Last October, we released Security Onion 2.3:
https://blog.securityonion.net/2020/10/security-onion-2-has-reached-general.html
Today, we are releasing Security Onion 2.3.60, which adds new features and resolves a few issues:
https://docs.securityonion.net/en/2.3/release-notes.html#changes
UPDATE 2021/07/02 10:11 AM - We've identified a few issues in this release and are working on releasing a hotfix. If you haven't already updated to 2.3.60, you may want to wait until we release the hotfix.
UPDATE 2021/07/02 11:34 AM - We've released the hotfix as 2.3.60-ECSFIX. If you had already updated to 2.3.60 via soup, you will want to run soup again to get 2.3.60-ECSFIX. If you had downloaded the 2.3.60 ISO image, you will want to download the new 2.3.60-ECSFIX ISO image.
Elastic
Starting in Security Onion 2.3.60, we will support Elastic authentication. This means that you will authenticate to Elasticsearch and Kibana using the same username and password that you use for Security Onion Console (SOC). Please make sure you read and understand the following:
https://docs.securityonion.net/en/2.3/so-elastic-auth.html
https://docs.securityonion.net/en/2.3/so-elasticsearch-query.html
Filebeat
We now support official Filebeat modules:
https://docs.securityonion.net/en/2.3/filebeat.html#modules
Security Onion Console (SOC)
SOC has many improvements in this release:
- The Alerts and Hunt pages have consolidated options into a new Options drop-down menu.
- The Alerts and Hunt pages allow you to do a quick drilldown in some scenarios by clicking the value in the Count column.
- The PCAP page allows you to select text with your mouse and then select where to send that text (for example, CyberChef) via context menu actions.
- You can now manually change your timezone.
Grafana
In this release, Grafana will have both high-resolution data and downsampled low-resolution data. Some Grafana graphs have dotted lines (trend lines) that show previous data that has been downsampled. High-resolution data will be purged after 30 days, leaving just the downsampled low-resolution data.
When upgrading an existing installation to Security Onion 2.3.60, Grafana will not show old data by default. You can update the data as shown here:
https://docs.securityonion.net/en/2.3/grafana.html#grafana-changes-in-security-onion-2-3-60
YouTube
We covered some of these highlights in a YouTube video:
https://youtu.be/x9rfxTqZpZQ
Documentation
You can find our documentation here:
https://docs.securityonion.net/en/2.3/
Documentation is always a work in progress and some documentation may be missing or incorrect. Please let us know if you notice any issues.
New Installations
If you want to perform a new installation, please review the 2.3 documentation and then you can find instructions here:
https://docs.securityonion.net/en/2.3/download.html
Existing 2.3 Installations
If you have an existing Security Onion 2.3 installation, please see:
https://docs.securityonion.net/en/2.3/soup.html
AWS Marketplace
For new Security Onion 2 installations, version 2.3.60 will soon be available on AWS Marketplace via the official Security Onion 2 AMI:
https://securityonion.net/aws/?ref=_ptnr_soc_blog_210701
AMI Documentation:
https://securityonion.net/docs/cloud-ami
Existing Security Onion 2 AMI users should use the "soup" command to upgrade:
https://docs.securityonion.net/en/2.3/soup.html
Security Onion 16.04 EOL
As a reminder, Security Onion 16.04 has reached End Of Life (EOL):
https://blog.securityonion.net/2021/04/security-onion-1604-has-reached-end-of.html
If you're still running Security Onion 16.04, please see the following for upgrade options:
https://docs.securityonion.net/en/2.3/appendix.html
Questions or Problems
If you have questions or problems, please see our community support forum guidelines:
https://docs.securityonion.net/en/2.3/community-support.html
You can then find the community support forum at:
https://securityonion.net/discuss
Thanks
Lots of love went into this release!
Special thanks to all our folks working so hard to make this release happen!
- Josh Brower
- Jason Ertel
- Wes Lambert
- Josh Patterson
- Mike Reeves
- Bryant Treacle
- William Wernert
Training
Need training? Start with our free Security Onion Essentials training and then take a look at some of our other official Security Onion training, including our new Detection Playbook class!
https://securityonion.net/training
Hardware Appliances
We know Security Onion's hardware needs, and our appliances are the perfect match for the platform. Leave the hardware research, testing, and support to us, so you can focus on what's important for your organization. Not only will you have confidence that your Security Onion deployment is running on the best-suited hardware, you will also be supporting future development and maintenance of the Security Onion project!
https://securityonionsolutions.com/hardware
Screenshot Tour
If you want the quickest and easiest way to try out Security Onion 2, just follow the screenshots below to install an Import node and then optionally enable the Analyst Workstation. This can be done in a minimal VM with only 4GB RAM!
Security Onion ISO Boot Menu |
ISO Installation |
ISO Installation Complete |
After rebooting, login to start Setup |
Setup Options |
Choose the Setup type |
Accept the Elastic License |
Choose Standard or Airgap |
Specify hostname |
Setup checks for the common hostname of "securityonion" |
Select management NIC |
Configure management NIC |
Configure networking |
Configure networking |
Configure networking |
Configure networking |
Initialize networking |
Select direct connection to Internet or specify proxy |
Select direct connection to Internet or specify proxy |
Create user account |
Set password |
Confirm password |
Choose how you want to access the web interface |
Optionally configure ntp servers |
Optionally configure ntp servers |
Optionally run so-allow |
Specify IP address or range to allow through firewall |
Confirm options |
Setup complete |
After rebooting and logging in, optionally run so-analyst-install |
so-analyst-install complete |
Enter username to login to desktop |
Enter password to login to desktop |
Analyst desktop |
Analyst install includes Chromium, NetworkMiner, Wireshark, and many other analysis tools |
Log into Security Onion Console (SOC) |
SOC Overview Page |
Use so-import-pcap to import one or more pcap files |
Use the hyperlink provided by so-import-pcap to view all alerts and logs |
Find an interesting stream and pivot to full packet capture |
Switch to PCAP transcript mode |
Download the PCAP and open directly in NetworkMiner for file extraction |
All this in a minimal VM with only 4GB RAM! |
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.