Thursday, September 20, 2018

securityonion-sostat - 20120722-0ubuntu0securityonion111 now available for Security Onion 16.04!

The following package is now available:
securityonion-sostat - 20120722-0ubuntu0securityonion111

This should resolve the following issues:

sostat: adjust FREQ_SERVER_RESPONSE to accommodate updates #1332
https://github.com/Security-Onion-Solutions/security-onion/issues/1332

Thanks
Thanks to Wes Lambert for updating sostat and testing this new package!

Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade

Conference
Registration is now open for our annual Security Onion Conference in Augusta GA!
http://socaugusta2018.eventbrite.com/

Training
We have a 4-day Security Onion training class coming up in Augusta, Georgia!  If you can't make it to this onsite class, we have a new online training platform!  For more information and other training options, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!

Monday, September 10, 2018

securityonion-sostat - 20120722-0ubuntu0securityonion110 now available for Security Onion 16.04!

The following package is now available:
securityonion-sostat - 20120722-0ubuntu0securityonion110

This should resolve the following issues:

sostat: provide PF_RING loss as percentage #1318
https://github.com/Security-Onion-Solutions/security-onion/issues/1318

Screenshots

sostat now shows PF_RING packet loss as a percentage

Thanks
Thanks to Wes Lambert for updating sostat and testing this new package!

Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade

Conference
Registration is now open for our annual Security Onion Conference in Augusta GA!
http://socaugusta2018.eventbrite.com/

Training
We have 4-day Security Onion training classes coming up in Maryland and Georgia!  If you can't make it to any of these onsite classes, we have a new online training platform!  For more information and other training options, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!

securityonion-setup - 20120912-0ubuntu0securityonion276 now available for Security Onion 16.04!

The following package is now available:
securityonion-setup - 20120912-0ubuntu0securityonion276

This should resolve the following issues:

so-allow: fix verbiage for ES REST Endpoint #1325
https://github.com/Security-Onion-Solutions/security-onion/issues/1325

securityonion-setup: increase MySQL open files limit #1322
https://github.com/Security-Onion-Solutions/security-onion/issues/1322

Screenshots

MySQL open_files_limit

so-allow

Thanks
Thanks to Wes Lambert for updating so-allow and testing this new package!

Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade

Conference
Registration is now open for our annual Security Onion Conference in Augusta GA!
http://socaugusta2018.eventbrite.com/

Training
We have 4-day Security Onion training classes coming up in Maryland and Georgia!  If you can't make it to any of these onsite classes, we have a new online training platform!  For more information and other training options, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!

Tuesday, September 4, 2018

Security Onion 16.04.5.2 now available!

Security Onion 16.04.5.2 is now available!




Issues Resolved

Issue 1317: pinguybuilder: increment version to 16.04.5.2
https://github.com/Security-Onion-Solutions/security-onion/issues/1317

Issue 1304: 16.04.5.2 ISO image
https://github.com/Security-Onion-Solutions/security-onion/issues/1304

Release Notes
For more information about this release, please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/16.04.5.2

Security Onion 14.04 EOL Reminder
As a reminder, all new development is now on Security Onion 16.04 and Security Onion 14.04 will reach EOL on November 30, 2018:
https://blog.securityonion.net/2018/06/6-month-eol-notice-for-security-onion.html

After that date, we will not provide any support for Security Onion 14.04.  Please plan to upgrade or replace any existing 14.04 systems before that date.

Installation Guide
We've updated the Installation guide to reflect the download locations for the new ISO image:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Installation

Existing Deployments
If you have existing 16.04 installations, there is no need to download the new ISO image.  You can simply continue using our standard update process to install updated packages as they are made available:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

If you have existing installations of Security Onion 14.04, you can upgrade from 14.04 to 16.04:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrading-from-14.04-to-16.04

Thanks
Thanks to Wes Lambert for testing this new ISO image!

Conference
Registration is now open for our annual Security Onion Conference in Augusta GA!
http://socaugusta2018.eventbrite.com/

Training
We have 4-day Security Onion training classes coming up in Maryland and Georgia!  If you can't make it to any of these onsite classes, we have a new online training platform!  For more information and other training options, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Screenshot Tour

ISO Boot Menu

ISO Live Desktop

After ISO installer completes, reboot and login

Next, run Setup

Welcome to Setup

Configure network interfaces, reboot, then run Setup again, and skip network configuration

Evaluation Mode vs Production Mode

Interface Selection

Creating User Account

Setting Password

Confirming Password

Confirming Setup Options

Setup Complete

so-COMPONENT-VERB scripts

CyberChef 8.5.0

NetworkMiner 2.3.2

Bro 2.5.5

Single Sign On (SSO) for Squert, Kibana, and CapMe

Squert

Kibana with default dark theme

To switch to light dashboards, run so-elastic-configure-kibana-dashboards-light

Kibana with light theme

To return to default dark theme, run so-elastic-configure-kibana-dashboards

Kibana back to default dark theme

Help

Bro Notices

ElastAlert

HIDS Alerts

NIDS Alerts

Connections

DCE/RPC

DHCP

DNP3

DNS

Files

FTP 
HTTP


Intel

IRC

Kerberos

Modbus

MySQL

NTLM

PE

RADIUS

RDP

RFB

SIP

SMB

SMTP

SNMP

Software

SSH

SSL

Syslog

Tunnels

Weird

X.509

Autoruns

Beats

OSSEC Logs

Sysmon

DomainStats - Baby Domains

PFSense Firewall Logs

Frequency Analysis

Syslog