Wednesday, May 15, 2019

securityonion-web-page - 20141015-0ubuntu0securityonion101 now available for Security Onion!

securityonion-web-page - 20141015-0ubuntu0securityonion101 is now available.  This should resolve the following issues:

securityonion-web-page: add Security Onion documentation #1446
https://github.com/Security-Onion-Solutions/security-onion/issues/1446

securityonion-web-page: add Security Onion cheat sheet PDF #571
https://github.com/Security-Onion-Solutions/security-onion/issues/571

securityonion-web-page: CyberChef 8.31.3 #1491
https://github.com/Security-Onion-Solutions/security-onion/issues/1491

securityonion-web-page: only restart apache if it was already running #1520
https://github.com/Security-Onion-Solutions/security-onion/issues/1520

Screenshot
CyberChef 8.31.3

Thanks
Thanks to the CyberChef team for CyberChef 8.31.3!
Thanks to Wes Lambert for testing!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Conference
Please mark your calendar! Security Onion Conference 2019 will be on Friday, October 4, 2019 and registration will open July 18! CFP is open now and we want to hear from you!
https://blog.securityonion.net/2019/04/security-onion-conference-2019-cfp.html

Training
We have 4-day Security Onion Training classes coming up in Costa Mesa CA and Columbia MD!  Use promotional code earlybird for 10% off the Columbia MD classes for a limited time.  If you can't make it to an onsite class, we have a new online training platform.  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Documentation
We've got a brand new documentation site!  Please let us know if anything needs to be updated:
https://securityonion.net/docs

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Thanks!

securityonion-samples-mta - 20190514-1ubuntu1securityonion1 now available for Security Onion!

securityonion-samples-mta - 20190514-1ubuntu1securityonion1 is now available.  This is simply a rebuild of the previous package with no additional changes:
https://blog.securityonion.net/2019/05/securityonion-samples-mta-20150103.html

Please note that these samples contain network traffic from real malware and so they may get flagged by content inspection devices.  If your Security Onion box(es) go through a firewall, proxy, or other network security device that does content inspection, you may need to add an exception for ppa.launchpad.net.

Thanks
Thanks to Brad Duncan for the PCAPs he posts at https://www.malware-traffic-analysis.net/!
Thanks to Davide Pistore and Wes Lambert for testing!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Conference
Please mark your calendar! Security Onion Conference 2019 will be on Friday, October 4, 2019 and registration will open July 18! CFP is open now and we want to hear from you!
https://blog.securityonion.net/2019/04/security-onion-conference-2019-cfp.html

Training
We have 4-day Security Onion Training classes coming up in Costa Mesa CA and Columbia MD!  Use promotional code earlybird for 10% off the Columbia MD classes for a limited time.  If you can't make it to an onsite class, we have a new online training platform.  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Documentation
We've got a brand new documentation site!  Please let us know if anything needs to be updated:
https://securityonion.net/docs

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Thanks!

Monday, May 13, 2019

Call For Testing: Security Onion 16.04.6.1 ISO image!

We just built a new ISO image including Elastic 6.7.2 that we released this morning and all other updates!  If you have some time to help us test, please head on over to our security-onion-testing group (joining the group if you haven't already) and follow the instructions in the following topic:
https://groups.google.com/d/topic/security-onion-testing/fEIUM0YJY78/discussion

Thanks!

Elastic 6.7.2 now available for Security Onion!

The following are now available for Security Onion:
Docker images for Elastic 6.7.2
securityonion-elastic - 20190510-1ubuntu1securityonion3

Elastic 6.7.2

Issues Resolved

Elastic 6.7.2 #1426
https://github.com/Security-Onion-Solutions/security-onion/issues/1426

securityonion-elastic: enable Java Execution Engine in Logstash #1436
https://github.com/Security-Onion-Solutions/security-onion/issues/1436

securityonion-elastic: update "Syslog - Source IP Address" visualization on Syslog dashboard #1498
https://github.com/Security-Onion-Solutions/security-onion/issues/1498

securityonion-elastic: add bro_conn service data table #1496
https://github.com/Security-Onion-Solutions/security-onion/issues/1496

securityonion-elastic: rename bro x509 id to fuid #1499
https://github.com/Security-Onion-Solutions/security-onion/issues/1499

securityonion-elastic: rename bro pe id to fuid #1493
https://github.com/Security-Onion-Solutions/security-onion/issues/1493

securityonion-elastic: update so-elastalert-create-whiptail to use new parameters in so-elastalert-test #1487
https://github.com/Security-Onion-Solutions/security-onion/issues/1487

securityonion-elastic: add more options to so-elastalert-test #1486
https://github.com/Security-Onion-Solutions/security-onion/issues/1486

securityonion-elastic: so-elastalert-test errors if no input provided #1470
https://github.com/Security-Onion-Solutions/security-onion/issues/1470

securityonion-elastic: correct separator in 1122_preprocess_bro_socks.conf #1485
https://github.com/Security-Onion-Solutions/security-onion/issues/1485

securityonion-elastic: update Logstash config to support Wazuh 3.8 agent #1469
https://github.com/Security-Onion-Solutions/security-onion/issues/1469

securityonion-elastic: avoid writing firewall logs to logstash-syslog index #1481
https://github.com/Security-Onion-Solutions/security-onion/issues/1481

securityonion-elastic: remove Wazuh's alerts.json from syslog-ng config #1467
https://github.com/Security-Onion-Solutions/security-onion/issues/1467

securityonion-elastic: update PFSense Logstash config for IPv6 options #1461
https://github.com/Security-Onion-Solutions/security-onion/issues/1461

securityonion-elastic: add so-elastic-document-stats #1459
https://github.com/Security-Onion-Solutions/security-onion/issues/1459

securityonion-elastic: minor fixes to bro logstash filters #1460
https://github.com/Security-Onion-Solutions/security-onion/issues/1460

securityonion-elastic: change wiki to docs #1452
https://github.com/Security-Onion-Solutions/security-onion/issues/1452

securityonion-elastic: if Standalone with 8GB RAM, set ES heap to 1GB #1425
https://github.com/Security-Onion-Solutions/security-onion/issues/1425

securityonion-elastic: move parsing from logstash to elasticsearch ingest for so-import-pcap #1497
https://github.com/Security-Onion-Solutions/security-onion/issues/1497

securityonion-elastic: so-import-pcap should run snort and suricata with checksums disabled #1478
https://github.com/Security-Onion-Solutions/security-onion/issues/1478

securityonion-elastic: minor fixes to so-import-pcap #1458
https://github.com/Security-Onion-Solutions/security-onion/issues/1458

securityonion-elastic: so-import-pcap should create a sguil sensor named HOSTNAME-import #1472
https://github.com/Security-Onion-Solutions/security-onion/issues/1472

so-import-pcap: run Setup if necessary #1480
https://github.com/Security-Onion-Solutions/security-onion/issues/1480

so-import-pcap: avoid merging errors #1430
https://github.com/Security-Onion-Solutions/security-onion/issues/1430

so-import-pcap - improve single pcap use case #1239
https://github.com/Security-Onion-Solutions/security-onion/issues/1239

securityonion-elastic: add translations route to Apache proxy config #1495
https://github.com/Security-Onion-Solutions/security-onion/issues/1495

securityonion-elastic: add built_assets route to Apache proxy config #1494
https://github.com/Security-Onion-Solutions/security-onion/issues/1494

securityonion-elastic: add dlls route to Apache proxy config #1435
https://github.com/Security-Onion-Solutions/security-onion/issues/1435

securityonion-elastic: add socket.io route to Apache proxy config #1437
https://github.com/Security-Onion-Solutions/security-onion/issues/1437

securityonion-elastic: add s route to Apache proxy config #1438
https://github.com/Security-Onion-Solutions/security-onion/issues/1438

securityonion-elastic: ensure update/refresh button is consistent across all Kibana dashboards #1429
https://github.com/Security-Onion-Solutions/security-onion/issues/1429

Kibana: HIDS Alerts Dashboard - Replace syslog-host_from with agent.name #1442
https://github.com/Security-Onion-Solutions/security-onion/issues/1442

securityonion-elastic: DHCP dashboard has different darkTheme behavior than others #1516
https://github.com/Security-Onion-Solutions/security-onion/issues/1516

securityonion-elastic: modify fields for Bro socks log #1517
https://github.com/Security-Onion-Solutions/security-onion/issues/1517

securityonion-elastic: fix so-elasticsearch-template-create #1518
https://github.com/Security-Onion-Solutions/security-onion/issues/1518

Thanks
Thanks to the Elastic team for Elastic 6.7.2!
Thanks to Wes Lambert and Dustin Lee for testing!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Conference
Please mark your calendar! Security Onion Conference 2019 will be on Friday, October 4, 2019 and registration will open July 18! CFP is open now and we want to hear from you!
https://blog.securityonion.net/2019/04/security-onion-conference-2019-cfp.html

Training
We have 4-day Security Onion Training classes coming up in Costa Mesa CA and Columbia MD!  Use promotional code earlybird for 10% off the Columbia MD classes for a limited time.  If you can't make it to an onsite class, we have a new online training platform.  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Documentation
We've got a brand new documentation site!  Please let us know if anything needs to be updated:
https://securityonion.net/docs

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Thanks!

Wednesday, May 8, 2019

Security Onion Hybrid Hunter 1.0.8 Tech Preview Available for Testing!

We recently announced Security Onion Hybrid Hunter:
https://blog.securityonion.net/2018/11/security-onion-hybrid-hunter-101-tech.html

We're excited to announce that Hybrid Hunter 1.0.8 is now available for testing!
https://github.com/Security-Onion-Solutions/securityonion-saltstack/blob/master/README.md

Major highlights of this release:

  • Suricata 4.1.4
  • Eval and Master installs now ask which components you would like to install
  • Fleet (osquery) now has it's own additional setup script (please see the docs)
  • Fleet setup script now generates auto install packages for Windows, CentOS, and Ubuntu
  • When Fleet setup is completed, all SO nodes will auto install the appropriate auto install package
  • We now have a progress bar during install!
  • The setup script will now tell you if it was successful

Thanks to Josh Brower for his additional work on the osquery integration!

Screenshots

Installation

Main Web Page with link to OSquery

Osquery Page with prebuilt binaries

Fleet showing endpoints

osquery dashboard in Kibana

4-day Security Onion Advanced Training class in Columbia MD with 10% discount!

In addition to the 4-day Basic training class we announced yesterday, we just scheduled a 4-day Security Onion Advanced training class in Columbia MD as well!  Use promotional code earlybird to get 10% off through 5/31/2019 at 11:59 PM ET!  For more information and to register, please see:
https://securityonionsolutions.com/onsitetraining

If you can't make it to either of these onsite classes, we have a new online training platform!
https://onlinetraining.securityonionsolutions.com/

For more information and other training options, please see:
https://securityonionsolutions.com

Tuesday, May 7, 2019

securityonion-samples-mta - 20150103-0ubuntu0securityonion4 now available for Security Onion!

securityonion-samples-mta - 20150103-0ubuntu0securityonion4 is now available and resolves the following issue:

securityonion-samples-mta: Add/Remove PCAPs #1476
https://github.com/Security-Onion-Solutions/security-onion/issues/1476

Thanks
Thanks to Brad Duncan for the PCAPs he posts at https://www.malware-traffic-analysis.net/!
Thanks to Phil Plantamura and Wes Lambert for testing!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Conference
Please mark your calendar! Security Onion Conference 2019 will be on Friday, October 4, 2019 and registration will open July 18! CFP is open now and we want to hear from you!
https://blog.securityonion.net/2019/04/security-onion-conference-2019-cfp.html

Training
We have 4-day Security Onion Basic Training classes coming up in Costa Mesa CA and Columbia MD!  Use promotional code earlybird for 10% off the Columbia MD class through 5/21 at 11:59 PM ET.  If you can't make it to an onsite class, we have a new online training platform.  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Documentation
We've got a brand new documentation site!  Please let us know if anything needs to be updated:
https://securityonion.net/docs

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Thanks!

4-day Security Onion Basic Training class in Columbia MD with 10% discount!

We just scheduled a 4-day Security Onion Basic training class in Columbia MD!  Use promotional code earlybird to get 10% off through 5/21/2019 at 11:59 PM ET!  For more information and to register, please see:
https://securityonionsolutions.com/onsitetraining

If you can't make it to either of these onsite classes, we have a new online training platform!
https://onlinetraining.securityonionsolutions.com/

For more information and other training options, please see:
https://securityonionsolutions.com

Monday, May 6, 2019

securityonion-capme - 20121213-0ubuntu0securityonion77 now available for Security Onion!

securityonion-capme - 20121213-0ubuntu0securityonion77 is now available and resolves the following issue:

securityonion-capme: add cmdproto to callback.php #1515
https://github.com/Security-Onion-Solutions/security-onion/issues/1515

Thanks
Thanks to Wes Lambert for testing!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Conference
Please mark your calendar! Security Onion Conference 2019 will be on Friday, October 4, 2019 and registration will open July 18! CFP is open now and we want to hear from you!
https://blog.securityonion.net/2019/04/security-onion-conference-2019-cfp.html

Training
We have a 4-day Security Onion Basic Training class coming up in Costa Mesa CA!  If you can't make it to an onsite class, we have a new online training platform.  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Documentation
We've got a brand new documentation site!  Please let us know if anything needs to be updated:
https://securityonion.net/docs

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Thanks!

Call For Testing: Elastic 6.7.2

Elastic 6.7.2 was released recently and we've got Docker images and a new securityonion-elastic package ready for testing!  There are lots of changes here, so we need your help in testing to see what we missed.  Please follow the instructions on our security-onion-testing thread and post your test results there!  Thanks!

https://groups.google.com/d/topic/security-onion-testing/FDJ66pUgH8E/discussion

Thursday, May 2, 2019

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion204 now available for Security Onion!

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion204 is now available and should resolve the following issue:

NSM: add --no-hwtimestamp to netsniff command line #1514
https://github.com/Security-Onion-Solutions/security-onion/issues/1514

Thanks
Thanks to Wes Lambert for testing!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Conference
Please mark your calendar! Security Onion Conference 2019 will be on Friday, October 4, 2019 and registration will open July 18! CFP is open now and we want to hear from you!
https://blog.securityonion.net/2019/04/security-onion-conference-2019-cfp.html

Training
We have a 4-day Security Onion Basic Training class coming up in Costa Mesa CA!  If you can't make it to an onsite class, we have a new online training platform.  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Documentation
We've got a brand new documentation site!  Please let us know if anything needs to be updated:
https://securityonion.net/docs

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Thanks!

Suricata 4.1.4 now available for Security Onion!

Suricata 4.1.4 was released recently:
https://suricata-ids.org/2019/04/30/suricata-4-1-4-released/

We've packaged Suricata 4.1.4 and the following package is now available:
securityonion-suricata - 4.1.4-1ubuntu1securityonion1

This package should resolve the following issue:

Suricata 4.1.4 #1512
https://github.com/Security-Onion-Solutions/security-onion/issues/1512

Thanks
Thanks to the Suricata team for Suricata 4.1.4!
Thanks to Wes Lambert for testing!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Conference
Please mark your calendar! Security Onion Conference 2019 will be on Friday, October 4, 2019 and registration will open July 18! CFP is open now and we want to hear from you!
https://blog.securityonion.net/2019/04/security-onion-conference-2019-cfp.html

Training
We have a 4-day Security Onion Basic Training class coming up in Costa Mesa CA!  If you can't make it to an onsite class, we have a new online training platform.  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Documentation
We've got a brand new documentation site!  Please let us know if anything needs to be updated:
https://securityonion.net/docs

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Thanks!

Tuesday, April 30, 2019

securityonion-capme - 20121213-0ubuntu0securityonion76 now available for Security Onion!

securityonion-capme - 20121213-0ubuntu0securityonion76 is now available and resolves the following issue:

securityonion-capme: update callback.php #1509
https://github.com/Security-Onion-Solutions/security-onion/issues/1509

Thanks
Thanks to Wes Lambert for testing!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Conference
Please mark your calendar! Security Onion Conference 2019 will be on Friday, October 4, 2019 and registration will open July 18! CFP is open now and we want to hear from you!
https://blog.securityonion.net/2019/04/security-onion-conference-2019-cfp.html

Training
We have a 4-day Security Onion Basic Training class coming up in Costa Mesa CA!  If you can't make it to an onsite class, we have a new online training platform.  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Documentation
We've got a brand new documentation site!  Please let us know if anything needs to be updated:
https://securityonion.net/docs

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Thanks!

securityonion-setup - 20120912-0ubuntu0securityonion296 now available for Security Onion!

securityonion-setup - 20120912-0ubuntu0securityonion296 is now available and should resolve the following issues:

so-allow: add OSSEC/Wazuh registration service option #1506
https://github.com/Security-Onion-Solutions/security-onion/issues/1506

Setup: /etc/network/interfaces ethtool rx setting should be commented out by default #1508
https://github.com/Security-Onion-Solutions/security-onion/issues/1508

Discussion
Richard Bejtlich recently blogged about an issue with Virtualbox and /etc/network/interfaces:
https://taosecurity.blogspot.com/2019/04/troubleshooting-nsm-virtualization.html

We were able to duplicate the issue and determine that it had to do with the ethtool -G rx setting.  Traditionally, our Setup script has used ethtool -g to determine the maximum rx setting and then ethtool -G to enforce that maximum rx setting.  It seems as if VirtualBox 6.0.4 may have an issue whereby its virtual network interfaces report a maximum rx setting of 4096 but are unable to reliably be set to that value.  Therefore, the safest option for widest compatibility is to keep the rx setting at its default value.  Additionally, some folks are recommending lower rx values for better performance:
https://github.com/pevma/SEPTun/blob/master/SEPTun.rst

Our new Setup script continues to write the ethtool -G rx setting into /etc/network/interfaces but it is now commented out by default.  If you need to modify this, you can certainly do so.

For more information, please see the Network Configuration page on our Documentation site:
https://securityonion.readthedocs.io/en/latest/network-configuration.html

Thanks
Thanks to Richard Bejtlich for reporting the /etc/network/interfaces issue!
Thanks to Dustin Lee for duplicating the /etc/network/interfaces issue!
Thanks to Wes Lambert for testing!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Conference
Please mark your calendar! Security Onion Conference 2019 will be on Friday, October 4, 2019 and registration will open July 18! CFP is open now and we want to hear from you!
https://blog.securityonion.net/2019/04/security-onion-conference-2019-cfp.html

Training
We have a 4-day Security Onion Basic Training class coming up in Costa Mesa CA!  If you can't make it to an onsite class, we have a new online training platform.  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Documentation
We've got a brand new documentation site!  Please let us know if anything needs to be updated:
https://securityonion.net/docs

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Thanks!

Monday, April 29, 2019

Security Onion Conference 2019 CFP

This year's Security Onion Conference will be held in Augusta, GA on Friday, October 4, 2019 (please mark your calendar!). Registration will open July 18.

CFP

Want to speak at Security Onion Conference? We want to hear from you!

How are you...
...using Security Onion to find evil?
...handling lots of traffic using Security Onion?
...consuming host telemetry with Security Onion?
...integrating Security Onion with other technologies?
...automating common tasks with your own scripts?
...using Security Onion in a unique way?

Each talk should be 30 minutes with an additional 10 minutes for questions.

Submit your talk here!
https://securityonion.net/cfp

Schedule

April 29 - CFP open
June 24 - CFP closes
July 18 - Speakers selected and notified
July 18 - Registration opens
September 30 - October 3 - Security Onion 4-day training in Augusta
October 4 - Security Onion Conference
October 5 - BSidesAugusta

Security Onion Docker Images NOT Affected by Recent Docker Hub Data Exposure

In Security Onion 16.04, our Elastic components are delivered via Docker images stored on Docker Hub.  Docker recently announced unauthorized access to a single Docker Hub database:
https://success.docker.com/article/docker-hub-user-notification

From the article:
Q: How do I know if I was impacted by this unauthorized access?
If you directly received an email from Docker about this incident, you may have been impacted. If you have received a password reset link, your password hash was potentially exposed. We have invalidated it and sent you a password reset link as a precaution. If you are using autobuilds and your GitHub or Bitbucket repositories have been unlinked from Docker Hub, you will need to relink those repositories for autobuilds to work correctly.
Security Onion does NOT use autobuilds and did NOT receive an email from Docker, so we don't have any reason to believe that our Docker accounts or images were impacted.  However, to err on the side of caution, we have verified our Docker images and reset our passwords.  Finally, please note that our images are digitally signed using Docker Content Trust:
https://docs.docker.com/engine/security/trust/content_trust/

tcpflow - 1.4.5+repack1-1ubuntu1securityonion2 now available for Security Onion!

tcpflow - 1.4.5+repack1-1ubuntu1securityonion2 is now available and should resolve the following issue:

update tcpflow #1507
https://github.com/Security-Onion-Solutions/security-onion/issues/1507

Thanks
Thanks to Wes Lambert for testing!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Training
We have a 4-day Security Onion Basic Training class coming up in Costa Mesa CA!  If you can't make it to an onsite class, we have a new online training platform.  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Documentation
We've got a brand new documentation site!  Please let us know if anything needs to be updated:
https://securityonion.net/docs

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Thanks!

Wednesday, April 24, 2019

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion203 now available for Security Onion!

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion203 is now available and should resolve the following issue:

NSM: nsm_server_user-add should check to see if user account exists and prompt user #1505
https://github.com/Security-Onion-Solutions/security-onion/issues/1505

Thanks
Thanks to Wes Lambert for testing!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Training
We have a 4-day Security Onion Basic Training class coming up in Costa Mesa CA!  If you can't make it to an onsite class, we have a new online training platform.  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Documentation
We've got a brand new documentation site!  Please let us know if anything needs to be updated:
https://securityonion.net/docs

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Thanks!

Wednesday, April 3, 2019

Security Onion Hybrid Hunter 1.0.7 Tech Preview Available for Testing!

We recently announced Security Onion Hybrid Hunter:
https://blog.securityonion.net/2018/11/security-onion-hybrid-hunter-101-tech.html

We're excited to announce that Hybrid Hunter 1.0.7 is now available for testing!
https://github.com/Security-Onion-Solutions/securityonion-saltstack/blob/master/README.md

Major highlights of this release:

  • Suricata 4.1.3
  • Influxdb 1.7.5
  • Telegraf 1.10.1
  • Grafana 6.0.2
  • Setup now requires interface selection #26
  • Reduced the RAM usage for ES in Eval mode #25
  • Eval Mode setup is now choose your own adventure style
  • Fresh dockers for all the things to bring everything to 1.0.7
  • New utility docker called SOctopus
  • New html landing page now in dark mode
  • Added support for TheHive
Screenshots
From Kibana, you can pivot from a log entry to TheHive

Log now available in TheHive

Tuesday, March 26, 2019

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion202 now available for Security Onion!

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion202 is now available and should resolve the following issue:

NSM: change filesystem grep #1488
https://github.com/Security-Onion-Solutions/security-onion/issues/1488

Thanks
Thanks to Wes Lambert for testing!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Training
We have 4-day Security Onion Basic Training classes coming up in Columbia, MD and Costa Mesa CA!  Use promotional code marchmadness for 10% off either of these classes through the end of March!  If you can't make it to an onsite class, we have a new online training platform.  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Documentation
We've got a brand new documentation site!  Please let us know if anything needs to be updated:
https://securityonion.net/docs

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Thanks!

Monday, March 25, 2019

securityonion-setup - 20120912-0ubuntu0securityonion294 now available for Security Onion!

securityonion-setup - 20120912-0ubuntu0securityonion294 is now available and should resolve the following issue:

Setup: sudo fails during sosetup if NOPASSWD:ALL not enabled #1490
https://github.com/Security-Onion-Solutions/security-onion/issues/1490

Thanks
Thanks to Wes Lambert for testing!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Training
We have 4-day Security Onion Basic Training classes coming up in Columbia, MD and Costa Mesa CA!  Use promotional code marchmadness for 10% off either of these classes through the end of March!  If you can't make it to an onsite class, we have a new online training platform.  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Documentation
We've got a brand new documentation site!  Please let us know if anything needs to be updated:
https://securityonion.net/docs

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Thanks!

Thursday, March 21, 2019

4-day Security Onion Basic Training class in Costa Mesa CA with 10% discount!

In addition to our previously announced class in Columbia MD, we just scheduled a 4-day Security Onion training class in Costa Mesa CA!  Use promotional code marchmadness to get 10% off either of these classes through the end of March!  For more information about these onsite classes and to register, please see:
https://securityonionsolutions.com/onsitetraining

If you can't make it to either of these onsite classes, we have a new online training platform!
https://onlinetraining.securityonionsolutions.com/

For more information and other training options, please see:
https://securityonionsolutions.com

securityonion-sostat - 20120722-0ubuntu0securityonion123 now available for Security Onion!

securityonion-sostat - 20120722-0ubuntu0securityonion123 is now available and should resolve the following issues:

securityonion-sostat: implement better error handling for zero packet count #1464
https://github.com/Security-Onion-Solutions/security-onion/issues/1464

securityonion-sostat: awk division error when Bro doesn't report stats correctly #817
https://github.com/Security-Onion-Solutions/security-onion/issues/817

Thanks
Thanks to Wes Lambert for his work on these issues!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Training
We have a 4-day Security Onion training class coming up in Columbia, MD!  Use promotional code marchmadness for 10% off this class through the end of March!  If you can't make it to an onsite class, we have a new online training platform!  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Documentation
We've got a brand new documentation site!  Please let us know if anything needs to be updated:
https://securityonion.net/docs

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Thanks!

Wednesday, March 13, 2019

securityonion-capme - 20121213-0ubuntu0securityonion75 now available for Security Onion!

securityonion-capme - 20121213-0ubuntu0securityonion75 is now available and should resolve the following issues:

securityonion-capme: allow start time to go back 50 years in callback.php #1473
https://github.com/Security-Onion-Solutions/security-onion/issues/1473

securityonion-capme: update mysql calls #1479
https://github.com/Security-Onion-Solutions/security-onion/issues/1479

Thanks
Thanks to Wes Lambert for testing!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Training
We have 4-day Security Onion training classes coming up in Atlanta, Georgia and Columbia, MD!  If you can't make it to either of these onsite classes, we have a new online training platform!  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Documentation
We've got a brand new documentation site!  Please let us know if anything needs to be updated:
https://securityonion.net/docs

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Thanks!

Tuesday, March 12, 2019

Suricata 4.1.3 now available for Security Onion!

Suricata 4.1.3 was released recently:
https://suricata-ids.org/2019/03/07/suricata-4-1-3-released/

We've packaged Suricata 4.1.3 and the following package is now available:
securityonion-suricata - 4.1.3-1ubuntu1securityonion1

This package should resolve the following issue:

Suricata 4.1.3 #1475
https://github.com/Security-Onion-Solutions/security-onion/issues/1475

Suricata 4.1.3
Thanks
Thanks to the Suricata team for Suricata 4.1.3!
Thanks to Wes Lambert for testing!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Training
We have 4-day Security Onion training classes coming up in Atlanta, Georgia and Columbia, MD!  If you can't make it to either of these onsite classes, we have a new online training platform!  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Documentation
We've got a brand new documentation site!  Please let us know if anything needs to be updated:
https://securityonion.net/docs

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Thanks!

Monday, March 11, 2019

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion201 now available for Security Onion!

The following packages are now available:
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion201

This should resolve the following issues:

NSM: when (re)starting Suricata, make sure stats.log has proper ownership #1477
https://github.com/Security-Onion-Solutions/security-onion/issues/1477

Thanks
Thanks to Wes Lambert for testing!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Training
We have a 4-day Security Onion training class coming up in Columbia MD!  If you can't make it to this onsite class, we have a new online training platform!  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Documentation
We've got a brand new documentation site!  Please let us know if anything needs to be updated:
https://securityonion.net/docs

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Thanks!

Tuesday, February 26, 2019

securityonion-setup - 20120912-0ubuntu0securityonion293 now available for Security Onion!

The following packages are now available:
securityonion-setup - 20120912-0ubuntu0securityonion293

This should resolve the following issues:

Setup: postinst script should add MySQL LimitNOFILE setting if necessary #1443
https://github.com/Security-Onion-Solutions/security-onion/issues/1443

Setup: create desktop shortcut for CyberChef #1449
https://github.com/Security-Onion-Solutions/security-onion/issues/1449

securityonion-setup: change wiki links to docs #1450
https://github.com/Security-Onion-Solutions/security-onion/issues/1450

Setup: change Elastic Setup to Setup #1453
https://github.com/Security-Onion-Solutions/security-onion/issues/1453

Setup: disable Bro syslog.log by default in Production Mode #1457
https://github.com/Security-Onion-Solutions/security-onion/issues/1457

Thanks
Thanks to Wes Lambert for testing!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Training
We have a 4-day Security Onion training class coming up in Columbia MD!  If you can't make it to this onsite class, we have a new online training platform!  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Documentation
We've got a brand new documentation site!  Please let us know if anything needs to be updated.
https://securityonion.net/docs

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Thanks!

Monday, February 25, 2019

Wazuh 3.8.2 now available for Security Onion!

The following packages are now available:
Wazuh 3.8.2 (packaged as ossec-hids-server - 3.8.2.2ubuntu1securityonion1)
securityonion-ossec-rules - 20120726-0ubuntu0securityonion12

This should resolve the following issues:

Wazuh 3.8.2 #1422
https://github.com/Security-Onion-Solutions/security-onion/issues/1422

Wazuh email config not being migrated properly #1441
https://github.com/Security-Onion-Solutions/security-onion/issues/1441

securityonion-ossec-rules: ignore alerts on common files #1455
https://github.com/Security-Onion-Solutions/security-onion/issues/1455

Thanks
Thanks to the Wazuh team for Wazuh 3.8.2!
Thanks to Wes Lambert for testing!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Training
We have a 4-day Security Onion training class coming up in Columbia MD!  If you can't make it to this onsite class, we have a new online training platform!  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Documentation
We've got a brand new documentation site!  Please let us know if anything needs to be updated.
https://securityonion.net/docs

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Thanks!

Thursday, February 21, 2019

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion200 now available for Security Onion!

The following packages are now available:
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion200

This should resolve the following issues:

NSM: wipe Suricata stats.log using truncate rather than rm #1456
https://github.com/Security-Onion-Solutions/security-onion/issues/1456

Thanks
Thanks to Wes Lambert for testing!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Training
We have a 4-day Security Onion training class coming up in Columbia MD!  If you can't make it to this onsite class, we have a new online training platform!  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Documentation
We've got a brand new documentation site!  Please let us know if anything needs to be updated.
https://securityonion.net/docs

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Thanks!

CyberChef 8.23.4 now available for Security Onion!

CyberChef 8.23.4 was recently released:
https://github.com/gchq/CyberChef/blob/master/CHANGELOG.md

securityonion-web-page - 20141015-0ubuntu0securityonion91 is now available and includes CyberChef 8.23.4.  This should resolve the following issues:

CyberChef 8.23.4 #1439
https://github.com/Security-Onion-Solutions/security-onion/issues/1439

securityonion-web-page: change wiki links to docs #1451
https://github.com/Security-Onion-Solutions/security-onion/issues/1451

CyberChef 8.23.4

Thanks
Thanks to the CyberChef team for CyberChef 8.23.4!
Thanks to Wes Lambert for testing this package!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Training
We have a 4-day Security Onion training class coming up in Columbia MD!  If you can't make it to this onsite class, we have a new online training platform!  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Documentation
We've got a brand new documentation site!  Please let us know if anything needs to be updated.
https://securityonion.net/docs

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Thanks!

securityonion-sostat - 20120722-0ubuntu0securityonion121 now available for Security Onion!

The following packages are now available:
securityonion-sostat - 20120722-0ubuntu0securityonion121

This should resolve the following issues:

securityonion-sostat: change wiki links to docs #1454
https://github.com/Security-Onion-Solutions/security-onion/issues/1454

Thanks
Thanks to Wes Lambert for testing!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Training
We have a 4-day Security Onion training class coming up in Columbia MD!  If you can't make it to one of these onsite classes, we have a new online training platform!  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Documentation
We've started moving our documentation to https://securityonion.net/docs!  Please let us know if anything needs to be updated.

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Thanks!

Monday, February 11, 2019

New Setup and NSM packages now available for Security Onion!

The following packages are now available:
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion199
securityonion-setup - 20120912-0ubuntu0securityonion285

This should resolve the following issues:

Setup: update setup conf files #1417
https://github.com/Security-Onion-Solutions/security-onion/issues/1417

Setup: Fix bug where the regex in sed disables incorrect interfaces #1427
https://github.com/Security-Onion-Solutions/security-onion/issues/1427

Setup: add logger node to Bro node.cfg #1420
https://github.com/Security-Onion-Solutions/security-onion/issues/1420

Setup: configure Bro cluster mode for AF_PACKET #1421
https://github.com/Security-Onion-Solutions/security-onion/issues/1421

Setup: configure Suricata for AF_PACKET #1432
https://github.com/Security-Onion-Solutions/security-onion/issues/1432

NSM: Improve the method of updating thread count in suricata.yaml #1230
https://github.com/Security-Onion-Solutions/security-onion/issues/1230

NSM: support running Suricata using AF_PACKET #1431
https://github.com/Security-Onion-Solutions/security-onion/issues/1431

As an overview, these updates will cause new installations to configure Bro and Suricata to collect network traffic via AF_PACKET (instead of PF_RING as we've done for the last few years).  Installations already configured for PF_RING will continue to use PF_RING.  Please see the links above for background information and config changes.

Thanks
Thanks to Wes Lambert for testing!

Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade

Training
We have 4-day Security Onion training classes coming up in San Antonio TX, Atlanta GA, and Columbia MD!  If you can't make it to one of these onsite classes, we have a new online training platform!  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Documentation
We've started moving our documentation to https://securityonion.net/docs!  Please let us know if anything needs to be updated.

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!

Monday, February 4, 2019

securityonion-sostat - 20120722-0ubuntu0securityonion120 now available for Security Onion!

The following package is now available:
securityonion-sostat - 20120722-0ubuntu0securityonion120

This should resolve the following issues:

soup: create /etc/apt/apt.conf.d/10periodic #1423
https://github.com/Security-Onion-Solutions/security-onion/issues/1423

soup: output reminder to update remaining boxes in deployment #1424
https://github.com/Security-Onion-Solutions/security-onion/issues/1424

soup: check for lock #1428
https://github.com/Security-Onion-Solutions/security-onion/issues/1428

soup: node checking master for updates fails if master has 1 update #1434
https://github.com/Security-Onion-Solutions/security-onion/issues/1434

Thanks
Thanks to Wes Lambert for testing!

Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade

Training
We have 4-day Security Onion training classes coming up in San Antonio TX, Atlanta GA, and Columbia MD!  If you can't make it to one of these onsite classes, we have a new online training platform!  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!

Monday, January 28, 2019

NetworkMiner 2.4.0 now available for Security Onion!

NetworkMiner 2.4.0 was released recently:
https://www.netresec.com/?page=Blog&month=2019-01&post=NetworkMiner-2-4-Released

NetworkMiner 2.4.0 is now available in the following package:
securityonion-networkminer - 20180410-1ubuntu1securityonion6

This should resolve the following issue:

NetworkMiner 2.4 #1416
https://github.com/Security-Onion-Solutions/security-onion/issues/1416

NetworkMiner 2.4.0

Thanks
Thanks to Erik Hjelmvik for NetworkMiner 2.4.0!
Thanks to Wes Lambert for testing!

Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade

Training
We have 4-day Security Onion training classes coming up in San Antonio TX, Atlanta GA, and Columbia MD!  If you can't make it to one of these onsite classes, we have a new online training platform!  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!

Friday, January 25, 2019

Security Onion Hybrid Hunter 1.0.6 Tech Preview Available for Testing!

We recently announced Security Onion Hybrid Hunter:
https://blog.securityonion.net/2018/11/security-onion-hybrid-hunter-101-tech.html

We're excited to announce that Hybrid Hunter 1.0.6 is now available for testing!
https://github.com/Security-Onion-Solutions/securityonion-saltstack/blob/master/README.md

Major highlights of this release:

  • Added Osquery rule packs from Palantir.
  • Fully integrated Fleet support. You can now pivot from Kibana directly to the Fleet interface to interact directly with hosts via the LiveQuery hyperlinks.

For more information, please see the Changelog:
https://github.com/Security-Onion-Solutions/securityonion-saltstack/wiki/Changelog

Kolide Fleet Query Packs

Osquery Dashboard


Wednesday, January 23, 2019

securityonion-sostat - 20120722-0ubuntu0securityonion116 now available for Security Onion!

The following are now available for Security Onion:
securityonion-sostat - 20120722-0ubuntu0securityonion116

This should resolve the following issues:

soup: fix docker updates #1419
https://github.com/Security-Onion-Solutions/security-onion/issues/1419

Thanks
Thanks to Wes Lambert for testing!

Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade

Training
We have 4-day Security Onion training classes coming up in San Antonio TX, Atlanta GA, and Columbia MD!  If you can't make it to one of these onsite classes, we have a new online training platform!  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!

Monday, January 14, 2019

securityonion-iso - 20151016-1ubuntu1securityonion31 now available for Security Onion!

The following are now available for Security Onion:
securityonion-iso - 20151016-1ubuntu1securityonion31

This should resolve the following issues:

so-iso-build: wipe ossec syscheck files #1414
https://github.com/Security-Onion-Solutions/security-onion/issues/1414

so-iso-build: disable bro and ossec_agent #1415
https://github.com/Security-Onion-Solutions/security-onion/issues/1415

Thanks
Thanks to Wes Lambert for testing!

Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade

Training
We have 4-day Security Onion training classes coming up in San Antonio TX, Atlanta GA, and Columbia MD!  If you can't make it to one of these onsite classes, we have a new online training platform!  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!

pinguybuilder - 20180514-1ubuntu1securityonion15 now available for Security Onion!

The following are now available for Security Onion:
pinguybuilder - 20180514-1ubuntu1securityonion15

This should resolve the following issues:

pinguybuilder: increment version to 16.04.5.6 #1399
https://github.com/Security-Onion-Solutions/security-onion/issues/1399

Thanks
Thanks to Wes Lambert for testing!

Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade

Training
We have 4-day Security Onion training classes coming up in San Antonio TX, Atlanta GA, and Columbia MD!  If you can't make it to one of these onsite classes, we have a new online training platform!  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!

Security Onion 16.04.5.6 now available featuring Suricata 4.1.2, Wazuh 3.7.2, CyberChef 8.18.1, Bro 2.6.1, Elastic 6.5.4, JA3, HASSH, and more!

Security Onion 16.04.5.6 is now available!


Issues Resolved
For a list of all issues resolved in this release, please see:
https://github.com/Security-Onion-Solutions/security-onion/projects/5

Release Notes
For more information about this release, please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/16.04.5.6

Installation Guide
We've updated the Installation guide to reflect the download locations for the new ISO image:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Installation

Existing Deployments
If you have existing 16.04 installations, there is no need to download the new ISO image.  You can simply continue using our standard update process to install updated packages as they are made available:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

If you have existing installations of Security Onion 14.04, you can upgrade from 14.04 to 16.04:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrading-from-14.04-to-16.04

Thanks
Thanks to Wes Lambert for testing this new ISO image!

Training
We have 4-day Security Onion training classes coming up in San Antonio TX, Atlanta GA, and Columbia MD!  If you can't make it to one of these onsite classes, we have a new online training platform!  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Screenshot Tour
ISO Boot Menu

Once the Live Desktop appears, double-click the Install icon

Once you've completed the installer and rebooted, login using the username and password you created in the installer

After logging in, you are prompted to run Setup 
Setup Wizard


Configure network interfaces, reboot, then log back in

You are then prompted to run Setup again to continue to the second phase of Setup

Skip network configuration to go to service configuration

Evaluation Mode vs Production Mode

Monitoring Interface Selection

Create username

Create password

Confirm password

Confirm all options

Setup complete

Desktop no longer prompts to run Setup

/usr/sbin/so-* scripts

CyberChef 8.18.1

Single Sign On (SSO for Squert, CapMe, and Kibana

Reviewing IDS alerts using Squert

Retrieving full packet capture with CapMe 
Kibana Overview


If you want to change from dark dashboards to light, you can run so-elastic-configure-kibana-dashboards-light

Light dashboards

If you want to switch back to dark dashboards, you can run so-elastic-configure-kibana-dashboards-dark

Back to dark dashboards

Help

Bro Notices

ElastAlert

HIDS Alerts from OSSEC (Wazuh)

NIDS Alerts from Snort or Suricata

Bro Connections

Bro DCE/RPC

Bro DHCP

Bro DNP3

Bro DNS

Bro Files

Bro FTP

Bro HTTP

Bro Intel

Bro IRC

Bro Kerberos

Bro Modbus

Bro MySQL

Bro NTLM

Bro PE

Bro RADIUS

Bro RDP

Bro RFB

Bro SIP

Bro SMB

Bro SMTP

Bro SNMP

Bro Software

Bro SSH

Bro SSL

Bro Syslog

Bro Tunnels

Bro Weird

Bro X.509

Autoruns

Beats

OSSEC

Sysmon

Firewall

Frequency Analysis

Syslog