Thursday, July 25, 2019

Security Onion Hybrid Hunter 1.1.0 ALPHA Available for Testing!

We recently announced Security Onion Hybrid Hunter:

We're excited to announce that Hybrid Hunter 1.1.0 is now available for testing and is considered our ALPHA release!

Major highlights of this ALPHA release:

  • Alpha is here!! Check out the Hybrid Hunter Quick Start Guide.
  • There is a new PCAP interface called Sensoroni. You can pivot directly from Kibana to Sensoroni via the _id field.
  • Bond interface setup now uses nmcli for better compatibility in the network based setup script.
  • Filebeat traffic for HH components now use a separate port (5644). This will allow you to send Beats to the default port (5044) and choose how you want to secure it. It is still recommended to use full SSL via Filebeat and if you already have this set up you will need to change to port 5044. We will continue to refine this in future versions.
  • Authentication is now enabled by default for all the web based components. There will be some major changes before we get to BETA with how authentication in general is handled due to Elastic "Features" and other components.
  • Add users to the web interface via so-user-add and follow the prompts.
  • so-allow now exists to make your life easier.
  • Bro 2.6.2.
  • All Docker images were updated to reflect Alpha status.
  • Disabled DEBUG logging on a lot of components to reduce space usage.
  • Added a rule update cron job so the master pulls new rules down every day at 7AM UTC.
  • You can now manually run a rule update using the so-rule-update command.

Thanks to the following for all of their work on this release!
Mike Reeves
Wes Lambert
Dustin Lee
Josh Brower
William Wernert

And special thanks to Jason Ertel for his work on Sensoroni!


Pivoting from Kibana to Sensoroni 
Sensoroni showing overview of pcap data

Sensoroni showing detail of pcap data

Sensoroni showing ASCII transcript of pcap data

securityonion-rule-update - 20151201-1ubuntu1securityonion19 now available for Security Onion!

securityonion-rule-update - 20151201-1ubuntu1securityonion19 is now available for Security Onion!  This package should resolve the following issues:

rule-update ossec backup local rules issue #1572

rule-update: if non-master and salt is enabled, then just run state.highstate #1574

rule-update: Add white_list.rules and black_list.rules to worker sync #1577

Thanks to Matt Svensson for submitting the following Pull Request:

Thanks to Wes Lambert for testing!

Please see the following page for full update instructions:

Registration is now open for Security Onion Conference 2019 on Friday, October 4, 2019!

We've got a brand new documentation site!  Please let us know if anything needs to be updated:

Also, we're now offering a printed copy of our official documentation with foreword by Richard Bejtlich and proceeds going to Rural Technology Fund!

Security Onion Solutions is the only official authorized training provider for Security Onion and we have 4-day Security Onion Training classes coming up in Columbia MD and Augusta GA!  If you can't make it to an onsite class, we have a new online training platform.  For more information and other training options, please see:

We now offer hardware appliances!  For more information, please see:

Need support?  Please see:


Thursday, July 18, 2019

Registration is now open for Security Onion Conference 2019 in beautiful Augusta GA!

Security Onion Conference is now in its sixth year!  You can see pictures, videos, and slides from previous years at

As always, we've got some great speakers lined up to talk about some really cool topics.  And you don't want to miss hearing about the latest in Security Onion development!

For more information and to register, please see:

Security Onion Conference 2018

Tuesday, July 2, 2019

securityonion-sostat - 20120722-0ubuntu0securityonion128 now available for Security Onion!

securityonion-sostat - 20120722-0ubuntu0securityonion128 is now available for Security Onion!  This package should resolve the following issues:

soup: if snort or suricata are updated, remind user to run rule-update #1536

soup: if Wazuh is updated, remind user to review ossec.conf and update Wazuh agents #1544

Thanks to Wes Lambert for testing!

Please see the following page for full update instructions:

Please mark your calendar! Security Onion Conference 2019 will be on Friday, October 4, 2019 and registration will open July 18!

We've got a brand new documentation site!  Please let us know if anything needs to be updated:

Also, we're now offering a printed copy of our official documentation with foreword by Richard Bejtlich and proceeds going to Rural Technology Fund:

We have 4-day Security Onion Training classes coming up in Columbia MD and Augusta GA!  If you can't make it to an onsite class, we have a new online training platform.  For more information and other training options, please see:

We now offer hardware appliances!  For more information, please see:

Need support?  Please see:


Search This Blog

Featured Post

Early Bird Discount for upcoming Security Onion Detection Engineering and Analysis training class

Security Onion Detection Engineering and Analysis In-Depth Tuesday, July 22, 2025 through Friday, July 25, 2025 in Columbia MD Use the follo...

Popular Posts

Blog Archive