securityonion-sostat - 20120722-0ubuntu0securityonion114 is now available and should resolve the following issues:
Issue 1386: securityonion-sostat: postinst should detect stopped redis and enable/start if necessary
https://github.com/Security-Onion-Solutions/security-onion/issues/1386
Thanks
Thanks to Wes Lambert for testing this package!
Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade
Training
We have 4-day Security Onion training classes coming up in San Antonio, Texas and Atlanta, Georgia! Use promotional code CyberMonday to get 10% off through November 30!
If you can't make it to either of these onsite classes, we have a new online training platform! For more information and other training options, please see:
https://securityonionsolutions.com
Appliances
We now offer hardware appliances! For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html
Support
Need support? Please see:
https://securityonion.net/wiki/Support
Thanks!
Thursday, November 29, 2018
Monday, November 26, 2018
Security Onion 16.04.5.4 now available featuring Suricata 4.1.0, CyberChef 8.8.1, Elastic 6.4.3, and more!
Security Onion 16.04.5.4 is now available!
Issues Resolved
Issue 1366: 16.04.5.4 ISO image
https://github.com/Security-Onion-Solutions/security-onion/issues/1366
Release Notes
For more information about this release, please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/16.04.5.4
Security Onion 14.04 EOL Reminder
As a reminder, all new development is now on Security Onion 16.04 and Security Onion 14.04 will reach EOL on November 30, 2018:
https://blog.securityonion.net/2018/06/6-month-eol-notice-for-security-onion.html
After that date, we will not provide any support for Security Onion 14.04. Please plan to upgrade or replace any existing 14.04 systems before that date.
Installation Guide
We've updated the Installation guide to reflect the download locations for the new ISO image:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Installation
Existing Deployments
If you have existing 16.04 installations, there is no need to download the new ISO image. You can simply continue using our standard update process to install updated packages as they are made available:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade
If you have existing installations of Security Onion 14.04, you can upgrade from 14.04 to 16.04:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrading-from-14.04-to-16.04
Thanks
Thanks to Wes Lambert for testing this new ISO image!
Training
We have 4-day Security Onion training classes coming up in San Antonio, Texas and Atlanta, Georgia! Use promotional code CyberMonday to get 10% off through November 30!
If you can't make it to either of these onsite classes, we have a new online training platform! For more information and other training options, please see:
https://securityonionsolutions.com
Appliances
We now offer hardware appliances! For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html
Support
Need support? Please see:
https://securityonion.net/wiki/Support
Screenshot Tour
Issues Resolved
Issue 1366: 16.04.5.4 ISO image
https://github.com/Security-Onion-Solutions/security-onion/issues/1366
Release Notes
For more information about this release, please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/16.04.5.4
Security Onion 14.04 EOL Reminder
As a reminder, all new development is now on Security Onion 16.04 and Security Onion 14.04 will reach EOL on November 30, 2018:
https://blog.securityonion.net/2018/06/6-month-eol-notice-for-security-onion.html
After that date, we will not provide any support for Security Onion 14.04. Please plan to upgrade or replace any existing 14.04 systems before that date.
Installation Guide
We've updated the Installation guide to reflect the download locations for the new ISO image:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Installation
Existing Deployments
If you have existing 16.04 installations, there is no need to download the new ISO image. You can simply continue using our standard update process to install updated packages as they are made available:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade
If you have existing installations of Security Onion 14.04, you can upgrade from 14.04 to 16.04:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrading-from-14.04-to-16.04
Thanks
Thanks to Wes Lambert for testing this new ISO image!
Training
We have 4-day Security Onion training classes coming up in San Antonio, Texas and Atlanta, Georgia! Use promotional code CyberMonday to get 10% off through November 30!
If you can't make it to either of these onsite classes, we have a new online training platform! For more information and other training options, please see:
https://securityonionsolutions.com
Appliances
We now offer hardware appliances! For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html
Support
Need support? Please see:
https://securityonion.net/wiki/Support
Screenshot Tour
ISO Boot Menu |
Once Live Desktop appears, double-click the Install icon |
Once you've completed the installer and rebooted, login with the credentials you specified in the installer |
After logging in, run Setup |
Welcome to Setup |
Configure network interfaces, reboot, and log back in |
Run Setup again and skip network configuration |
Choose Evaluation Mode or Production Mode |
Monitor Interface Selection |
Create username |
Create password |
Confirm password |
Confirm options |
Setup complete |
/usr/sbin/so-* scripts |
CyberChef 8.8.1 |
Single Sign On (SSO) for Squert, Kibana, and CapMe |
Reviewing NIDS and HIDS alerts with Squert |
Retrieving full packet capture with CapMe |
Kibana Overview Dashboard |
If you prefer light dashboards, you can run so-elastic-configure-kibana-dashboards-light |
Light Dashboards |
If you want to switch back to dark dashboards, run so-elastic-configure-kibana-dashboards |
Kibana Overview is now back to dark |
Help |
Bro Notices |
ElastAlert |
HIDS Alerts |
NIDS Alerts |
Connections |
DCE/RPC |
DHCP |
DNP3 |
DNS |
Files |
FTP |
HTTP |
Intel |
IRC |
Kerberos |
Modbus |
MySQL |
NTLM |
PE |
RADIUS |
RDP |
RFB |
SIP |
SMB |
SMTP |
SNMP |
Software |
SSH |
SSL |
Syslog |
Tunnels |
Weird |
X.509 |
Autoruns |
Beats |
OSSEC/Wazuh Logs |
Sysmon |
Domain Stats |
Firewall |
Frequency Analysis |
Stats |
Syslog |