Monday, August 8, 2016

New ELSA packages resolve several issues

I've merged several pull requests:

Martin Holste merged several pull requests in his ELSA repo:

I've built new packages including all of these changes and the new
package versions are as follows:
securityonion-elsa - 1205chartsjsd3-1ubuntu1securityonion9
securityonion-elsa-extras - 20151011-1ubuntu1securityonion35
securityonion-web-page - 20141015-0ubuntu0securityonion67

These new packages should resolve the following issues:

Issue 950: ELSA: change Help link to point to ELSA Github

Issue 827: securityonion-elsa-extras: merge additional patterns including DNP3 and Modbus

Issue 970: securityonion-web-page: add queries for autoruns, dnp3, and modbus

Issue 973: securityonion-web-page: Apache ServerName localhost

Issue 964: securityonion-web-page: add "bottom" queries for long tail analysis

Issue 976: securityonion-web-page: additional protections in securityonion.conf

These packages have been tested by the following (thanks!):
Phil Plantamura
Josh Brower
Wes Lambert
James Taylor

DNP3 - Top SRC IPs 
DNP3 - Top DST IPs 
DNP3 - Top DST Ports 
DNP3 - Top Requests 
DNP3 - Top Replies

Modbus - Top SRC IPs

Modbus - Top DST IPs

Modbus - Top DST Ports

Modbus - Top Functions

Modbus - Top Exceptions

Autoruns Queries
DNS - Bottom Requests (Long Tail Analysis)
These packages are now available in our stable repo.  Please see the following page for full update instructions:

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!

Security Onion Conference will be on Friday September 9 and registration is open!

Need training?  Please see:

Need support?  Please see:


No comments:

Search This Blog

Featured Post

Security Onion 2.4.50 now available including some new features and lots of bug fixes!

Security Onion 2.4.50 is now available! It includes some new features for our fellow defenders and lots of bug fixes! https://docs.securityo...

Popular Posts

Blog Archive