Thursday, July 18, 2024

Registration Now Open for Augusta Cyber Week 2024!

Registration is now open for Augusta Cyber Week in beautiful Augusta GA from September 30, 2024 through October 5, 2024! This includes:

  • 4-day Security Onion training
  • 11th annual Security Onion Conference (SOCAugusta)
  • 11th annual BSidesAugusta
These are separate events, but if you sign up for the 4-day training class, then you get a FREE non-transferable ticket to both Security Onion Conference and BSidesAugusta!


Even if you can't make the training class, you won't want to miss Security Onion Conference! It's our 11th annual conference and we are celebrating 10 years in business!


4-day Security Onion training:
https://bsidesaugusta.org/training/#so

11th Annual Security Onion Conference:
https://socaugusta2024.eventbrite.com/


11th Annual BSidesAugusta!
https://bsidesaugusta.org/


Hope to see you there!



Monday, July 8, 2024

Celebrating 10 Years of Security Onion Solutions and Announcing Security Onion Pro!


From Doug Burks, Founder and CEO of Security Onion Solutions: 

There’s an old saying that it takes ten years to be an overnight success. Thanks to our customers and community for ten successful years of Security Onion Solutions as a company! We’re celebrating our “overnight success” by announcing Security Onion Pro!


History


Security Onion Solutions is celebrating ten years as a company and our free and open Security Onion platform recently celebrated fifteen years!

https://blog.securityonion.net/2024/06/on-this-day-in-2009-very-first-version.html


After releasing that first version of Security Onion in 2009, the community steadily grew and more and more folks started using Security Onion in production. Over time, enterprise organizations started asking for training and professional services. So on July 7, 2014, I announced Security Onion Solutions as the company to provide those services: 




Customers started asking for hardware appliances so we announced Security Onion Solutions appliances in 2018:




Customers then asked for cloud images so we started offering them in 2021:



We’ve continued to listen to feedback and today we’re excited to announce the next step in our journey!


Security Onion Pro


Our customers have been asking for enterprise features so we’ve spent the last few years building them! We first mentioned this back in 2022:

https://blog.securityonion.net/2022/08/security-onion-enterprise-features-and.html


If you're looking to get the most out of Security Onion in your enterprise, you should consider Security Onion Pro. The Pro license not only adds additional enterprise features, but also adds many additional benefits as well!


Here are some enterprise features and benefits available with a Security Onion Pro license as of today:


  • Open ID Connect (OIDC)
    SOC supports single sign-on (SSO) authentication via OpenID Connect (OIDC) to one of several OIDC-compatible identity providers. For example, users can login to Security Onion using an Active Directory user, a GitHub user, a Google account, an Auth0 account, etc. 
  • Data at Rest Encryption
    Storage-level encryption for data residing in your Security Onion grid.
  • DoD Security Technical Implementation Guide (STIG) Compliance for the OS
    Automatically apply STIGs to your Grid using OpenSCAP.  For more information about STIGs, please see https://public.cyber.mil/stigs/.
  • Federal Information Processing Standards (FIPS) Compliance for the OS
    Support for enabling FIPS during OS installation. For more information about FIPS, please see https://en.wikipedia.org/wiki/Federal_Information_Processing_Standards.
  • External Notifications in SOC
    The Detections module, specifically Sigma rules, can be enabled to send outbound notifications when alerts are generated. By default, no outbound notifications are enabled in a Security Onion installation. However, with the Pro license applied to a grid, notifications can be quickly configured via the Configuration screen.
  • Time Tracking inside of Cases
    When adding a comment to a Case, you can also specify how many hours you spent working on that activity. You can then see the total time spent by all analysts in the Summary in the upper-right corner of the Case.
  • Guaranteed Message Delivery
    If you need guaranteed message delivery, then you can enable Kafka which replaces Redis and Logstash on the Security Onion Manager node and Receiver nodes.
  • Higher Priority Service Level Agreements (SLAs)
    Receive faster service with the one business day initial response SLA included with Security Onion Pro. A four-business-hour initial response SLA is also available. 
  • Health Checks
    Security Onion Pro includes two free 1-hour Health Checks per year.
  • Offline Update Service Shipments
    If you have an airgap deployment, we can ship two free offline updates per year when requested.
  • Professional Services and Support
    For customers running Security Onion on their hardware or smaller SOS appliances, Security Onion Pro includes twenty hours of professional services and support time. Services include architecture planning, deployment, tuning, break/fix support, parsing, and other services around Security Onion. Additional hours packages are available.
  • Included with larger hardware appliances
    Security Onion Pro is included with many of our larger hardware appliance models, such as the SOS SN7200, SOS SNNV, and SOS GoFast, at no additional charge. See our full appliance list at https://securityonion.com/hardware.
  • Coverage for all the nodes in your Grid
    The base license includes licensing for up to ten nodes, with additional node packs available for purchase.


In addition to the list above, we will be adding more to Security Onion Pro in the future!


To learn more about Security Onion Pro, please see:

https://securityonion.com/pro


Community


Just because we’re adding enterprise features does not mean that we’re forgetting about our community! 


Our team worked for nine months on developing our new Detections interface and released the first version of that in 2.4.70:

https://blog.securityonion.net/2024/05/security-onion-2470-now-available.html


After release, we listened to feedback from the community about Detections and incorporated that feedback into 2.4.80:

https://blog.securityonion.net/2024/06/security-onion-2480-now-available.html


We have lots more improvements coming to the community version! It’s also important to note that existing community features will remain available to the community with no data limits and no evaluation period. Our continuing mission is to shift the advantage to defenders!


Thanks


Thanks again to our customers and community for your support throughout the years!


FAQ


What is Security Onion Pro?


Security Onion Pro includes all the features in our standard Security Onion platform and adds enterprise features and premium support.



What enterprise features are included in Security Onion Pro?


Security Onion Pro includes the following enterprise features:

  • Open ID Connect (OIDC) authentication for Security Onion Console
  • Data-at-Rest Encryption (LUKS)
  • DoD Security Technical Implementation Guide (STIG) Compliance for the OS
  • Federal Information Processing Standards (FIPS) Compliance for the OS
  • External Notifications in Security Onion Console
  • Time tracking inside of Cases
  • Guaranteed Message Delivery (Kafka)


What kind of support is included in Security Onion Pro?


Security Onion Pro includes premium support:


  • two free 1-hour health checks per year
  • offline update service shipments
  • architecture planning
  • deployment
  • tuning
  • break/fix support
  • parsing
  • and other services around Security Onion


How do I purchase Security Onion Pro?


You can purchase Security Onion Pro by going to https://securityonion.com/pro and clicking the Purchase button to reach out to our Sales team.


If I purchase Security Onion Pro, do I have to rebuild my existing deployment?


In most cases, you can simply add the Security Onion Pro license key to your existing deployment to enable the enterprise features. An exception would be things like disk encryption that must be enabled during installation.



If I buy a Security Onion Solutions appliance, do I automatically get Security Onion Pro?


Security Onion Pro is included with many of our larger hardware appliance models, such as the SOS SN7200, SOS SNNV, and SOS GoFast, at no additional charge. See our full appliance list at https://securityonion.com/hardware.



If I am a free user and won’t be purchasing Security Onion Pro, will there be any changes?


No, you can continue using the existing Security Onion features that you use today.



How do I get more information about Security Onion Pro?


You can read more about Security Onion Pro at https://securityonion.com/pro


Friday, July 5, 2024

Security Onion and RegreSSHion CVE-2024-6387

A vulnerability was recently announced in OpenSSH:

https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server

https://linux.oracle.com/cve/CVE-2024-6387.html

https://linux.oracle.com/errata/ELSA-2024-4312.html

https://linux.oracle.com/errata/ELSA-2024-12468.html


First, it's important to note the following from https://isc.sans.edu/diary/SSH+regreSSHion+Remote+Code+Execution+Vulnerability+in+OpenSSH/31046:

Exploitation for AMD64 appears to be not practical at this time.


It's also important to note that we don't recommend exposing your Security Onion SSH port to the Internet.


If your Security Onion deployment has Internet access and you have automatic OS updates enabled (which is the default setting), then it should automatically install the latest openssh packages with the patches for this vulnerability. If your Security Onion deployment is an airgap deployment, then the latest openssh packages will be included in the next ISO release.


You can use salt to query your deployment and see what version is installed across your grid:

sudo salt \* cmd.run 'rpm -qa |grep openssh-server'


On Internet-connected deployments, the current version at time of writing should be:

openssh-server-8.7p1-38.0.2.el9_4.1.x86_64



You can also use Osquery Manager to check your grid:

select * from rpm_packages where name = "openssh-server"


You can then expand the source field and verify that it shows at least:

openssh-8.7p1-38.0.2.el9_4.1.src.rpm




Monday, July 1, 2024

Security Onion Documentation printed book now updated for Security Onion 2.4.80!

We've been offering our Security Onion documentation in book form on Amazon for a few years and it's now been updated for the recently released Security Onion 2.4.80!




Thanks to Richard Bejtlich for writing the inspiring foreword!


Proceeds go to the Rural Technology Fund!


This edition has been updated for Security Onion 2.4.80 and includes a 20% discount code for our on-demand training and certification!


This book covers the following Security Onion topics:


  • First Time Users
  • Getting Started
  • Security Onion Console (SOC)
  • Security Onion Desktop
  • Network Visibility
  • Additional Network Visibility
  • Host Visibility
  • Third Party Integrations
  • Rules
  • Logs
  • Updating
  • Accounts
  • Services
  • Customizing for Your Environment
  • Tricks and Tips
  • Utilities
  • Help



Q&A


What is the difference between this book and the online documentation?


This book is the online documentation formatted specifically for print. It also includes an inspiring foreword by Richard Bejtlich that is not available anywhere else! Proceeds go to the Rural Technology Fund! Finally, the printed book includes a 20% discount code for our on-demand training and certification.


Who should get this book?


You should get this book if you work on airgap networks or simply want a portable reference that doesn't require an Internet connection or batteries! Also anyone who wants to donate to a worthy cause like Rural Technology Fund!


What is the difference between this edition and the previous edition?


This edition has been updated for Security Onion 2.4.80!


Where do we get it?


https://securityonion.com/book


Search This Blog

Featured Post

Registration Now Open for Augusta Cyber Week 2024!

Registration is now open for Augusta Cyber Week in beautiful Augusta GA from September 30, 2024 through October 5, 2024! This includes: 4-da...

Popular Posts

Blog Archive