The following are now available:
Docker images for Elastic 6.3.2, domainstats, freqserver, curator, and elastalert
securityonion-elastic - 20180130-1ubuntu1securityonion79 (14.04)
securityonion-elastic - 20180130-1ubuntu1securityonion119 (16.04)
This should resolve the following issues:
Issue 1294: Elastic 6.3.2
https://github.com/Security-Onion-Solutions/security-onion/issues/1294
For Security Onion 14.04, the updated securityonion-elastic package just changes the logstash config to match the new freq_server requirement. Therefore, you should not see any difference in dashboards or scripts.
For Security Onion 16.04, the updated securityonion-elastic package changes the logstash config and many other items. It should resolve the following issues:
Issue 1302: securityonion-elastic: dashboard updates
https://github.com/Security-Onion-Solutions/security-onion/issues/1302
Issue 1303: securityonion-elastic: disable delete all in Elasticsearch
https://github.com/Security-Onion-Solutions/security-onion/issues/1303
Issue 1298: securityonion-elastic: so-import-pcap should write to unique subdirectories
https://github.com/Security-Onion-Solutions/security-onion/issues/1298
Issue 1297: securityonion-elastic: add script to disable dark theme in Kibana
https://github.com/Security-Onion-Solutions/security-onion/issues/1297
Issue 1299: securityonion-elastic: add so-elasticsearch-template scripts
https://github.com/Security-Onion-Solutions/security-onion/issues/1299
Issue 1265: securityonion-elastic: Rotate /var/log/kibana/kibana.log
https://github.com/Security-Onion-Solutions/security-onion/issues/1265
Issue 1301: securityonion-elastic: provide option to tail log after restart
https://github.com/Security-Onion-Solutions/security-onion/issues/1301
Issue 1269: securityonion-elastic: Logstash should include all inputs
https://github.com/Security-Onion-Solutions/security-onion/issues/1269
Issue 1267: securityonion-elastic: so-elastalert-test
https://github.com/Security-Onion-Solutions/security-onion/issues/1267
Issue 1268: securityonion-elastic: so-elastalert-create
https://github.com/Security-Onion-Solutions/security-onion/issues/1268
Thanks
Thanks to the Elastic team for Elastic 6.3.2!
Thanks to Mark Baggett for the new versions of domainstats and freqserver!
Thanks to Bryant Treacle for so-elastalert-test and so-elastalert-create!
Thanks to Seth Grover for so-import-pcap updates!
Thanks to Wes Lambert for submitting several pull requests and testing these new packages!
Screenshots
|
Dashboards default to Dark Theme |
|
If you want to switch to Light Theme, just run 'sudo so-elastic-configure-kibana-dashboards-light' |
|
All dashboards are now set to Light Theme |
|
If you want to return to Dark Theme, just run 'sudo so-elastic-configure-kibana-dashboards' |
Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade
Conference
Registration is now open for our annual Security Onion Conference in Augusta GA!
http://socaugusta2018.eventbrite.com/
Training
We have 4-day Security Onion training classes coming up in Maryland and Georgia! If you can't make it to any of these onsite classes, we have a new online training platform! For more information and other training options, please see:
https://securityonionsolutions.com
Support
Need support? Please see:
https://securityonion.net/wiki/Support
Thanks!