Monday, August 8, 2016

New ELSA packages resolve several issues

I've merged several pull requests:
https://github.com/Security-Onion-Solutions/securityonion-elsa-extras/pull/10
https://github.com/Security-Onion-Solutions/securityonion-elsa-extras/pull/15
https://github.com/Security-Onion-Solutions/securityonion-elsa-extras/pull/17
https://github.com/Security-Onion-Solutions/securityonion-elsa-extras/pull/18
https://github.com/Security-Onion-Solutions/securityonion-web-page/pull/5

Martin Holste merged several pull requests in his ELSA repo:
https://github.com/mcholste/elsa/pull/16
https://github.com/mcholste/elsa/pull/40
https://github.com/mcholste/elsa/pull/39
https://github.com/mcholste/elsa/pull/37

I've built new packages including all of these changes and the new
package versions are as follows:
securityonion-elsa - 1205chartsjsd3-1ubuntu1securityonion9
securityonion-elsa-extras - 20151011-1ubuntu1securityonion35
securityonion-web-page - 20141015-0ubuntu0securityonion67

These new packages should resolve the following issues:

Issue 950: ELSA: change Help link to point to ELSA Github
https://github.com/Security-Onion-Solutions/security-onion/issues/950

Issue 827: securityonion-elsa-extras: merge additional patterns including DNP3 and Modbus
https://github.com/Security-Onion-Solutions/security-onion/issues/827

Issue 970: securityonion-web-page: add queries for autoruns, dnp3, and modbus
https://github.com/Security-Onion-Solutions/security-onion/issues/970

Issue 973: securityonion-web-page: Apache ServerName localhost
https://github.com/Security-Onion-Solutions/security-onion/issues/973

Issue 964: securityonion-web-page: add "bottom" queries for long tail analysis
https://github.com/Security-Onion-Solutions/security-onion/issues/964

Issue 976: securityonion-web-page: additional protections in securityonion.conf
https://github.com/Security-Onion-Solutions/security-onion/issues/976

These packages have been tested by the following (thanks!):
Phil Plantamura
Josh Brower
Wes Lambert
James Taylor

Screenshots
DNP3 - Top SRC IPs 
DNP3 - Top DST IPs 
DNP3 - Top DST Ports 
DNP3 - Top Requests 
DNP3 - Top Replies

Modbus - Top SRC IPs

Modbus - Top DST IPs

Modbus - Top DST Ports

Modbus - Top Functions

Modbus - Top Exceptions

Autoruns Queries
 
DNS - Bottom Requests (Long Tail Analysis)
Updating
These packages are now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Conference
Security Onion Conference will be on Friday September 9 and registration is open!
https://securityonion.net/conference

Training
Need training?  Please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

No comments:

Search This Blog

Featured Post

Security Onion 2.4.50 now available including some new features and lots of bug fixes!

Security Onion 2.4.50 is now available! It includes some new features for our fellow defenders and lots of bug fixes! https://docs.securityo...

Popular Posts

Blog Archive