Monday, May 13, 2019

Elastic 6.7.2 now available for Security Onion!

The following are now available for Security Onion:
Docker images for Elastic 6.7.2
securityonion-elastic - 20190510-1ubuntu1securityonion3

Elastic 6.7.2

Issues Resolved

Elastic 6.7.2 #1426

securityonion-elastic: enable Java Execution Engine in Logstash #1436

securityonion-elastic: update "Syslog - Source IP Address" visualization on Syslog dashboard #1498

securityonion-elastic: add bro_conn service data table #1496

securityonion-elastic: rename bro x509 id to fuid #1499

securityonion-elastic: rename bro pe id to fuid #1493

securityonion-elastic: update so-elastalert-create-whiptail to use new parameters in so-elastalert-test #1487

securityonion-elastic: add more options to so-elastalert-test #1486

securityonion-elastic: so-elastalert-test errors if no input provided #1470

securityonion-elastic: correct separator in 1122_preprocess_bro_socks.conf #1485

securityonion-elastic: update Logstash config to support Wazuh 3.8 agent #1469

securityonion-elastic: avoid writing firewall logs to logstash-syslog index #1481

securityonion-elastic: remove Wazuh's alerts.json from syslog-ng config #1467

securityonion-elastic: update PFSense Logstash config for IPv6 options #1461

securityonion-elastic: add so-elastic-document-stats #1459

securityonion-elastic: minor fixes to bro logstash filters #1460

securityonion-elastic: change wiki to docs #1452

securityonion-elastic: if Standalone with 8GB RAM, set ES heap to 1GB #1425

securityonion-elastic: move parsing from logstash to elasticsearch ingest for so-import-pcap #1497

securityonion-elastic: so-import-pcap should run snort and suricata with checksums disabled #1478

securityonion-elastic: minor fixes to so-import-pcap #1458

securityonion-elastic: so-import-pcap should create a sguil sensor named HOSTNAME-import #1472

so-import-pcap: run Setup if necessary #1480

so-import-pcap: avoid merging errors #1430

so-import-pcap - improve single pcap use case #1239

securityonion-elastic: add translations route to Apache proxy config #1495

securityonion-elastic: add built_assets route to Apache proxy config #1494

securityonion-elastic: add dlls route to Apache proxy config #1435

securityonion-elastic: add route to Apache proxy config #1437

securityonion-elastic: add s route to Apache proxy config #1438

securityonion-elastic: ensure update/refresh button is consistent across all Kibana dashboards #1429

Kibana: HIDS Alerts Dashboard - Replace syslog-host_from with #1442

securityonion-elastic: DHCP dashboard has different darkTheme behavior than others #1516

securityonion-elastic: modify fields for Bro socks log #1517

securityonion-elastic: fix so-elasticsearch-template-create #1518

Thanks to the Elastic team for Elastic 6.7.2!
Thanks to Wes Lambert and Dustin Lee for testing!

Please see the following page for full update instructions:

Please mark your calendar! Security Onion Conference 2019 will be on Friday, October 4, 2019 and registration will open July 18! CFP is open now and we want to hear from you!

We have 4-day Security Onion Training classes coming up in Costa Mesa CA and Columbia MD!  Use promotional code earlybird for 10% off the Columbia MD classes for a limited time.  If you can't make it to an onsite class, we have a new online training platform.  For more information and other training options, please see:

We now offer hardware appliances!  For more information, please see:

We've got a brand new documentation site!  Please let us know if anything needs to be updated:

Need support?  Please see:


No comments:

Search This Blog

Featured Post

Top 5 Reasons to Sign Up for our 4-day Security Onion Fundamentals for Analysts & Admins Class in June 2024

Security Onion Solutions has been teaching Security Onion classes since 2014. Since that time, we've taught students around the globe to...

Popular Posts

Blog Archive