Tuesday, February 26, 2019

securityonion-setup - 20120912-0ubuntu0securityonion293 now available for Security Onion!

The following packages are now available:
securityonion-setup - 20120912-0ubuntu0securityonion293

This should resolve the following issues:

Setup: postinst script should add MySQL LimitNOFILE setting if necessary #1443
https://github.com/Security-Onion-Solutions/security-onion/issues/1443

Setup: create desktop shortcut for CyberChef #1449
https://github.com/Security-Onion-Solutions/security-onion/issues/1449

securityonion-setup: change wiki links to docs #1450
https://github.com/Security-Onion-Solutions/security-onion/issues/1450

Setup: change Elastic Setup to Setup #1453
https://github.com/Security-Onion-Solutions/security-onion/issues/1453

Setup: disable Bro syslog.log by default in Production Mode #1457
https://github.com/Security-Onion-Solutions/security-onion/issues/1457

Thanks
Thanks to Wes Lambert for testing!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Training
We have a 4-day Security Onion training class coming up in Columbia MD!  If you can't make it to this onsite class, we have a new online training platform!  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Documentation
We've got a brand new documentation site!  Please let us know if anything needs to be updated.
https://securityonion.net/docs

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Thanks!

Monday, February 25, 2019

Wazuh 3.8.2 now available for Security Onion!

The following packages are now available:
Wazuh 3.8.2 (packaged as ossec-hids-server - 3.8.2.2ubuntu1securityonion1)
securityonion-ossec-rules - 20120726-0ubuntu0securityonion12

This should resolve the following issues:

Wazuh 3.8.2 #1422
https://github.com/Security-Onion-Solutions/security-onion/issues/1422

Wazuh email config not being migrated properly #1441
https://github.com/Security-Onion-Solutions/security-onion/issues/1441

securityonion-ossec-rules: ignore alerts on common files #1455
https://github.com/Security-Onion-Solutions/security-onion/issues/1455

Thanks
Thanks to the Wazuh team for Wazuh 3.8.2!
Thanks to Wes Lambert for testing!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Training
We have a 4-day Security Onion training class coming up in Columbia MD!  If you can't make it to this onsite class, we have a new online training platform!  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Documentation
We've got a brand new documentation site!  Please let us know if anything needs to be updated.
https://securityonion.net/docs

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Thanks!

Thursday, February 21, 2019

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion200 now available for Security Onion!

The following packages are now available:
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion200

This should resolve the following issues:

NSM: wipe Suricata stats.log using truncate rather than rm #1456
https://github.com/Security-Onion-Solutions/security-onion/issues/1456

Thanks
Thanks to Wes Lambert for testing!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Training
We have a 4-day Security Onion training class coming up in Columbia MD!  If you can't make it to this onsite class, we have a new online training platform!  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Documentation
We've got a brand new documentation site!  Please let us know if anything needs to be updated.
https://securityonion.net/docs

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Thanks!

CyberChef 8.23.4 now available for Security Onion!

CyberChef 8.23.4 was recently released:
https://github.com/gchq/CyberChef/blob/master/CHANGELOG.md

securityonion-web-page - 20141015-0ubuntu0securityonion91 is now available and includes CyberChef 8.23.4.  This should resolve the following issues:

CyberChef 8.23.4 #1439
https://github.com/Security-Onion-Solutions/security-onion/issues/1439

securityonion-web-page: change wiki links to docs #1451
https://github.com/Security-Onion-Solutions/security-onion/issues/1451

CyberChef 8.23.4

Thanks
Thanks to the CyberChef team for CyberChef 8.23.4!
Thanks to Wes Lambert for testing this package!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Training
We have a 4-day Security Onion training class coming up in Columbia MD!  If you can't make it to this onsite class, we have a new online training platform!  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Documentation
We've got a brand new documentation site!  Please let us know if anything needs to be updated.
https://securityonion.net/docs

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Thanks!

securityonion-sostat - 20120722-0ubuntu0securityonion121 now available for Security Onion!

The following packages are now available:
securityonion-sostat - 20120722-0ubuntu0securityonion121

This should resolve the following issues:

securityonion-sostat: change wiki links to docs #1454
https://github.com/Security-Onion-Solutions/security-onion/issues/1454

Thanks
Thanks to Wes Lambert for testing!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Training
We have a 4-day Security Onion training class coming up in Columbia MD!  If you can't make it to one of these onsite classes, we have a new online training platform!  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Documentation
We've started moving our documentation to https://securityonion.net/docs!  Please let us know if anything needs to be updated.

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Thanks!

Monday, February 11, 2019

New Setup and NSM packages now available for Security Onion!

The following packages are now available:
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion199
securityonion-setup - 20120912-0ubuntu0securityonion285

This should resolve the following issues:

Setup: update setup conf files #1417
https://github.com/Security-Onion-Solutions/security-onion/issues/1417

Setup: Fix bug where the regex in sed disables incorrect interfaces #1427
https://github.com/Security-Onion-Solutions/security-onion/issues/1427

Setup: add logger node to Bro node.cfg #1420
https://github.com/Security-Onion-Solutions/security-onion/issues/1420

Setup: configure Bro cluster mode for AF_PACKET #1421
https://github.com/Security-Onion-Solutions/security-onion/issues/1421

Setup: configure Suricata for AF_PACKET #1432
https://github.com/Security-Onion-Solutions/security-onion/issues/1432

NSM: Improve the method of updating thread count in suricata.yaml #1230
https://github.com/Security-Onion-Solutions/security-onion/issues/1230

NSM: support running Suricata using AF_PACKET #1431
https://github.com/Security-Onion-Solutions/security-onion/issues/1431

As an overview, these updates will cause new installations to configure Bro and Suricata to collect network traffic via AF_PACKET (instead of PF_RING as we've done for the last few years).  Installations already configured for PF_RING will continue to use PF_RING.  Please see the links above for background information and config changes.

Thanks
Thanks to Wes Lambert for testing!

Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade

Training
We have 4-day Security Onion training classes coming up in San Antonio TX, Atlanta GA, and Columbia MD!  If you can't make it to one of these onsite classes, we have a new online training platform!  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Documentation
We've started moving our documentation to https://securityonion.net/docs!  Please let us know if anything needs to be updated.

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!

Monday, February 4, 2019

securityonion-sostat - 20120722-0ubuntu0securityonion120 now available for Security Onion!

The following package is now available:
securityonion-sostat - 20120722-0ubuntu0securityonion120

This should resolve the following issues:

soup: create /etc/apt/apt.conf.d/10periodic #1423
https://github.com/Security-Onion-Solutions/security-onion/issues/1423

soup: output reminder to update remaining boxes in deployment #1424
https://github.com/Security-Onion-Solutions/security-onion/issues/1424

soup: check for lock #1428
https://github.com/Security-Onion-Solutions/security-onion/issues/1428

soup: node checking master for updates fails if master has 1 update #1434
https://github.com/Security-Onion-Solutions/security-onion/issues/1434

Thanks
Thanks to Wes Lambert for testing!

Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade

Training
We have 4-day Security Onion training classes coming up in San Antonio TX, Atlanta GA, and Columbia MD!  If you can't make it to one of these onsite classes, we have a new online training platform!  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!

Search This Blog

Featured Post

Security Onion 2.4.70 now available including our new Detections interface and much more!

Security Onion 2.4.70 is now available! It includes some new features for our fellow defenders including our new Detections interface to hel...

Popular Posts

Blog Archive