Friday, September 30, 2016

securityonion-web-page - 20141015-0ubuntu0securityonion71 resolves several issues

The following package is now available:
securityonion-web-page - 20141015-0ubuntu0securityonion71

This new package should resolve the following issues:

Issue 1001: securityonion-web-page: move Top/Bottom links to beginning of line
https://github.com/Security-Onion-Solutions/security-onion/issues/1001

Issue 1002: securityonion-web-page: fix ELSA FIREWALL_ACCESS_DENY queries
https://github.com/Security-Onion-Solutions/security-onion/issues/1002

Issue 1004: securityonion-web-page: standardize Autoruns queries
https://github.com/Security-Onion-Solutions/security-onion/issues/1004

Screenshots
Top / Bottom links are now at the beginning of the line
and Autoruns queries have been standardized


DNS - Top 100 Requests

DNS - Bottom 100 Requests


Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Thursday, September 29, 2016

securityonion-sostat - 20120722-0ubuntu0securityonion62 resolves several issues

The following package is now available:
securityonion-sostat - 20120722-0ubuntu0securityonion62

This new package should resolve the following issues:

Issue 990: sostat: Fix redirect to file issue
https://github.com/Security-Onion-Solutions/security-onion/issues/990

Issue 991: sostat: Remove redundant source call
https://github.com/Security-Onion-Solutions/security-onion/issues/991

Issue 992: sostat: Enable nullglobs to prevent string literal bug in various for loops
https://github.com/Security-Onion-Solutions/security-onion/issues/992

Issue 996: sostat: report OS version and sostat version
https://github.com/Security-Onion-Solutions/security-onion/issues/996

Issue 998: sostat: only show last run of rule-update
https://github.com/Security-Onion-Solutions/security-onion/issues/998

Issue 961: soup: remove any autoremove recommendations
https://github.com/Security-Onion-Solutions/security-onion/issues/961

Issue 962: soup: recommend upgrading to 16.04 HWE stack
https://github.com/Security-Onion-Solutions/security-onion/issues/962

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

securityonion-rule-update - 20151201-1ubuntu1securityonion7 resolves an issue

The following package is now available:
securityonion-rule-update - 20151201-1ubuntu1securityonion7

This new package should resolve the following issue:

Issue 985: rule-update should always log to /var/log/nsm/pulledpork.log
https://github.com/Security-Onion-Solutions/security-onion/issues/985

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Wednesday, September 28, 2016

securityonion-elsa-extras - 20151011-1ubuntu1securityonion38 resolves an issue

The following package is now available:
securityonion-elsa-extras - 20151011-1ubuntu1securityonion38

This new package should resolve the following issue:

Issue 997: securityonion-elsa-extras: better parsing for event id 4776
https://github.com/Security-Onion-Solutions/security-onion/issues/997

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Tuesday, September 27, 2016

securityonion-squert-cron - 20120722-0ubuntu0securityonion10 resolves an issue

The following package is now available:
securityonion-squert-cron - 20120722-0ubuntu0securityonion10

This new package should resolve the following issue:

Squert ip2c cron job should lock to prevent multiple instances #987
https://github.com/Security-Onion-Solutions/security-onion/issues/987

This package has been tested by Wes Lambert.  Thanks, Wes!

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Monday, September 26, 2016

Suricata 3.1.2 now available for Security Onion!

Suricata 3.1.2 was recently released:
https://suricata-ids.org/2016/09/07/suricata-3-1-2-released/

I've packaged it and the following package is now available:
securityonion-suricata - 3.1.2-1ubuntu1securityonion1

This new package should resolve the following issue:

Issue 994: Suricata 3.1.2
https://github.com/Security-Onion-Solutions/security-onion/issues/994

This package has been tested by Wes Lambert.  Thanks, Wes!

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

This update will back up each of your existing suricata.yaml files to suricata.yaml.bak and migrate your HOME_NET and EXTERNAL_NET variables.  You'll then need to do the following:

  • re-apply any other local customizations to your suricata.yaml file(s)
  • update ruleset and restart Suricata as follows:
    sudo rule-update

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Thursday, September 22, 2016

4-day Security Onion class in Columbus Ohio - November 15 through November 18

Our wildly popular 4-day class is coming to Columbus Ohio in November!  For more details and to register, please see:

https://securityonionsolutions.com/onsitetraining

Tuesday, September 13, 2016

4-day Security Onion class in Columbia SC - October 25 through October 28

Our wildly popular 4-day class is coming to Columbia SC in October!  For more details and to register, please see:

https://securityonionsolutions.com/onsitetraining

Onion Arcade: Make Your Adversaries Cry

At Security Onion Conference 2016, I talked about Onion Arcade:
https://www.youtube.com/watch?v=AXk-Te_lMmg&list=PLljFlTO9rB15Tve-LhV5k_5_0HH37eALe&index=9

If you haven't seen it, please watch the video to understand the reasons for building Onion Arcade and how it relates to Security Onion.

For those interested, here are some higher resolution photos of the build process.

Super Nintendo SNS-101 (Mini) --> Framemeister scaler --> HDMI Monitor

Button Panel

Plexiglass


Joystick panel



Sides

Monitor VESA mount


Ground wire, lots of it!

Wiring harness for LED lights

Speaker panel


Buttons installed

Joysticks installed

Bottom of joystick panel before wiring begins

LED buttons powered up

First SNES Controller PCB soldered

First SNES Controller PCB with Joystick panel

Second SNES Controller PCB soldered

Both SNES Controller PCBs with Joystick panel

Joystick panel wiring completed

Cabinet construction begins


Back door installed

Monitor installed

Installing LED light strips in marquee 
The components barely fit 

It's Alive!

Onion Arcade FAQ

What does this have to do with Security Onion?
Please see the video for a full explanation:
https://www.youtube.com/watch?v=AXk-Te_lMmg&list=PLljFlTO9rB15Tve-LhV5k_5_0HH37eALe&index=9

Is Onion Arcade for sale?
No, it's mine, all mine!  :)

Is it running emulators/ROMs?
Nope, under the hood is a real Super Nintendo SNS-101 (Mini) and a real SNES cartridge.

Where did the artwork come from?
I found a Creative Commons licensed Mandelbrot fractal on Wikipedia and added neon logos using the Gimp graphics editor.

The Mandelbrot fractal background was created by Wolfgang Beyer with the program Ultra Fractal 3 and licensed under the Creative Commons Attribution-Share Alike 3.0 Unported license.  For more information:

https://upload.wikimedia.org/wikipedia/commons/a/a4/Mandel_zoom_11_satellite_double_spiral.jpg

https://en.wikipedia.org/wiki/File:Mandel_zoom_11_satellite_double_spiral.jpg