Monday, May 13, 2019

Elastic 6.7.2 now available for Security Onion!

The following are now available for Security Onion:
Docker images for Elastic 6.7.2
securityonion-elastic - 20190510-1ubuntu1securityonion3

Elastic 6.7.2

Issues Resolved

Elastic 6.7.2 #1426
https://github.com/Security-Onion-Solutions/security-onion/issues/1426

securityonion-elastic: enable Java Execution Engine in Logstash #1436
https://github.com/Security-Onion-Solutions/security-onion/issues/1436

securityonion-elastic: update "Syslog - Source IP Address" visualization on Syslog dashboard #1498
https://github.com/Security-Onion-Solutions/security-onion/issues/1498

securityonion-elastic: add bro_conn service data table #1496
https://github.com/Security-Onion-Solutions/security-onion/issues/1496

securityonion-elastic: rename bro x509 id to fuid #1499
https://github.com/Security-Onion-Solutions/security-onion/issues/1499

securityonion-elastic: rename bro pe id to fuid #1493
https://github.com/Security-Onion-Solutions/security-onion/issues/1493

securityonion-elastic: update so-elastalert-create-whiptail to use new parameters in so-elastalert-test #1487
https://github.com/Security-Onion-Solutions/security-onion/issues/1487

securityonion-elastic: add more options to so-elastalert-test #1486
https://github.com/Security-Onion-Solutions/security-onion/issues/1486

securityonion-elastic: so-elastalert-test errors if no input provided #1470
https://github.com/Security-Onion-Solutions/security-onion/issues/1470

securityonion-elastic: correct separator in 1122_preprocess_bro_socks.conf #1485
https://github.com/Security-Onion-Solutions/security-onion/issues/1485

securityonion-elastic: update Logstash config to support Wazuh 3.8 agent #1469
https://github.com/Security-Onion-Solutions/security-onion/issues/1469

securityonion-elastic: avoid writing firewall logs to logstash-syslog index #1481
https://github.com/Security-Onion-Solutions/security-onion/issues/1481

securityonion-elastic: remove Wazuh's alerts.json from syslog-ng config #1467
https://github.com/Security-Onion-Solutions/security-onion/issues/1467

securityonion-elastic: update PFSense Logstash config for IPv6 options #1461
https://github.com/Security-Onion-Solutions/security-onion/issues/1461

securityonion-elastic: add so-elastic-document-stats #1459
https://github.com/Security-Onion-Solutions/security-onion/issues/1459

securityonion-elastic: minor fixes to bro logstash filters #1460
https://github.com/Security-Onion-Solutions/security-onion/issues/1460

securityonion-elastic: change wiki to docs #1452
https://github.com/Security-Onion-Solutions/security-onion/issues/1452

securityonion-elastic: if Standalone with 8GB RAM, set ES heap to 1GB #1425
https://github.com/Security-Onion-Solutions/security-onion/issues/1425

securityonion-elastic: move parsing from logstash to elasticsearch ingest for so-import-pcap #1497
https://github.com/Security-Onion-Solutions/security-onion/issues/1497

securityonion-elastic: so-import-pcap should run snort and suricata with checksums disabled #1478
https://github.com/Security-Onion-Solutions/security-onion/issues/1478

securityonion-elastic: minor fixes to so-import-pcap #1458
https://github.com/Security-Onion-Solutions/security-onion/issues/1458

securityonion-elastic: so-import-pcap should create a sguil sensor named HOSTNAME-import #1472
https://github.com/Security-Onion-Solutions/security-onion/issues/1472

so-import-pcap: run Setup if necessary #1480
https://github.com/Security-Onion-Solutions/security-onion/issues/1480

so-import-pcap: avoid merging errors #1430
https://github.com/Security-Onion-Solutions/security-onion/issues/1430

so-import-pcap - improve single pcap use case #1239
https://github.com/Security-Onion-Solutions/security-onion/issues/1239

securityonion-elastic: add translations route to Apache proxy config #1495
https://github.com/Security-Onion-Solutions/security-onion/issues/1495

securityonion-elastic: add built_assets route to Apache proxy config #1494
https://github.com/Security-Onion-Solutions/security-onion/issues/1494

securityonion-elastic: add dlls route to Apache proxy config #1435
https://github.com/Security-Onion-Solutions/security-onion/issues/1435

securityonion-elastic: add socket.io route to Apache proxy config #1437
https://github.com/Security-Onion-Solutions/security-onion/issues/1437

securityonion-elastic: add s route to Apache proxy config #1438
https://github.com/Security-Onion-Solutions/security-onion/issues/1438

securityonion-elastic: ensure update/refresh button is consistent across all Kibana dashboards #1429
https://github.com/Security-Onion-Solutions/security-onion/issues/1429

Kibana: HIDS Alerts Dashboard - Replace syslog-host_from with agent.name #1442
https://github.com/Security-Onion-Solutions/security-onion/issues/1442

securityonion-elastic: DHCP dashboard has different darkTheme behavior than others #1516
https://github.com/Security-Onion-Solutions/security-onion/issues/1516

securityonion-elastic: modify fields for Bro socks log #1517
https://github.com/Security-Onion-Solutions/security-onion/issues/1517

securityonion-elastic: fix so-elasticsearch-template-create #1518
https://github.com/Security-Onion-Solutions/security-onion/issues/1518

Thanks
Thanks to the Elastic team for Elastic 6.7.2!
Thanks to Wes Lambert and Dustin Lee for testing!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Conference
Please mark your calendar! Security Onion Conference 2019 will be on Friday, October 4, 2019 and registration will open July 18! CFP is open now and we want to hear from you!
https://blog.securityonion.net/2019/04/security-onion-conference-2019-cfp.html

Training
We have 4-day Security Onion Training classes coming up in Costa Mesa CA and Columbia MD!  Use promotional code earlybird for 10% off the Columbia MD classes for a limited time.  If you can't make it to an onsite class, we have a new online training platform.  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Documentation
We've got a brand new documentation site!  Please let us know if anything needs to be updated:
https://securityonion.net/docs

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Thanks!

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.