Monday, August 8, 2016

New ELSA packages resolve several issues

I've merged several pull requests:
https://github.com/Security-Onion-Solutions/securityonion-elsa-extras/pull/10
https://github.com/Security-Onion-Solutions/securityonion-elsa-extras/pull/15
https://github.com/Security-Onion-Solutions/securityonion-elsa-extras/pull/17
https://github.com/Security-Onion-Solutions/securityonion-elsa-extras/pull/18
https://github.com/Security-Onion-Solutions/securityonion-web-page/pull/5

Martin Holste merged several pull requests in his ELSA repo:
https://github.com/mcholste/elsa/pull/16
https://github.com/mcholste/elsa/pull/40
https://github.com/mcholste/elsa/pull/39
https://github.com/mcholste/elsa/pull/37

I've built new packages including all of these changes and the new
package versions are as follows:
securityonion-elsa - 1205chartsjsd3-1ubuntu1securityonion9
securityonion-elsa-extras - 20151011-1ubuntu1securityonion35
securityonion-web-page - 20141015-0ubuntu0securityonion67

These new packages should resolve the following issues:

Issue 950: ELSA: change Help link to point to ELSA Github
https://github.com/Security-Onion-Solutions/security-onion/issues/950

Issue 827: securityonion-elsa-extras: merge additional patterns including DNP3 and Modbus
https://github.com/Security-Onion-Solutions/security-onion/issues/827

Issue 970: securityonion-web-page: add queries for autoruns, dnp3, and modbus
https://github.com/Security-Onion-Solutions/security-onion/issues/970

Issue 973: securityonion-web-page: Apache ServerName localhost
https://github.com/Security-Onion-Solutions/security-onion/issues/973

Issue 964: securityonion-web-page: add "bottom" queries for long tail analysis
https://github.com/Security-Onion-Solutions/security-onion/issues/964

Issue 976: securityonion-web-page: additional protections in securityonion.conf
https://github.com/Security-Onion-Solutions/security-onion/issues/976

These packages have been tested by the following (thanks!):
Phil Plantamura
Josh Brower
Wes Lambert
James Taylor

Screenshots
DNP3 - Top SRC IPs 
DNP3 - Top DST IPs 
DNP3 - Top DST Ports 
DNP3 - Top Requests 
DNP3 - Top Replies

Modbus - Top SRC IPs

Modbus - Top DST IPs

Modbus - Top DST Ports

Modbus - Top Functions

Modbus - Top Exceptions

Autoruns Queries
 
DNS - Bottom Requests (Long Tail Analysis)
Updating
These packages are now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Conference
Security Onion Conference will be on Friday September 9 and registration is open!
https://securityonion.net/conference

Training
Need training?  Please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

No comments:

Search This Blog

Featured Post

Quick Malware Analysis: WORD MACRO --> SSLOAD --> COBALT STRIKE pcap from 2024-04-18

Thanks to Brad Duncan for sharing this pcap from 2024-04-18 on his malware traffic analysis site! Due to issues with Google flagging a warni...

Popular Posts

Blog Archive