The following package is now available:
securityonion-sostat - 20120722-0ubuntu0securityonion95
This new package should resolve the following issue:
sostat: move from crossclustertab to _cluster/settings #1228
https://github.com/Security-Onion-Solutions/security-onion/issues/1228
Thanks
Thanks to Wes Lambert for testing this package!
Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade
Training
We have a 4-day Security Onion training class coming up in San Antonio, Texas! For this and other training options, please see:
https://securityonionsolutions.com
Support
Need support? Please see:
https://securityonion.net/wiki/Support
Thanks!
Monday, March 26, 2018
Elastic 6.2.3 and securityonion-elastic - 20180130-1ubuntu1securityonion76 now available for Security Onion!
The following are now available for Security Onion:
This should resolve the following issue:
securityonion-elastic: RC4 #1219
https://github.com/Security-Onion-Solutions/security-onion/issues/1228
Thanks
Thanks to the Elastic team for the Elastic Stack!
Thanks to Jay Hawk and Wes Lambert for testing!
Updating
If you have existing Elastic installations (Technology Previews, Alpha, Beta, RC1, or RC2), we don't officially support upgrading to newer releases, but you can try the steps listed here:
https://securityonion.net/wiki/Elastic-RC4
Training
We have a 4-day Security Onion training class coming up in San Antonio, Texas! For this and other training options, please see:
https://securityonionsolutions.com
Support
Need support? Please see:
https://securityonion.net/wiki/Support
Thanks!
- Elastic 6.2.3 Docker images
- securityonion-elastic - 20180130-1ubuntu1securityonion76
This should resolve the following issue:
securityonion-elastic: RC4 #1219
https://github.com/Security-Onion-Solutions/security-onion/issues/1228
Thanks
Thanks to the Elastic team for the Elastic Stack!
Thanks to Jay Hawk and Wes Lambert for testing!
Updating
If you have existing Elastic installations (Technology Previews, Alpha, Beta, RC1, or RC2), we don't officially support upgrading to newer releases, but you can try the steps listed here:
https://securityonion.net/wiki/Elastic-RC4
Training
We have a 4-day Security Onion training class coming up in San Antonio, Texas! For this and other training options, please see:
https://securityonionsolutions.com
Support
Need support? Please see:
https://securityonion.net/wiki/Support
Thanks!
Monday, March 19, 2018
securityonion-sostat - 20120722-0ubuntu0securityonion92 now available for Security Onion!
The following package is now available:
securityonion-sostat - 20120722-0ubuntu0securityonion92
This new package should resolve the following issue:
sostat: if redis enabled, show number of events in queue #1220
https://github.com/Security-Onion-Solutions/security-onion/issues/1220
Thanks
Thanks to Wes Lambert for testing this package!
Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade
Training
We have a 4-day Security Onion training class coming up in San Antonio, Texas! For this and other training options, please see:
https://securityonionsolutions.com
Support
Need support? Please see:
https://securityonion.net/wiki/Support
Thanks!
securityonion-sostat - 20120722-0ubuntu0securityonion92
This new package should resolve the following issue:
sostat: if redis enabled, show number of events in queue #1220
https://github.com/Security-Onion-Solutions/security-onion/issues/1220
Thanks
Thanks to Wes Lambert for testing this package!
Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade
Training
We have a 4-day Security Onion training class coming up in San Antonio, Texas! For this and other training options, please see:
https://securityonionsolutions.com
Support
Need support? Please see:
https://securityonion.net/wiki/Support
Thanks!
Monday, March 12, 2018
Security Onion Elastic Stack Release Candidate 3 and Security Onion 14.04.5.9 ISO Image!
UPDATED 2018/04/09! We've released a newer version!
https://blog.securityonion.net/2018/04/security-onion-elastic-stack-general.html
We're excited to announce that our Elastic Stack integration has now reached Release Candidate 3 (RC3)! RC3 includes a new 14.04.5.9 ISO image that contains these RC3 components and all the latest Ubuntu and Security Onion updates as of March 5, 2018!
RC3 Highlights
Issues Resolved
Issue 1208: Elastic Stack Release Candidate 3
https://github.com/Security-Onion-Solutions/security-onion/issues/1208
Issue 1209: 14.04.5.9 ISO image
https://github.com/Security-Onion-Solutions/security-onion/issues/1209
This new ISO image has been tested by Wes Lambert. Thanks, Wes!
Known Issues
For known issues, please see the todo list for our next release:
https://github.com/Security-Onion-Solutions/security-onion/issues/1219
Thanks
Special thanks to the following for their contributions to our Elastic Stack integration!
New Installations
We've updated the Verify_ISO page for the new ISO image:
https://github.com/Security-Onion-Solutions/security-onion/blob/master/Verify_ISO.md
Please remember to verify the signature of the downloaded ISO image using the instructions on that page.
Please note! This ISO image includes the EXPERIMENTAL Elastic stack!
The Elastic components are included in the ISO image and Setup gives you an option of Stable Setup (ELSA) or Experimental Setup (Elastic). If you do not want to try the new Elastic stack, you can choose Stable Setup. If you choose Experimental Setup, the usual disclaimers and warnings apply!
For more about Elastic Release Candidate 3, please see https://securityonion.net/wiki/elastic and the Screenshot tour at the bottom of this blog post.
Please note the following minimum hardware requirements for the Elastic stack:
If you would prefer an ISO image with no Elastic components at all, you have a few options:
OR
Existing Deployments
If you have existing ELSA installations based on a previous 14.04 ISO image, there is no need to download this new ISO image. You can simply continue using our standard update process to install updated packages as they are made available:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade
If you have existing Elastic installations (Technology Preview, Alpha, Beta, or Release Candidate), we don't officially support upgrading to newer releases, but you can try the steps listed here:
https://securityonion.net/wiki/elastic-rc3
Release Notes
For more information about this release, please see:
https://securityonion.net/wiki/14.04.5.9
Feedback
We want to hear from you! What works well? What could be improved? Please send feedback to our mailing list and include "Elastic RC3" in the Subject:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists
Previous Releases
To see our progress over the last few months, please see the previous announcements:
http://blog.securityonion.net/2017/03/towards-elk-on-security-onion.html
http://blog.securityonion.net/2017/06/towards-elastic-on-security-onion.html
http://blog.securityonion.net/2017/07/towards-elastic-on-security-onion.html
http://blog.securityonion.net/2017/09/elastic-stack-alpha-release-and.html
http://blog.securityonion.net/2017/11/elastic-stack-beta-release-and-security.html
http://blog.securityonion.net/2017/11/elastic-stack-beta-2-release-and.html
http://blog.securityonion.net/2017/12/security-onion-elastic-stack-beta-3.html
http://blog.securityonion.net/2018/01/security-onion-elastic-stack-release.html
http://blog.securityonion.net/2018/02/security-onion-elastic-stack-release.html
Training
We offer onsite and online training! For more information, please see:
https://securityonionsolutions.com
Support
Need support? Please see:
https://securityonion.net/wiki/Support
Screenshot Tour
https://blog.securityonion.net/2018/04/security-onion-elastic-stack-general.html
RC3 Highlights
- All Ubuntu and Security Onion updates as of 2018/3/5
- Elastic Stack Release Candidate 3:
https://github.com/Security-Onion-Solutions/security-onion/issues/1208 - Docker images based on Elastic Stack 6.2.2
- Our Help dashboard in Kibana now contains much more information.
- New tool so-import-pcap allows you to import one or more pcaps preserving timestamps:
https://securityonion.net/wiki/so-import-pcap - When configuring a master server to extend to storage nodes, safeguards are in place to improve resiliency and prevent redis from consuming too much memory.
- New templates map well known fields properly to help avoid mapping conflicts in the future.
- Lots of other improvements and bug fixes!
Issues Resolved
Issue 1208: Elastic Stack Release Candidate 3
https://github.com/Security-Onion-Solutions/security-onion/issues/1208
Issue 1209: 14.04.5.9 ISO image
https://github.com/Security-Onion-Solutions/security-onion/issues/1209
This new ISO image has been tested by Wes Lambert. Thanks, Wes!
Known Issues
For known issues, please see the todo list for our next release:
https://github.com/Security-Onion-Solutions/security-onion/issues/1219
Thanks
Special thanks to the following for their contributions to our Elastic Stack integration!
- Elastic.co
- Justin Henderson
- Mark Baggett
New Installations
We've updated the Verify_ISO page for the new ISO image:
https://github.com/Security-Onion-Solutions/security-onion/blob/master/Verify_ISO.md
Please remember to verify the signature of the downloaded ISO image using the instructions on that page.
Please note! This ISO image includes the EXPERIMENTAL Elastic stack!
The Elastic components are included in the ISO image and Setup gives you an option of Stable Setup (ELSA) or Experimental Setup (Elastic). If you do not want to try the new Elastic stack, you can choose Stable Setup. If you choose Experimental Setup, the usual disclaimers and warnings apply!
- Experimental Setup is BLEEDING EDGE and TOTALLY UNSUPPORTED!
- If this breaks your system, you get to keep both pieces!
- This is a work in progress and is in constant flux.
- This is intended to build a quick prototype proof of concept so you can see what our ultimate Elastic configuration might look like. This configuration will change drastically over time leading up to the final release.
- Do NOT run this on a system that you care about!
- Do NOT run this on a system that has data that you care about!
- This should only be run on a TEST box with TEST data!
- Experimental Setup may result in nausea, vomiting, or a burning sensation.
For more about Elastic Release Candidate 3, please see https://securityonion.net/wiki/elastic and the Screenshot tour at the bottom of this blog post.
Please note the following minimum hardware requirements for the Elastic stack:
- 2 CPU cores
- 8GB RAM
If you would prefer an ISO image with no Elastic components at all, you have a few options:
- Install the older Security Onion 14.04.5.2 ISO image and then run "sudo soup"
OR
- Install your preferred flavor of Ubuntu 14.04 and then add our PPA and your desired packages:
https://github.com/Security-Onion-Solutions/security-onion/wiki/InstallingOnUbuntu
Existing Deployments
If you have existing ELSA installations based on a previous 14.04 ISO image, there is no need to download this new ISO image. You can simply continue using our standard update process to install updated packages as they are made available:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade
If you have existing Elastic installations (Technology Preview, Alpha, Beta, or Release Candidate), we don't officially support upgrading to newer releases, but you can try the steps listed here:
https://securityonion.net/wiki/elastic-rc3
Release Notes
For more information about this release, please see:
https://securityonion.net/wiki/14.04.5.9
Feedback
We want to hear from you! What works well? What could be improved? Please send feedback to our mailing list and include "Elastic RC3" in the Subject:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists
Previous Releases
To see our progress over the last few months, please see the previous announcements:
http://blog.securityonion.net/2017/03/towards-elk-on-security-onion.html
http://blog.securityonion.net/2017/06/towards-elastic-on-security-onion.html
http://blog.securityonion.net/2017/07/towards-elastic-on-security-onion.html
http://blog.securityonion.net/2017/09/elastic-stack-alpha-release-and.html
http://blog.securityonion.net/2017/11/elastic-stack-beta-release-and-security.html
http://blog.securityonion.net/2017/11/elastic-stack-beta-2-release-and.html
http://blog.securityonion.net/2017/12/security-onion-elastic-stack-beta-3.html
http://blog.securityonion.net/2018/01/security-onion-elastic-stack-release.html
http://blog.securityonion.net/2018/02/security-onion-elastic-stack-release.html
Training
We offer onsite and online training! For more information, please see:
https://securityonionsolutions.com
Support
Need support? Please see:
https://securityonion.net/wiki/Support
Screenshot Tour
 |
| Security Onion 14.04.5.9 20180305 |
 |
| Welcome to Setup |
 |
| Network Configuration |
 |
| Stable Setup vs Experimental Setup |
 |
| Experimental Setup |
 |
| Evaluation Mode vs Production Mode |
 |
| Monitor (Sniffing) Interface Selection |
 |
| Creating First User Account |
 |
| Setting Password |
 |
| Confirming Password |
 |
| Confirming Options |
 |
| Setup Complete |
 |
| Single Sign On (SSO) for Kibana, Squert, and CapMe |
 |
| Squert |
 |
| CapMe |
 |
| CyberChef |
 |
| Kibana Home (Overview) Dashboard |
 |
| Help |
 |
| Bro Notices |
 |
| ElastAlert |
 |
| OSSEC HIDS Alerts |
 |
| NIDS Alerts from Snort or Suricata |
 |
| Connections |
 |
| DCE/RPC |
 |
| DHCP |
 |
| DNP3 |
 |
| DNS |
 |
| Files |
 |
| FTP |
 |
| HTTP |
 |
| Intel |
 |
| IRC |
 |
| Kerberos |
 |
| Modbus |
 |
| MySQL |
 |
| NTLM |
 |
| PE |
 |
| RADIUS |
 |
| RDP |
 |
| RFB |
 |
| SIP |
 |
| SMB |
 |
| SMTP |
 |
| SNMP |
 |
| Software |
 |
| SSH |
 |
| SSL |
 |
| Syslog |
 |
| Tunnels |
 |
| Weird |
 |
| X.509 |
 |
| Autoruns |
 |
| Beats |
 |
| OSSEC |
 |
| Sysmon |
 |
| Baby Domains |
 |
| Firewall |
 |
| Frequency Analysis |
 |
| Stats |
 |
| Syslog |
Subscribe to:
Posts (Atom)