Wednesday, February 5, 2020

Zeek 3.0.1, Elastic 6.8.6, and CyberChef 9.12.0 now available for Security Onion!

The following updates are now available for Security Onion!

Elastic 6.8.6 Docker images
securityonion-bro - 3.0.1-1ubuntu1securityonion10 (Zeek 3.0.1)
securityonion-bro-afpacket - 1.3.0-1ubuntu1securityonion17
securityonion-bro-scripts - 20121004-0ubuntu0securityonion100
securityonion-elastic - 20190510-1ubuntu1securityonion83
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion225
securityonion-onionsalt - 20140917-0ubuntu0securityonion28
securityonion-samples-bro - 20170824-1ubuntu1securityonion4
securityonion-setup - 20120912-0ubuntu0securityonion325
securityonion-sostat - 20120722-0ubuntu0securityonion141
securityonion-tcpudpflow - 001-0ubuntu0securityonion10
securityonion-web-page - 20141015-0ubuntu0securityonion105

These updates should resolve the following issues:

Zeek 3.0.1 #1645
https://github.com/Security-Onion-Solutions/security-onion/issues/1645

Elastic 6.8.6 #1684
https://github.com/Security-Onion-Solutions/security-onion/issues/1684

CyberChef 9.12.0 #1689
https://github.com/Security-Onion-Solutions/security-onion/issues/1689

securityonion-bro-scripts: migrate from Bro to Zeek #1683
https://github.com/Security-Onion-Solutions/security-onion/issues/1683

securityonion-bro-scripts: remove conn-add-country #1630
https://github.com/Security-Onion-Solutions/security-onion/issues/1630

securityonion-bro-scripts: improve postinst to avoid errors when reinstalling #1711
https://github.com/Security-Onion-Solutions/security-onion/issues/1711

securityonion-bro-scripts: add cve-2020-0601 script #1709
https://github.com/Security-Onion-Solutions/security-onion/issues/1709

securityonion-samples-bro: add cve-2020-0601 pcaps #1710
https://github.com/Security-Onion-Solutions/security-onion/issues/1710

securityonion-elastic: update parsers for Zeek 3 #1680
https://github.com/Security-Onion-Solutions/security-onion/issues/1680

securityonion-elastic: improve logstash parser for pfsense filterlog #1696
https://github.com/Security-Onion-Solutions/security-onion/issues/1696

securityonion-elastic: update dashboards for Zeek migration #1685
https://github.com/Security-Onion-Solutions/security-onion/issues/1685

securityonion-elastic: Update Kibana dashboard for firewall logs #1697
https://github.com/Security-Onion-Solutions/security-onion/issues/1697

securityonion-elastic: add elasticsearch ingest parser for pfsense filterlog #1698
https://github.com/Security-Onion-Solutions/security-onion/issues/1698

securityonion-elastic: elasticsearch ingest pipelines need to support "ips" fields #1666
https://github.com/Security-Onion-Solutions/security-onion/issues/1666

securityonion-elastic: update dns domain info for elasticsearch ingest #1667
https://github.com/Security-Onion-Solutions/security-onion/issues/1667

securityonion-elastic: improve support for custom ingest parsers #1671
https://github.com/Security-Onion-Solutions/security-onion/issues/1671

securityonion-elastic: Docker daemon.json conflict #1674
https://github.com/Security-Onion-Solutions/security-onion/issues/1674

securityonion-elastic: improve postinst update check #1699
https://github.com/Security-Onion-Solutions/security-onion/issues/1699

securityonion-elastic: migrate script.* settings from elasticsearch.yml.bak to elasticsearch.yml #1676
https://github.com/Security-Onion-Solutions/security-onion/issues/1676

securityonion-elastic: container status scripts should check system uptime before declaring fail #1686
https://github.com/Security-Onion-Solutions/security-onion/issues/1686

securityonion-elastic: Bro HTTP Logs "user" field not mapped in Elasticsearch template #1672
https://github.com/Security-Onion-Solutions/security-onion/issues/1672

securityonion-elastic: so-elastic-start times out waiting for elasticsearch #1695
https://github.com/Security-Onion-Solutions/security-onion/issues/1695

Elastalert - Update new_term.yaml #1706
https://github.com/Security-Onion-Solutions/security-onion/issues/1706

securityonion-onionsalt: replicate /etc/elasticsearch/custom #1693
https://github.com/Security-Onion-Solutions/security-onion/issues/1693

securityonion-sostat: migrate from Bro to Zeek #1692
https://github.com/Security-Onion-Solutions/security-onion/issues/1692

NSM: change Bro references to Zeek #1682
https://github.com/Security-Onion-Solutions/security-onion/issues/1682

NSM: increase timeout in /etc/systemd/system/securityonion.service #1708
https://github.com/Security-Onion-Solutions/security-onion/issues/1708

NSM: broctl and zeekctl need to check if parameters were passed #1713
https://github.com/Security-Onion-Solutions/security-onion/issues/1713

Docs: Change bro to zeek #1690
https://github.com/Security-Onion-Solutions/security-onion/issues/1690

Setup: change #inter#face to #interface #1675
https://github.com/Security-Onion-Solutions/security-onion/issues/1675

Setup: change Bro references to Zeek #1681
https://github.com/Security-Onion-Solutions/security-onion/issues/1681

securityonion-tcpudpflow: update for Zeek #1700
https://github.com/Security-Onion-Solutions/security-onion/issues/1700

securityonion-web-page: change bro to zeek #1687
https://github.com/Security-Onion-Solutions/security-onion/issues/1687

securityonion-web-page: update docs and cheat sheet for 16.04.6.4 #1688
https://github.com/Security-Onion-Solutions/security-onion/issues/1688

Test Zeek 3.0.1, Elastic 6.8.6, and related updates #1691
https://github.com/Security-Onion-Solutions/security-onion/issues/1691

Thanks
Thanks to the Zeek team for Zeek 3.0.1!
Thanks to the Elastic team for Elastic 6.8.6!
Thanks to the CyberChef team for CyberChef 9.12.0!
Thanks to the following for testing and QA!
Bryant Treacle
Wes Lambert
Josh Brower
Chris Cuevas

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Since we are transitioning from Bro to Zeek, Bro will automatically stop before the packages are upgraded.  Once soup completes, double-check your Bro/Zeek configuration and then restart Zeek:
sudo so-zeek-restart

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Documentation
You can find our documentation here:
https://securityonion.net/docs

Also, we're now offering a printed copy of our official documentation with foreword by Richard Bejtlich and proceeds going to Rural Technology Fund:
https://securityonion.net/book

Training
Security Onion Solutions is the only official authorized training provider for Security Onion and we have 4-day Basic and 4-day Advanced onsite training classes.  We also offer online classes as well.  For more information, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://securityonionsolutions.com

Thanks!

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.