 768: securityonion-elsa-extras: update bro_ssl parser for Bro 2.4
https://github.com/Security-Onion-Solutions/security-onion/issues/768

Issue 774: securityonion-elsa-extras: update bro_ssh parser for Bro 2.4
https://github.com/Security-Onion-Solutions/security-onion/issues/774

Issue 773: securityonion-elsa-extras: add Windows and Cisco parsers from Brian Kellogg
https://github.com/Security-Onion-Solutions/security-onion/issues/773

Issue 793: CapMe: Update for Bro 2.4 conn.log
https://github.com/Security-Onion-Solutions/security-onion/issues/793

These packages have been tested by the following (thanks!):
James Taylor
Jay Swan
Heine Lysemose
Tommy Dew
Brian Kellogg

Updating
These new packages are now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Training
Need training?  Please see:
http://securityonionsolutions.com

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://github.com/Security-Onion-Solutions/security-onion/wiki/TeamMembers

Thanks!

UPDATED 2015-08-10 to add securityonion-capme required due to new field in Bro conn.log.

No comments:

Search This Blog

Featured Post

Quick Malware Analysis: WORD MACRO --> SSLOAD --> COBALT STRIKE pcap from 2024-04-18

Thanks to Brad Duncan for sharing this pcap from 2024-04-18 on his malware traffic analysis site! Due to issues with Google flagging a warni...

Popular Posts

Blog Archive