Monday, August 27, 2018

Elastic 6.3.2 now available for Security Onion!

The following are now available:
Docker images for Elastic 6.3.2, domainstats, freqserver, curator, and elastalert
securityonion-elastic - 20180130-1ubuntu1securityonion79 (14.04)
securityonion-elastic - 20180130-1ubuntu1securityonion119 (16.04)

This should resolve the following issues:

Issue 1294: Elastic 6.3.2

For Security Onion 14.04, the updated securityonion-elastic package just changes the logstash config to match the new freq_server requirement.  Therefore, you should not see any difference in dashboards or scripts.

For Security Onion 16.04, the updated securityonion-elastic package changes the logstash config and many other items.  It should resolve the following issues:

Issue 1302: securityonion-elastic: dashboard updates

Issue 1303: securityonion-elastic: disable delete all in Elasticsearch

Issue 1298: securityonion-elastic: so-import-pcap should write to unique subdirectories

Issue 1297: securityonion-elastic: add script to disable dark theme in Kibana

Issue 1299: securityonion-elastic: add so-elasticsearch-template scripts

Issue 1265: securityonion-elastic: Rotate /var/log/kibana/kibana.log

Issue 1301: securityonion-elastic: provide option to tail log after restart

Issue 1269: securityonion-elastic: Logstash should include all inputs

Issue 1267: securityonion-elastic: so-elastalert-test

Issue 1268: securityonion-elastic: so-elastalert-create

Thanks to the Elastic team for Elastic 6.3.2!
Thanks to Mark Baggett for the new versions of domainstats and freqserver!
Thanks to Bryant Treacle for so-elastalert-test and so-elastalert-create!
Thanks to Seth Grover for so-import-pcap updates!
Thanks to Wes Lambert for submitting several pull requests and testing these new packages!


Dashboards default to Dark Theme

If you want to switch to Light Theme, just run 'sudo so-elastic-configure-kibana-dashboards-light'

All dashboards are now set to Light Theme

If you want to return to Dark Theme, just run 'sudo so-elastic-configure-kibana-dashboards'

Please see the following page for full update instructions:

Registration is now open for our annual Security Onion Conference in Augusta GA!

We have 4-day Security Onion training classes coming up in Maryland and Georgia!  If you can't make it to any of these onsite classes, we have a new online training platform!  For more information and other training options, please see:

Need support?  Please see:


No comments: