Wednesday, January 9, 2019

Bro 2.6.1, Elastic 6.5.4, JA3, and HASSH now available for Security Onion!

The following are now available for Security Onion:
Docker images for Elastic 6.5.4
securityonion-elastic - 20180130-1ubuntu1securityonion153
securityonion-bro - 2.6.1-1ubuntu1securityonion4
securityonion-bro-afpacket - 1.3.0-1ubuntu1securityonion10
securityonion-bro-scripts - 20121004-0ubuntu0securityonion69

This should resolve the following issues:

Bro 2.6.1 #1388

securityonion-bro-afpacket: create package for Bro af_packet plugin #1411

securityonion-bro-scripts: support securityonion-bro-afpacket #1412

securityonion-bro-scripts: add JA3 #1115

securityonion-bro-scripts: add HASSH #1338

securityonion-elastic: Update for Bro 2.6.1 #1409

securityonion-elastic: Improve so-elastalert scripts #1403

Elastic 6.5.4 #1404

securityonion-elastic: store Kibana dashboard color preference in securityonion.conf #1405

securityonion-elastic: preserve custom config #1401

Elastic 6.5.4


Thanks to the Bro team for Bro 2.6.1!
Thanks to the Elastic team for Elastic 6.5.4!
Thanks to the Salesforce team for JA3 and HASSH!
Thanks to Wes Lambert for testing!

Please see the following page for full update instructions:

We have 4-day Security Onion training classes coming up in San Antonio TX, Atlanta GA, and Columbia MD!  If you can't make it to one of these onsite classes, we have a new online training platform!  For more information and other training options, please see:

We now offer hardware appliances!  For more information, please see:

Need support?  Please see:


No comments:

Search This Blog

Featured Post

Quick Malware Analysis: WORD MACRO --> SSLOAD --> COBALT STRIKE pcap from 2024-04-18

Thanks to Brad Duncan for sharing this pcap from 2024-04-18 on his malware traffic analysis site! Due to issues with Google flagging a warni...

Popular Posts

Blog Archive