Monday, May 20, 2019

securityonion-sostat - 20120722-0ubuntu0securityonion126 now available for Security Onion!

securityonion-sostat - 20120722-0ubuntu0securityonion126 is now available.  This should resolve the following issue:

securityonion-sostat: re-apply debconf noninteractive setting so that soup can proceed unattended #1523
https://github.com/Security-Onion-Solutions/security-onion/issues/1523

Thanks
Thanks to Wes Lambert for testing!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Conference
Please mark your calendar! Security Onion Conference 2019 will be on Friday, October 4, 2019 and registration will open July 18! CFP is open now and we want to hear from you!
https://blog.securityonion.net/2019/04/security-onion-conference-2019-cfp.html

Training
We have 4-day Security Onion Training classes coming up in Costa Mesa CA and Columbia MD!  Use promotional code earlybird for 10% off the Columbia MD classes for a limited time.  If you can't make it to an onsite class, we have a new online training platform.  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Documentation
We've got a brand new documentation site!  Please let us know if anything needs to be updated:
https://securityonion.net/docs

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Thanks!

securityonion-iso - 20151016-1ubuntu1securityonion32 now available for Security Onion!

securityonion-iso - 20151016-1ubuntu1securityonion32 is now available.  This should resolve the following issue:

so-iso-build: purge php7.0-fpm #1463
https://github.com/Security-Onion-Solutions/security-onion/issues/1463

Thanks
Thanks to the following for testing!

  • Wes Lambert
  • Dustin Lee
  • Bryant Treacle

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Conference
Please mark your calendar! Security Onion Conference 2019 will be on Friday, October 4, 2019 and registration will open July 18! CFP is open now and we want to hear from you!
https://blog.securityonion.net/2019/04/security-onion-conference-2019-cfp.html

Training
We have 4-day Security Onion Training classes coming up in Costa Mesa CA and Columbia MD!  Use promotional code earlybird for 10% off the Columbia MD classes for a limited time.  If you can't make it to an onsite class, we have a new online training platform.  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Documentation
We've got a brand new documentation site!  Please let us know if anything needs to be updated:
https://securityonion.net/docs

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Thanks!

pinguybuilder - 20180514-1ubuntu1securityonion18 now available for Security Onion!

pinguybuilder - 20180514-1ubuntu1securityonion18 is now available.  This should resolve the following issue:

pinguybuilder: increment version to 16.04.6.1 #1433
https://github.com/Security-Onion-Solutions/security-onion/issues/1433

Thanks
Thanks to the following for testing!

  • Wes Lambert
  • Dustin Lee
  • Bryant Treacle

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Conference
Please mark your calendar! Security Onion Conference 2019 will be on Friday, October 4, 2019 and registration will open July 18! CFP is open now and we want to hear from you!
https://blog.securityonion.net/2019/04/security-onion-conference-2019-cfp.html

Training
We have 4-day Security Onion Training classes coming up in Costa Mesa CA and Columbia MD!  Use promotional code earlybird for 10% off the Columbia MD classes for a limited time.  If you can't make it to an onsite class, we have a new online training platform.  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Documentation
We've got a brand new documentation site!  Please let us know if anything needs to be updated:
https://securityonion.net/docs

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Thanks!

Security Onion 16.04.6.1 now available featuring Elastic 6.7.2, CyberChef 8.31.3, Suricata 4.1.4, Wazuh 3.8.2, and more!

Security Onion 16.04.6.1 is now available!

Security Onion 16.04.6.1

Major Changes Since Last ISO Image
  • Elastic 6.7.2
  • CyberChef 8.31.3
  • Suricata 4.1.4
  • Wazuh 3.8.2
  • now includes a static copy of our new Documentation
  • now includes our Cheat Sheet PDF
  • so-import-pcap handles many more use cases and can now run Setup for you if necessary
  • new PCAP samples in /opt/samples/mta/
  • Setup now configures Bro and Suricata for AF_PACKET by default
  • fixed lots of bugs!

Thanks
Thanks to the following for testing this ISO image!

  • Wes Lambert
  • Dustin Lee
  • Bryant Treacle

Issues Resolved
For a list of all issues resolved in this release, please see:
https://github.com/Security-Onion-Solutions/security-onion/projects/6

Release Notes
For more information about this release, please see:
https://securityonion.net/docs/release-notes.html

Installation Guide
We've updated the Installation guide to reflect the download locations for the new ISO image:
https://securityonion.net/docs/installation.html

Existing Deployments
If you have existing 16.04 installations, there is no need to download the new ISO image.  You can simply continue using our standard update process to install updated packages as they are made available:
https://securityonion.net/docs/Upgrade

If you have existing installations of Security Onion 14.04, you can upgrade from 14.04 to 16.04:
https://securityonion.net/docs/upgrading-from-14.04-to-16.04.html

Conference
Please mark your calendar! Security Onion Conference 2019 will be on Friday, October 4, 2019 and registration will open July 18! CFP is open now and we want to hear from you!
https://blog.securityonion.net/2019/04/security-onion-conference-2019-cfp.html

Training
We have 4-day Security Onion Training classes coming up in Costa Mesa CA and Columbia MD!  Use promotional code earlybird for 10% off the Columbia MD classes for a limited time.  If you can't make it to an onsite class, we have a new online training platform.  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Documentation
We've got a brand new documentation site!  Please let us know if anything needs to be updated:
https://securityonion.net/docs

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Screenshot Tour

ISO Boot Menu 
Once the Live Desktop appears, double-click the Install icon and follow the prompts

Once you've completed the installer and rebooted, login using the username and password you created in the installer

After logging in, you are prompted to run Setup

Setup Wizard

Configure network interfaces, reboot, then log back in

You are then prompted to run Setup again to continue to the second phase of Setup

Skip network configuration to go to service configuration

Evaluation Mode vs Production Mode

Monitoring Interface Selection

Create Username

Create Password

Confirm Password

Confirm all options

Setup Complete

Desktop no longer prompts to run Setup


The README shortcut includes links to the cheat sheet and online and offline documentation

CyberChef 8.31.3

Single Sign On (SSO for Squert, CapMe, and Kibana)

Review IDS alerts using Squert

Retrieve full packet capture with CapMe

Kibana Overview

If you want to change from dark dashboards to light, you can run so-elastic-configure-kibana-dashboards-light

Light dashboards

If you want to switch back to dark dashboards, you can run so-elastic-configure-kibana-dashboards-dark

Back to dark dashboards

Help

Bro Notices

ElastAlert

HIDS Alerts from Wazuh (OSSEC)

NIDS Alerts from Snort or Suricata

Bro Connections

Bro DCE/RPC

Bro DHCP

Bro DNP3

Bro DNS

Bro Files

Bro FTP

Bro HTTP

Bro Intel

Bro IRC

Bro Kerberos

Bro Modbus

Bro MySQL

Bro NTLM

Bro PE

Bro RADIUS

Bro RDP

Bro RFB

Bro SIP

Bro SMB

Bro SMTP

Bro SNMP

Bro Software

Bro SSH

Bro SSL

Bro Syslog

Bro Tunnels

Bro Weird

Bro X.509

Autoruns

Beats

OSSEC (Wazuh) Logs

Sysmon

Domain Stats

Firewall

Frequency Analysis

Syslog