Monday, April 9, 2018

Security Onion Elastic Stack General Availability Release and Security Onion 14.04.5.11 ISO Image!

Over 1,000 git commits...

Over 12 months of integration work...

3 Technology Preview releases, 1 Alpha Release, 3 Beta releases, 4 Release Candidates...

Today we're excited to announce that our Elastic Stack integration has now reached General Availability (GA)!  This includes a new 14.04.5.11 ISO image that contains these GA components and all the latest Ubuntu and Security Onion updates as of March 28, 2018!


We'd like to say thanks to the following for their contributions to our Elastic Stack integration!
  • Elastic.co
  • Justin Henderson
  • Mark Baggett
  • Our entire Security Onion community for testing and feedback

GA Highlights

Issues Resolved

Issue 1225: 14.04.5.11 ISO image
https://github.com/Security-Onion-Solutions/security-onion/issues/1225

This new ISO image has been tested by Wes Lambert.  Thanks, Wes!

Known Issues
For known issues, please see the todo list for our next Elastic release:
https://github.com/Security-Onion-Solutions/security-onion/issues/1221

Release Notes
For more information about this release, please see:
https://securityonion.net/wiki/14.04.5.11
https://securityonion.net/wiki/elastic

New Installations
We've updated the Verify_ISO page for the new ISO image:
https://github.com/Security-Onion-Solutions/security-onion/blob/master/Verify_ISO.md

Please remember to verify the signature of the downloaded ISO image using the instructions on that page.

Please note the following minimum hardware requirements for the Elastic stack:
  • 2 CPU cores
  • 8GB RAM
For more information, please see the Hardware Requirements page on our Wiki:
https://securityonion.net/wiki/Hardware

Existing Deployments
If you have existing Elastic installations (Technology Preview, Alpha, Beta, or Release Candidate), we don't officially support upgrading to this GA release, but you can try the steps listed here:
https://securityonion.net/wiki/elastic-rc4

For best results, please perform a fresh installation using this new ISO image.

ELSA EOL
Please note that ELSA will reach End Of Life on October 9, 2018.  After that date, we will not provide any updates or any support for ELSA.  Please plan to migrate from ELSA to Elastic at your earliest convenience.  For best results, please perform a fresh Elastic installation on new hardware designed to meet Elastic hardware requirements.

Training
We offer both onsite and online training!  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Previous Releases
To see our progress over the last few months, please see the previous announcements:
https://blog.securityonion.net/2017/03/towards-elk-on-security-onion.html
https://blog.securityonion.net/2017/06/towards-elastic-on-security-onion.html
https://blog.securityonion.net/2017/07/towards-elastic-on-security-onion.html
https://blog.securityonion.net/2017/09/elastic-stack-alpha-release-and.html
https://blog.securityonion.net/2017/11/elastic-stack-beta-release-and-security.html
https://blog.securityonion.net/2017/11/elastic-stack-beta-2-release-and.html
https://blog.securityonion.net/2017/12/security-onion-elastic-stack-beta-3.html
https://blog.securityonion.net/2018/01/security-onion-elastic-stack-release.html
https://blog.securityonion.net/2018/02/security-onion-elastic-stack-release.html
https://blog.securityonion.net/2018/03/security-onion-elastic-stack-release.html
https://blog.securityonion.net/2018/03/security-onion-elastic-stack-release_28.html

Screenshot Tour
Security Onion 14.04.5.11 0328

Welcome to Setup

Network Configuration

Service Configuration

Evaluation Mode or Production Mode

Sniffing Interface Selection

Creating User Account

Setting Password

Confirming Password

Confirming Options

Setup Complete

Lots of new control scripts with naming convention of so-COMPONENT-VERB

Apache Single Sign On (SSO) for Squert, CapMe, and Kibana

Squert

CapMe

Kibana

Help

Bro Notices

ElastAlert

OSSEC Alerts

NIDS Alerts

Connections

DCE/RPC

DHCP

DNP3

DNS

Files

FTP

HTTP

Intel

IRC

Kerberos

Modbus

MySQL

NTLM

PE

RADIUS

RDP

RFB

SIP

SMB

SMTP

SNMP

Software

SSH

SSL

Syslog

Tunnels

Weird

X.509

Autoruns

Beats

OSSEC

Sysmon

Baby Domains

Firewall

Frequency Analysis

Stats

Syslog

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.