The following package is now available:
securityonion-squert - 20161212-1ubuntu1securityonion9
This new package should resolve the following issues:
Issue 883: Squert 1.6.3
https://github.com/Security-Onion-Solutions/security-onion/issues/883
Issue 868: Squert: Summary page, clicking country, src/dst results in empty page
https://github.com/Security-Onion-Solutions/security-onion/issues/868
Issue 958: Squert: OSSEC HIDS alerts display NIDS rules
https://github.com/Security-Onion-Solutions/security-onion/issues/958
Thanks to Wes Lambert for testing!
Updating
This package is now available in our stable repo. Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade
You may need to Shift-Reload in your browser and/or empty browser cache to ensure you're running the latest Squert javascript.
Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053
Training
Security Onion Solutions provides onsite, online, and on-demand training. For more information, please see:
https://securityonionsolutions.com
Support
Need support? Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support
Thanks!
Wednesday, December 21, 2016
Tuesday, December 20, 2016
Bro 2.5 now available for Security Onion!
Bro 2.5 was released recently:
http://blog.bro.org/2016/11/bro-25-released.html
https://www.bro.org/download/NEWS.bro.html
https://www.bro.org/download/CHANGES.bro.txt
I've packaged Bro 2.5 and also updated the securityonion-bro-scripts and securityonion-elsa-extras packages. The new packages are as follows:
securityonion-bro - 2.5-1ubuntu1securityonion3
securityonion-bro-scripts - 20121004-0ubuntu0securityonion49
securityonion-elsa-extras - 20151011-1ubuntu1securityonion47
These packages resolve the following issues:
Issue 1023: Bro 2.5
https://github.com/Security-Onion-Solutions/security-onion/issues/1023
Issue 1028: securityonion-bro-scripts: update for Bro 2.5
https://github.com/Security-Onion-Solutions/security-onion/issues/1028
Issue 1029: securityonion-elsa-extras: update for Bro 2.5
https://github.com/Security-Onion-Solutions/security-onion/issues/1029
Thanks to Wes Lambert and Rob Bardo for testing!
Updating
These packages are now available in our stable repo. Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade
These updates will back up your Bro configuration. You'll then need to do the following:
http://www.cafepress.com/securityonion/11820053
Training
Security Onion Solutions provides onsite, online, and on-demand training. For more information, please see:
https://securityonionsolutions.com
Support
Need support? Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support
Thanks!
http://blog.bro.org/2016/11/bro-25-released.html
https://www.bro.org/download/NEWS.bro.html
https://www.bro.org/download/CHANGES.bro.txt
I've packaged Bro 2.5 and also updated the securityonion-bro-scripts and securityonion-elsa-extras packages. The new packages are as follows:
securityonion-bro - 2.5-1ubuntu1securityonion3
securityonion-bro-scripts - 20121004-0ubuntu0securityonion49
securityonion-elsa-extras - 20151011-1ubuntu1securityonion47
These packages resolve the following issues:
Issue 1023: Bro 2.5
https://github.com/Security-Onion-Solutions/security-onion/issues/1023
Issue 1028: securityonion-bro-scripts: update for Bro 2.5
https://github.com/Security-Onion-Solutions/security-onion/issues/1028
Issue 1029: securityonion-elsa-extras: update for Bro 2.5
https://github.com/Security-Onion-Solutions/security-onion/issues/1029
Thanks to Wes Lambert and Rob Bardo for testing!
Updating
These packages are now available in our stable repo. Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade
These updates will back up your Bro configuration. You'll then need to do the following:
- re-apply any local customizations to the Bro config
- restart Bro as follows:
sudo nsm_sensor_ps-restart --only-bro
Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!http://www.cafepress.com/securityonion/11820053
Training
Security Onion Solutions provides onsite, online, and on-demand training. For more information, please see:
https://securityonionsolutions.com
Support
Need support? Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support
Thanks!
Monday, December 19, 2016
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion149 resolves two issues
The following package is now available:
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion149
This new package should resolve the following issues:
Issue 942: NSM: more gracefully handle large number of files in /nsm/bro/extracted
https://github.com/Security-Onion-Solutions/security-onion/issues/942
Issue 1033: NSM: only allow one instance of nsm_sensor_clean at a time
https://github.com/Security-Onion-Solutions/security-onion/issues/1033
Thanks to Wes Lambert for testing!
Updating
This package is now available in our stable repo. Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade
Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053
Training
Security Onion Solutions provides onsite, online, and on-demand training. For more information, please see:
https://securityonionsolutions.com
Support
Need support? Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support
Thanks!
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion149
This new package should resolve the following issues:
Issue 942: NSM: more gracefully handle large number of files in /nsm/bro/extracted
https://github.com/Security-Onion-Solutions/security-onion/issues/942
Issue 1033: NSM: only allow one instance of nsm_sensor_clean at a time
https://github.com/Security-Onion-Solutions/security-onion/issues/1033
Thanks to Wes Lambert for testing!
Updating
This package is now available in our stable repo. Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade
Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053
Training
Security Onion Solutions provides onsite, online, and on-demand training. For more information, please see:
https://securityonionsolutions.com
Support
Need support? Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support
Thanks!
Wednesday, December 14, 2016
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion145 resolves an issue
The following package is now available:
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion145
This new package should resolve the following issue:
NSM: don't chown every file in /nsm/bro/extracted #1032
https://github.com/Security-Onion-Solutions/security-onion/issues/1032
Thanks to Wes Lambert for testing!
Updating
This package is now available in our stable repo. Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade
Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053
Training
Security Onion Solutions provides onsite, online, and on-demand training. For more information, please see:
https://securityonionsolutions.com
Support
Need support? Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support
Thanks!
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion145
This new package should resolve the following issue:
NSM: don't chown every file in /nsm/bro/extracted #1032
https://github.com/Security-Onion-Solutions/security-onion/issues/1032
Thanks to Wes Lambert for testing!
Updating
This package is now available in our stable repo. Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade
Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053
Training
Security Onion Solutions provides onsite, online, and on-demand training. For more information, please see:
https://securityonionsolutions.com
Support
Need support? Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support
Thanks!
Tuesday, December 13, 2016
Suricata 3.2 now available for Security Onion!
Suricata 3.2 was recently released:
https://suricata-ids.org/2016/12/01/suricata-3-2-available/
I've packaged it and the following package is now available:
securityonion-suricata - 3.2-1ubuntu1securityonion2
This new package should resolve the following issue:
Issue 1026: Suricata 3.2
https://github.com/Security-Onion-Solutions/security-onion/issues/1026
This package has been tested by Wes Lambert. Thanks, Wes!
Updating
This package is now available in our stable repo. Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade
This update will back up each of your existing suricata.yaml files to suricata.yaml.bak and migrate your HOME_NET and EXTERNAL_NET variables. You'll then need to do the following:
Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053
Training
Security Onion Solutions provides onsite, online, and on-demand training. For more information, please see:
https://securityonionsolutions.com
Support
Need support? Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support
Thanks!
https://suricata-ids.org/2016/12/01/suricata-3-2-available/
I've packaged it and the following package is now available:
securityonion-suricata - 3.2-1ubuntu1securityonion2
This new package should resolve the following issue:
Issue 1026: Suricata 3.2
https://github.com/Security-Onion-Solutions/security-onion/issues/1026
This package has been tested by Wes Lambert. Thanks, Wes!
Updating
This package is now available in our stable repo. Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade
This update will back up each of your existing suricata.yaml files to suricata.yaml.bak and migrate your HOME_NET and EXTERNAL_NET variables. You'll then need to do the following:
- re-apply any other local customizations to your suricata.yaml file(s)
- update ruleset and restart Suricata as follows:
sudo rule-update
Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053
Training
Security Onion Solutions provides onsite, online, and on-demand training. For more information, please see:
https://securityonionsolutions.com
Support
Need support? Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support
Thanks!
Monday, December 12, 2016
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion144 resolves an issue
The following package is now available:
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion144
This new package should resolve the following issue:
NSM: remove chown from /usr/sbin/so-bro-cron #1030
https://github.com/Security-Onion-Solutions/security-onion/issues/1030
Thanks to Wes Lambert for testing!
Updating
This package is now available in our stable repo. Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade
Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053
Training
Security Onion Solutions provides onsite, online, and on-demand training. For more information, please see:
https://securityonionsolutions.com
Support
Need support? Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support
Thanks!
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion144
This new package should resolve the following issue:
NSM: remove chown from /usr/sbin/so-bro-cron #1030
https://github.com/Security-Onion-Solutions/security-onion/issues/1030
Thanks to Wes Lambert for testing!
Updating
This package is now available in our stable repo. Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade
Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053
Training
Security Onion Solutions provides onsite, online, and on-demand training. For more information, please see:
https://securityonionsolutions.com
Support
Need support? Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support
Thanks!
Wednesday, December 7, 2016
Training Update
Our next live session of online training will be March 13, 2017 through March 16, 2017. For more details and to register, please see:
https://securityonionsolutions.com/onlinetraining
If you need online training before then, you may want to consider our pre-recorded on-demand training:
https://securityonionsolutions.com/ondemandtraining
If you're looking for more in-depth training including lab exercises, we are starting to schedule our 4-day onsite classes for 2017:
https://securityonionsolutions.com/onsitetraining
https://securityonionsolutions.com/onlinetraining
If you need online training before then, you may want to consider our pre-recorded on-demand training:
https://securityonionsolutions.com/ondemandtraining
If you're looking for more in-depth training including lab exercises, we are starting to schedule our 4-day onsite classes for 2017:
https://securityonionsolutions.com/onsitetraining
Tuesday, December 6, 2016
securityonion-sostat - 20120722-0ubuntu0securityonion65 resolves an issue
The following package is now available:
securityonion-sostat - 20120722-0ubuntu0securityonion65
This new package should resolve the following issue:
Issue 1024: soup: when running on sensor, check to make sure master server has been updated first
https://github.com/Security-Onion-Solutions/security-onion/issues/1024
Thanks to Wes Lambert!
Updating
This package is now available in our stable repo. Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade
Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053
Training
Security Onion Solutions provides onsite, online, and on-demand training. For more information, please see:
https://securityonionsolutions.com
Support
Need support? Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support
Thanks!
securityonion-sostat - 20120722-0ubuntu0securityonion65
This new package should resolve the following issue:
Issue 1024: soup: when running on sensor, check to make sure master server has been updated first
https://github.com/Security-Onion-Solutions/security-onion/issues/1024
Thanks to Wes Lambert!
Updating
This package is now available in our stable repo. Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade
Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053
Training
Security Onion Solutions provides onsite, online, and on-demand training. For more information, please see:
https://securityonionsolutions.com
Support
Need support? Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support
Thanks!
Monday, December 5, 2016
CapMe 1.0.1 is now available and supports UDP traffic!
The following packages are now available:
securityonion-capme - 20121213-0ubuntu0securityonion65
securityonion-sguil-client - 20141004-0ubuntu0securityonion16
securityonion-sguil-sensor - 20141004-0ubuntu0securityonion16
securityonion-sguil-server - 20141004-0ubuntu0securityonion16
These new packages should resolve the following issue:
Issue 492: CapMe needs to handle UDP better
https://github.com/Security-Onion-Solutions/security-onion/issues/492
Thanks to Wes Lambert!
Updating
These packages are now available in our stable repo. Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade
Release Notes
After installing the updated packages, you will need to restart sguild as follows:
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053
Training
Security Onion Solutions provides onsite, online, and on-demand training. For more information, please see:
https://securityonionsolutions.com
Support
Need support? Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support
Thanks!
securityonion-capme - 20121213-0ubuntu0securityonion65
securityonion-sguil-client - 20141004-0ubuntu0securityonion16
securityonion-sguil-sensor - 20141004-0ubuntu0securityonion16
securityonion-sguil-server - 20141004-0ubuntu0securityonion16
These new packages should resolve the following issue:
Issue 492: CapMe needs to handle UDP better
https://github.com/Security-Onion-Solutions/security-onion/issues/492
Thanks to Wes Lambert!
Updating
These packages are now available in our stable repo. Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade
Release Notes
After installing the updated packages, you will need to restart sguild as follows:
sudo nsm_server_ps-restartWant to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053
Training
Security Onion Solutions provides onsite, online, and on-demand training. For more information, please see:
https://securityonionsolutions.com
Support
Need support? Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support
Thanks!