Our Security Onion 16.04.6.5 ISO image is now available!
|
Security Onion 16.04.6.5 boot menu |
Major Changes Since Last ISO Image
Zeek 3.0.3
Suricata 4.1.7
Elastic 6.8.7
CyberChef 9.18.2
Thanks
Thanks to Bryant Treacle for testing this ISO image!
Package Updates
This release also includes the following updated packages:
securityonion-setup - 20120912-0ubuntu0securityonion327
securityonion-web-page - 20141015-0ubuntu0securityonion106
pinguybuilder - 20180514-1ubuntu1securityonion22
securityonion-iso - 20151016-1ubuntu1securityonion35
These packages resolve the following issues:
sosetup-minimal: remove old check for securityonion_ssh.conf #1731
https://github.com/Security-Onion-Solutions/security-onion/issues/1731
sosetup: new production deployments should default to LOGSTASH_MINIMAL #1732
https://github.com/Security-Onion-Solutions/security-onion/issues/1732
sosetup-minimal: improve service check #1738
https://github.com/Security-Onion-Solutions/security-onion/issues/1738
sosetup: set LOGSTASH_MINIMAL if running sosetup-minimal #1739
https://github.com/Security-Onion-Solutions/security-onion/issues/1739
cheat sheet: convert to two pages #1717
https://github.com/Security-Onion-Solutions/security-onion/issues/1717
Docs: add new cloud documentation #1733
https://github.com/Security-Onion-Solutions/security-onion/issues/1733
CyberChef 9.18.2 #1730
https://github.com/Security-Onion-Solutions/security-onion/issues/1730
securityonion-iso: latest chromium-browser packages #1721
https://github.com/Security-Onion-Solutions/security-onion/issues/1721
pinguybuilder: increment version to 16.04.6.5 #1736
https://github.com/Security-Onion-Solutions/security-onion/issues/1736
Production Mode Now Defaults to LOGSTASH_MINIMAL For New Deployments
Please note that the new version of Setup now defaults to LOGSTASH_MINIMAL for new Production Mode deployments. LOGSTASH_MINIMAL means that Logstash transports unparsed logs to Elasticsearch where they are parsed using ingest node parsing, which results in better performance. Here are a few examples:
- If you choose Production Mode and New to create a master server, then Setup will set LOGSTASH_MINIMAL in /etc/nsm/securityonion.conf on your master server.
- If you then add a storage node to that master server, it will inherit the LOGSTASH_MINIMAL setting from the master server.
- If you have an existing deployment without LOGSTASH_MINIMAL (traditional Logstash parsing), then if you add new nodes they will continue using traditional Logstash parsing.
- Evaluation Mode is unchanged and will continue to use traditional Logstash parsing.
Issues Resolved
For a list of all issues resolved in this release, please see:
https://github.com/Security-Onion-Solutions/security-onion/projects/11
Release Notes
For more information about this release, please see:
https://securityonion.net/docs/release-notes.html
Installation Guide
We've updated the Installation guide to reflect the download locations for the new ISO image:
https://securityonion.net/docs/installation.html
Existing Deployments
If you have existing 16.04 installations, there is no need to download the new ISO image. You can simply continue using our standard update process to install updated packages as they are made available:
https://securityonion.net/docs/Upgrade
If you have existing installations of Security Onion 14.04, you can upgrade from 14.04 to 16.04:
https://securityonion.net/docs/upgrading-from-14.04-to-16.04.html
Documentation
You can find our documentation here:
https://securityonion.net/docs
Also, we're now offering a printed copy of our official documentation with foreword by Richard Bejtlich and proceeds going to Rural Technology Fund:
https://securityonion.net/book
Support
Need support? Please see:
https://securityonion.net/docs/Support
Training
Security Onion Solutions is the only official authorized training provider for Security Onion:
https://securityonionsolutions.com
Appliances
We now offer hardware appliances! For more information, please see:
https://securityonionsolutions.com
Screenshot Tour
|
Once the Live Desktop appears, double-click the Install icon and follow the prompts |
|
|
Once you've completed the installer and rebooted, login using the username and password you created in the installer |
|
|
After logging in, you are prompted to run Setup |
|
|
Configure network interfaces |
|
|
If your hostname is securityonion, Setup gives you the opportunity to rename it |
|
|
Configure your network interfaces, reboot, then log back in
|
|
|
Launch Setup again and skip network configuration to go to service configuration |
|
|
Production Mode now defaults to LOGSTASH_MINIMAL for better performance |
|
|
If you choose New to create a master server, Setup will add LOGSTASH_MINIMAL to /etc/nsm/securityonion.conf |
|
In most cases, we recommend choosing Best Practices |
|
Choose your NIDS ruleset |
|
Choose your NIDS engine |
|
Choose to enable or disable network services |
|
Set PF_RING min_num_slots |
|
Verify sniffing interface |
|
Set HOME_NET |
|
Choose to store logs locally or add storage nodes |
|
Allocate storage for Elasticsearch |
|
Confirm all options |
|
Setup complete |
|
Desktop no longer prompts to run Setup and includes icons for analyst applications |
|
|
The README shortcut includes links to the cheat sheet and online and offline documentation |
|
|
CyberChef 9.18.2 |
|
Single Sign On (SSO) for Squert, CapMe, and Kibana |
|
|
Analyze IDS alerts using Squert |
|
|
Retrieve full packet capture with CapMe |
|
|
Kibana Overview Dashboard |
|
|
Help |
|
ElastAlert |
|
HIDS Alerts from OSSEC/Wazuh |
|
NIDS Alerts from Snort or Suricata |
|
Syslog |