Security Onion 16.04.5.6 is now available!
Issues Resolved
For a list of all issues resolved in this release, please see:
https://github.com/Security-Onion-Solutions/security-onion/projects/5
Release Notes
For more information about this release, please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/16.04.5.6
Installation Guide
We've updated the Installation guide to reflect the download locations for the new ISO image:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Installation
Existing Deployments
If you have existing 16.04 installations, there is no need to download the new ISO image. You can simply continue using our standard update process to install updated packages as they are made available:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade
If you have existing installations of Security Onion 14.04, you can upgrade from 14.04 to 16.04:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrading-from-14.04-to-16.04
Thanks
Thanks to Wes Lambert for testing this new ISO image!
Training
We have 4-day Security Onion training classes coming up in San Antonio TX, Atlanta GA, and Columbia MD! If you can't make it to one of these onsite classes, we have a new online training platform! For more information and other training options, please see:
https://securityonionsolutions.com
Appliances
We now offer hardware appliances! For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html
Support
Need support? Please see:
https://securityonion.net/wiki/Support
Screenshot Tour
|
ISO Boot Menu |
|
Once the Live Desktop appears, double-click the Install icon |
|
Once you've completed the installer and rebooted, login using the username and password you created in the installer |
|
After logging in, you are prompted to run Setup |
|
Setup Wizard |
|
Configure network interfaces, reboot, then log back in |
|
You are then prompted to run Setup again to continue to the second phase of Setup |
|
Skip network configuration to go to service configuration |
|
Evaluation Mode vs Production Mode |
|
Monitoring Interface Selection |
|
Create username |
|
Create password |
|
Confirm password |
|
Confirm all options |
|
Setup complete |
|
Desktop no longer prompts to run Setup |
|
/usr/sbin/so-* scripts |
|
CyberChef 8.18.1 |
|
Single Sign On (SSO for Squert, CapMe, and Kibana |
|
Reviewing IDS alerts using Squert |
|
Retrieving full packet capture with CapMe |
|
Kibana Overview |
|
If you want to change from dark dashboards to light, you can run so-elastic-configure-kibana-dashboards-light |
|
Light dashboards |
|
If you want to switch back to dark dashboards, you can run so-elastic-configure-kibana-dashboards-dark |
|
Back to dark dashboards |
|
Help |
|
Bro Notices |
|
ElastAlert |
|
HIDS Alerts from OSSEC (Wazuh) |
|
NIDS Alerts from Snort or Suricata |
|
Bro Connections |
|
Bro DCE/RPC |
|
Bro DHCP |
|
Bro DNP3 |
|
Bro DNS |
|
Bro Files |
|
Bro FTP |
|
Bro HTTP |
|
Bro Intel |
|
Bro IRC |
|
Bro Kerberos |
|
Bro Modbus |
|
Bro MySQL |
|
Bro NTLM |
|
Bro PE |
|
Bro RADIUS |
|
Bro RDP |
|
Bro RFB |
|
Bro SIP |
|
Bro SMB |
|
Bro SMTP |
|
Bro SNMP |
|
Bro Software |
|
Bro SSH |
|
Bro SSL |
|
Bro Syslog |
|
Bro Tunnels |
|
Bro Weird |
|
Bro X.509 |
|
Autoruns |
|
Beats |
|
OSSEC |
|
Sysmon |
|
Firewall |
|
Frequency Analysis |
|
Syslog |