Monday, August 27, 2018

Elastic 6.3.2 now available for Security Onion!

The following are now available:
Docker images for Elastic 6.3.2, domainstats, freqserver, curator, and elastalert
securityonion-elastic - 20180130-1ubuntu1securityonion79 (14.04)
securityonion-elastic - 20180130-1ubuntu1securityonion119 (16.04)

This should resolve the following issues:

Issue 1294: Elastic 6.3.2
https://github.com/Security-Onion-Solutions/security-onion/issues/1294

For Security Onion 14.04, the updated securityonion-elastic package just changes the logstash config to match the new freq_server requirement.  Therefore, you should not see any difference in dashboards or scripts.

For Security Onion 16.04, the updated securityonion-elastic package changes the logstash config and many other items.  It should resolve the following issues:

Issue 1302: securityonion-elastic: dashboard updates
https://github.com/Security-Onion-Solutions/security-onion/issues/1302

Issue 1303: securityonion-elastic: disable delete all in Elasticsearch
https://github.com/Security-Onion-Solutions/security-onion/issues/1303

Issue 1298: securityonion-elastic: so-import-pcap should write to unique subdirectories
https://github.com/Security-Onion-Solutions/security-onion/issues/1298

Issue 1297: securityonion-elastic: add script to disable dark theme in Kibana
https://github.com/Security-Onion-Solutions/security-onion/issues/1297

Issue 1299: securityonion-elastic: add so-elasticsearch-template scripts
https://github.com/Security-Onion-Solutions/security-onion/issues/1299

Issue 1265: securityonion-elastic: Rotate /var/log/kibana/kibana.log
https://github.com/Security-Onion-Solutions/security-onion/issues/1265

Issue 1301: securityonion-elastic: provide option to tail log after restart
https://github.com/Security-Onion-Solutions/security-onion/issues/1301

Issue 1269: securityonion-elastic: Logstash should include all inputs
https://github.com/Security-Onion-Solutions/security-onion/issues/1269

Issue 1267: securityonion-elastic: so-elastalert-test
https://github.com/Security-Onion-Solutions/security-onion/issues/1267

Issue 1268: securityonion-elastic: so-elastalert-create
https://github.com/Security-Onion-Solutions/security-onion/issues/1268

Thanks
Thanks to the Elastic team for Elastic 6.3.2!
Thanks to Mark Baggett for the new versions of domainstats and freqserver!
Thanks to Bryant Treacle for so-elastalert-test and so-elastalert-create!
Thanks to Seth Grover for so-import-pcap updates!
Thanks to Wes Lambert for submitting several pull requests and testing these new packages!

Screenshots

Dashboards default to Dark Theme

If you want to switch to Light Theme, just run 'sudo so-elastic-configure-kibana-dashboards-light'

All dashboards are now set to Light Theme

If you want to return to Dark Theme, just run 'sudo so-elastic-configure-kibana-dashboards'


Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade

Conference
Registration is now open for our annual Security Onion Conference in Augusta GA!
http://socaugusta2018.eventbrite.com/

Training
We have 4-day Security Onion training classes coming up in Maryland and Georgia!  If you can't make it to any of these onsite classes, we have a new online training platform!  For more information and other training options, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!

No comments:

Search This Blog

Featured Post

New Security Onion Online Training Class - Detection Engineering with Security Onion!

We've just added an exciting new course to our online Security Onion 2.4 training catalog! It's called "Detection Engineering w...

Popular Posts

Blog Archive