The recent Bro 2.4 package includes some new Bro logs such as mysql.log, kerberos.log, rdp.log, pe.log, and sip.log. These new logs are now parsed properly with the new securityonion-elsa-extras package and the new securityonion-web-page package adds new queries that take advantage of this new parsing.
Here are the updated packages:
securityonion-elsa-extras - 20131117-1ubuntu0securityonion112
securityonion-web-page - 20141015-0ubuntu0securityonion28
These packages have been tested by the following (thanks!):
James Taylor
Josh Brower
Simone Bonetti
These new packages resolve the following issues:
Issue 755: securityonion-elsa-extras: add parser for Bro 2.4 mysql.log
https://github.com/Security-Onion-Solutions/security-onion/issues/755
Issue 756: securityonion-elsa-extras: add parser for Bro 2.4 kerberos.log
https://github.com/Security-Onion-Solutions/security-onion/issues/756
Issue 757: securityonion-elsa-extras: add parser for Bro 2.4 rdp.log
https://github.com/Security-Onion-Solutions/security-onion/issues/757
Issue 758: securityonion-elsa-extras: add parser for Bro 2.4 pe.log
https://github.com/Security-Onion-Solutions/security-onion/issues/758
Issue 759: securityonion-elsa-extras: add parser for Bro 2.4 sip.log
https://github.com/Security-Onion-Solutions/security-onion/issues/759
Issue 780: securityonion-elsa-extras: add parser for IIS logs
https://github.com/Security-Onion-Solutions/security-onion/issues/780
Issue 782: securityonion-elsa-extras: update sysmon parser
https://github.com/Security-Onion-Solutions/security-onion/issues/782
Issue 776: securityonion-elsa-extras: set version 3.3 in syslog-ng.conf
https://github.com/Security-Onion-Solutions/security-onion/issues/776
Issue 796: securityonion-elsa-extras: Add script to fix ELSA syslogs_archive_1 issue
https://github.com/Security-Onion-Solutions/security-onion/issues/796
Issue 801: securityonion-web-page: add queries for Bro kerberos logs
https://github.com/Security-Onion-Solutions/security-onion/issues/801
Issue 802: securityonion-web-page: add queries for Bro mysql logs
https://github.com/Security-Onion-Solutions/security-onion/issues/802
Issue 803: securityonion-web-page: add queries for Bro pe logs
https://github.com/Security-Onion-Solutions/security-onion/issues/803
Issue 804: securityonion-web-page: add queries for Bro rdp logs
https://github.com/Security-Onion-Solutions/security-onion/issues/804
Issue 805: securityonion-web-page: add queries for Bro sip logs
https://github.com/Security-Onion-Solutions/security-onion/issues/805
Issue 794: securityonion-web-page: add DHCP Servers query
https://github.com/Security-Onion-Solutions/security-onion/issues/794
Issue 798: securityonion-web-page: add HTTP sites hosting SWF
https://github.com/Security-Onion-Solutions/security-onion/issues/798
Screenshots
|
Mysql - Top Arguments |
|
Kerberos - Top Services |
|
PE - Sections |
|
RDP - Result |
|
RDP - Keyboard Layout |
|
RDP - Client Build |
|
SIP - Status Msg |
Updating
These new packages are now available in our stable repo. Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade
Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists
Training
Need training? Please see:
http://securityonionsolutions.com
Commercial Support
Need commercial support? Please see:
http://securityonionsolutions.com
Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://github.com/Security-Onion-Solutions/security-onion/wiki/TeamMembers
Thanks!