Elastic 6.4.1 and associated Docker images
The following are now available for Security Onion 16.04:
Wazuh 3.6.1 (packaged as ossec-hids-server - 3.6.1.23-ubuntu1securityonion1)
securityonion-elastic - 20180130-1ubuntu1securityonion137
securityonion-setup - 20120912-0ubuntu0securityonion277
securityonion-sguil-agent-ossec - 20120726-0ubuntu0securityonion19
Wazuh can analyze sysmon logs and generate HIDS alerts |
This should resolve the following issues:
Issue 708: Wazuh 3.6.1
https://github.com/Security-Onion-Solutions/security-onion/issues/708
Issue 707: OSSEC: add decoders/rules for sysmon
https://github.com/Security-Onion-Solutions/security-onion/issues/707
Issue 852: OSSEC: remove Snorby logs from ossec.conf
https://github.com/Security-Onion-Solutions/security-onion/issues/852
Issue 1328: securityonion-sguil-agent-ossec: update for Wazuh
https://github.com/Security-Onion-Solutions/security-onion/issues/1328
Issue 1329: securityonion-elastic: update for Wazuh
https://github.com/Security-Onion-Solutions/security-onion/issues/1329
Issue 1315: securityonion-elastic: so-elastic-reset workaround disabled wildcard delete
https://github.com/Security-Onion-Solutions/security-onion/issues/1315
Issue 1319: securityonion-elastic: add ES node listing and removal scripts
https://github.com/Security-Onion-Solutions/security-onion/issues/1319
Issue 1327: securityonion-elastic: increase default logstash heap for Eval Mode
https://github.com/Security-Onion-Solutions/security-onion/issues/1327
Issue 1330: so-allow: allowing an OSSEC agent should allow both UDP and TCP traffic
https://github.com/Security-Onion-Solutions/security-onion/issues/1330
Issue 1331: Elastic 6.4.1
https://github.com/Security-Onion-Solutions/security-onion/issues/1331
Thanks
Thanks to the Wazuh team for Wazuh 3.6.1!
Thanks to the Elastic team for Elastic 6.4.1!
Thanks to Wes Lambert for his work on these updates!
Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade
Conference
Registration is now open for our annual Security Onion Conference in Augusta GA!
http://socaugusta2018.eventbrite.com/
Training
We have a 4-day Security Onion training class coming up in Augusta, Georgia! If you can't make it to this onsite class, we have a new online training platform! For more information and other training options, please see:
https://securityonionsolutions.com
Support
Need support? Please see:
https://securityonion.net/wiki/Support
Thanks!
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.