Security Onion 16.04.4.1 ISO image now available!

We're pleased to announce that Security Onion 16.04.4.1 RC2 has been promoted to RELEASE status!

This release resolves the following issues:

Issue 1247: Ubuntu 16.04 Xenial Support
https://github.com/Security-Onion-Solutions/security-onion/issues/1247

Issue 1202: CapMe: purge pcap symlinks older than 24 hours
https://github.com/Security-Onion-Solutions/security-onion/issues/1202

Issue 1169: Squert: remove search link from context menu
https://github.com/Security-Onion-Solutions/security-onion/issues/1169

Issue 875: Allow mysql root password
https://github.com/Security-Onion-Solutions/security-onion/issues/875

Release Notes
ELSA, Argus, and PRADS are no longer included in Security Onion.

For more information about this release, please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/16.04.4.1

Security Onion 14.04 EOL Notice
All new development will now be on Security Onion 16.04.  Security Onion 14.04 will reach EOL on November 30, 2018.  After that date, we will not provide any support for Security Onion 14.04.  Please plan to upgrade or replace any existing 14.04 systems before that date.

Installation Guide
We've updated the Installation guide to reflect the download locations for the new ISO image:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Installation

Existing Deployments
If you have existing installations of Security Onion 14.04, you can upgrade to 16.04:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrading-from-14.04-to-16.04

Want us to upgrade your deployment for you?  Please contact Security Onion Solutions for pricing and scheduling:
https://securityonionsolutions.com

Training
We also offer onsite and online training!  For pricing and availability, please see:
https://securityonionsolutions.com

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Thanks!

New PRADS package available

I've packaged a new version of PRADS which changes the way that byte counts are reported.  PRADS will now report total IP bytes, which matches up with the way that NetworkMiner reports byte counts.  It also matches the byte counts in Bro's conn.log in the orig_ip_bytes and resp_ip_bytes fields.  For more details, please see:
https://github.com/gamelinux/prads/issues/30


The new package is now available in our stable repo. You can initiate the upgrade process using the graphical Update Manager or using the following one-liner:

sudo apt-get update && sudo apt-get dist-upgrade

After upgrading, you'll need to manually restart PRADS as follows:

sudo nsm_sensor_ps-restart --only-prads

Here's an example using traffic from testmyids.com:

Byte counts in Sguil (provided by PRADS)

Byte counts in NetworkMiner

Byte counts in Bro's conn.log (orig_ip_bytes and resp_ip_bytes fields)

Feedback
If you have any questions or problems, please use our mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists