Saturday, January 23, 2016

securityonion-setup - 20120912-0ubuntu0securityonion192 resolves an issue

Wes Lambert found an issue with the new version of Setup:

Issue 845: Setup: Production Mode - Custom - not enabling some services properly
https://github.com/Security-Onion-Solutions/security-onion/issues/845

securityonion-setup - 20120912-0ubuntu0securityonion192 resolves this issue.

Updating
This new package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
We have online training classes starting next Monday:
http://blog.securityonion.net/2016/01/next-round-of-security-onion-online.html

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Thanks!

Friday, January 22, 2016

Security Onion 14.04.3.1 Screenshot Tour

Below is a quick screenshot tour of the new Security Onion 14.04.3.1 ISO image.

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!

Training
We have online training classes starting next Monday:

Commercial Support
Need commercial support?  Please see:

Feedback
If you have any questions or problems, please use our security-onion mailing list:

Thanks!


ISO Boot Menu

Boot splash

Installer - Welcome

Installer - Preparing

Installer - Installation Type (now with LVM)

Installer - Verify disk changes

Installer - Time Zone

Installer - Keyboard Layout

Installer - hostname, username, and password

Installer - Copying files

Installer - Installation Complete

Installer - ready to reboot

GRUB Boot Menu

Login screen

Desktop

Installing updates with soup

Setup - Welcome

Setup - Network Interfaces
 
Setup - Management Interface 
Setup - IP Address for Management Interface

Setup - Monitor (sniffing) interfaces 
Setup - Monitor (sniffing) interfaces 
Setup - Verify Choices

Setup - Network Configuration Complete

Reboot and log back in

Run Setup Phase 2

Setup - Welcome

Setup - Skip Network Configuration

Setup - Evaluation Mode or Production Mode

Setup - Monitor (sniffing) interface

Setup - Username

Setup - Password

Setup - Confirm Password

Setup - Confirm Options

Setup - Progress Bar

Setup - Complete

Setup - sostat

Setup - Rules

Setup - links

Setup - commercial support

Verifying services 
Replaying pcaps to create traffic

Launching Squert web interface

Logging into Squert

Squert Main Page

Squert - drilling into a NIDS alert

Squert - viewing NIDS alert payload

Squert - viewing full packet capture

Squert - Geoip Mapping

Squert - Top Signatures

Squert - Top IP Addresses

Squert - Top Countries

Squert - Top Ports

Squert - Sankey Diagram

Logging into Sguil

Sguil - selecting networks (sensors)

Sguil RealTime Events tab

Sguil - pivoting from a NIDS alert to full packet capture

Pivoting from a NIDS alert and sending pcap to Wireshark

Pivoting from a NIDS alert and sending pcap to NetworkMiner

Pivoting from a NIDS alert and decoding gzip-encoded data using Bro

Logging into ELSA 
ELSA - Connections - Top SRC IPs

ELSA - Connections - Top DST IPs

ELSA - Connections - Top DST Ports

ELSA - Connections - Top Services

ELSA - Connections - Groupby Protocol

ELSA - Connections - Groupby Responder's Country Code

ELSA - DHCP - Top Assigned IPs

ELSA - DHCP - DHCP Servers


ELSA - DNS - Top Query Type

ELSA - DNS - Top Return Code

ELSA - Top nxdomain

ELSA - Files - MIME Types

ELSA - FTP - Top arg

ELSA - HTTP - Top DST Ports

ELSA - HTTP - Top MIME Types

ELSA - HTTP - Top User Agents

ELSA - HTTP - Top Sites

ELSA - HTTP - Sites hosting EXEs

ELSA - HTTP - Sites hosting CABs

ELSA - HTTP - Sites Hosting JARs

ELSA - HTTP - Sites hosting SWFs

ELSA - HTTP - Sites hosting ZIPs

ELSA - Kerberos - Top Services

ELSA - Notices - Top Notice Types 
ELSA - SMTP - Top Subjects

ELSA - Snort/Suricata - Top NIDS Alerts

ELSA - Software - Software Detected by Bro

ELSA - SSL - Top Hostnames