Monday, October 1, 2018

Wazuh 3.6.1, Elastic 6.4.1, and associated components are now available for Security Onion 16.04!

The following are now available for Security Onion 14.04 and 16.04:
Elastic 6.4.1 and associated Docker images

The following are now available for Security Onion 16.04:
Wazuh 3.6.1 (packaged as ossec-hids-server - 3.6.1.23-ubuntu1securityonion1)
securityonion-elastic - 20180130-1ubuntu1securityonion137
securityonion-setup - 20120912-0ubuntu0securityonion277
securityonion-sguil-agent-ossec - 20120726-0ubuntu0securityonion19

Wazuh can analyze sysmon logs and generate HIDS alerts

This should resolve the following issues:

Issue 708: Wazuh 3.6.1
https://github.com/Security-Onion-Solutions/security-onion/issues/708

Issue 707: OSSEC: add decoders/rules for sysmon
https://github.com/Security-Onion-Solutions/security-onion/issues/707

Issue 852: OSSEC: remove Snorby logs from ossec.conf
https://github.com/Security-Onion-Solutions/security-onion/issues/852

Issue 1328: securityonion-sguil-agent-ossec: update for Wazuh
https://github.com/Security-Onion-Solutions/security-onion/issues/1328

Issue 1329: securityonion-elastic: update for Wazuh
https://github.com/Security-Onion-Solutions/security-onion/issues/1329

Issue 1315: securityonion-elastic: so-elastic-reset workaround disabled wildcard delete
https://github.com/Security-Onion-Solutions/security-onion/issues/1315

Issue 1319: securityonion-elastic: add ES node listing and removal scripts
https://github.com/Security-Onion-Solutions/security-onion/issues/1319

Issue 1327: securityonion-elastic: increase default logstash heap for Eval Mode
https://github.com/Security-Onion-Solutions/security-onion/issues/1327

Issue 1330: so-allow: allowing an OSSEC agent should allow both UDP and TCP traffic
https://github.com/Security-Onion-Solutions/security-onion/issues/1330

Issue 1331: Elastic 6.4.1
https://github.com/Security-Onion-Solutions/security-onion/issues/1331

Thanks
Thanks to the Wazuh team for Wazuh 3.6.1!
Thanks to the Elastic team for Elastic 6.4.1!
Thanks to Wes Lambert for his work on these updates!

Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade

Conference
Registration is now open for our annual Security Onion Conference in Augusta GA!
http://socaugusta2018.eventbrite.com/

Training
We have a 4-day Security Onion training class coming up in Augusta, Georgia!  If you can't make it to this onsite class, we have a new online training platform!  For more information and other training options, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.