In addition to our recently announced 4-day Basic class in Augusta GA, we've just opened registration for two more classes! Both of these classes will be in Columbia MD. One we will be our 4-day Basic Class and the other will be our new 4-day Advanced Class!
The following discount code is good for 10% off any of these three training classes!
earlybird
This discount code expires on May 21, so register today!
For more details and to register, please see:
https://securityonionsolutions.com/onsitetraining
Thursday, April 26, 2018
securityonion-desktop-gnome - 20180411-1ubuntu1securityonion7 now available for Security Onion!
The following package is now available:
securityonion-desktop-gnome - 20180411-1ubuntu1securityonion7
This package should resolve the following issues:
securityonion-desktop-gnome: add gedit #1241
https://github.com/Security-Onion-Solutions/security-onion/issues/1241
This package installs the Gnome Flashback desktop environment and a utility to switch from XFCE to Gnome Flashback. This will help to ensure full support until we're ready to move off of Ubuntu 14.04. The following page on our Wiki has instructions for either migrating from XFCE to Gnome Flashback OR totally disabling the GUI altogether:
https://securityonion.net/wiki/Desktop
Thanks
Thanks to Wes Lambert for testing the new package!
Training
We offer onsite and online training:
https://securityonionsolutions.com
Support
Need support? Please see:
https://securityonion.net/wiki/Support
Thanks!
securityonion-desktop-gnome - 20180411-1ubuntu1securityonion7
This package should resolve the following issues:
securityonion-desktop-gnome: add gedit #1241
https://github.com/Security-Onion-Solutions/security-onion/issues/1241
This package installs the Gnome Flashback desktop environment and a utility to switch from XFCE to Gnome Flashback. This will help to ensure full support until we're ready to move off of Ubuntu 14.04. The following page on our Wiki has instructions for either migrating from XFCE to Gnome Flashback OR totally disabling the GUI altogether:
https://securityonion.net/wiki/Desktop
Thanks
Thanks to Wes Lambert for testing the new package!
Training
We offer onsite and online training:
https://securityonionsolutions.com
Support
Need support? Please see:
https://securityonion.net/wiki/Support
Thanks!
Wednesday, April 25, 2018
Elastic 6.2.4 and securityonion-elastic - 20180130-1ubuntu1securityonion78 now available for Security Onion!
The following are now available for Security Onion:
This should resolve the following issue:
Elastic Stack 6.2.4 #1238
https://github.com/Security-Onion-Solutions/security-onion/issues/1238
Thanks
Thanks to the Elastic team for the Elastic Stack!
Thanks to Wes Lambert for testing!
Updating
If you have pre-release Elastic installations (Technology Previews, Alpha, Beta, RC1, RC2, etc.), we don't officially support upgrading to newer releases, but you can try the steps listed here:
https://securityonion.net/wiki/Elastic-RC4
Otherwise, if you are currently running our GA release (Elastic 6.2.3), you should be able to update using the standard update instructions:
https://securityonion.net/wiki/Upgrade
Training
We have a 4-day Security Onion training class coming up in Augusta, GA! For this and other training options, please see:
https://securityonionsolutions.com
Support
Need support? Please see:
https://securityonion.net/wiki/Support
Thanks!
- Elastic 6.2.4 Docker images
- securityonion-elastic - 20180130-1ubuntu1securityonion78
This should resolve the following issue:
Elastic Stack 6.2.4 #1238
https://github.com/Security-Onion-Solutions/security-onion/issues/1238
Thanks
Thanks to the Elastic team for the Elastic Stack!
Thanks to Wes Lambert for testing!
Updating
If you have pre-release Elastic installations (Technology Previews, Alpha, Beta, RC1, RC2, etc.), we don't officially support upgrading to newer releases, but you can try the steps listed here:
https://securityonion.net/wiki/Elastic-RC4
Otherwise, if you are currently running our GA release (Elastic 6.2.3), you should be able to update using the standard update instructions:
https://securityonion.net/wiki/Upgrade
Training
We have a 4-day Security Onion training class coming up in Augusta, GA! For this and other training options, please see:
https://securityonionsolutions.com
Support
Need support? Please see:
https://securityonion.net/wiki/Support
Thanks!
Thursday, April 19, 2018
Security Onion 4-day Training Class in Augusta GA with Early Bird Discount
Our wildly popular 4-day onsite training class has been scheduled for Augusta GA in October! This training class is the same week as the Security Onion Conference and BSidesAugusta, so please consider attending all three events.
The following discount code is good for 10% off this training class only!
earlybird
This discount code expires on May 21, so register today!
For more details and to register, please see:
https://securityonionsolutions.com/onsitetraining
The following discount code is good for 10% off this training class only!
earlybird
This discount code expires on May 21, so register today!
For more details and to register, please see:
https://securityonionsolutions.com/onsitetraining
Wednesday, April 18, 2018
Security Onion 14.04.5.12 ISO image now available!
We have a new Security Onion 14.04.5.12 ISO image now available that contains all the latest Ubuntu and Security Onion updates as of April 16, 2018 and switches from the XFCE desktop environment to Gnome Flashback! For more information about the Gnome Flashback desktop environment, please see:
https://blog.securityonion.net/2018/04/securityonion-desktop-gnome-20180411.html
https://securityonion.net/wiki/Desktop
This resolves the following issue:
Issue 1237: 14.04.5.12 ISO image
https://github.com/Security-Onion-Solutions/security-onion/issues/1237
This new ISO image has been tested by Wes Lambert. Thanks, Wes!
New Installations
We've updated the Verify_ISO page for the new ISO image:
https://github.com/Security-Onion-Solutions/security-onion/blob/master/Verify_ISO.md
Please remember to verify the signature of the downloaded ISO image using the instructions on that page.
Existing Deployments
If you have existing installations based on a previous 14.04 ISO image, there is no need to download the new ISO image. You can simply continue using our standard update process to install updated packages as they are made available:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade
Release Notes
For more information about this release, please see:
https://securityonion.net/wiki/14.04.5.12
Conference
Our annual Security Onion Conference will be Friday October 19, 2018:
https://securityonion.net/conference
Training
We offer onsite and online training:
https://securityonionsolutions.com
Support
Need support? Please see:
https://securityonion.net/wiki/Support
Thanks!
https://blog.securityonion.net/2018/04/securityonion-desktop-gnome-20180411.html
https://securityonion.net/wiki/Desktop
This resolves the following issue:
Issue 1237: 14.04.5.12 ISO image
https://github.com/Security-Onion-Solutions/security-onion/issues/1237
This new ISO image has been tested by Wes Lambert. Thanks, Wes!
New Installations
We've updated the Verify_ISO page for the new ISO image:
https://github.com/Security-Onion-Solutions/security-onion/blob/master/Verify_ISO.md
Please remember to verify the signature of the downloaded ISO image using the instructions on that page.
Existing Deployments
If you have existing installations based on a previous 14.04 ISO image, there is no need to download the new ISO image. You can simply continue using our standard update process to install updated packages as they are made available:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade
Release Notes
For more information about this release, please see:
https://securityonion.net/wiki/14.04.5.12
Conference
Our annual Security Onion Conference will be Friday October 19, 2018:
https://securityonion.net/conference
Training
We offer onsite and online training:
https://securityonionsolutions.com
Support
Need support? Please see:
https://securityonion.net/wiki/Support
Thanks!
securityonion-desktop-gnome - 20180411-1ubuntu1securityonion6 now available for Security Onion!
The following package is now available:
securityonion-desktop-gnome - 20180411-1ubuntu1securityonion6
This package should resolve the following issues:
securityonion-desktop-gnome - switch from XFCE to Gnome Flashback #1236
https://github.com/Security-Onion-Solutions/security-onion/issues/1236
This package installs the Gnome Flashback desktop environment and a utility to switch from XFCE to Gnome Flashback. This will help to ensure full support until we're ready to move off of Ubuntu 14.04. The following page on our Wiki has instructions for either migrating from XFCE to Gnome Flashback OR totally disabling the GUI altogether:
https://securityonion.net/wiki/Desktop
Thanks
Thanks to Wes Lambert for testing the new package!
Training
We offer onsite and online training:
https://securityonionsolutions.com
Support
Need support? Please see:
https://securityonion.net/wiki/Support
Thanks!
securityonion-desktop-gnome - 20180411-1ubuntu1securityonion6
This package should resolve the following issues:
securityonion-desktop-gnome - switch from XFCE to Gnome Flashback #1236
https://github.com/Security-Onion-Solutions/security-onion/issues/1236
This package installs the Gnome Flashback desktop environment and a utility to switch from XFCE to Gnome Flashback. This will help to ensure full support until we're ready to move off of Ubuntu 14.04. The following page on our Wiki has instructions for either migrating from XFCE to Gnome Flashback OR totally disabling the GUI altogether:
https://securityonion.net/wiki/Desktop
Thanks
Thanks to Wes Lambert for testing the new package!
Training
We offer onsite and online training:
https://securityonionsolutions.com
Support
Need support? Please see:
https://securityonion.net/wiki/Support
Thanks!
Thursday, April 12, 2018
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion166 now available for Security Onion!
The following package is now available:
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion166
This package should resolve the following issues:
Issue 1227: NSM: change print_version to print_nsmnow_version
https://github.com/Security-Onion-Solutions/security-onion/issues/1227
Issue 1234: NSM: sensor cleanup fails when there are a high number of pcaps
https://github.com/Security-Onion-Solutions/security-onion/issues/1234
Thanks
Thanks to Wes Lambert for testing the new package!
Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade
Training
We offer onsite and online training:
https://securityonionsolutions.com
Support
Need support? Please see:
https://securityonion.net/wiki/Support
Thanks!
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion166
This package should resolve the following issues:
Issue 1227: NSM: change print_version to print_nsmnow_version
https://github.com/Security-Onion-Solutions/security-onion/issues/1227
Issue 1234: NSM: sensor cleanup fails when there are a high number of pcaps
https://github.com/Security-Onion-Solutions/security-onion/issues/1234
Thanks
Thanks to Wes Lambert for testing the new package!
Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade
Training
We offer onsite and online training:
https://securityonionsolutions.com
Support
Need support? Please see:
https://securityonion.net/wiki/Support
Thanks!
Wednesday, April 11, 2018
NetworkMiner 2.3 now available for Security Onion!
NetworkMiner 2.3 was released recently:
http://www.netresec.com/?page=Blog&month=2018-04&post=NetworkMiner-2-3-Released
The following package is now available:
securityonion-networkminer - 20180410-1ubuntu1securityonion1
This package should resolve the following issues:
NetworkMiner 2.3 #1231
https://github.com/Security-Onion-Solutions/security-onion/issues/1231
Thanks
Thanks to Erik Hjelmvik for NetworkMiner 2.3!
Thanks to Wes Lambert for testing the new package!
Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade
Training
We offer onsite and online training:
https://securityonionsolutions.com
Support
Need support? Please see:
https://securityonion.net/wiki/Support
Thanks!
http://www.netresec.com/?page=Blog&month=2018-04&post=NetworkMiner-2-3-Released
The following package is now available:
securityonion-networkminer - 20180410-1ubuntu1securityonion1
This package should resolve the following issues:
NetworkMiner 2.3 #1231
https://github.com/Security-Onion-Solutions/security-onion/issues/1231
Thanks
Thanks to Erik Hjelmvik for NetworkMiner 2.3!
Thanks to Wes Lambert for testing the new package!
Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade
Training
We offer onsite and online training:
https://securityonionsolutions.com
Support
Need support? Please see:
https://securityonion.net/wiki/Support
Thanks!
Monday, April 9, 2018
6 month EOL notice for ELSA
This morning we released an updated Setup package and ISO image that both default to Elastic instead of ELSA:
https://blog.securityonion.net/2018/04/securityonion-setup-20120912.html
https://blog.securityonion.net/2018/04/security-onion-elastic-stack-general.html
ELSA will reach End Of Life (EOL) on October 9, 2018. After that date, we will no longer provide updates or support of any kind for ELSA.
For more information, please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/ELSA#eol
https://github.com/Security-Onion-Solutions/security-onion/wiki/ELSA-to-Elastic
https://blog.securityonion.net/2018/04/securityonion-setup-20120912.html
https://blog.securityonion.net/2018/04/security-onion-elastic-stack-general.html
ELSA will reach End Of Life (EOL) on October 9, 2018. After that date, we will no longer provide updates or support of any kind for ELSA.
For more information, please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/ELSA#eol
https://github.com/Security-Onion-Solutions/security-onion/wiki/ELSA-to-Elastic
Security Onion Elastic Stack General Availability Release and Security Onion 14.04.5.11 ISO Image!
Over 1,000 git commits...
Over 12 months of integration work...
3 Technology Preview releases, 1 Alpha Release, 3 Beta releases, 4 Release Candidates...
Today we're excited to announce that our Elastic Stack integration has now reached General Availability (GA)! This includes a new 14.04.5.11 ISO image that contains these GA components and all the latest Ubuntu and Security Onion updates as of March 28, 2018!
We'd like to say thanks to the following for their contributions to our Elastic Stack integration!
GA Highlights
Issues Resolved
Issue 1225: 14.04.5.11 ISO image
https://github.com/Security-Onion-Solutions/security-onion/issues/1225
This new ISO image has been tested by Wes Lambert. Thanks, Wes!
Known Issues
For known issues, please see the todo list for our next Elastic release:
https://github.com/Security-Onion-Solutions/security-onion/issues/1221
Release Notes
For more information about this release, please see:
https://securityonion.net/wiki/14.04.5.11
https://securityonion.net/wiki/elastic
New Installations
We've updated the Verify_ISO page for the new ISO image:
https://github.com/Security-Onion-Solutions/security-onion/blob/master/Verify_ISO.md
Please remember to verify the signature of the downloaded ISO image using the instructions on that page.
Please note the following minimum hardware requirements for the Elastic stack:
https://securityonion.net/wiki/Hardware
Existing Deployments
If you have existing Elastic installations (Technology Preview, Alpha, Beta, or Release Candidate), we don't officially support upgrading to this GA release, but you can try the steps listed here:
https://securityonion.net/wiki/elastic-rc4
For best results, please perform a fresh installation using this new ISO image.
ELSA EOL
Please note that ELSA will reach End Of Life on October 9, 2018. After that date, we will not provide any updates or any support for ELSA. Please plan to migrate from ELSA to Elastic at your earliest convenience. For best results, please perform a fresh Elastic installation on new hardware designed to meet Elastic hardware requirements.
Training
We offer both onsite and online training! For more information, please see:
https://securityonionsolutions.com
Support
Need support? Please see:
https://securityonion.net/wiki/Support
Previous Releases
To see our progress over the last few months, please see the previous announcements:
https://blog.securityonion.net/2017/03/towards-elk-on-security-onion.html
https://blog.securityonion.net/2017/06/towards-elastic-on-security-onion.html
https://blog.securityonion.net/2017/07/towards-elastic-on-security-onion.html
https://blog.securityonion.net/2017/09/elastic-stack-alpha-release-and.html
https://blog.securityonion.net/2017/11/elastic-stack-beta-release-and-security.html
https://blog.securityonion.net/2017/11/elastic-stack-beta-2-release-and.html
https://blog.securityonion.net/2017/12/security-onion-elastic-stack-beta-3.html
https://blog.securityonion.net/2018/01/security-onion-elastic-stack-release.html
https://blog.securityonion.net/2018/02/security-onion-elastic-stack-release.html
https://blog.securityonion.net/2018/03/security-onion-elastic-stack-release.html
https://blog.securityonion.net/2018/03/security-onion-elastic-stack-release_28.html
Screenshot Tour
3 Technology Preview releases, 1 Alpha Release, 3 Beta releases, 4 Release Candidates...
Today we're excited to announce that our Elastic Stack integration has now reached General Availability (GA)! This includes a new 14.04.5.11 ISO image that contains these GA components and all the latest Ubuntu and Security Onion updates as of March 28, 2018!
We'd like to say thanks to the following for their contributions to our Elastic Stack integration!
- Elastic.co
- Justin Henderson
- Mark Baggett
- Our entire Security Onion community for testing and feedback
GA Highlights
- All Ubuntu and Security Onion updates as of 2018/3/28
- Setup now defaults to Elastic instead of ELSA
- No changes to Elastic Stack since Release Candidate 4:
https://blog.securityonion.net/2018/03/security-onion-elastic-stack-release_28.html
Issues Resolved
Issue 1225: 14.04.5.11 ISO image
https://github.com/Security-Onion-Solutions/security-onion/issues/1225
This new ISO image has been tested by Wes Lambert. Thanks, Wes!
Known Issues
For known issues, please see the todo list for our next Elastic release:
https://github.com/Security-Onion-Solutions/security-onion/issues/1221
Release Notes
For more information about this release, please see:
https://securityonion.net/wiki/14.04.5.11
https://securityonion.net/wiki/elastic
New Installations
We've updated the Verify_ISO page for the new ISO image:
https://github.com/Security-Onion-Solutions/security-onion/blob/master/Verify_ISO.md
Please remember to verify the signature of the downloaded ISO image using the instructions on that page.
Please note the following minimum hardware requirements for the Elastic stack:
- 2 CPU cores
- 8GB RAM
https://securityonion.net/wiki/Hardware
Existing Deployments
If you have existing Elastic installations (Technology Preview, Alpha, Beta, or Release Candidate), we don't officially support upgrading to this GA release, but you can try the steps listed here:
https://securityonion.net/wiki/elastic-rc4
For best results, please perform a fresh installation using this new ISO image.
ELSA EOL
Please note that ELSA will reach End Of Life on October 9, 2018. After that date, we will not provide any updates or any support for ELSA. Please plan to migrate from ELSA to Elastic at your earliest convenience. For best results, please perform a fresh Elastic installation on new hardware designed to meet Elastic hardware requirements.
Training
We offer both onsite and online training! For more information, please see:
https://securityonionsolutions.com
Support
Need support? Please see:
https://securityonion.net/wiki/Support
Previous Releases
To see our progress over the last few months, please see the previous announcements:
https://blog.securityonion.net/2017/03/towards-elk-on-security-onion.html
https://blog.securityonion.net/2017/06/towards-elastic-on-security-onion.html
https://blog.securityonion.net/2017/07/towards-elastic-on-security-onion.html
https://blog.securityonion.net/2017/09/elastic-stack-alpha-release-and.html
https://blog.securityonion.net/2017/11/elastic-stack-beta-release-and-security.html
https://blog.securityonion.net/2017/11/elastic-stack-beta-2-release-and.html
https://blog.securityonion.net/2017/12/security-onion-elastic-stack-beta-3.html
https://blog.securityonion.net/2018/01/security-onion-elastic-stack-release.html
https://blog.securityonion.net/2018/02/security-onion-elastic-stack-release.html
https://blog.securityonion.net/2018/03/security-onion-elastic-stack-release.html
https://blog.securityonion.net/2018/03/security-onion-elastic-stack-release_28.html
Screenshot Tour
 |
| Security Onion 14.04.5.11 0328 |
 |
| Welcome to Setup |
 |
| Network Configuration |
 |
| Service Configuration |
 |
| Evaluation Mode or Production Mode |
 |
| Sniffing Interface Selection |
 |
| Creating User Account |
 |
| Setting Password |
 |
| Confirming Password |
 |
| Confirming Options |
 |
| Setup Complete |
 |
| Lots of new control scripts with naming convention of so-COMPONENT-VERB |
 |
| Apache Single Sign On (SSO) for Squert, CapMe, and Kibana |
 |
| Squert |
 |
| CapMe |
 |
| Kibana |
 |
| Help |
 |
| Bro Notices |
 |
| ElastAlert |
 |
| OSSEC Alerts |
 |
| NIDS Alerts |
 |
| Connections |
 |
| DCE/RPC |
 |
| DHCP |
 |
| DNP3 |
 |
| DNS |
 |
| Files |
 |
| FTP |
 |
| HTTP |
 |
| Intel |
 |
| IRC |
 |
| Kerberos |
 |
| Modbus |
 |
| MySQL |
 |
| NTLM |
 |
| PE |
 |
| RADIUS |
 |
| RDP |
 |
| RFB |
 |
| SIP |
 |
| SMB |
 |
| SMTP |
 |
| SNMP |
 |
| Software |
 |
| SSH |
 |
| SSL |
 |
| Syslog |
 |
| Tunnels |
 |
| Weird |
 |
| X.509 |
 |
| Autoruns |
 |
| Beats |
 |
| OSSEC |
 |
| Sysmon |
 |
| Baby Domains |
 |
| Firewall |
 |
| Frequency Analysis |
 |
| Stats |
 |
| Syslog |