Monday, December 17, 2018

Security Onion 16.04.5.5 now available featuring CyberChef 8.12.3, Elastic 6.5.2, Wazuh 3.7.1, and more!

Security Onion 16.04.5.5 is now available!



Release Notes
For more information about this release, please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/16.04.5.5

Installation Guide
We've updated the Installation guide to reflect the download locations for the new ISO image:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Installation

Existing Deployments
If you have existing 16.04 installations, there is no need to download the new ISO image.  You can simply continue using our standard update process to install updated packages as they are made available:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

If you have existing installations of Security Onion 14.04, you can upgrade from 14.04 to 16.04:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrading-from-14.04-to-16.04

Thanks
Thanks to Wes Lambert for testing this new ISO image!

Training
We have 4-day Security Onion training classes coming up in San Antonio, Texas and Atlanta, Georgia!  If you can't make it to either of these onsite classes, we have a new online training platform!  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Screenshot Tour
ISO Boot Menu

Once the Live Desktop appears, double-click the Install icon

Once you've completed the installer and rebooted, you are prompted to enter the credentials you created in the installer

After logging in, you are prompted to run Setup

Setup Wizard

Configure network interfaces, reboot, then log back in

You are then prompted to run Setup again to continue to the second phase of Setup 
Skip network configuration to go to service configuration


Evaluation Mode vs Production Mode

Monitoring Interface Selection

Create username

Set password

Confirm password

Confirm all options

Setup complete

Desktop no longer prompts you to run Setup

/usr/sbin/so-* scripts

CyberChef 8.12.3

Single Sign On (SSO) for Squert, CaMe, and Kibana

Reviewing IDS alerts using Squert

Retrieving full packet capture via CapMe

Kibana Overview

If you want to change from dark dashboards to light, you can run so-elastic-configure-kibana-dashboards-light

Light Dashboards

If you want to switch from light dashboards to dark, you can run so-elastic-configure-kibana-dashboards

Back to dark dashboards

Help

Bro Notices

ElastAlert

HIDS Alerts

NIDS Alerts

Connections

DCE/RPC

DHCP

DNP3

DNS

Files

FTP

HTTP

Intel

IRC

Kerberos

Modbus

MySQL

NTLM

PE

RADIUS

RDP

RFB

SIP

SMB

SMTP

SNMP

Software

SSH

SSL

Syslog

Tunnels

Weird

X.509

Autoruns

Beats

OSSEC Logs

Sysmon

Baby Domains

Firewall

Frequency Analysis

Syslog

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.