Monday, August 8, 2016

New ELSA packages resolve several issues

I've merged several pull requests:

Martin Holste merged several pull requests in his ELSA repo:

I've built new packages including all of these changes and the new
package versions are as follows:
securityonion-elsa - 1205chartsjsd3-1ubuntu1securityonion9
securityonion-elsa-extras - 20151011-1ubuntu1securityonion35
securityonion-web-page - 20141015-0ubuntu0securityonion67

These new packages should resolve the following issues:

Issue 950: ELSA: change Help link to point to ELSA Github

Issue 827: securityonion-elsa-extras: merge additional patterns including DNP3 and Modbus

Issue 970: securityonion-web-page: add queries for autoruns, dnp3, and modbus

Issue 973: securityonion-web-page: Apache ServerName localhost

Issue 964: securityonion-web-page: add "bottom" queries for long tail analysis

Issue 976: securityonion-web-page: additional protections in securityonion.conf

These packages have been tested by the following (thanks!):
Phil Plantamura
Josh Brower
Wes Lambert
James Taylor

DNP3 - Top SRC IPs 
DNP3 - Top DST IPs 
DNP3 - Top DST Ports 
DNP3 - Top Requests 
DNP3 - Top Replies

Modbus - Top SRC IPs

Modbus - Top DST IPs

Modbus - Top DST Ports

Modbus - Top Functions

Modbus - Top Exceptions

Autoruns Queries
DNS - Bottom Requests (Long Tail Analysis)
These packages are now available in our stable repo.  Please see the following page for full update instructions:

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!

Security Onion Conference will be on Friday September 9 and registration is open!

Need training?  Please see:

Need support?  Please see:


No comments:

Search This Blog

Featured Post

Quick Malware Analysis: WORD MACRO --> SSLOAD --> COBALT STRIKE pcap from 2024-04-18

Thanks to Brad Duncan for sharing this pcap from 2024-04-18 on his malware traffic analysis site! Due to issues with Google flagging a warni...

Popular Posts

Blog Archive