Thursday, November 30, 2017

Elastic Stack Beta 2 Release and Security Onion 14.04.5.5 ISO Image!

UPDATED 2018/04/09! We've released a newer version!
https://blog.securityonion.net/2018/04/security-onion-elastic-stack-general.html

We're excited to announce that our Elastic stack integration has now reached Beta 2 Release!  This Beta 2 release includes a new 14.04.5.5 ISO image that contains these Beta 2 components and all the latest Ubuntu and Security Onion updates as of November 26, 2017!

Previous Releases
To see our progress over the last few months, please see the previous announcements:
http://blog.securityonion.net/2017/03/towards-elk-on-security-onion.html
http://blog.securityonion.net/2017/06/towards-elastic-on-security-onion.html
http://blog.securityonion.net/2017/07/towards-elastic-on-security-onion.html
http://blog.securityonion.net/2017/09/elastic-stack-alpha-release-and.html
http://blog.securityonion.net/2017/11/elastic-stack-beta-release-and-security.html

Highlights of this Beta 2 Release

  • Upgraded from Elastic 5.6.3 to 5.6.4
  • Kibana metric visualization scrollbar issue resolved
  • CapMe now supports pivoting from BRO_PE and BRO_X509 logs
  • many improvements to so-crossclustercheck
  • Setup now automatically disables FreqServer and DomainStats if running in Production Mode
  • The securityonion-elastic package now has a postinst script that runs so-elastic-configure if Elastic has already been enabled
  • Lots of cleanup and fixes

Kibana Overview Dashboard

Issues Resolved
Issue 1132: Elastic Stack Beta 2
https://github.com/Security-Onion-Solutions/security-onion/issues/1132

Issue 1158: 14.04.5.5 ISO image
https://github.com/Security-Onion-Solutions/security-onion/issues/1158

Known Issues
For known issues, please see our RC1 list:
https://github.com/Security-Onion-Solutions/security-onion/issues/1172

Thanks
This new ISO image has been tested by Wes Lambert and Rob Bardo.  Thanks, guys!

New Installations
We've updated the Verify_ISO page for the new ISO image:
https://github.com/Security-Onion-Solutions/security-onion/blob/master/Verify_ISO.md

Please remember to verify the signature of the downloaded ISO image using the instructions on that page.

Please note! This ISO image includes the EXPERIMENTAL Elastic stack!

The Elastic components are included in the ISO image and Setup gives you an option of Stable Setup (ELSA) or Experimental Setup (Elastic). If you do not want to try the new Elastic stack, you can choose Stable Setup.  If you choose Experimental Setup, the usual disclaimers and warnings apply!

  • Experimental Setup is BLEEDING EDGE and TOTALLY UNSUPPORTED!
  • If this breaks your system, you get to keep both pieces!
  • This is a work in progress and is in constant flux.
  • This is intended to build a quick prototype proof of concept so you can see what our ultimate Elastic configuration might look like.  This configuration will change drastically over time leading up to the final release.
  • Do NOT run this on a system that you care about!
  • Do NOT run this on a system that has data that you care about!
  • This should only be run on a TEST box with TEST data!
  • Experimental Setup may result in nausea, vomiting, or a burning sensation.


For more about this Elastic Beta 2 release, please see https://securityonion.net/wiki/elastic and the Screenshot tour at the bottom of this blog post.

Please note the following minimum hardware requirements for the Elastic stack:

  • 2 CPU cores
  • 8GB RAM


If you would prefer an ISO image with no Elastic components at all, you have a few options:

  • Install the older Security Onion 14.04.5.2 ISO image and then run "sudo soup"

    OR




Existing Deployments
If you have existing ELSA installations based on a previous 14.04 ISO image, there is no need to download this new ISO image.  You can simply continue using our standard update process to install updated packages as they are made available:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

If you have existing Elastic installations (Technology Previews, Alpha, or Beta), we don't officially support upgrading to newer releases.  You can try running "sudo soup" but if that fails, you can perform a fresh installation using this Beta 2 ISO image.

Release Notes
For more information about this release, please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Security-Onion-14.04-Release-Notes

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
We offer onsite and online training!  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Screenshot Tour

Security Onion 14.04.5.5 20171126 

Welcome to Setup

Network Configuration

Stable Setup vs Experimental Setup

Experimental Setup - Warnings and Disclaimers

Evaluation Mode vs Production Mode

Monitor (Sniffing) Interface

Creating Username

Setting Password

Confirming Password

Confirming Options

Setup Complete

Single Sign On (SSO) for Squert, CapMe, and Kibana

Squert

CapMe

Kibana Overview Dashboard

Help

Bro Notices

ElastAlert

OSSEC HIDS Alerts

NIDS Alerts - Snort or Suricata

Bro - Connections

Bro - DCE/RPC

Bro - DHCP

Bro - DNP3

Bro - DNS

Bro - Files

Bro - FTP

Bro - HTTP

Bro - Intel

Bro - IRC

Bro - Kerberos

Bro - Modbus

Bro - MySQL

Bro - NTLM

Bro - PE

Bro - RADIUS

Bro - RDP

Bro - RFB

Bro - SIP

Bro - SMB

Bro - SMTP

Bro - SNMP

Bro - Software

Bro - SSH

Bro - SSL

Bro - Syslog

Bro - Tunnels

Bro - Weird

Bro - X.509

Autoruns

OSSEC

Sysmon

Firewall

Stats

Syslog

No comments:

Search This Blog

Featured Post

Security Onion 2.4.110 Hurricane Helene Edition now available including new AI Summary feature and much more!

Hurricane Helene Update On Friday, September 27, Hurricane Helene hit Augusta GA. All of our team members are safe, but many folks had signi...

Popular Posts

Blog Archive