UPDATED 2018/04/09! We've released a newer version!
https://blog.securityonion.net/2018/04/security-onion-elastic-stack-general.html
We're excited to announce that our Elastic stack integration has now reached Beta Release! This Beta release includes a new 14.04.5.4 ISO image that contains these Beta components and all the latest Ubuntu and Security Onion updates as of October 31, 2017!
Previous Releases
To see our progress over the last few months, please see the previous announcements:
http://blog.securityonion.net/2017/03/towards-elk-on-security-onion.html
http://blog.securityonion.net/2017/06/towards-elastic-on-security-onion.html
http://blog.securityonion.net/2017/07/towards-elastic-on-security-onion.html
http://blog.securityonion.net/2017/09/elastic-stack-alpha-release-and.html
Highlights of this Beta Release
- Upgraded from Elastic 5.5.2 to 5.6.3
- Each Docker container now runs using its own unique UID
- Overview dashboard now shows total number of connected sensors
- New Help dashboard includes introductory information and link to our Wiki
- Hyperlinked more fields in Kibana dashboards for more pivoting capability
- Added ability to automate setup of Elastic stack via sosetup.conf
- Setup now automatically disables DomainStats if it detects whois failure
- Setup now enforces minimum hardware requirements of 2 CPU cores and 8GB RAM
- Lots of cleanup and fixes
|
Overview Dashboard now shows total number of connected sensors |
Issues Resolved
Issue 1130: Elastic Stack Beta Release
https://github.com/Security-Onion-Solutions/security-onion/issues/1130
Issue 1094: 14.04.5.4 ISO image
https://github.com/Security-Onion-Solutions/security-onion/issues/1094
Known Issues
As seen in the screenshot above, metric visualizations have unnecessary scroll bars. This is a known issue in Kibana 5.6.3:
https://github.com/elastic/kibana/issues/13947
For this and other known issues, please see our RC1 list:
https://github.com/Security-Onion-Solutions/security-onion/issues/1132
Thanks
This new ISO image has been tested by Wes Lambert and Phil Plantamura. Thanks, guys!
New Installations
We've updated the Verify_ISO page for the new ISO image:
https://github.com/Security-Onion-Solutions/security-onion/blob/master/Verify_ISO.md
Please remember to verify the signature of the downloaded ISO image using the instructions on that page.
Please note! This ISO image includes the EXPERIMENTAL Elastic stack!
The Elastic components are included in the ISO image and Setup gives you an option of Stable Setup (ELSA) or Experimental Setup (Elastic). If you do not want to try the new Elastic stack, you can choose Stable Setup. If you choose Experimental Setup, the usual disclaimers and warnings apply!
- Experimental Setup is BLEEDING EDGE and TOTALLY UNSUPPORTED!
- If this breaks your system, you get to keep both pieces!
- This is a work in progress and is in constant flux.
- This is intended to build a quick prototype proof of concept so you can see what our ultimate Elastic configuration might look like. This configuration will change drastically over time leading up to the final release.
- Do NOT run this on a system that you care about!
- Do NOT run this on a system that has data that you care about!
- This should only be run on a TEST box with TEST data!
- Experimental Setup may result in nausea, vomiting, or a burning sensation.
For more about this Elastic Beta release, please see
https://securityonion.net/wiki/elastic and the Screenshot tour at the bottom of this blog post.
Please note the following minimum hardware requirements for the Elastic stack:
If you would prefer an ISO image with no Elastic components at all, you have a few options:
Existing Deployments
If you have existing
ELSA installations based on a previous 14.04 ISO image, there is no need to download this new ISO image. You can simply continue using our standard update process to install updated packages as they are made available:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade
If you have existing
Elastic installations (Technology Previews or Alpha), we don't officially support upgrading to newer releases. However, if you're running Alpha, you can try the steps listed here:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Elastic-Alpha-to-Beta
If all else fails, you can perform a fresh installation using this Beta ISO image.
Release Notes
For more information about this release, please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Security-Onion-14.04-Release-Notes
Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053
Training
We have a 4-day Security Onion training class coming up in San Antonio, Texas! For this and other training options, please see:
https://securityonionsolutions.com
Support
Need support? Please see:
https://securityonion.net/wiki/Support
Screenshot Tour
|
Security Onion 14.04.5.4 20171031 |
|
Setup |
|
Network Configuration |
|
Stable Setup vs Experimental Setup |
|
Experimental Setup - Warnings and Disclaimers |
|
Evaluation Mode vs Production Mode |
|
Monitor (Sniffing) Interface |
|
Creating Username |
|
Setting Password |
|
Confirming Password |
|
Confirming Options |
|
Setup Complete |
|
Single Sign On (SSO) for Squert, CapMe, and Kibana |
|
Squert |
|
CapMe |
|
Overview |
|
Help |
|
Bro - Notices |
|
ElastAlert |
|
OSSEC Alerts |
|
NIDS Alerts |
|
Bro - Connections |
|
Bro - DCE/RPC |
|
Bro - DHCP |
|
Bro - DNP3 |
|
Bro - DNS |
|
Bro - Files |
|
Bro - FTP |
|
Bro - HTTP |
|
Bro - Intel |
|
Bro -IRC |
|
Bro - Kerberos |
|
Bro - Modbus |
|
Bro - MySQL |
|
Bro - NTLM |
|
Bro - PE |
|
Bro - RADIUS |
|
Bro - RDP |
|
Bro - RFB |
|
Bro - SIP |
|
Bro - SMB |
|
Bro - SMTP |
|
Bro - SNMP |
|
Bro - Software |
|
Bro - SSH |
|
Bro - SSL |
|
Bro - Syslog |
|
Bro - Tunnels |
|
Bro - Weird |
|
Bro - X.509 |
|
Autoruns |
|
OSSEC Logs |
|
Sysmon |
|
Firewall |
|
Stats |
|
Syslog |
UPDATED 2017/11/18 - Updated Existing Deployments section to include link to Wiki article on upgrading from Alpha to Beta.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.