Thursday, July 25, 2019

Security Onion Hybrid Hunter 1.1.0 ALPHA Available for Testing!

We recently announced Security Onion Hybrid Hunter:
https://blog.securityonion.net/2018/11/security-onion-hybrid-hunter-101-tech.html

We're excited to announce that Hybrid Hunter 1.1.0 is now available for testing and is considered our ALPHA release!
https://github.com/Security-Onion-Solutions/securityonion-saltstack/blob/master/README.md


Major highlights of this ALPHA release:


  • Alpha is here!! Check out the Hybrid Hunter Quick Start Guide.
  • There is a new PCAP interface called Sensoroni. You can pivot directly from Kibana to Sensoroni via the _id field.
  • Bond interface setup now uses nmcli for better compatibility in the network based setup script.
  • Filebeat traffic for HH components now use a separate port (5644). This will allow you to send Beats to the default port (5044) and choose how you want to secure it. It is still recommended to use full SSL via Filebeat and if you already have this set up you will need to change to port 5044. We will continue to refine this in future versions.
  • Authentication is now enabled by default for all the web based components. There will be some major changes before we get to BETA with how authentication in general is handled due to Elastic "Features" and other components.
  • Add users to the web interface via so-user-add and follow the prompts.
  • so-allow now exists to make your life easier.
  • Bro 2.6.2.
  • All Docker images were updated to reflect Alpha status.
  • Disabled DEBUG logging on a lot of components to reduce space usage.
  • Added a rule update cron job so the master pulls new rules down every day at 7AM UTC.
  • You can now manually run a rule update using the so-rule-update command.


Thanks to the following for all of their work on this release!
Mike Reeves
Wes Lambert
Dustin Lee
Josh Brower
William Wernert

And special thanks to Jason Ertel for his work on Sensoroni!

Screenshots

Pivoting from Kibana to Sensoroni 
Sensoroni showing overview of pcap data


Sensoroni showing detail of pcap data

Sensoroni showing ASCII transcript of pcap data

securityonion-rule-update - 20151201-1ubuntu1securityonion19 now available for Security Onion!

securityonion-rule-update - 20151201-1ubuntu1securityonion19 is now available for Security Onion!  This package should resolve the following issues:

rule-update ossec backup local rules issue #1572
https://github.com/Security-Onion-Solutions/security-onion/issues/1572

rule-update: if non-master and salt is enabled, then just run state.highstate #1574
https://github.com/Security-Onion-Solutions/security-onion/issues/1574

rule-update: Add white_list.rules and black_list.rules to worker sync #1577
https://github.com/Security-Onion-Solutions/security-onion/issues/1577

Thanks
Thanks to Matt Svensson for submitting the following Pull Request:
https://github.com/Security-Onion-Solutions/securityonion-rule-update/pull/9

Thanks to Wes Lambert for testing!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Conference
Registration is now open for Security Onion Conference 2019 on Friday, October 4, 2019!
https://socaugusta2019.eventbrite.com/

Documentation
We've got a brand new documentation site!  Please let us know if anything needs to be updated:
https://securityonion.net/docs

Also, we're now offering a printed copy of our official documentation with foreword by Richard Bejtlich and proceeds going to Rural Technology Fund!
https://securityonion.net/book

Training
Security Onion Solutions is the only official authorized training provider for Security Onion and we have 4-day Security Onion Training classes coming up in Columbia MD and Augusta GA!  If you can't make it to an onsite class, we have a new online training platform.  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Thanks!

Thursday, July 18, 2019

Registration is now open for Security Onion Conference 2019 in beautiful Augusta GA!

Security Onion Conference is now in its sixth year!  You can see pictures, videos, and slides from previous years at https://securityonion.net/conference.

As always, we've got some great speakers lined up to talk about some really cool topics.  And you don't want to miss hearing about the latest in Security Onion development!

For more information and to register, please see:
https://socaugusta2019.eventbrite.com

Security Onion Conference 2018

Tuesday, July 2, 2019

securityonion-sostat - 20120722-0ubuntu0securityonion128 now available for Security Onion!

securityonion-sostat - 20120722-0ubuntu0securityonion128 is now available for Security Onion!  This package should resolve the following issues:

soup: if snort or suricata are updated, remind user to run rule-update #1536
https://github.com/Security-Onion-Solutions/security-onion/issues/1536

soup: if Wazuh is updated, remind user to review ossec.conf and update Wazuh agents #1544
https://github.com/Security-Onion-Solutions/security-onion/issues/1544

Thanks
Thanks to Wes Lambert for testing!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Conference
Please mark your calendar! Security Onion Conference 2019 will be on Friday, October 4, 2019 and registration will open July 18!
https://securityonion.net/conference

Documentation
We've got a brand new documentation site!  Please let us know if anything needs to be updated:
https://securityonion.net/docs

Also, we're now offering a printed copy of our official documentation with foreword by Richard Bejtlich and proceeds going to Rural Technology Fund:
https://securityonion.net/book

Training
We have 4-day Security Onion Training classes coming up in Columbia MD and Augusta GA!  If you can't make it to an onsite class, we have a new online training platform.  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Thanks!