Tuesday, November 26, 2019

securityonion-setup - 20120912-0ubuntu0securityonion316 now available for Security Onion!

securityonion-setup - 20120912-0ubuntu0securityonion316 is now available for Security Onion!

This update should resolve the following issues:

Setup: remind user to keep LOG_SIZE_LIMIT under 90% #1659
https://github.com/Security-Onion-Solutions/security-onion/issues/1659

securityonion-setup: include SOSTATADDRESS in so-email.conf #1665
https://github.com/Security-Onion-Solutions/security-onion/issues/1665

Thanks
Thanks to Wes Lambert for his work on improving and testing this package!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Documentation
We've got a new documentation site!  Please let us know if anything needs to be updated:
https://securityonion.net/docs

Also, we're now offering a printed copy of our official documentation with foreword by Richard Bejtlich and proceeds going to Rural Technology Fund:
https://securityonion.net/book

Training
Security Onion Solutions is the only official authorized training provider for Security Onion and we have 4-day Basic and 4-day Advanced onsite training classes.  We also offer online classes as well.  For more information, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Thanks!

securityonion-sostat - 20120722-0ubuntu0securityonion136 now available for Security Onion!

securityonion-sostat - 20120722-0ubuntu0securityonion136 is now available for Security Onion! 

This update should resolve the following issue:

securityonion-sostat: calculate suricata packet loss as percentage #1663
https://github.com/Security-Onion-Solutions/security-onion/issues/1663

Thanks
Thanks to Wes Lambert for his work on improving and testing this package!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Documentation
We've got a new documentation site!  Please let us know if anything needs to be updated:
https://securityonion.net/docs

Also, we're now offering a printed copy of our official documentation with foreword by Richard Bejtlich and proceeds going to Rural Technology Fund:
https://securityonion.net/book

Training
Security Onion Solutions is the only official authorized training provider for Security Onion and we have 4-day Basic and 4-day Advanced onsite training classes.  We also offer online classes as well.  For more information, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Thanks!

Monday, November 25, 2019

Elastic 6.8.4 now available for Security Onion!

The following updates are now available for Security Onion!
Elastic 6.8.4 Docker images
securityonion-elastic - 20190510-1ubuntu1securityonion69

These updates should resolve the following issues:

Elastic 6.8.4 #1634
https://github.com/Security-Onion-Solutions/security-onion/issues/1634

Curator: move from pip to yum #1638
https://github.com/Security-Onion-Solutions/security-onion/issues/1638

Logstash: add prune filter #1639
https://github.com/Security-Onion-Solutions/security-onion/issues/1639

securityonion-docker: so-elastalert - update to Python 3 #1629
https://github.com/Security-Onion-Solutions/security-onion/issues/1629

securityonion-elastic: update /etc/apt/preferences.d/securityonion-docker #1653
https://github.com/Security-Onion-Solutions/security-onion/issues/1653

securityonion-elastic: so-kibana-start needs to wait on .kibana shard #1655
https://github.com/Security-Onion-Solutions/security-onion/issues/1655

securityonion-elastic: add elasticsearch index scripts #1636
https://github.com/Security-Onion-Solutions/security-onion/issues/1636

securityonion-elastic: reconcile additional geo fields in ingest node #1640
https://github.com/Security-Onion-Solutions/security-onion/issues/1640

securityonion-elastic: so-elasticsearch-pipelines should update parsers in place without removing #1649
https://github.com/Security-Onion-Solutions/security-onion/issues/1649

securityonion-elastic: master logstash output to redis should be batched by default #1661
https://github.com/Security-Onion-Solutions/security-onion/issues/1661

securityonion-elastic: storage node redis input should be batched by default #1662
https://github.com/Security-Onion-Solutions/security-onion/issues/1662

so-elastic-auth: add more guidance #1635
https://github.com/Security-Onion-Solutions/security-onion/issues/1635

so-import-pcap: only decrease ES heap if less than 9GB RAM #1642
https://github.com/Security-Onion-Solutions/security-onion/issues/1642

Thanks
Thanks to the Elastic team for Elastic 6.8.4!
Thanks to the following for testing and QA!
Bryant Treacle
Wes Lambert
Josh Brower
Kris Springer

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Documentation
We've got a new documentation site!  Please let us know if anything needs to be updated:
https://securityonion.net/docs

Also, we're now offering a printed copy of our official documentation with foreword by Richard Bejtlich and proceeds going to Rural Technology Fund:
https://securityonion.net/book

Training
Security Onion Solutions is the only official authorized training provider for Security Onion and we have 4-day Basic and 4-day Advanced onsite training classes.  We also offer online classes as well.  For more information, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Thanks!

Monday, November 4, 2019

securityonion-sostat - 20120722-0ubuntu0securityonion134 now available for Security Onion!

securityonion-sostat - 20120722-0ubuntu0securityonion134 is now available for Security Onion!  This package resolves the following issue:

securityonion-sostat: check for syslog-ng drops #1660
https://github.com/Security-Onion-Solutions/security-onion/issues/1660

Thanks
Thanks to Wes Lambert for testing!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Documentation
We've got a new documentation site!  Please let us know if anything needs to be updated:
https://securityonion.net/docs

Also, we're now offering a printed copy of our official documentation with foreword by Richard Bejtlich and proceeds going to Rural Technology Fund:
https://securityonion.net/book

Training
Security Onion Solutions is the only official authorized training provider for Security Onion and we have 4-day Basic and 4-day Advanced onsite training classes.  We also offer online classes as well.  For more information, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Thanks!