Elastic Stack 7.9.3 now available for Security Onion 16.04!

First, please note that Security Onion 16.04 reaches EOL in less than 5 months. Instead of applying this update, most Security Onion 16.04 users should upgrade directly to Security Onion 2:
https://blog.securityonion.net/2020/11/5-month-eol-notice-for-security-onion.html

If you do decide to proceed with this update for Security Onion 16.04, please be reminded of the recent Docker Hub rate limit changes:
https://blog.securityonion.net/2020/10/docker-hub-rate-limits-effective.html

The following updates are now available for Security Onion 16.04!

• Elastic 7.9.3 Docker images
• securityonion-capme - 20121213-0ubuntu0securityonion80
• securityonion-elastic - 20190510-1ubuntu1securityonion124
• securityonion-setup - 20120912-0ubuntu0securityonion329
• securityonion-sostat - 20120722-0ubuntu0securityonion146
• securityonion-web-page - 20141015-0ubuntu0securityonion109

These updates should resolve the following issues:

Elastic 7.9.3 #1782
https://github.com/Security-Onion-Solutions/security-onion/issues/1782

so-elastic-features - improve soup call #1789
https://github.com/Security-Onion-Solutions/security-onion/issues/1789

securityonion-elastic: Migrate indices.* settings for elasticsearch.yml #1786
https://github.com/Security-Onion-Solutions/security-onion/issues/1786

securityonion-elastic: update links to documentation #1801
https://github.com/Security-Onion-Solutions/security-onion/issues/1801

securityonion-sostat: update links to documentation #1794
https://github.com/Security-Onion-Solutions/security-onion/issues/1794

securityonion-web-page: update links to documentation #1799
https://github.com/Security-Onion-Solutions/security-onion/issues/1799

Setup: do not write interfaces if we lack valid contents #1784
https://github.com/Security-Onion-Solutions/security-onion/issues/1784

securityonion-setup: update links to documentation #1800
https://github.com/Security-Onion-Solutions/security-onion/issues/1800

Known Issues

If you get errors in logstash.log like:

 "reason"=>"Failed to parse mapping [doc]: mapper [destination_geo.latitude] cannot be changed from type [long] to [half_float]", "caused_by"=>{"type"=>"illegal_argument_exception", "reason"=>"mapper [destination_geo.latitude] cannot be changed from type [long] to [half_float]"}}}}}

then you may have an old Logstash template and may need to do the following on any node that is running Logstash:

          sudo so-logstash-stop   

curl -XDELETE localhost:9200/_template/logstash 

curl -XDELETE localhost:9200/_template/logstash-*

sudo so-logstash-start

For more information, please see:
https://groups.google.com/g/security-onion/c/6p6Jkr91-kM 

If that doesn't resolve the issue, you may have custom templates in /etc/logstash/custom/ that need to be updated. You’ll need to copy from source and modify as needed.

Thanks

• Thanks to the Elastic team for Elastic 7.9.3!
• Thanks to Pete Nelson for submitting fixes for both so-elastic-features and sosetup-network!
• Thanks to Chris Morgret for testing and QA!

Updating

Please see the following page for full update instructions:
https://docs.securityonion.net/en/16.04/upgrade.html

Support

Need support?  Please see:
https://docs.securityonion.net/en/16.04/support.html

Thanks!

securityonion-sostat - 20120722-0ubuntu0securityonion145 now available for Security Onion!

The following updates are now available for Security Onion!

securityonion-sostat - 20120722-0ubuntu0securityonion145

These updates should resolve the following issues:

sostat: fix Suricata AF_PACKET packet loss calculation #1774

https://github.com/Security-Onion-Solutions/security-onion/issues/1774

Thanks

Thanks to Bryant Treacle for testing and QA!

Updating

Please see the following page for full update instructions:

https://securityonion.net/docs/Upgrade

Support

Need support?  Please see:

https://securityonion.net/docs/Support

Documentation

You can find our documentation here:

https://securityonion.net/docs

Also, we're now offering a printed copy of our official documentation with foreword by Richard Bejtlich and proceeds going to Rural Technology Fund:

https://securityonion.net/book

Training

Security Onion Solutions is the only official authorized training provider for Security Onion.  For more information about our training classes, please see:

https://securityonionsolutions.com

Appliances

We now offer hardware appliances!  For more information, please see:

https://securityonionsolutions.com

Thanks!

securityonion-sostat - 20120722-0ubuntu0securityonion144 now available for Security Onion!

securityonion-sostat - 20120722-0ubuntu0securityonion144 is now available for Security Onion and should resolve the following issue:

sostat: don't show pf_ring output if af_packet in use #1623
https://github.com/Security-Onion-Solutions/security-onion/issues/1623

Thanks
Thanks to Wes Lambert for testing and QA!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Documentation
You can find our documentation here:
https://securityonion.net/docs

Also, we're now offering a printed copy of our official documentation with foreword by Richard Bejtlich and proceeds going to Rural Technology Fund:
https://securityonion.net/book

Training
Security Onion Solutions is the only official authorized training provider for Security Onion.  For more information about our training classes, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://securityonionsolutions.com

Thanks!

securityonion-sostat - 20120722-0ubuntu0securityonion137 now available for Security Onion!

securityonion-sostat - 20120722-0ubuntu0securityonion137 is now available.  This should resolve the following issue:

securityonion-sostat: improve netsniff packet loss calculation #1673
https://github.com/Security-Onion-Solutions/security-onion/issues/1673

Thanks
Thanks to Wes Lambert for testing!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Documentation
We've got a new documentation site!  Please let us know if anything needs to be updated:
https://securityonion.net/docs

Also, we're now offering a printed copy of our official documentation with foreword by Richard Bejtlich and proceeds going to Rural Technology Fund:
https://securityonion.net/book

Training
Security Onion Solutions is the only official authorized training provider for Security Onion and we have 4-day Basic and 4-day Advanced onsite training classes.  We also offer online classes as well.  For more information, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://securityonionsolutions.com

Thanks!

securityonion-sostat - 20120722-0ubuntu0securityonion136 now available for Security Onion!

securityonion-sostat - 20120722-0ubuntu0securityonion136 is now available for Security Onion! 

This update should resolve the following issue:

securityonion-sostat: calculate suricata packet loss as percentage #1663
https://github.com/Security-Onion-Solutions/security-onion/issues/1663

Thanks
Thanks to Wes Lambert for his work on improving and testing this package!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Documentation
We've got a new documentation site!  Please let us know if anything needs to be updated:
https://securityonion.net/docs

Also, we're now offering a printed copy of our official documentation with foreword by Richard Bejtlich and proceeds going to Rural Technology Fund:
https://securityonion.net/book

Training
Security Onion Solutions is the only official authorized training provider for Security Onion and we have 4-day Basic and 4-day Advanced onsite training classes.  We also offer online classes as well.  For more information, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Thanks!

securityonion-sostat - 20120722-0ubuntu0securityonion134 now available for Security Onion!

securityonion-sostat - 20120722-0ubuntu0securityonion134 is now available for Security Onion!  This package resolves the following issue:

securityonion-sostat: check for syslog-ng drops #1660
https://github.com/Security-Onion-Solutions/security-onion/issues/1660

Thanks
Thanks to Wes Lambert for testing!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Documentation
We've got a new documentation site!  Please let us know if anything needs to be updated:
https://securityonion.net/docs

Also, we're now offering a printed copy of our official documentation with foreword by Richard Bejtlich and proceeds going to Rural Technology Fund:
https://securityonion.net/book

Training
Security Onion Solutions is the only official authorized training provider for Security Onion and we have 4-day Basic and 4-day Advanced onsite training classes.  We also offer online classes as well.  For more information, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Thanks!

securityonion-sostat - 20120722-0ubuntu0securityonion133 now available for Security Onion!

securityonion-sostat - 20120722-0ubuntu0securityonion133 is now available for Security Onion!  This package resolves the following issue:

securityonion-sostat: block docker 19.03.3 packages #1652
https://github.com/Security-Onion-Solutions/security-onion/issues/1652

Docker 19.03.3 was released recently and included a regression for the DOCKER-USER iptables chain:
https://blog.securityonion.net/2019/10/docker-package-issues-please-do-not.html
https://github.com/docker/for-linux/issues/810

When you install this updated securityonion-sostat package, it will prevent any future installation of Docker 19.03.3.  It will also check to see if you already have Docker 19.03.3 installed.  If so, it will provide instructions for removing Docker 19.03.3 and replacing it with a fixed version.  Any future runs of soup will check Docker version as well.

Thanks
Thanks to Wes Lambert and Dustin Lee for testing!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Documentation
We've got a new documentation site!  Please let us know if anything needs to be updated:
https://securityonion.net/docs

Also, we're now offering a printed copy of our official documentation with foreword by Richard Bejtlich and proceeds going to Rural Technology Fund:
https://securityonion.net/book

Training
Security Onion Solutions is the only official authorized training provider for Security Onion and we have 4-day Basic and 4-day Advanced onsite training classes.  We also offer online classes as well.  For more information, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Thanks!

Elastic 6.8.2, Wazuh 3.9.5, and updated packages for Setup, CapMe, and sostat are now available for Security Onion!

The following updates are now available for Security Onion!
Elastic 6.8.2 Docker images
Wazuh 3.9.5 (packaged as ossec-hids-server - 3.9.5.1-ubuntu1securityonion1)
securityonion-capme - 20121213-0ubuntu0securityonion78
securityonion-elastic - 20190510-1ubuntu1securityonion65
securityonion-setup - 20120912-0ubuntu0securityonion312
securityonion-sostat - 20120722-0ubuntu0securityonion129

These updates resolve a whopping 85 issues!  You can see the full list of resolved issues at the end of this blog post, but here is a quick summary of the new features in this release.

Setup can now run interactively via CLI!  Setup started out as a GUI built using Zenity.  Many years ago, we added the ability to automate Setup using sosetup.conf and this helped folks who didn't want to run Setup via GUI.  When Mike Reeves began building Hybrid Hunter last year, he started a new Setup process from scratch using whiptail to allow interactive prompts via CLI.  We've now added whiptail support to our existing 16.04 Setup!

Interactive Setup via CLI

Running sosetup-minimal and choosing Evaluation Mode can run in only 4GB RAM!

sosetup-minimal Evaluation Mode

LOGSTASH_MINIMAL config moves parsing from Logstash to Elasticsearch ingest node (NIDS alerts and Bro logs in JSON format) allowing Logstash to start faster and consume less resources!

LOGSTASH_MINIMAL config

so-import-pcap has been completely overhauled!

Lots of bug fixes and performance improvements!

If you would like to switch from open source Elastic to Elastic Features, then you can run the new so-elastic-features and it will walk you through that process!

so-elastic-features

If you would like to enable native Elastic authentication, you can run the new so-elastic-auth!  This will automatically run so-elastic-features as shown above and then enable Elastic authentication which includes Role Based Access Control (RBAC)!

so-elastic-auth

Kibana auth

so-elastic-auth enumerates your existing Sguil/Squert user accounts and automatically generates corresponding Elastic accounts with minimal privileges

Thanks

Thanks to the Elastic team for Elastic 6.8.2!
Thanks to the Wazuh team for Wazuh 3.9.5!
Thanks to the following for testing and QA!

• Wes Lambert
• Josh Brower
• Dustin Lee

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Conference
Registration is now open for Security Onion Conference 2019 on Friday, October 4, 2019!
https://socaugusta2019.eventbrite.com/

Training
Security Onion Solutions is the only official authorized training provider for Security Onion and we have 4-day Security Onion Training classes coming up in Columbia MD and Augusta GA!  If you can't make it to an onsite class, we have a new online training platform.  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Documentation Updates

https://securityonion.readthedocs.io/en/latest/use-cases.html#minimal-evaluation
https://securityonion.readthedocs.io/en/latest/elastic-features.html
https://securityonion.readthedocs.io/en/latest/elastic-auth.html
https://securityonion.readthedocs.io/en/latest/accounts.html
https://securityonion.readthedocs.io/en/latest/passwords.html
https://securityonion.readthedocs.io/en/latest/adding-accounts.html
https://securityonion.readthedocs.io/en/latest/listing-accounts.html
https://securityonion.readthedocs.io/en/latest/disabling-accounts.html
https://securityonion.readthedocs.io/en/latest/so-elasticsearch-query.html
https://securityonion.readthedocs.io/en/latest/logstash.html#logstash-minimal
https://securityonion.readthedocs.io/en/latest/quick-iso-image.html
https://securityonion.readthedocs.io/en/latest/installing-on-ubuntu.html
https://securityonion.readthedocs.io/en/latest/production-deployment.html
https://securityonion.readthedocs.io/en/latest/cheat-sheet.html

Issues Resolved

Setup: interactive setup via command line

securityonion-elastic: change Beats user_data field to dynamic mapping

ElastAlert dashboard filter

Wazuh 3.9.5

securityonion-elastic: update Logstash config to support Wazuh 3.9 agent

securityonion-elastic: simplify Firewall Action/Reason viz to just Action

Logstash crashes due to logstash-filter-tld

securityonion-elastic: so-logstash-start should map /var/log/nsm/securityonion/

securityonion-elastic: Bro Logstash config - change body_len to body_length

securityonion-elastic: Add evaluation for multiple IPs in file_ip or destination_ip in Bro files.log

securityonion-elastic: add image_timestamp to autoruns pattern

securityonion-elastic: improve selection of closed indices in so-curator-closed-delete-delete

so-import-pcap: improve Logstash initialization check

so-import-pcap: improve handling of single pcap without full path

securityonion-elastic: Update OSSEC Dashboard

securityonion-elastic: DHCP dashboard should show hostname field

securityonion-elastic: copy so-ossec-verb scripts to so-wazuh-verb

securityonion-elastic: add note to Help dashboard that Wazuh has replaced OSSEC

securityonion-elastic: decrease logstash pipeline.workers depending on config

securityonion-elastic: improve Kibana check before importing dashboards and config

so-import-pcap: if pcap already exists in pcap store, then use mergecap to avoid overwriting

so-import-pcap: create lock file to prevent multiple instances from trying to configure the system at the same time

securityonion-setup: default PCAP_OPTIONS in sosetup-forward.conf to no options

securityonion-elastic: add so-redis-count

securityonion-elastic: improve status scripts

so-import-pcap: split configuration out into separate script

so-import-pcap: create lock file to prevent multiple instances from writing to pcap store at same time

so-import-pcap: create lock file to prevent multiple instances from writing IDS alerts at same time

securityonion-elastic: so-elasticsearch-start should map /etc/elasticsearch

securityonion-elastic: add login and logout to apache reverse proxy

securityonion-elastic: so-elasticsearch-start needs to set ownership on /etc/elasticsearch/

securityonion-elastic: change ownership and perms of kibana.yml

securityonion-elastic: support elastic auth in so-component-verb scripts

sostat: support elastic auth

securityonion-elastic: create so-elastic-auth

securityonion-elastic: create so-elastic-features

securityonion-elastic: copy so-bro-verb scripts to so-zeek-verb

securityonion-elastic: so-test-configure-bro no longer needs to configure for smb

securityonion-setup: support elastic auth

CapMe: support Elastic auth

securityonion-elastic: create so-elasticsearch-query

securityonion-setup: if re-running setup, delete any existing elastic auth config

securityonion-elastic: update so-user-* to support elastic auth

Elastic 6.8.2

Setup: sosetup-network should check for hostname of securityonion and recommend changing

securityonion-elastic: create new LOGSTASH_MINIMAL config

securityonion-setup: create new sosetup-minimal script

securityonion-elastic: create so-rule-update as a wrapper to rule-update

securityonion-elastic: don't overwrite conf.d.redis.output files

securityonion-elastic: support elastic auth in ElastAlert

securityonion-elastic: fix typo in 6501_ossec_sysmon.conf

securityonion-elastic: support elastic auth in curator

securityonion-elastic: upgrades need to preserve auth settings in elasticsearch.yml and kibana.yml

Wazuh: create agent-template.conf

securityonion-elastic: update logstash jvm.options

securityonion-elastic: update so-elasticsearch-node-list and so-elasticsearch-node-remove

securityonion-elastic: elasticsearch ingest node parsing should create bro_conn total_bytes

securityonion-elastic: elasticsearch ingest geoip should output all fields

securityonion-elastic: update elasticsearch ingest parser for bro_ntlm

securityonion-elastic: update elasticsearch ingest parser for bro_ssh

securityonion-elastic: elasticsearch ingest node parsing should populate connection_state_description

so-import-pcap: improve geoip for NIDS alerts

so-import-pcap: parse NIDS rule category

so-import-pcap: set NIDS severity field

securityonion-elastic: move common ingest node config into common file

securityonion-elastic: ingest node parser for ossec/wazuh

securityonion-elastic: resize DHCP hostname viz to avoid scrollbars

securityonion-elastic: LOGSTASH_MINIMAL should support standard syslog

securityonion-elastic: update Help dashboard

securityonion-elastic: LOGSTASH_MINIMAL should parse NIDS logs via ingest

so-import-pcap: fix sguild_nids parsing for ICMP alerts

so-import-pcap: sguild_nids should translate protocol field

securityonion-elastic: common_nids should set rule_type

securityonion-elastic: common_nids should set signature_info

so-import-pcap: sguild_nids dissect should drop on failure

securityonion-elastic: snort ingest drop on failure

so-import-pcap: sguild_nids should drop null values in source_ip, destination_ip, and protocol

securityonion-elastic: change DHCP dashboard button from Refresh to Update

securityonion-elastic: adjust DHCP Logs panel to avoid scrollbars

securityonion-elastic: create bro_common_ssl to parse cert fields for bro ssl and x509 logs

securityonion-elastic: add length fields to bro_http ingest

securityonion-elastic: add query_length field to bro_dns ingest

securityonion-elastic: improve LOGSTASH_MINIMAL config file check in so-logstash-start

so-import-pcap-configure: improve heap adjustment

securityonion-setup: improve heap adjustment in sosetup-minimal

securityonion-sostat - 20120722-0ubuntu0securityonion128 now available for Security Onion!

securityonion-sostat - 20120722-0ubuntu0securityonion128 is now available for Security Onion!  This package should resolve the following issues:

soup: if snort or suricata are updated, remind user to run rule-update #1536
https://github.com/Security-Onion-Solutions/security-onion/issues/1536

soup: if Wazuh is updated, remind user to review ossec.conf and update Wazuh agents #1544
https://github.com/Security-Onion-Solutions/security-onion/issues/1544

Thanks
Thanks to Wes Lambert for testing!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Conference
Please mark your calendar! Security Onion Conference 2019 will be on Friday, October 4, 2019 and registration will open July 18!
https://securityonion.net/conference

Documentation
We've got a brand new documentation site!  Please let us know if anything needs to be updated:
https://securityonion.net/docs

Also, we're now offering a printed copy of our official documentation with foreword by Richard Bejtlich and proceeds going to Rural Technology Fund:
https://securityonion.net/book

Training
We have 4-day Security Onion Training classes coming up in Columbia MD and Augusta GA!  If you can't make it to an onsite class, we have a new online training platform.  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Thanks!

securityonion-sostat - 20120722-0ubuntu0securityonion126 now available for Security Onion!

securityonion-sostat - 20120722-0ubuntu0securityonion126 is now available.  This should resolve the following issue:

securityonion-sostat: re-apply debconf noninteractive setting so that soup can proceed unattended #1523
https://github.com/Security-Onion-Solutions/security-onion/issues/1523

Thanks
Thanks to Wes Lambert for testing!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Conference
Please mark your calendar! Security Onion Conference 2019 will be on Friday, October 4, 2019 and registration will open July 18! CFP is open now and we want to hear from you!
https://blog.securityonion.net/2019/04/security-onion-conference-2019-cfp.html

Training
We have 4-day Security Onion Training classes coming up in Costa Mesa CA and Columbia MD!  Use promotional code earlybird for 10% off the Columbia MD classes for a limited time.  If you can't make it to an onsite class, we have a new online training platform.  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Documentation
We've got a brand new documentation site!  Please let us know if anything needs to be updated:
https://securityonion.net/docs

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Thanks!

securityonion-sostat - 20120722-0ubuntu0securityonion123 now available for Security Onion!

securityonion-sostat - 20120722-0ubuntu0securityonion123 is now available and should resolve the following issues:

securityonion-sostat: implement better error handling for zero packet count #1464
https://github.com/Security-Onion-Solutions/security-onion/issues/1464

securityonion-sostat: awk division error when Bro doesn't report stats correctly #817
https://github.com/Security-Onion-Solutions/security-onion/issues/817

Thanks
Thanks to Wes Lambert for his work on these issues!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Training
We have a 4-day Security Onion training class coming up in Columbia, MD!  Use promotional code marchmadness for 10% off this class through the end of March!  If you can't make it to an onsite class, we have a new online training platform!  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Documentation
We've got a brand new documentation site!  Please let us know if anything needs to be updated:
https://securityonion.net/docs

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Thanks!

securityonion-sostat - 20120722-0ubuntu0securityonion120 now available for Security Onion!

The following package is now available:
securityonion-sostat - 20120722-0ubuntu0securityonion120

This should resolve the following issues:

soup: create /etc/apt/apt.conf.d/10periodic #1423
https://github.com/Security-Onion-Solutions/security-onion/issues/1423

soup: output reminder to update remaining boxes in deployment #1424
https://github.com/Security-Onion-Solutions/security-onion/issues/1424

soup: check for lock #1428
https://github.com/Security-Onion-Solutions/security-onion/issues/1428

soup: node checking master for updates fails if master has 1 update #1434
https://github.com/Security-Onion-Solutions/security-onion/issues/1434

Thanks
Thanks to Wes Lambert for testing!

Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade

Training
We have 4-day Security Onion training classes coming up in San Antonio TX, Atlanta GA, and Columbia MD!  If you can't make it to one of these onsite classes, we have a new online training platform!  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!

securityonion-sostat - 20120722-0ubuntu0securityonion114 now available for Security Onion 16.04!

securityonion-sostat - 20120722-0ubuntu0securityonion114 is now available and should resolve the following issues:

Issue 1386: securityonion-sostat: postinst should detect stopped redis and enable/start if necessary
https://github.com/Security-Onion-Solutions/security-onion/issues/1386

Thanks
Thanks to Wes Lambert for testing this package!

Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade

Training
We have 4-day Security Onion training classes coming up in San Antonio, Texas and Atlanta, Georgia!  Use promotional code CyberMonday to get 10% off through November 30!

If you can't make it to either of these onsite classes, we have a new online training platform!  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!

securityonion-sostat - 20120722-0ubuntu0securityonion86 now available for Security Onion!

The following package is now available:
securityonion-sostat - 20120722-0ubuntu0securityonion86

This package should resolve the following issues:

sostat: don't show sensor stats if sensortab exists but is empty #1191
https://github.com/Security-Onion-Solutions/security-onion/issues/1191

soup: if Elastic is enabled, ensure that Docker repo is enabled #1190
https://github.com/Security-Onion-Solutions/security-onion/issues/1190

Thanks
Thanks to Wes Lambert for testing this package!

Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions offers onsite and online training!  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!

securityonion-sostat - 20120722-0ubuntu0securityonion77 now available for Security Onion!

The following package is now available:
securityonion-sostat - 20120722-0ubuntu0securityonion77

This package should resolve the following issues:

Issue 1129: sostat: replace localhost:9200 with $ELASTICSEARCH variables sourced from /etc/nsm/securityonion.conf
https://github.com/Security-Onion-Solutions/security-onion/issues/1129

Issue 1133: sostat: silence progress output for curl requests
https://github.com/Security-Onion-Solutions/security-onion/issues/1133

Issue 1136: sostat: provide Docker container interface correlation
https://github.com/Security-Onion-Solutions/security-onion/issues/1136

Issue 1137: soup: remove "One or more docker images have been updated."
https://github.com/Security-Onion-Solutions/security-onion/issues/1137

Thanks
Thanks to Wes Lambert for his work on this new package!

Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
We have a 4-day Security Onion training class coming up in San Antonio, Texas!  For this and other training options, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!