Monday, November 30, 2020

Elastic Stack 7.9.3 now available for Security Onion 16.04!

First, please note that Security Onion 16.04 reaches EOL in less than 5 months. Instead of applying this update, most Security Onion 16.04 users should upgrade directly to Security Onion 2:
https://blog.securityonion.net/2020/11/5-month-eol-notice-for-security-onion.html

If you do decide to proceed with this update for Security Onion 16.04, please be reminded of the recent Docker Hub rate limit changes:
https://blog.securityonion.net/2020/10/docker-hub-rate-limits-effective.html

The following updates are now available for Security Onion 16.04!

  • Elastic 7.9.3 Docker images
  • securityonion-capme - 20121213-0ubuntu0securityonion80
  • securityonion-elastic - 20190510-1ubuntu1securityonion124
  • securityonion-setup - 20120912-0ubuntu0securityonion329
  • securityonion-sostat - 20120722-0ubuntu0securityonion146
  • securityonion-web-page - 20141015-0ubuntu0securityonion109

These updates should resolve the following issues:

Elastic 7.9.3 #1782
https://github.com/Security-Onion-Solutions/security-onion/issues/1782

so-elastic-features - improve soup call #1789
https://github.com/Security-Onion-Solutions/security-onion/issues/1789

securityonion-elastic: Migrate indices.* settings for elasticsearch.yml #1786
https://github.com/Security-Onion-Solutions/security-onion/issues/1786

securityonion-elastic: update links to documentation #1801
https://github.com/Security-Onion-Solutions/security-onion/issues/1801

securityonion-sostat: update links to documentation #1794
https://github.com/Security-Onion-Solutions/security-onion/issues/1794

securityonion-web-page: update links to documentation #1799
https://github.com/Security-Onion-Solutions/security-onion/issues/1799

Setup: do not write interfaces if we lack valid contents #1784
https://github.com/Security-Onion-Solutions/security-onion/issues/1784

securityonion-setup: update links to documentation #1800
https://github.com/Security-Onion-Solutions/security-onion/issues/1800

Known Issues

If you get errors in logstash.log like:

 "reason"=>"Failed to parse mapping [doc]: mapper [destination_geo.latitude] cannot be changed from type [long] to [half_float]", "caused_by"=>{"type"=>"illegal_argument_exception", "reason"=>"mapper [destination_geo.latitude] cannot be changed from type [long] to [half_float]"}}}}}

then you may have an old Logstash template and may need to do the following on any node that is running Logstash:

          sudo so-logstash-stop   

curl -XDELETE localhost:9200/_template/logstash 

curl -XDELETE localhost:9200/_template/logstash-*

sudo so-logstash-start

For more information, please see:
https://groups.google.com/g/security-onion/c/6p6Jkr91-kM 

If that doesn't resolve the issue, you may have custom templates in /etc/logstash/custom/ that need to be updated. You’ll need to copy from source and modify as needed.

Thanks

  • Thanks to the Elastic team for Elastic 7.9.3!
  • Thanks to Pete Nelson for submitting fixes for both so-elastic-features and sosetup-network!
  • Thanks to Chris Morgret for testing and QA!

Updating

Please see the following page for full update instructions:
https://docs.securityonion.net/en/16.04/upgrade.html

Support

Need support?  Please see:
https://docs.securityonion.net/en/16.04/support.html

Thanks!


Thursday, November 19, 2020

Security Onion 2.3.10 now available!

We recently released Security Onion 2.3:


Today, we are releasing Security Onion 2.3.10, which resolves a few issues:


Documentation

We've started migrating our documentation to 2.3:


However, this is a work in progress and some documentation may be missing or incorrect. Please let us know if you notice any issues.

Known Issues


New Installations

If you want to do a new installation, please review the 2.3 documentation and then you can find instructions here:


Existing 2.x Installations

If you have an existing 2.3 GA installation, please see:


If you have an existing 2.x Release Candidate (RC1, RC2, or RC3) installation, please see the in-place upgrade notes here:


Security Onion 16.04 EOL

Ubuntu 16.04 reaches EOL in April 2021 and so therefore Security Onion 16.04 does as well. Please make plans to replace or upgrade any existing Security Onion 16.04 deployments before then:

https://blog.securityonion.net/2020/11/5-month-eol-notice-for-security-onion.html

Upgrading from Security Onion 16.04

If you're currently running Security Onion 16.04, please see the following for upgrade options:


Questions or Problems

If you have questions or problems, please see our community support forum guidelines:


You can then find the community support forum at:


Screenshot

Security Onion 2.3.10 ISO Boot Menu

For a full screenshot tour, please see the Security Onion 2.3 blog post:


Monday, November 16, 2020

New Security Onion 2 Training Available: Security Onion 2 in Production!

Security Onion 2 in Production is now available! In this course, you will learn more about architecting, operating and maintaining production Security Onion 2 distributed architectures.

From course author Josh Brower:

"Having spent a number of years myself in IT Infrastructure & Operations, I know the amount of effort it takes to architect, install, configure, and maintain technology stacks - which is why I think this course is really important – I think it will make your Security Onion deployment and long term maintenance of your grid smoother and much more straightforward."

For a limited time only, use the following Coupon Code for $50 off!

ONION2020

For more details and to register, please see:

https://onlinetraining.securityonionsolutions.com/p/security-onion-in-production

5 month EOL notice for Security Onion 16.04

On 10/16/2020, we released Security Onion 2 and announced a 6-month EOL notice for Security Onion 16.04:
https://blog.securityonion.net/2020/10/security-onion-2-has-reached-general.html

Ubuntu 16.04 reaches EOL in April 2021 and so therefore Security Onion 16.04 does as well. We will not provide any support for Security Onion 16.04 after April 16, 2021.  Please plan to upgrade or replace any existing 16.04 systems before then. If you have existing installations of Security Onion 16.04, you can upgrade to Security Onion 2:
https://docs.securityonion.net/en/2.3/appendix.html