Security Onion 16.04.5.5 is now available!
Release Notes
For more information about this release, please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/16.04.5.5
Installation Guide
We've updated the Installation guide to reflect the download locations for the new ISO image:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Installation
Existing Deployments
If you have existing 16.04 installations, there is no need to download the new ISO image. You can simply continue using our standard update process to install updated packages as they are made available:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade
If you have existing installations of Security Onion 14.04, you can upgrade from 14.04 to 16.04:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrading-from-14.04-to-16.04
Thanks
Thanks to Wes Lambert for testing this new ISO image!
Training
We have 4-day Security Onion training classes coming up in San Antonio, Texas and Atlanta, Georgia! If you can't make it to either of these onsite classes, we have a new online training platform! For more information and other training options, please see:
https://securityonionsolutions.com
Appliances
We now offer hardware appliances! For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html
Support
Need support? Please see:
https://securityonion.net/wiki/Support
Screenshot Tour
|
ISO Boot Menu |
|
Once the Live Desktop appears, double-click the Install icon |
|
Once you've completed the installer and rebooted, you are prompted to enter the credentials you created in the installer |
|
After logging in, you are prompted to run Setup |
|
Setup Wizard |
|
Configure network interfaces, reboot, then log back in |
|
You are then prompted to run Setup again to continue to the second phase of Setup |
|
Skip network configuration to go to service configuration |
|
Evaluation Mode vs Production Mode |
|
Monitoring Interface Selection |
|
Create username |
|
Set password |
|
Confirm password |
|
Confirm all options |
|
Setup complete |
|
Desktop no longer prompts you to run Setup |
|
/usr/sbin/so-* scripts |
|
CyberChef 8.12.3 |
|
Single Sign On (SSO) for Squert, CaMe, and Kibana |
|
Reviewing IDS alerts using Squert |
|
Retrieving full packet capture via CapMe |
|
Kibana Overview |
|
If you want to change from dark dashboards to light, you can run so-elastic-configure-kibana-dashboards-light |
|
Light Dashboards |
|
If you want to switch from light dashboards to dark, you can run so-elastic-configure-kibana-dashboards |
|
Back to dark dashboards |
|
Help |
|
Bro Notices |
|
ElastAlert |
|
HIDS Alerts |
|
NIDS Alerts |
|
Connections |
|
DCE/RPC |
|
DHCP |
|
DNP3 |
|
DNS |
|
Files |
|
FTP |
|
HTTP |
|
Intel |
|
IRC |
|
Kerberos |
|
Modbus |
|
MySQL |
|
NTLM |
|
PE |
|
RADIUS |
|
RDP |
|
RFB |
|
SIP |
|
SMB |
|
SMTP |
|
SNMP |
|
Software |
|
SSH |
|
SSL |
|
Syslog |
|
Tunnels |
|
Weird |
|
X.509 |
|
Autoruns |
|
Beats |
|
OSSEC Logs |
|
Sysmon |
|
Baby Domains |
|
Firewall |
|
Frequency Analysis |
|
Syslog |