Wednesday, May 25, 2016

securityonion-capme - 20121213-0ubuntu0securityonion47 resolves 5 issues

I've updated the following package:

securityonion-capme - 20121213-0ubuntu0securityonion47

This package should resolve the following issues:

Issue 736: CapMe: Debug information occasionally gets rendered inside the transcript
https://github.com/Security-Onion-Solutions/security-onion/issues/736

Issue 738: CapMe: handle large pcaps more gracefully
https://github.com/Security-Onion-Solutions/security-onion/issues/738

Issue 916: CapMe: Check for gzip encoding and automatically switch to Bro transcript
https://github.com/Security-Onion-Solutions/security-onion/issues/916

Issue 922: CapMe: Handle sguild failure more gracefully
https://github.com/Security-Onion-Solutions/security-onion/issues/922

Issue 493: CapMe: send credentials interactively to avoid exposing on command line
https://github.com/Security-Onion-Solutions/security-onion/issues/493

Wes Lambert and Robert Bardo tested this package.  Thanks, guys!

Screenshots


The CapMe submission form now includes a new field called Max Xscript Bytes (which defaults to 500,000) and the default Output option is now "auto".

With Output set to "auto", CapMe will check for gzip encoding and, if found, will automatically switch to the Bro transcript to decode the gzip. 

If the transcript is larger than the Max Xscript Bytes setting (500,000 bytes by default), CapMe will display this at the bottom of the transcript.

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
The next round of online classes will be in July:
https://attendee.gototraining.com/9z73w/catalog/8119062504158470144

Conference
Security Onion Conference will be on Friday September 9 and CFP is open!
http://blog.securityonion.net/2016/03/security-onion-conference-2016-cfp.html

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Monday, May 23, 2016

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion133 resolves an issue

I've updated the following package:

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion133

This package should resolve the following issue:

Issue 924: NSM: set DEBUG 1 in /etc/sguild/sguild.conf
https://github.com/Security-Onion-Solutions/security-onion/issues/924

Wes Lambert tested this package.  Thanks, Wes!

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
The next round of online classes will be in July:
https://attendee.gototraining.com/9z73w/catalog/8119062504158470144

Conference
Security Onion Conference will be on Friday September 9 and CFP is open!
http://blog.securityonion.net/2016/03/security-onion-conference-2016-cfp.html

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Next Round of Security Onion Online Training Sessions - July 11 through July 14

The next round of online training sessions will be held Monday July 11 through Thursday July 14!

For more information and to register, please see:
https://attendee.gototraining.com/9z73w/catalog/8119062504158470144

Tuesday, May 17, 2016

securityonion-sostat - 20120722-0ubuntu0securityonion53 resolves an issue

I've updated the following package:

securityonion-sostat - 20120722-0ubuntu0securityonion53

This package should resolve the following issue:

securityonion-sostat: mysql calls should use --defaults-file
https://github.com/Security-Onion-Solutions/security-onion/issues/915

Wes Lambert tested this package.  Thanks, Wes!

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Online classes are running this week!
https://attendee.gototraining.com/9z73w/catalog/8119062504158470144

Conference
Security Onion Conference will be on Friday September 9 and CFP is open!
http://blog.securityonion.net/2016/03/security-onion-conference-2016-cfp.html

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Monday, May 16, 2016

New rule-update, setup, and squert-cron packages resolve 9 issues

I've updated the following packages:

securityonion-rule-update - 20151201-1ubuntu1securityonion6
securityonion-setup - 20120912-0ubuntu0securityonion212
securityonion-squert-cron - 20120722-0ubuntu0securityonion9

These packages should resolve the following issues:

Issue 906: sosetup.conf: allow passwords with special characters
https://github.com/Security-Onion-Solutions/security-onion/issues/906

Issue 907: sosetup-fix-ppconf duplicating Snort community ruleset entries
https://github.com/Security-Onion-Solutions/security-onion/issues/907

Issue 904: Setup should run pulledpork and squert-ip2c as limited user
https://github.com/Security-Onion-Solutions/security-onion/issues/904

Issue 914: securityonion-setup: mysql calls should use --defaults-file
https://github.com/Security-Onion-Solutions/security-onion/issues/914

Issue 909: securityonion-rule-update: ensure barnyard/IDS are running before restarting
https://github.com/Security-Onion-Solutions/security-onion/issues/909

Issue 911: securityonion-rule-update: add cron option to force delay
https://github.com/Security-Onion-Solutions/security-onion/issues/911

Issue 918: securityonion-rule-update: cron delay should be at least 10 minutes
https://github.com/Security-Onion-Solutions/security-onion/issues/918

Issue 910: securityonion-squert-cron: add cron option to force delay
https://github.com/Security-Onion-Solutions/security-onion/issues/910

Issue 917: securityonion-squert-cron: cron delay should be at least 10 minutes
https://github.com/Security-Onion-Solutions/security-onion/issues/917

Wes Lambert tested these packages.  Thanks, Wes!

Updating
These new packages are now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Online classes start today!
http://blog.securityonion.net/2016/03/next-round-of-security-onion-online.html

Conference
Security Onion Conference will be on Friday September 9 and CFP is open!
http://blog.securityonion.net/2016/03/security-onion-conference-2016-cfp.html

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Monday, May 9, 2016

securityonion-elsa - 1205chartsjsd3-1ubuntu1securityonion8 resolves an issue with ELSA Dashboard GeoIP mapping

Martin Holste committed some fixes for ELSA dashboard maps recently:
https://github.com/mcholste/elsa/commit/1566d32054cb886a404c68fb6db8d5420d0f85b3

I've built new ELSA packages with all the latest fixes:
securityonion-elsa - 1205chartsjsd3-1ubuntu1securityonion8
securityonion-elsa-extras - 20151011-1ubuntu1securityonion30

These packages should resolve the following issue:

ELSA: Improve dashboard map shading #864
https://github.com/Security-Onion-Solutions/security-onion/issues/864

Wes Lambert tested these packages.  Thanks, Wes!

You can build an ELSA GeoIP dashboard as shown here:
http://blog.securityonion.net/2016/02/securityonion-elsa-1205chartsjsd3.html



Updating
These new packages are now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Our next round of online classes is next week!
http://blog.securityonion.net/2016/03/next-round-of-security-onion-online.html

Conference
Security Onion Conference will be on Friday September 9 and CFP is open!
http://blog.securityonion.net/2016/03/security-onion-conference-2016-cfp.html

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Thursday, May 5, 2016