UPDATED 2018/04/09! We've released a newer version!
https://blog.securityonion.net/2018/04/security-onion-elastic-stack-general.html
We recently announced the first three technology previews of the Elastic stack on Security Onion:
http://blog.securityonion.net/2017/03/towards-elk-on-security-onion.html
http://blog.securityonion.net/2017/06/towards-elastic-on-security-onion.html
http://blog.securityonion.net/2017/07/towards-elastic-on-security-onion.html
We're excited to announce that our Elastic stack integration has now reached Alpha Release! Part of this Alpha release is a new 14.04.5.3 ISO image that contains these Alpha components. This ISO image contains all the latest Ubuntu and Security Onion updates as of September 5, 2017!
Highlights of this Alpha Release
- Upgraded from Elastic 5.5.0 to 5.5.2
- All Elastic config files and scripts are now in a new package called securityonion-elastic (securityonion_elastic.sh from previous tech previews is no longer necessary)
- In Kibana, the Squert and Logout links have been moved to the side panel
- Kibana search now defaults to last 24 hours
- Lots of cleanup and fixes
- Elastic distributed deployments are implemented using cross cluster search
|
Distributed Deployment with Master Server and Two Sensors |
Issues Resolved
Issue 1071: 14.04.5.3 ISO image
https://github.com/Security-Onion-Solutions/security-onion/issues/1071
Issue 1095: Elastic Stack Alpha Release
https://github.com/Security-Onion-Solutions/security-onion/issues/1095
Thanks
This new ISO image has been tested by Wes Lambert and Phil Plantamura. Thanks, guys!
New Installations
I've updated the Verify_ISO page for the new ISO image:
https://github.com/Security-Onion-Solutions/security-onion/blob/master/Verify_ISO.md
Please remember to verify the signature of the downloaded ISO image using the instructions on that page.
Please note! This ISO image includes the EXPERIMENTAL Elastic stack!
The Elastic components are included in the ISO image and Setup gives you an option of Stable Setup (ELSA) or Experimental Setup (Elastic). If you do not want to try the new Elastic stack, you can choose Stable Setup. If you choose Experimental Setup, the usual disclaimers and warnings apply!
- Experimental Setup is ALPHA, BLEEDING EDGE, and TOTALLY UNSUPPORTED!
- If this breaks your system, you get to keep both pieces!
- This is a work in progress and is in constant flux.
- This is intended to build a quick prototype proof of concept so you can see what our ultimate Elastic configuration might look like. This configuration will change drastically over time leading up to the final release.
- Do NOT run this on a system that you care about!
- Do NOT run this on a system that has data that you care about!
- This should only be run on a TEST box with TEST data!
- Experimental Setup may result in nausea, vomiting, or a burning sensation.
For more about this Elastic Alpha release, please see
https://securityonion.net/wiki/elastic and the Screenshot tour at the bottom of this blog post.
Please note the following minimum hardware requirements for the Elastic stack:
If you would prefer an ISO image with no Elastic components at all, you have a few options:
Existing Deployments
If you have existing installations based on a previous 14.04 ISO image, there is no need to download the new ISO image. You can simply continue using our standard update process to install updated packages as they are made available:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade
Release Notes
For more information about this release, please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Security-Onion-14.04-Release-Notes
Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053
Training
We have a 4-day Security Onion training class coming up in San Antonio, Texas! For this and other training options, please see:
https://securityonionsolutions.com
Support
Need support? Please see:
https://securityonion.net/wiki/Support
Screenshot Tour
|
Experimental Setup configures the Elastic Stack |
|
Choosing Experimental Setup displays Warnings and Disclaimers |
|
Experimental Setup includes Evaluation Mode and Production Mode |
|
Network Interface Selection |
|
Creating Username |
|
Creating Password |
|
Confirming Password |
|
Confirming Options |
|
Squert and Logout links have been moved to Kibana Side Panel |
|
Home (Overview) Dashboard |
|
Alert Data - Bro Notices |
|
Alert Data - ElastAlert |
|
Alert Data - HIDS |
|
Alert Data - NIDS |
|
Bro Hunting - Connections |
|
Bro Hunting - DCE/RPC |
|
Bro Hunting - DHCP |
|
Bro Hunting - DNP3 |
|
Bro Hunting - DNS |
|
Bro Hunting - Files |
|
Bro Hunting - FTP |
|
Bro Hunting - HTTP |
|
Bro Hunting - Intel |
|
Bro Hunting - IRC |
|
Bro Hunting - Kerberos |
|
Bro Hunting - Modbus |
|
Bro Hunting - MySQL |
|
Bro Hunting - NTLM |
|
Bro Hunting - PE |
|
Bro Hunting - RADIUS |
|
Bro Hunting - RDP |
|
Bro Hunting - RFB |
|
Bro Hunting - SIP |
|
Bro Hunting - SMB |
|
Bro Hunting - SMTP |
|
Bro Hunting - SNMP |
|
Bro Hunting - Software |
|
Bro Hunting - SSH |
|
Bro Hunting - SSL |
|
Bro Hunting - Syslog |
|
Bro Hunting - Tunnels |
|
Bro Hunting - Weird |
|
Bro Hunting - X.509 |
|
Host Hunting - Autoruns |
|
Host Hunting - OSSEC |
|
Host Hunting - Sysmon |
|
Other - Firewall |
|
Other - Stats |
|
Other - Syslog |
|
Distributed Deployment with Master and 2 Sensors using Cross Cluster Search |
UPDATE 2017/09/18 - Added link to State of the Onion talk at Security Onion Conference 2017
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.