Monday, February 11, 2019

New Setup and NSM packages now available for Security Onion!

The following packages are now available:
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion199
securityonion-setup - 20120912-0ubuntu0securityonion285

This should resolve the following issues:

Setup: update setup conf files #1417
https://github.com/Security-Onion-Solutions/security-onion/issues/1417

Setup: Fix bug where the regex in sed disables incorrect interfaces #1427
https://github.com/Security-Onion-Solutions/security-onion/issues/1427

Setup: add logger node to Bro node.cfg #1420
https://github.com/Security-Onion-Solutions/security-onion/issues/1420

Setup: configure Bro cluster mode for AF_PACKET #1421
https://github.com/Security-Onion-Solutions/security-onion/issues/1421

Setup: configure Suricata for AF_PACKET #1432
https://github.com/Security-Onion-Solutions/security-onion/issues/1432

NSM: Improve the method of updating thread count in suricata.yaml #1230
https://github.com/Security-Onion-Solutions/security-onion/issues/1230

NSM: support running Suricata using AF_PACKET #1431
https://github.com/Security-Onion-Solutions/security-onion/issues/1431

As an overview, these updates will cause new installations to configure Bro and Suricata to collect network traffic via AF_PACKET (instead of PF_RING as we've done for the last few years).  Installations already configured for PF_RING will continue to use PF_RING.  Please see the links above for background information and config changes.

Thanks
Thanks to Wes Lambert for testing!

Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade

Training
We have 4-day Security Onion training classes coming up in San Antonio TX, Atlanta GA, and Columbia MD!  If you can't make it to one of these onsite classes, we have a new online training platform!  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Documentation
We've started moving our documentation to https://securityonion.net/docs!  Please let us know if anything needs to be updated.

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!

Monday, February 4, 2019

securityonion-sostat - 20120722-0ubuntu0securityonion120 now available for Security Onion!

The following package is now available:
securityonion-sostat - 20120722-0ubuntu0securityonion120

This should resolve the following issues:

soup: create /etc/apt/apt.conf.d/10periodic #1423
https://github.com/Security-Onion-Solutions/security-onion/issues/1423

soup: output reminder to update remaining boxes in deployment #1424
https://github.com/Security-Onion-Solutions/security-onion/issues/1424

soup: check for lock #1428
https://github.com/Security-Onion-Solutions/security-onion/issues/1428

soup: node checking master for updates fails if master has 1 update #1434
https://github.com/Security-Onion-Solutions/security-onion/issues/1434

Thanks
Thanks to Wes Lambert for testing!

Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade

Training
We have 4-day Security Onion training classes coming up in San Antonio TX, Atlanta GA, and Columbia MD!  If you can't make it to one of these onsite classes, we have a new online training platform!  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!