Wednesday, December 21, 2016

Squert 1.6.3 now available for Security Onion!

The following package is now available:
securityonion-squert - 20161212-1ubuntu1securityonion9

This new package should resolve the following issues:

Issue 883: Squert 1.6.3
https://github.com/Security-Onion-Solutions/security-onion/issues/883

Issue 868: Squert: Summary page, clicking country, src/dst results in empty page
https://github.com/Security-Onion-Solutions/security-onion/issues/868

Issue 958: Squert: OSSEC HIDS alerts display NIDS rules
https://github.com/Security-Onion-Solutions/security-onion/issues/958

Thanks to Wes Lambert for testing!

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

You may need to Shift-Reload in your browser and/or empty browser cache to ensure you're running the latest Squert javascript.

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Tuesday, December 20, 2016

Bro 2.5 now available for Security Onion!

Bro 2.5 was released recently:
http://blog.bro.org/2016/11/bro-25-released.html
https://www.bro.org/download/NEWS.bro.html
https://www.bro.org/download/CHANGES.bro.txt

I've packaged Bro 2.5 and also updated the securityonion-bro-scripts and securityonion-elsa-extras packages.  The new packages are as follows:
securityonion-bro - 2.5-1ubuntu1securityonion3
securityonion-bro-scripts - 20121004-0ubuntu0securityonion49
securityonion-elsa-extras - 20151011-1ubuntu1securityonion47

These packages resolve the following issues:

Issue 1023: Bro 2.5
https://github.com/Security-Onion-Solutions/security-onion/issues/1023

Issue 1028: securityonion-bro-scripts: update for Bro 2.5
https://github.com/Security-Onion-Solutions/security-onion/issues/1028

Issue 1029: securityonion-elsa-extras: update for Bro 2.5
https://github.com/Security-Onion-Solutions/security-onion/issues/1029

Thanks to Wes Lambert and Rob Bardo for testing!

Updating
These packages are now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

These updates will back up your Bro configuration.  You'll then need to do the following:

  • re-apply any local customizations to the Bro config
  • restart Bro as follows:
    sudo nsm_sensor_ps-restart --only-bro

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Monday, December 19, 2016

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion149 resolves two issues

The following package is now available:
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion149

This new package should resolve the following issues:

Issue 942: NSM: more gracefully handle large number of files in /nsm/bro/extracted
https://github.com/Security-Onion-Solutions/security-onion/issues/942

Issue 1033: NSM: only allow one instance of nsm_sensor_clean at a time
https://github.com/Security-Onion-Solutions/security-onion/issues/1033

Thanks to Wes Lambert for testing!

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Wednesday, December 14, 2016

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion145 resolves an issue

The following package is now available:
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion145

This new package should resolve the following issue:

NSM: don't chown every file in /nsm/bro/extracted #1032
https://github.com/Security-Onion-Solutions/security-onion/issues/1032

Thanks to Wes Lambert for testing!

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Tuesday, December 13, 2016

Suricata 3.2 now available for Security Onion!

Suricata 3.2 was recently released:
https://suricata-ids.org/2016/12/01/suricata-3-2-available/

I've packaged it and the following package is now available:
securityonion-suricata - 3.2-1ubuntu1securityonion2

This new package should resolve the following issue:

Issue 1026: Suricata 3.2
https://github.com/Security-Onion-Solutions/security-onion/issues/1026

This package has been tested by Wes Lambert.  Thanks, Wes!

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

This update will back up each of your existing suricata.yaml files to suricata.yaml.bak and migrate your HOME_NET and EXTERNAL_NET variables.  You'll then need to do the following:

  • re-apply any other local customizations to your suricata.yaml file(s)
  • update ruleset and restart Suricata as follows:
    sudo rule-update

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Monday, December 12, 2016

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion144 resolves an issue

The following package is now available:
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion144

This new package should resolve the following issue:

NSM: remove chown from /usr/sbin/so-bro-cron #1030
https://github.com/Security-Onion-Solutions/security-onion/issues/1030

Thanks to Wes Lambert for testing!

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Wednesday, December 7, 2016

Training Update

Our next live session of online training will be March 13, 2017 through March 16, 2017.  For more details and to register, please see:
https://securityonionsolutions.com/onlinetraining

If you need online training before then, you may want to consider our pre-recorded on-demand training:
https://securityonionsolutions.com/ondemandtraining

If you're looking for more in-depth training including lab exercises, we are starting to schedule our 4-day onsite classes for 2017:
https://securityonionsolutions.com/onsitetraining

Tuesday, December 6, 2016

securityonion-sostat - 20120722-0ubuntu0securityonion65 resolves an issue

The following package is now available:
securityonion-sostat - 20120722-0ubuntu0securityonion65

This new package should resolve the following issue:

Issue 1024: soup: when running on sensor, check to make sure master server has been updated first
https://github.com/Security-Onion-Solutions/security-onion/issues/1024

Thanks to Wes Lambert!

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Monday, December 5, 2016

CapMe 1.0.1 is now available and supports UDP traffic!

The following packages are now available:
securityonion-capme - 20121213-0ubuntu0securityonion65
securityonion-sguil-client - 20141004-0ubuntu0securityonion16
securityonion-sguil-sensor - 20141004-0ubuntu0securityonion16
securityonion-sguil-server - 20141004-0ubuntu0securityonion16

These new packages should resolve the following issue:

Issue 492: CapMe needs to handle UDP better
https://github.com/Security-Onion-Solutions/security-onion/issues/492

Thanks to Wes Lambert!

Updating
These packages are now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Release Notes
After installing the updated packages, you will need to restart sguild as follows:
sudo nsm_server_ps-restart
Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!