Friday, February 26, 2016

Next Round of Security Onion Online Training Sessions - March 15 through March 18

The next round of online training sessions will be held Tuesday March 15 through Friday March 18!

Please note that we'll be using the new Security Onion 14.04:
http://blog.securityonion.net/2016/01/security-onion-140431-iso-image-now.html

For more information and to register, please see:
https://attendee.gototraining.com/9z73w/catalog/8119062504158470144

Friday, February 19, 2016

securityonion-sostat - 20120722-0ubuntu0securityonion51 resolves two issues

securityonion-sostat - 20120722-0ubuntu0securityonion51 is now available and should resolve the following issues:

Issue 849: sostat: check timezone and warn if not UTC
https://github.com/Security-Onion-Solutions/security-onion/issues/849

Issue 858: sostat: check default_start_time_offset
https://github.com/Security-Onion-Solutions/security-onion/issues/858

Wes Lambert tested this package.  Thanks, Wes!

Updating
This new package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
The next round of online training sessions starts in just a few days:
http://blog.securityonion.net/2016/02/next-round-of-security-onion-online.html

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Thanks!

Thursday, February 18, 2016

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion130 resolves an issue

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion130 is now available and should resolve the following issue:

Issue 859: NSM: mkdir -p /var/run/nsm/ before trying to chown
https://github.com/Security-Onion-Solutions/security-onion/issues/859

Wes Lambert and Rob Bardo tested this package.  Thanks, guys!

Updating
This new package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
The next round of online training sessions starts in just a few days:
http://blog.securityonion.net/2016/02/next-round-of-security-onion-online.html

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Thanks!

Wednesday, February 17, 2016

Ubuntu released fixes for CVE-2015-7547 glibc security issue

Ubuntu has released fixes for the CVE-2015-7547 glibc security issue:
http://www.ubuntu.com/usn/usn-2900-1/

You should install these fixes as soon as possible using our normal update process:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Monday, February 15, 2016

Save the Date: Security Onion Conference 2016

Last year's Security Onion Conference was an overwhelming success!

This year's Security Onion Conference will be held in Augusta GA on Friday September 9 (please mark your calendar!).  This is the day before BSides Augusta, so you may want to plan on attending both:
http://bsidesaugusta.org

I'll publish more details about the Security Onion Conference as they are finalized.

UPDATE 2016/08/26: For more details and to register, please see:
https://securityonion.net/conference

PF_RING 6.2 now available for Security Onion 14.04

The following packages are now available for Security Onion 14.04:

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion129
securityonion-pfring-daq - 20121107-0ubuntu0securityonion12
securityonion-pfring-devel - 20121107-0ubuntu0securityonion9
securityonion-pfring-ld - 20120827-0ubuntu0securityonion9
securityonion-pfring-module - 20121107-0ubuntu0securityonion25
securityonion-pfring-userland - 20160204-1ubuntu1securityonion2

These new packages should resolve the following issues:

Issue 835: PF_RING 6.2
https://github.com/Security-Onion-Solutions/security-onion/issues/835

Issue 853: NSM: if BPF file is empty, omit option from snort/suricata command
https://github.com/Security-Onion-Solutions/security-onion/issues/853

Issue 854: NSM: improve check for snort/suricata
https://github.com/Security-Onion-Solutions/security-onion/issues/854

Issue 855: NSM: remove old references to disable_signature_reference
https://github.com/Security-Onion-Solutions/security-onion/issues/855

Wes Lambert and Kevin Branch tested these packages.  Thanks, guys!

Updating
The new packages are now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
The next round of online training sessions is coming up soon:
http://blog.securityonion.net/2016/02/next-round-of-security-onion-online.html

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Thanks!

Thursday, February 11, 2016

NetworkMiner 2.0 now available for Security Onion 14.04

NetworkMiner 2.0 was released recently:
http://www.netresec.com/?page=Blog&month=2016-02&post=NetworkMiner-2-0-Released

I've packaged NetworkMiner 2.0 and the new package version is as follows:
securityonion-networkminer - 20160210-1ubuntu1securityonion1

This should resolve the following issue:
https://github.com/Security-Onion-Solutions/security-onion/issues/857

Wes Lambert and Erik Hjelmvik tested this package.  Thanks, guys!

Screenshots


Updating
This new package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
The next round of online training sessions is coming up soon:
http://blog.securityonion.net/2016/02/next-round-of-security-onion-online.html

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Thanks!

Wednesday, February 10, 2016

securityonion-capme - 20121213-0ubuntu0securityonion32 resolves several security issues

John Menerick (https://github.com/lordappsec) found several issues in CapME (thanks, John!):
https://github.com/Security-Onion-Solutions/securityonion-capme/issues/1
https://github.com/Security-Onion-Solutions/securityonion-capme/issues/2
https://github.com/Security-Onion-Solutions/securityonion-capme/issues/3
https://github.com/Security-Onion-Solutions/securityonion-capme/issues/4
https://github.com/Security-Onion-Solutions/securityonion-capme/issues/5
https://github.com/Security-Onion-Solutions/securityonion-capme/issues/6
https://github.com/Security-Onion-Solutions/securityonion-capme/issues/7
https://github.com/Security-Onion-Solutions/securityonion-capme/issues/8
https://github.com/Security-Onion-Solutions/securityonion-capme/issues/9
https://github.com/Security-Onion-Solutions/securityonion-capme/issues/10

I've updated CapME and the new version is as follows:

securityonion-capme - 20121213-0ubuntu0securityonion32

This new package should resolve the following issue:

Issue 856: securityonion-capme needs additional input validation in index.php
https://github.com/Security-Onion-Solutions/security-onion/issues/856

Wes Lambert tested this package.  Thanks, Wes!

Updating
These new packages are now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
The next round of online training sessions is coming up soon:
http://blog.securityonion.net/2016/02/next-round-of-security-onion-online.html

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Thanks!

Suricata 3.0 STABLE now available for Security Onion 14.04!

Suricata 3.0 STABLE was recently released:
http://suricata-ids.org/2016/01/27/suricata-3-0-available/

I've packaged Suricata 3.0 STABLE for Security Onion 14.04 and the new package is as follows:
securityonion-suricata - 3.0stable-1ubuntu1securityonion1

This resolves the following issue:

Issue 847: Suricata 3.0
https://github.com/Security-Onion-Solutions/security-onion/issues/847

Wes Lambert tested this package.  Thanks, Wes!

Updating
These new packages are now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

This update will back up each of your existing suricata.yaml files to suricata.yaml.bak and migrate your HOME_NET and EXTERNAL_NET variables.  You'll then need to do the following:

  • re-apply any other local customizations to your suricata.yaml file(s)
  • update ruleset and restart Suricata as follows:
    sudo rule-update

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
The next round of online training sessions is coming up soon:
http://blog.securityonion.net/2016/02/next-round-of-security-onion-online.html

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Thanks!

Wednesday, February 3, 2016

securityonion-setup - 20120912-0ubuntu0securityonion194 resolves two issues

securityonion-setup - 20120912-0ubuntu0securityonion194 is now available and resolves the following issues:

Setup: X11 error when running via ssh -X
https://github.com/Security-Onion-Solutions/security-onion/issues/846

Setup: master-only shouldn't show Snort/Bro in final confirmation screen
https://github.com/Security-Onion-Solutions/security-onion/issues/848

Wes Lambert tested this package.  Thanks, Wes!

Updating
These new packages are now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
The next round of online training sessions will be in February:
http://blog.securityonion.net/2016/02/next-round-of-security-onion-online.html

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Thanks!

Tuesday, February 2, 2016

Next Round of Security Onion Online Training Sessions - February 22 through February 25

The next round of online training sessions will be held Monday February 22 through Thursday February 25!

Please note that we'll be using the new Security Onion 14.04:
http://blog.securityonion.net/2016/01/security-onion-140431-iso-image-now.html

For more information and to register, please see:
https://attendee.gototraining.com/9z73w/catalog/8119062504158470144

securityonion-capme - 20121213-0ubuntu0securityonion31 resolves an issue

securityonion-capme - 20121213-0ubuntu0securityonion31 is now available and resolves the following issue:

securityonion-capme: remove include config from callback
https://github.com/Security-Onion-Solutions/security-onion/issues/840

Wes Lambert tested this package.  Thanks, Wes!

Updating
These new packages are now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
The next round of online training sessions will be in February.  Please stay tuned for the announcement.

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Thanks!

Monday, February 1, 2016

securityonion-elsa - 1205chartsjsd3-1ubuntu1securityonion6 resolves issue with map dashboard

Brian Haugli found an issue when rendering ELSA dashboards with maps:

Issue 842: securityonion-elsa: map dashboard displays empty screen
https://github.com/Security-Onion-Solutions/security-onion/issues/842

Martin Holste fixed the bug and I've packaged the fix. The following packages are now available in our stable repo:
securityonion-elsa - 1205chartsjsd3-1ubuntu1securityonion6
securityonion-elsa-extras - 20151011-1ubuntu1securityonion27

Screenshots

Suppose you want to create an ELSA dashboard based on the "Connections - Groupby Resp Country" query:



Click the ELSA drop-down menu and then click Dashboards.  The Dashboards window appears:



Click "Create/import new dashboard".  "Create New Dashboard" window appears.  Specify your desired Title and Alias and then set Auth to "Any authenticated user":



Click the Submit button to return to the Dashboards window:



Click the Actions drop-down menu and then click Edit.  On the Edit page, click "Add Chart".  "Create New Chart" window appears.  Specify your desired Title, set Type to "Map", then add your Label and Query.  Note that the query specifically excludes results where the responder country code is null ("-"):


 Click the Submit button and then click "Finished Editing".  Dashboard appears:



Updating
These new packages are now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
The next round of online training sessions will be in February.  Please stay tuned for the announcement.

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Thanks!