Wednesday, February 5, 2020

Zeek 3.0.1, Elastic 6.8.6, and CyberChef 9.12.0 now available for Security Onion!

The following updates are now available for Security Onion!

Elastic 6.8.6 Docker images
securityonion-bro - 3.0.1-1ubuntu1securityonion10 (Zeek 3.0.1)
securityonion-bro-afpacket - 1.3.0-1ubuntu1securityonion17
securityonion-bro-scripts - 20121004-0ubuntu0securityonion100
securityonion-elastic - 20190510-1ubuntu1securityonion83
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion225
securityonion-onionsalt - 20140917-0ubuntu0securityonion28
securityonion-samples-bro - 20170824-1ubuntu1securityonion4
securityonion-setup - 20120912-0ubuntu0securityonion325
securityonion-sostat - 20120722-0ubuntu0securityonion141
securityonion-tcpudpflow - 001-0ubuntu0securityonion10
securityonion-web-page - 20141015-0ubuntu0securityonion105

These updates should resolve the following issues:

Zeek 3.0.1 #1645

Elastic 6.8.6 #1684

CyberChef 9.12.0 #1689

securityonion-bro-scripts: migrate from Bro to Zeek #1683

securityonion-bro-scripts: remove conn-add-country #1630

securityonion-bro-scripts: improve postinst to avoid errors when reinstalling #1711

securityonion-bro-scripts: add cve-2020-0601 script #1709

securityonion-samples-bro: add cve-2020-0601 pcaps #1710

securityonion-elastic: update parsers for Zeek 3 #1680

securityonion-elastic: improve logstash parser for pfsense filterlog #1696

securityonion-elastic: update dashboards for Zeek migration #1685

securityonion-elastic: Update Kibana dashboard for firewall logs #1697

securityonion-elastic: add elasticsearch ingest parser for pfsense filterlog #1698

securityonion-elastic: elasticsearch ingest pipelines need to support "ips" fields #1666

securityonion-elastic: update dns domain info for elasticsearch ingest #1667

securityonion-elastic: improve support for custom ingest parsers #1671

securityonion-elastic: Docker daemon.json conflict #1674

securityonion-elastic: improve postinst update check #1699

securityonion-elastic: migrate script.* settings from elasticsearch.yml.bak to elasticsearch.yml #1676

securityonion-elastic: container status scripts should check system uptime before declaring fail #1686

securityonion-elastic: Bro HTTP Logs "user" field not mapped in Elasticsearch template #1672

securityonion-elastic: so-elastic-start times out waiting for elasticsearch #1695

Elastalert - Update new_term.yaml #1706

securityonion-onionsalt: replicate /etc/elasticsearch/custom #1693

securityonion-sostat: migrate from Bro to Zeek #1692

NSM: change Bro references to Zeek #1682

NSM: increase timeout in /etc/systemd/system/securityonion.service #1708

NSM: broctl and zeekctl need to check if parameters were passed #1713

Docs: Change bro to zeek #1690

Setup: change #inter#face to #interface #1675

Setup: change Bro references to Zeek #1681

securityonion-tcpudpflow: update for Zeek #1700

securityonion-web-page: change bro to zeek #1687

securityonion-web-page: update docs and cheat sheet for #1688

Test Zeek 3.0.1, Elastic 6.8.6, and related updates #1691

Thanks to the Zeek team for Zeek 3.0.1!
Thanks to the Elastic team for Elastic 6.8.6!
Thanks to the CyberChef team for CyberChef 9.12.0!
Thanks to the following for testing and QA!
Bryant Treacle
Wes Lambert
Josh Brower
Chris Cuevas

Please see the following page for full update instructions:

Since we are transitioning from Bro to Zeek, Bro will automatically stop before the packages are upgraded.  Once soup completes, double-check your Bro/Zeek configuration and then restart Zeek:
sudo so-zeek-restart

Need support?  Please see:

You can find our documentation here:

Also, we're now offering a printed copy of our official documentation with foreword by Richard Bejtlich and proceeds going to Rural Technology Fund:

Security Onion Solutions is the only official authorized training provider for Security Onion and we have 4-day Basic and 4-day Advanced onsite training classes.  We also offer online classes as well.  For more information, please see:

We now offer hardware appliances!  For more information, please see:


No comments:

Search This Blog

Featured Post

Top 5 Reasons to Sign Up for our 4-day Security Onion Fundamentals for Analysts & Admins Class in June 2024

Security Onion Solutions has been teaching Security Onion classes since 2014. Since that time, we've taught students around the globe to...

Popular Posts

Blog Archive