Elastic 6.8.6 Docker images
securityonion-bro - 3.0.1-1ubuntu1securityonion10 (Zeek 3.0.1)
securityonion-bro-afpacket - 1.3.0-1ubuntu1securityonion17
securityonion-bro-scripts - 20121004-0ubuntu0securityonion100
securityonion-elastic - 20190510-1ubuntu1securityonion83
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion225
securityonion-onionsalt - 20140917-0ubuntu0securityonion28
securityonion-samples-bro - 20170824-1ubuntu1securityonion4
securityonion-setup - 20120912-0ubuntu0securityonion325
securityonion-sostat - 20120722-0ubuntu0securityonion141
securityonion-tcpudpflow - 001-0ubuntu0securityonion10
securityonion-web-page - 20141015-0ubuntu0securityonion105
These updates should resolve the following issues:
Zeek 3.0.1 #1645
https://github.com/Security-Onion-Solutions/security-onion/issues/1645
Elastic 6.8.6 #1684
https://github.com/Security-Onion-Solutions/security-onion/issues/1684
CyberChef 9.12.0 #1689
https://github.com/Security-Onion-Solutions/security-onion/issues/1689
securityonion-bro-scripts: migrate from Bro to Zeek #1683
https://github.com/Security-Onion-Solutions/security-onion/issues/1683
securityonion-bro-scripts: remove conn-add-country #1630
https://github.com/Security-Onion-Solutions/security-onion/issues/1630
securityonion-bro-scripts: improve postinst to avoid errors when reinstalling #1711
https://github.com/Security-Onion-Solutions/security-onion/issues/1711
securityonion-bro-scripts: add cve-2020-0601 script #1709
https://github.com/Security-Onion-Solutions/security-onion/issues/1709
securityonion-samples-bro: add cve-2020-0601 pcaps #1710
https://github.com/Security-Onion-Solutions/security-onion/issues/1710
securityonion-elastic: update parsers for Zeek 3 #1680
https://github.com/Security-Onion-Solutions/security-onion/issues/1680
securityonion-elastic: improve logstash parser for pfsense filterlog #1696
https://github.com/Security-Onion-Solutions/security-onion/issues/1696
securityonion-elastic: update dashboards for Zeek migration #1685
https://github.com/Security-Onion-Solutions/security-onion/issues/1685
securityonion-elastic: Update Kibana dashboard for firewall logs #1697
https://github.com/Security-Onion-Solutions/security-onion/issues/1697
securityonion-elastic: add elasticsearch ingest parser for pfsense filterlog #1698
https://github.com/Security-Onion-Solutions/security-onion/issues/1698
securityonion-elastic: elasticsearch ingest pipelines need to support "ips" fields #1666
https://github.com/Security-Onion-Solutions/security-onion/issues/1666
securityonion-elastic: update dns domain info for elasticsearch ingest #1667
https://github.com/Security-Onion-Solutions/security-onion/issues/1667
securityonion-elastic: improve support for custom ingest parsers #1671
https://github.com/Security-Onion-Solutions/security-onion/issues/1671
securityonion-elastic: Docker daemon.json conflict #1674
https://github.com/Security-Onion-Solutions/security-onion/issues/1674
securityonion-elastic: improve postinst update check #1699
https://github.com/Security-Onion-Solutions/security-onion/issues/1699
securityonion-elastic: migrate script.* settings from elasticsearch.yml.bak to elasticsearch.yml #1676
https://github.com/Security-Onion-Solutions/security-onion/issues/1676
securityonion-elastic: container status scripts should check system uptime before declaring fail #1686
https://github.com/Security-Onion-Solutions/security-onion/issues/1686
securityonion-elastic: Bro HTTP Logs "user" field not mapped in Elasticsearch template #1672
https://github.com/Security-Onion-Solutions/security-onion/issues/1672
securityonion-elastic: so-elastic-start times out waiting for elasticsearch #1695
https://github.com/Security-Onion-Solutions/security-onion/issues/1695
Elastalert - Update new_term.yaml #1706
https://github.com/Security-Onion-Solutions/security-onion/issues/1706
securityonion-onionsalt: replicate /etc/elasticsearch/custom #1693
https://github.com/Security-Onion-Solutions/security-onion/issues/1693
securityonion-sostat: migrate from Bro to Zeek #1692
https://github.com/Security-Onion-Solutions/security-onion/issues/1692
NSM: change Bro references to Zeek #1682
https://github.com/Security-Onion-Solutions/security-onion/issues/1682
NSM: increase timeout in /etc/systemd/system/securityonion.service #1708
https://github.com/Security-Onion-Solutions/security-onion/issues/1708
NSM: broctl and zeekctl need to check if parameters were passed #1713
https://github.com/Security-Onion-Solutions/security-onion/issues/1713
Docs: Change bro to zeek #1690
https://github.com/Security-Onion-Solutions/security-onion/issues/1690
Setup: change #inter#face to #interface #1675
https://github.com/Security-Onion-Solutions/security-onion/issues/1675
Setup: change Bro references to Zeek #1681
https://github.com/Security-Onion-Solutions/security-onion/issues/1681
securityonion-tcpudpflow: update for Zeek #1700
https://github.com/Security-Onion-Solutions/security-onion/issues/1700
securityonion-web-page: change bro to zeek #1687
https://github.com/Security-Onion-Solutions/security-onion/issues/1687
securityonion-web-page: update docs and cheat sheet for 16.04.6.4 #1688
https://github.com/Security-Onion-Solutions/security-onion/issues/1688
Test Zeek 3.0.1, Elastic 6.8.6, and related updates #1691
https://github.com/Security-Onion-Solutions/security-onion/issues/1691
Thanks
Thanks to the Zeek team for Zeek 3.0.1!
Thanks to the Elastic team for Elastic 6.8.6!
Thanks to the CyberChef team for CyberChef 9.12.0!
Thanks to the following for testing and QA!
Bryant Treacle
Wes Lambert
Josh Brower
Chris Cuevas
Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade
Since we are transitioning from Bro to Zeek, Bro will automatically stop before the packages are upgraded. Once soup completes, double-check your Bro/Zeek configuration and then restart Zeek:
sudo so-zeek-restart
Support
Need support? Please see:
https://securityonion.net/docs/Support
Documentation
You can find our documentation here:
https://securityonion.net/docs
Also, we're now offering a printed copy of our official documentation with foreword by Richard Bejtlich and proceeds going to Rural Technology Fund:
https://securityonion.net/book
Training
Security Onion Solutions is the only official authorized training provider for Security Onion and we have 4-day Basic and 4-day Advanced onsite training classes. We also offer online classes as well. For more information, please see:
https://securityonionsolutions.com
Appliances
We now offer hardware appliances! For more information, please see:
https://securityonionsolutions.com
Thanks!
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.