Elastic Stack 6.8.11 now available for Security Onion 16.04!

Elastic Stack 6.8.11 was recently released and is a security update:

https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786

The following updates are now available for Security Onion 16.04!

Elastic 6.8.11 Docker images

securityonion-elastic - 20190510-1ubuntu1securityonion95

These updates should resolve the following issues:

Elastic 6.8.11 #1778

https://github.com/Security-Onion-Solutions/security-onion/issues/1778

Add ignore_failure to geoip processor calls #1776

https://github.com/Security-Onion-Solutions/security-onion/issues/1776

Thanks

Thanks to the Elastic team for Elastic 6.8.11!

Thanks to Chris Morgret for testing and QA!

Updating

Please see the following page for full update instructions:

https://securityonion.net/docs/Upgrade

Support

Need support?  Please see:

https://securityonion.net/docs/Support

Documentation

You can find our documentation here:

https://securityonion.net/docs

Also, we're now offering a printed copy of our official documentation with foreword by Richard Bejtlich and proceeds going to Rural Technology Fund:

https://securityonion.net/book

Training

Security Onion Solutions is the only official authorized training provider for Security Onion.  For more information about our training classes, please see:

https://securityonionsolutions.com

Appliances

We now offer hardware appliances!  For more information, please see:

https://securityonionsolutions.com

Thanks!

Elastic 6.8.8 now available for Security Onion!

UPDATE 2020-04-22 7:00 Looks like there is an issue with domainstats in this release.  So if you're running domainstats, please do not update until we have resolved this issue.

UPDATE 2020-04-22 8:27 We've pushed a new domainstats image which should resolve this issue.

The following updates are now available for Security Onion!

• Elastic 6.8.8 Docker images
• securityonion-elastic - 20190510-1ubuntu1securityonion93

These updates should resolve the following issues:

Elastic 6.8.8 #1746
https://github.com/Security-Onion-Solutions/security-onion/issues/1746

LOGSTASH_MINIMAL doesn't include Beat config #1751
https://github.com/Security-Onion-Solutions/security-onion/issues/1751

securityonion-elastic: improve elasticsearch ingest parsing for sysmon logs via Wazuh #1754
https://github.com/Security-Onion-Solutions/security-onion/issues/1754

securityonion-elastic: bro_files file_ip should be copied to source_ip #1742
https://github.com/Security-Onion-Solutions/security-onion/issues/1742

securityonion-elastic: remove [data][sysmon][targetfilename] from winlogbeat sysmon parsing #1752
https://github.com/Security-Onion-Solutions/security-onion/issues/1752

securityonion-elastic: so-elastic-reset does not remove closed indices #1759
https://github.com/Security-Onion-Solutions/security-onion/issues/1759

securityonion-elastic: so-elastic-reset needs to disable elastalert and then re-enable afterward #1735
https://github.com/Security-Onion-Solutions/security-onion/issues/1735

so-import-pcap-configure: running alone results in error #1740
https://github.com/Security-Onion-Solutions/security-onion/issues/1740

Unanchored regexes in 8001_postprocess_common_ip_augmentation.conf wrongly skip geoip #1244
https://github.com/Security-Onion-Solutions/security-onion/issues/1244

Thanks
Thanks to the Elastic team for Elastic 6.8.8!
Thanks to Wes Lambert and John Bernal for testing and QA!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Documentation
You can find our documentation here:
https://securityonion.net/docs

Also, we're now offering a printed copy of our official documentation with foreword by Richard Bejtlich and proceeds going to Rural Technology Fund:
https://securityonion.net/book

Training
Security Onion Solutions is the only official authorized training provider for Security Onion.  For more information about our training classes, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://securityonionsolutions.com

Thanks!

securityonion-elsa - 1205chartsjsd3-1ubuntu1securityonion8 resolves an issue with ELSA Dashboard GeoIP mapping

Martin Holste committed some fixes for ELSA dashboard maps recently:
https://github.com/mcholste/elsa/commit/1566d32054cb886a404c68fb6db8d5420d0f85b3

I've built new ELSA packages with all the latest fixes:
securityonion-elsa - 1205chartsjsd3-1ubuntu1securityonion8
securityonion-elsa-extras - 20151011-1ubuntu1securityonion30

These packages should resolve the following issue:

ELSA: Improve dashboard map shading #864
https://github.com/Security-Onion-Solutions/security-onion/issues/864

Wes Lambert tested these packages.  Thanks, Wes!

You can build an ELSA GeoIP dashboard as shown here:
http://blog.securityonion.net/2016/02/securityonion-elsa-1205chartsjsd3.html

Updating
These new packages are now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Our next round of online classes is next week!
http://blog.securityonion.net/2016/03/next-round-of-security-onion-online.html

Conference
Security Onion Conference will be on Friday September 9 and CFP is open!
http://blog.securityonion.net/2016/03/security-onion-conference-2016-cfp.html

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!