The following package is now available:
securityonion-sostat - 20120722-0ubuntu0securityonion111
This should resolve the following issues:
sostat: adjust FREQ_SERVER_RESPONSE to accommodate updates #1332
https://github.com/Security-Onion-Solutions/security-onion/issues/1332
Thanks
Thanks to Wes Lambert for updating sostat and testing this new package!
Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade
Conference
Registration is now open for our annual Security Onion Conference in Augusta GA!
http://socaugusta2018.eventbrite.com/
Training
We have a 4-day Security Onion training class coming up in Augusta, Georgia! If you can't make it to this onsite class, we have a new online training platform! For more information and other training options, please see:
https://securityonionsolutions.com
Support
Need support? Please see:
https://securityonion.net/wiki/Support
Thanks!
Thursday, September 20, 2018
Monday, September 10, 2018
securityonion-sostat - 20120722-0ubuntu0securityonion110 now available for Security Onion 16.04!
The following package is now available:
securityonion-sostat - 20120722-0ubuntu0securityonion110
This should resolve the following issues:
sostat: provide PF_RING loss as percentage #1318
https://github.com/Security-Onion-Solutions/security-onion/issues/1318
Screenshots
Thanks
Thanks to Wes Lambert for updating sostat and testing this new package!
Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade
Conference
Registration is now open for our annual Security Onion Conference in Augusta GA!
http://socaugusta2018.eventbrite.com/
Training
We have 4-day Security Onion training classes coming up in Maryland and Georgia! If you can't make it to any of these onsite classes, we have a new online training platform! For more information and other training options, please see:
https://securityonionsolutions.com
Support
Need support? Please see:
https://securityonion.net/wiki/Support
Thanks!
securityonion-sostat - 20120722-0ubuntu0securityonion110
This should resolve the following issues:
sostat: provide PF_RING loss as percentage #1318
https://github.com/Security-Onion-Solutions/security-onion/issues/1318
Screenshots
 |
| sostat now shows PF_RING packet loss as a percentage |
Thanks
Thanks to Wes Lambert for updating sostat and testing this new package!
Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade
Conference
Registration is now open for our annual Security Onion Conference in Augusta GA!
http://socaugusta2018.eventbrite.com/
Training
We have 4-day Security Onion training classes coming up in Maryland and Georgia! If you can't make it to any of these onsite classes, we have a new online training platform! For more information and other training options, please see:
https://securityonionsolutions.com
Support
Need support? Please see:
https://securityonion.net/wiki/Support
Thanks!
securityonion-setup - 20120912-0ubuntu0securityonion276 now available for Security Onion 16.04!
The following package is now available:
securityonion-setup - 20120912-0ubuntu0securityonion276
This should resolve the following issues:
so-allow: fix verbiage for ES REST Endpoint #1325
https://github.com/Security-Onion-Solutions/security-onion/issues/1325
securityonion-setup: increase MySQL open files limit #1322
https://github.com/Security-Onion-Solutions/security-onion/issues/1322
Screenshots
Thanks
Thanks to Wes Lambert for updating so-allow and testing this new package!
Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade
Conference
Registration is now open for our annual Security Onion Conference in Augusta GA!
http://socaugusta2018.eventbrite.com/
Training
We have 4-day Security Onion training classes coming up in Maryland and Georgia! If you can't make it to any of these onsite classes, we have a new online training platform! For more information and other training options, please see:
https://securityonionsolutions.com
Support
Need support? Please see:
https://securityonion.net/wiki/Support
Thanks!
securityonion-setup - 20120912-0ubuntu0securityonion276
This should resolve the following issues:
so-allow: fix verbiage for ES REST Endpoint #1325
https://github.com/Security-Onion-Solutions/security-onion/issues/1325
securityonion-setup: increase MySQL open files limit #1322
https://github.com/Security-Onion-Solutions/security-onion/issues/1322
Screenshots
 |
| MySQL open_files_limit |
 |
| so-allow |
Thanks
Thanks to Wes Lambert for updating so-allow and testing this new package!
Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade
Conference
Registration is now open for our annual Security Onion Conference in Augusta GA!
http://socaugusta2018.eventbrite.com/
Training
We have 4-day Security Onion training classes coming up in Maryland and Georgia! If you can't make it to any of these onsite classes, we have a new online training platform! For more information and other training options, please see:
https://securityonionsolutions.com
Support
Need support? Please see:
https://securityonion.net/wiki/Support
Thanks!
Tuesday, September 4, 2018
Security Onion 16.04.5.2 now available!
Security Onion 16.04.5.2 is now available!
Issues Resolved
Issue 1317: pinguybuilder: increment version to 16.04.5.2
https://github.com/Security-Onion-Solutions/security-onion/issues/1317
Issue 1304: 16.04.5.2 ISO image
https://github.com/Security-Onion-Solutions/security-onion/issues/1304
Release Notes
For more information about this release, please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/16.04.5.2
Security Onion 14.04 EOL Reminder
As a reminder, all new development is now on Security Onion 16.04 and Security Onion 14.04 will reach EOL on November 30, 2018:
https://blog.securityonion.net/2018/06/6-month-eol-notice-for-security-onion.html
After that date, we will not provide any support for Security Onion 14.04. Please plan to upgrade or replace any existing 14.04 systems before that date.
Installation Guide
We've updated the Installation guide to reflect the download locations for the new ISO image:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Installation
Existing Deployments
If you have existing 16.04 installations, there is no need to download the new ISO image. You can simply continue using our standard update process to install updated packages as they are made available:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade
If you have existing installations of Security Onion 14.04, you can upgrade from 14.04 to 16.04:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrading-from-14.04-to-16.04
Thanks
Thanks to Wes Lambert for testing this new ISO image!
Conference
Registration is now open for our annual Security Onion Conference in Augusta GA!
http://socaugusta2018.eventbrite.com/
Training
We have 4-day Security Onion training classes coming up in Maryland and Georgia! If you can't make it to any of these onsite classes, we have a new online training platform! For more information and other training options, please see:
https://securityonionsolutions.com
Support
Need support? Please see:
https://securityonion.net/wiki/Support
Screenshot Tour
Issues Resolved
Issue 1317: pinguybuilder: increment version to 16.04.5.2
https://github.com/Security-Onion-Solutions/security-onion/issues/1317
Issue 1304: 16.04.5.2 ISO image
https://github.com/Security-Onion-Solutions/security-onion/issues/1304
Release Notes
For more information about this release, please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/16.04.5.2
Security Onion 14.04 EOL Reminder
As a reminder, all new development is now on Security Onion 16.04 and Security Onion 14.04 will reach EOL on November 30, 2018:
https://blog.securityonion.net/2018/06/6-month-eol-notice-for-security-onion.html
After that date, we will not provide any support for Security Onion 14.04. Please plan to upgrade or replace any existing 14.04 systems before that date.
Installation Guide
We've updated the Installation guide to reflect the download locations for the new ISO image:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Installation
Existing Deployments
If you have existing 16.04 installations, there is no need to download the new ISO image. You can simply continue using our standard update process to install updated packages as they are made available:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade
If you have existing installations of Security Onion 14.04, you can upgrade from 14.04 to 16.04:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrading-from-14.04-to-16.04
Thanks
Thanks to Wes Lambert for testing this new ISO image!
Conference
Registration is now open for our annual Security Onion Conference in Augusta GA!
http://socaugusta2018.eventbrite.com/
Training
We have 4-day Security Onion training classes coming up in Maryland and Georgia! If you can't make it to any of these onsite classes, we have a new online training platform! For more information and other training options, please see:
https://securityonionsolutions.com
Support
Need support? Please see:
https://securityonion.net/wiki/Support
Screenshot Tour
 |
| ISO Boot Menu |
 |
| ISO Live Desktop |
 |
| After ISO installer completes, reboot and login |
 |
| Next, run Setup |
 |
| Welcome to Setup |
 |
| Configure network interfaces, reboot, then run Setup again, and skip network configuration |
 |
| Evaluation Mode vs Production Mode |
 |
| Interface Selection |
 |
| Creating User Account |
 |
| Setting Password |
 |
| Confirming Password |
 |
| Confirming Setup Options |
 |
| Setup Complete |
 |
| so-COMPONENT-VERB scripts |
 |
| CyberChef 8.5.0 |
 |
| NetworkMiner 2.3.2 |
 |
| Bro 2.5.5 |
 |
| Single Sign On (SSO) for Squert, Kibana, and CapMe |
 |
| Squert |
 |
| Kibana with default dark theme |
 |
| To switch to light dashboards, run so-elastic-configure-kibana-dashboards-light |
 |
| Kibana with light theme |
 |
| To return to default dark theme, run so-elastic-configure-kibana-dashboards |
 |
| Kibana back to default dark theme |
 |
| Help |
 |
| Bro Notices |
 |
| ElastAlert |
 |
| HIDS Alerts |
 |
| NIDS Alerts |
 |
| Connections |
 |
| DCE/RPC |
 |
| DHCP |
 |
| DNP3 |
 |
| DNS |
 |
| Files |
 |
| FTP |
 |
| HTTP |
 |
| Intel |
 |
| IRC |
 |
| Kerberos |
 |
| Modbus |
 |
| MySQL |
 |
| NTLM |
 |
| PE |
 |
| RADIUS |
 |
| RDP |
 |
| RFB |
 |
| SIP |
 |
| SMB |
 |
| SMTP |
 |
| SNMP |
 |
| Software |
 |
| SSH |
 |
| SSL |
 |
| Syslog |
 |
| Tunnels |
 |
| Weird |
 |
| X.509 |
 |
| Autoruns |
 |
| Beats |
 |
| OSSEC Logs |
 |
| Sysmon |
 |
| DomainStats - Baby Domains |
 |
| PFSense Firewall Logs |
 |
| Frequency Analysis |
 |
| Syslog |