Thursday, April 26, 2018

Security Onion Basic and Advanced Training Classes in Columbia MD!

In addition to our recently announced 4-day Basic class in Augusta GA, we've just opened registration for two more classes!  Both of these classes will be in Columbia MD.  One we will be our 4-day Basic Class and the other will be our new 4-day Advanced Class!

The following discount code is good for 10% off any of these three training classes!
earlybird

This discount code expires on May 21, so register today!

For more details and to register, please see:
https://securityonionsolutions.com/onsitetraining

securityonion-desktop-gnome - 20180411-1ubuntu1securityonion7 now available for Security Onion!

The following package is now available:
securityonion-desktop-gnome - 20180411-1ubuntu1securityonion7

This package should resolve the following issues:

securityonion-desktop-gnome: add gedit #1241
https://github.com/Security-Onion-Solutions/security-onion/issues/1241

This package installs the Gnome Flashback desktop environment and a utility to switch from XFCE to Gnome Flashback.  This will help to ensure full support until we're ready to move off of Ubuntu 14.04.  The following page on our Wiki has instructions for either migrating from XFCE to Gnome Flashback OR totally disabling the GUI altogether:
https://securityonion.net/wiki/Desktop

Thanks
Thanks to Wes Lambert for testing the new package!

Training
We offer onsite and online training:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!

Wednesday, April 25, 2018

Elastic 6.2.4 and securityonion-elastic - 20180130-1ubuntu1securityonion78 now available for Security Onion!

The following are now available for Security Onion:


  • Elastic 6.2.4 Docker images
  • securityonion-elastic - 20180130-1ubuntu1securityonion78


This should resolve the following issue:

Elastic Stack 6.2.4 #1238
https://github.com/Security-Onion-Solutions/security-onion/issues/1238

Thanks
Thanks to the Elastic team for the Elastic Stack!
Thanks to Wes Lambert for testing!

Updating
If you have pre-release Elastic installations (Technology Previews, Alpha, Beta, RC1, RC2, etc.), we don't officially support upgrading to newer releases, but you can try the steps listed here:
https://securityonion.net/wiki/Elastic-RC4

Otherwise, if you are currently running our GA release (Elastic 6.2.3), you should be able to update using the standard update instructions:
https://securityonion.net/wiki/Upgrade

Training
We have a 4-day Security Onion training class coming up in Augusta, GA!  For this and other training options, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!

Thursday, April 19, 2018

Security Onion 4-day Training Class in Augusta GA with Early Bird Discount

Our wildly popular 4-day onsite training class has been scheduled for Augusta GA in October!  This training class is the same week as the Security Onion Conference and BSidesAugusta, so please consider attending all three events.

The following discount code is good for 10% off this training class only!
earlybird

This discount code expires on May 21, so register today!

For more details and to register, please see:
https://securityonionsolutions.com/onsitetraining

Wednesday, April 18, 2018

Security Onion 14.04.5.12 ISO image now available!

We have a new Security Onion 14.04.5.12 ISO image now available that contains all the latest Ubuntu and Security Onion updates as of April 16, 2018 and switches from the XFCE desktop environment to Gnome Flashback!  For more information about the Gnome Flashback desktop environment, please see:
https://blog.securityonion.net/2018/04/securityonion-desktop-gnome-20180411.html
https://securityonion.net/wiki/Desktop

This resolves the following issue:

Issue 1237: 14.04.5.12 ISO image
https://github.com/Security-Onion-Solutions/security-onion/issues/1237

This new ISO image has been tested by Wes Lambert.  Thanks, Wes!

New Installations
We've updated the Verify_ISO page for the new ISO image:
https://github.com/Security-Onion-Solutions/security-onion/blob/master/Verify_ISO.md

Please remember to verify the signature of the downloaded ISO image using the instructions on that page.

Existing Deployments
If you have existing installations based on a previous 14.04 ISO image, there is no need to download the new ISO image.  You can simply continue using our standard update process to install updated packages as they are made available:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Release Notes
For more information about this release, please see:
https://securityonion.net/wiki/14.04.5.12

Conference
Our annual Security Onion Conference will be Friday October 19, 2018:
https://securityonion.net/conference

Training
We offer onsite and online training:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!

securityonion-desktop-gnome - 20180411-1ubuntu1securityonion6 now available for Security Onion!

The following package is now available:
securityonion-desktop-gnome - 20180411-1ubuntu1securityonion6

This package should resolve the following issues:

securityonion-desktop-gnome - switch from XFCE to Gnome Flashback #1236
https://github.com/Security-Onion-Solutions/security-onion/issues/1236

This package installs the Gnome Flashback desktop environment and a utility to switch from XFCE to Gnome Flashback.  This will help to ensure full support until we're ready to move off of Ubuntu 14.04.  The following page on our Wiki has instructions for either migrating from XFCE to Gnome Flashback OR totally disabling the GUI altogether:
https://securityonion.net/wiki/Desktop

Thanks
Thanks to Wes Lambert for testing the new package!

Training
We offer onsite and online training:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!

Thursday, April 12, 2018

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion166 now available for Security Onion!

The following package is now available:
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion166

This package should resolve the following issues:

Issue 1227: NSM: change print_version to print_nsmnow_version
https://github.com/Security-Onion-Solutions/security-onion/issues/1227

Issue 1234: NSM: sensor cleanup fails when there are a high number of pcaps
https://github.com/Security-Onion-Solutions/security-onion/issues/1234

Thanks
Thanks to Wes Lambert for testing the new package!

Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade

Training
We offer onsite and online training:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!

Wednesday, April 11, 2018

NetworkMiner 2.3 now available for Security Onion!

NetworkMiner 2.3 was released recently:
http://www.netresec.com/?page=Blog&month=2018-04&post=NetworkMiner-2-3-Released

The following package is now available:
securityonion-networkminer - 20180410-1ubuntu1securityonion1

This package should resolve the following issues:

NetworkMiner 2.3 #1231
https://github.com/Security-Onion-Solutions/security-onion/issues/1231

Thanks
Thanks to Erik Hjelmvik for NetworkMiner 2.3!
Thanks to Wes Lambert for testing the new package!

Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade

Training
We offer onsite and online training:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!

Monday, April 9, 2018

6 month EOL notice for ELSA

This morning we released an updated Setup package and ISO image that both default to Elastic instead of ELSA:

https://blog.securityonion.net/2018/04/securityonion-setup-20120912.html


https://blog.securityonion.net/2018/04/security-onion-elastic-stack-general.html

ELSA will reach End Of Life (EOL) on October 9, 2018.  After that date, we will no longer provide updates or support of any kind for ELSA.

For more information, please see:

https://github.com/Security-Onion-Solutions/security-onion/wiki/ELSA#eol

https://github.com/Security-Onion-Solutions/security-onion/wiki/ELSA-to-Elastic

Security Onion Elastic Stack General Availability Release and Security Onion 14.04.5.11 ISO Image!

Over 1,000 git commits...

Over 12 months of integration work...

3 Technology Preview releases, 1 Alpha Release, 3 Beta releases, 4 Release Candidates...

Today we're excited to announce that our Elastic Stack integration has now reached General Availability (GA)!  This includes a new 14.04.5.11 ISO image that contains these GA components and all the latest Ubuntu and Security Onion updates as of March 28, 2018!


We'd like to say thanks to the following for their contributions to our Elastic Stack integration!
  • Elastic.co
  • Justin Henderson
  • Mark Baggett
  • Our entire Security Onion community for testing and feedback

GA Highlights

Issues Resolved

Issue 1225: 14.04.5.11 ISO image
https://github.com/Security-Onion-Solutions/security-onion/issues/1225

This new ISO image has been tested by Wes Lambert.  Thanks, Wes!

Known Issues
For known issues, please see the todo list for our next Elastic release:
https://github.com/Security-Onion-Solutions/security-onion/issues/1221

Release Notes
For more information about this release, please see:
https://securityonion.net/wiki/14.04.5.11
https://securityonion.net/wiki/elastic

New Installations
We've updated the Verify_ISO page for the new ISO image:
https://github.com/Security-Onion-Solutions/security-onion/blob/master/Verify_ISO.md

Please remember to verify the signature of the downloaded ISO image using the instructions on that page.

Please note the following minimum hardware requirements for the Elastic stack:
  • 2 CPU cores
  • 8GB RAM
For more information, please see the Hardware Requirements page on our Wiki:
https://securityonion.net/wiki/Hardware

Existing Deployments
If you have existing Elastic installations (Technology Preview, Alpha, Beta, or Release Candidate), we don't officially support upgrading to this GA release, but you can try the steps listed here:
https://securityonion.net/wiki/elastic-rc4

For best results, please perform a fresh installation using this new ISO image.

ELSA EOL
Please note that ELSA will reach End Of Life on October 9, 2018.  After that date, we will not provide any updates or any support for ELSA.  Please plan to migrate from ELSA to Elastic at your earliest convenience.  For best results, please perform a fresh Elastic installation on new hardware designed to meet Elastic hardware requirements.

Training
We offer both onsite and online training!  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Previous Releases
To see our progress over the last few months, please see the previous announcements:
https://blog.securityonion.net/2017/03/towards-elk-on-security-onion.html
https://blog.securityonion.net/2017/06/towards-elastic-on-security-onion.html
https://blog.securityonion.net/2017/07/towards-elastic-on-security-onion.html
https://blog.securityonion.net/2017/09/elastic-stack-alpha-release-and.html
https://blog.securityonion.net/2017/11/elastic-stack-beta-release-and-security.html
https://blog.securityonion.net/2017/11/elastic-stack-beta-2-release-and.html
https://blog.securityonion.net/2017/12/security-onion-elastic-stack-beta-3.html
https://blog.securityonion.net/2018/01/security-onion-elastic-stack-release.html
https://blog.securityonion.net/2018/02/security-onion-elastic-stack-release.html
https://blog.securityonion.net/2018/03/security-onion-elastic-stack-release.html
https://blog.securityonion.net/2018/03/security-onion-elastic-stack-release_28.html

Screenshot Tour
Security Onion 14.04.5.11 0328

Welcome to Setup

Network Configuration

Service Configuration

Evaluation Mode or Production Mode

Sniffing Interface Selection

Creating User Account

Setting Password

Confirming Password

Confirming Options

Setup Complete

Lots of new control scripts with naming convention of so-COMPONENT-VERB

Apache Single Sign On (SSO) for Squert, CapMe, and Kibana

Squert

CapMe

Kibana

Help

Bro Notices

ElastAlert

OSSEC Alerts

NIDS Alerts

Connections

DCE/RPC

DHCP

DNP3

DNS

Files

FTP

HTTP

Intel

IRC

Kerberos

Modbus

MySQL

NTLM

PE

RADIUS

RDP

RFB

SIP

SMB

SMTP

SNMP

Software

SSH

SSL

Syslog

Tunnels

Weird

X.509

Autoruns

Beats

OSSEC

Sysmon

Baby Domains

Firewall

Frequency Analysis

Stats

Syslog