Monday, October 1, 2018

Wazuh 3.6.1, Elastic 6.4.1, and associated components are now available for Security Onion 16.04!

The following are now available for Security Onion 14.04 and 16.04:
Elastic 6.4.1 and associated Docker images

The following are now available for Security Onion 16.04:
Wazuh 3.6.1 (packaged as ossec-hids-server -
securityonion-elastic - 20180130-1ubuntu1securityonion137
securityonion-setup - 20120912-0ubuntu0securityonion277
securityonion-sguil-agent-ossec - 20120726-0ubuntu0securityonion19

Wazuh can analyze sysmon logs and generate HIDS alerts

This should resolve the following issues:

Issue 708: Wazuh 3.6.1

Issue 707: OSSEC: add decoders/rules for sysmon

Issue 852: OSSEC: remove Snorby logs from ossec.conf

Issue 1328: securityonion-sguil-agent-ossec: update for Wazuh

Issue 1329: securityonion-elastic: update for Wazuh

Issue 1315: securityonion-elastic: so-elastic-reset workaround disabled wildcard delete

Issue 1319: securityonion-elastic: add ES node listing and removal scripts

Issue 1327: securityonion-elastic: increase default logstash heap for Eval Mode

Issue 1330: so-allow: allowing an OSSEC agent should allow both UDP and TCP traffic

Issue 1331: Elastic 6.4.1

Thanks to the Wazuh team for Wazuh 3.6.1!
Thanks to the Elastic team for Elastic 6.4.1!
Thanks to Wes Lambert for his work on these updates!

Please see the following page for full update instructions:

Registration is now open for our annual Security Onion Conference in Augusta GA!

We have a 4-day Security Onion training class coming up in Augusta, Georgia!  If you can't make it to this onsite class, we have a new online training platform!  For more information and other training options, please see:

Need support?  Please see:


No comments:

Search This Blog

Featured Post

Top 5 Reasons to Sign Up for our 4-day Security Onion Fundamentals for Analysts & Admins Class in June 2024

Security Onion Solutions has been teaching Security Onion classes since 2014. Since that time, we've taught students around the globe to...

Popular Posts

Blog Archive