securityonion-sostat - 20120722-0ubuntu0securityonion133 is now available for Security Onion! This package resolves the following issue:
securityonion-sostat: block docker 19.03.3 packages #1652
https://github.com/Security-Onion-Solutions/security-onion/issues/1652
Docker 19.03.3 was released recently and included a regression for the DOCKER-USER iptables chain:
https://blog.securityonion.net/2019/10/docker-package-issues-please-do-not.html
https://github.com/docker/for-linux/issues/810
When you install this updated securityonion-sostat package, it will prevent any future installation of Docker 19.03.3. It will also check to see if you already have Docker 19.03.3 installed. If so, it will provide instructions for removing Docker 19.03.3 and replacing it with a fixed version. Any future runs of soup will check Docker version as well.
Thanks
Thanks to Wes Lambert and Dustin Lee for testing!
Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade
Documentation
We've got a new documentation site! Please let us know if anything needs to be updated:
https://securityonion.net/docs
Also, we're now offering a printed copy of our official documentation with foreword by Richard Bejtlich and proceeds going to Rural Technology Fund:
https://securityonion.net/book
Training
Security Onion Solutions is the only official authorized training provider for Security Onion and we have 4-day Basic and 4-day Advanced onsite training classes. We also offer online classes as well. For more information, please see:
https://securityonionsolutions.com
Appliances
We now offer hardware appliances! For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html
Support
Need support? Please see:
https://securityonion.net/docs/Support
Thanks!
Wednesday, October 16, 2019
Wednesday, October 9, 2019
Docker package issues - please do not update until further notice
Docker recently released a new version of its docker-ce package (docker-ce 19.03.3) and it appears to have some issues. Out of an abundance of caution, we are recommending that folks avoid updating until we have a better understanding of what the issues are and what fixes will be required.
Stay tuned for further details!
UPDATE 2019/10/16 Please see:
https://blog.securityonion.net/2019/10/securityonion-sostat-20120722.html
Stay tuned for further details!
UPDATE 2019/10/16 Please see:
https://blog.securityonion.net/2019/10/securityonion-sostat-20120722.html
Monday, October 7, 2019
Videos from Security Onion Conference 2019
Thanks to Mike McDargh and Sanjeev Singhal for recording the talks at Security Onion Conference 2019! The recordings have been uploaded to our Youtube channel:
Security Onion Conference 2019 Video Playlist
Augmenting the Onion: Facilitating Enhanced Detection and Response with Open Source Tools by Wes Lambert
Creativity, Intelligence, and Security Analyst Thinking Modes by Chris Sanders and Stef Rand
Constructing Your Playbook within Security Onion by Josh Brower
Building a Detection Lab with SecurityOnion by Wylie Bayes
Finding traffic anomalies using SSL certificates by Bryant Treacle
Peeling Back the Layers: Using Security Onion to See Adversary Activity through All Phases of the Kill Chain by Benjamin Klimkowski and Sean Eyre
State of the Onion by Doug Burks
These links have been added to https://securityonion.net/conf as well.
Hope to see you next year!
Security Onion Conference 2019 Video Playlist
Augmenting the Onion: Facilitating Enhanced Detection and Response with Open Source Tools by Wes Lambert
Creativity, Intelligence, and Security Analyst Thinking Modes by Chris Sanders and Stef Rand
Constructing Your Playbook within Security Onion by Josh Brower
Building a Detection Lab with SecurityOnion by Wylie Bayes
Finding traffic anomalies using SSL certificates by Bryant Treacle
Peeling Back the Layers: Using Security Onion to See Adversary Activity through All Phases of the Kill Chain by Benjamin Klimkowski and Sean Eyre
State of the Onion by Doug Burks
These links have been added to https://securityonion.net/conf as well.
Hope to see you next year!
Friday, October 4, 2019
Security Onion Hybrid Hunter 1.1.1 - Alpha 2 Available for Testing!
UPDATE 2019/12/16 - Security Onion Hybrid Hunter 1.1.3 Alpha 3 is now available for testing!
https://blog.securityonion.net/2019/12/security-onion-hybrid-hunter-113-alpha.html
In 2018, we started working on the next major version of Security Onion, code-named Hybrid Hunter:
https://blog.securityonion.net/2018/11/security-onion-hybrid-hunter-101-tech.html
We're excited to announce that Hybrid Hunter 1.1.1 is now available for testing and is considered our ALPHA 2 release!
https://github.com/Security-Onion-Solutions/securityonion-saltstack/blob/master/README.md
Changes:
Ready to try it out?
If you want to try our new minimal ISO image, please follow the instructions here:
https://github.com/Security-Onion-Solutions/securityonion-saltstack/wiki/ISO
Otherwise, you can install Hybrid Hunter on Ubuntu 16.04 or CentOS 7 using the instructions here:
https://github.com/Security-Onion-Solutions/securityonion-saltstack
After you've installed, if you want to try out the new Playbook functionality, take a look at:
https://github.com/Security-Onion-Solutions/securityonion-saltstack/wiki/Playbook
Feedback
If you have questions, problems, or other feedback regarding Hybrid Hunter, please post to our subreddit and prefix the title with [Hybrid Hunter]:
https://www.reddit.com/r/securityonion/
https://blog.securityonion.net/2019/12/security-onion-hybrid-hunter-113-alpha.html
In 2018, we started working on the next major version of Security Onion, code-named Hybrid Hunter:
https://blog.securityonion.net/2018/11/security-onion-hybrid-hunter-101-tech.html
We're excited to announce that Hybrid Hunter 1.1.1 is now available for testing and is considered our ALPHA 2 release!
https://github.com/Security-Onion-Solutions/securityonion-saltstack/blob/master/README.md
Changes:
- Alpha 2 is here!
- Hybrid Hunter minimal ISO image now available!
- Suricata 4.1.5.
- Bro/Zeek 2.6.4.
- TheHive 3.4.0 (Includes ES 6.8.3 for TheHive only).
- Fixed Bro/Zeek packet loss calculation for Grafana.
- Updated to latest Sensoroni which includes websockets support for job status updates without having to refresh the page.
- NIDS and HIDS dashboard updates.
- Playbook and ATT&CK Navigator features are now included.
- Filebeat now logs to a file, instead of stdout.
- Elastalert has been updated to use Python 3 and allow for use of custom alerters.
- Moved Bro/Zeek log parsing from Logstash to Elasticsearch Ingest for higher performance and lower memory usage!
- Several changes to the setup script have been made to improve stability of the setup process:
- Setup now modifies your hosts file so that the install works better in environments without DNS.
- You are now prompted for setting a password for the socore user.
- The install now forces a reboot at the end of the install. This fixes an issue with some of the Docker containers being in the wrong state from a manual reboot. Manual reboots are fine after the initial reboot.
- This ALPHA release is BLEEDING EDGE and TOTALLY UNSUPPORTED!
- If this breaks your system, you get to keep both pieces!
- This is a work in progress and is in constant flux.
- This is intended to build a quick prototype proof of concept so you can see what our new platform might look like. This configuration will change drastically over time leading up to the final release.
- Do NOT run this on a system that you care about!
- Do NOT run this on a system that has data that you care about!
- This should only be run on a TEST box with TEST data!
- Use of this script may result in nausea, vomiting, or a burning sensation.
Ready to try it out?
If you want to try our new minimal ISO image, please follow the instructions here:
https://github.com/Security-Onion-Solutions/securityonion-saltstack/wiki/ISO
Otherwise, you can install Hybrid Hunter on Ubuntu 16.04 or CentOS 7 using the instructions here:
https://github.com/Security-Onion-Solutions/securityonion-saltstack
After you've installed, if you want to try out the new Playbook functionality, take a look at:
https://github.com/Security-Onion-Solutions/securityonion-saltstack/wiki/Playbook
Feedback
If you have questions, problems, or other feedback regarding Hybrid Hunter, please post to our subreddit and prefix the title with [Hybrid Hunter]:
https://www.reddit.com/r/securityonion/
Wednesday, September 25, 2019
Suricata 4.1.5 now available for Security Onion!
Suricata 4.1.5 is now available for Security Onion! The new package version is:
securityonion-suricata - 4.1.5-1ubuntu1securityonion4
This package resolves the following issue:
Suricata 4.1.5 #1646
https://github.com/Security-Onion-Solutions/security-onion/issues/1646
Thanks
Thanks to the Suricata team for Suricata 4.1.5!
Thanks to Wes Lambert for testing!
Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade
Documentation
We've got a new documentation site! Please let us know if anything needs to be updated:
https://securityonion.net/docs
Also, we're now offering a printed copy of our official documentation with foreword by Richard Bejtlich and proceeds going to Rural Technology Fund:
https://securityonion.net/book
Conference
This Friday 9/27 is the LAST day to register for Security Onion Conference 2019!
https://socaugusta2019.eventbrite.com/
Training
Security Onion Solutions is the only official authorized training provider for Security Onion and we have 4-day Basic and 4-day Advanced onsite training classes. We also offer online classes as well. For more information, please see:
https://securityonionsolutions.com
Appliances
We now offer hardware appliances! For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html
Support
Need support? Please see:
https://securityonion.net/docs/Support
Thanks!
securityonion-suricata - 4.1.5-1ubuntu1securityonion4
This package resolves the following issue:
Suricata 4.1.5 #1646
https://github.com/Security-Onion-Solutions/security-onion/issues/1646
 |
| Suricata 4.1.5 |
Thanks
Thanks to the Suricata team for Suricata 4.1.5!
Thanks to Wes Lambert for testing!
Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade
Documentation
We've got a new documentation site! Please let us know if anything needs to be updated:
https://securityonion.net/docs
Also, we're now offering a printed copy of our official documentation with foreword by Richard Bejtlich and proceeds going to Rural Technology Fund:
https://securityonion.net/book
Conference
This Friday 9/27 is the LAST day to register for Security Onion Conference 2019!
https://socaugusta2019.eventbrite.com/
Training
Security Onion Solutions is the only official authorized training provider for Security Onion and we have 4-day Basic and 4-day Advanced onsite training classes. We also offer online classes as well. For more information, please see:
https://securityonionsolutions.com
Appliances
We now offer hardware appliances! For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html
Support
Need support? Please see:
https://securityonion.net/docs/Support
Thanks!
Second Edition of Security Onion Documentation is #1 New Release in Computer Networking!
Many folks have asked for a printed version of our official online documentation and we're excited to provide that! Whether you work on airgapped networks or simply want a portable reference that doesn't require an Internet connection or batteries, this is what you've been asking for.
Thanks to Richard Bejtlich for writing the inspiring foreword!
Proceeds go to the Rural Technology Fund!
This second edition has been updated for our latest ISO image release and now includes a 10% discount code for our online training!
This book covers the following Security Onion topics:
- Getting Started
- Analyst Tools
- Network Visibility
- Host Visibility
- Elastic Stack
- Updating
- Customizing for your Environment
- Tuning
- Tricks and Tips
- Services
- Utilities
- Help
- Integrations
Q&A
What is the difference between this book and the online documentation?
This book is the online documentation formatted specifically for print. It also includes an inspiring foreword by Richard Bejtlich that is not available anywhere else! Proceeds go to the Rural Technology Fund! Finally, the printed book includes a 10% discount code for our online training.
Who should get this book?
You should get this book if you work on airgapped networks or simply want a portable reference that doesn't require an Internet connection or batteries! Also anyone who wants to donate to a worthy cause like Rural Technology Fund!
How often will the book be updated?
Currently, we plan to release a new edition of the book every time we release a new version of our ISO image.
What is the difference between this edition and the previous edition?
This edition has been updated for our latest ISO image release and now includes a 10% discount code for our online training!
Where do we get it?
The following URL will always take you to the latest version of the printed book at Amazon:
https://securityonion.net/book
Thursday, September 19, 2019
securityonion-squert - 20161212-1ubuntu1securityonion44 now available for Security Onion!
securityonion-squert - 20161212-1ubuntu1securityonion44 is now available for Security Onion! This should resolve the following issue:
Squert: improve consistency of username handling #1643
https://github.com/Security-Onion-Solutions/security-onion/issues/1643
Thanks
Thanks to Wes Lambert for testing!
Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade
Documentation
We've got a brand new documentation site! Please let us know if anything needs to be updated:
https://securityonion.net/docs
Also, we're now offering a printed copy of our official documentation with foreword by Richard Bejtlich and proceeds going to Rural Technology Fund:
https://securityonion.net/book
Conference
Only a few days left to register for Security Onion Conference 2019 on Friday, October 4, 2019!
https://socaugusta2019.eventbrite.com/
Training
Security Onion Solutions is the only official authorized training provider for Security Onion and we have a 4-day Security Onion Training class coming up in Augusta GA! If you can't make it to an onsite class, we have a new online training platform. For more information and other training options, please see:
https://securityonionsolutions.com
Appliances
We now offer hardware appliances! For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html
Support
Need support? Please see:
https://securityonion.net/docs/Support
Thanks!
Squert: improve consistency of username handling #1643
https://github.com/Security-Onion-Solutions/security-onion/issues/1643
Thanks
Thanks to Wes Lambert for testing!
Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade
Documentation
We've got a brand new documentation site! Please let us know if anything needs to be updated:
https://securityonion.net/docs
Also, we're now offering a printed copy of our official documentation with foreword by Richard Bejtlich and proceeds going to Rural Technology Fund:
https://securityonion.net/book
Conference
Only a few days left to register for Security Onion Conference 2019 on Friday, October 4, 2019!
https://socaugusta2019.eventbrite.com/
Training
Security Onion Solutions is the only official authorized training provider for Security Onion and we have a 4-day Security Onion Training class coming up in Augusta GA! If you can't make it to an onsite class, we have a new online training platform. For more information and other training options, please see:
https://securityonionsolutions.com
Appliances
We now offer hardware appliances! For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html
Support
Need support? Please see:
https://securityonion.net/docs/Support
Thanks!
Monday, September 16, 2019
Second Edition of Security Onion Documentation printed book now available!
Thanks to Richard Bejtlich for writing the inspiring foreword!
Proceeds go to the Rural Technology Fund!
This second edition has been updated for our latest ISO image release and now includes a 10% discount code for our online training!
This book covers the following Security Onion topics:
- Getting Started
- Analyst Tools
- Network Visibility
- Host Visibility
- Elastic Stack
- Updating
- Customizing for your Environment
- Tuning
- Tricks and Tips
- Services
- Utilities
- Help
- Integrations
Q&A
What is the difference between this book and the online documentation?
This book is the online documentation formatted specifically for print. It also includes an inspiring foreword by Richard Bejtlich that is not available anywhere else! Proceeds go to the Rural Technology Fund! Finally, the printed book includes a 10% discount code for our online training.
Who should get this book?
You should get this book if you work on airgapped networks or simply want a portable reference that doesn't require an Internet connection or batteries! Also anyone who wants to donate to a worthy cause like Rural Technology Fund!
How often will the book be updated?
Currently, we plan to release a new edition of the book every time we release a new version of our ISO image.
What is the difference between this edition and the previous edition?
This edition has been updated for our latest ISO image release and now includes a 10% discount code for our online training!
Where do we get it?
The following URL will always take you to the latest version of the printed book at Amazon:
https://securityonion.net/book
Monday, September 9, 2019
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion205 now available for Security Onion!
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion205 is now available for Security Onion! This should resolve the following issue:
NSM: nsm_server_user-add should require usernames to be alphanumeric #1627
https://github.com/Security-Onion-Solutions/security-onion/issues/1627
Thanks
Thanks to Wes Lambert for testing!
Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade
Documentation
We've got a brand new documentation site! Please let us know if anything needs to be updated:
https://securityonion.net/docs
Also, we're now offering a printed copy of our official documentation with foreword by Richard Bejtlich and proceeds going to Rural Technology Fund:
https://securityonion.net/book
Conference
Only a few weeks left to register for Security Onion Conference 2019 on Friday, October 4, 2019!
https://socaugusta2019.eventbrite.com/
Training
Security Onion Solutions is the only official authorized training provider for Security Onion and we have 4-day Security Onion Training classes coming up in Columbia MD and Augusta GA! If you can't make it to an onsite class, we have a new online training platform. For more information and other training options, please see:
https://securityonionsolutions.com
Appliances
We now offer hardware appliances! For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html
Support
Need support? Please see:
https://securityonion.net/docs/Support
Thanks!
NSM: nsm_server_user-add should require usernames to be alphanumeric #1627
https://github.com/Security-Onion-Solutions/security-onion/issues/1627
Thanks
Thanks to Wes Lambert for testing!
Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade
Documentation
We've got a brand new documentation site! Please let us know if anything needs to be updated:
https://securityonion.net/docs
Also, we're now offering a printed copy of our official documentation with foreword by Richard Bejtlich and proceeds going to Rural Technology Fund:
https://securityonion.net/book
Conference
Only a few weeks left to register for Security Onion Conference 2019 on Friday, October 4, 2019!
https://socaugusta2019.eventbrite.com/
Training
Security Onion Solutions is the only official authorized training provider for Security Onion and we have 4-day Security Onion Training classes coming up in Columbia MD and Augusta GA! If you can't make it to an onsite class, we have a new online training platform. For more information and other training options, please see:
https://securityonionsolutions.com
Appliances
We now offer hardware appliances! For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html
Support
Need support? Please see:
https://securityonion.net/docs/Support
Thanks!
Thursday, September 5, 2019
securityonion-setup - 20120912-0ubuntu0securityonion314 now available for Security Onion!
securityonion-setup - 20120912-0ubuntu0securityonion314 is now available for Security Onion! This should resolve the following issue:
Setup: improve removal of Elastic auth files #1632
https://github.com/Security-Onion-Solutions/security-onion/issues/1632
Thanks
Thanks to Wes Lambert for testing!
Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade
Documentation
We've got a brand new documentation site! Please let us know if anything needs to be updated:
https://securityonion.net/docs
Also, we're now offering a printed copy of our official documentation with foreword by Richard Bejtlich and proceeds going to Rural Technology Fund:
https://securityonion.net/book
Conference
Only a few weeks left to register for Security Onion Conference 2019 on Friday, October 4, 2019!
https://socaugusta2019.eventbrite.com/
Training
Security Onion Solutions is the only official authorized training provider for Security Onion and we have 4-day Security Onion Training classes coming up in Columbia MD and Augusta GA! If you can't make it to an onsite class, we have a new online training platform. For more information and other training options, please see:
https://securityonionsolutions.com
Appliances
We now offer hardware appliances! For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html
Support
Need support? Please see:
https://securityonion.net/docs/Support
Thanks!
Setup: improve removal of Elastic auth files #1632
https://github.com/Security-Onion-Solutions/security-onion/issues/1632
Thanks
Thanks to Wes Lambert for testing!
Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade
Documentation
We've got a brand new documentation site! Please let us know if anything needs to be updated:
https://securityonion.net/docs
Also, we're now offering a printed copy of our official documentation with foreword by Richard Bejtlich and proceeds going to Rural Technology Fund:
https://securityonion.net/book
Conference
Only a few weeks left to register for Security Onion Conference 2019 on Friday, October 4, 2019!
https://socaugusta2019.eventbrite.com/
Training
Security Onion Solutions is the only official authorized training provider for Security Onion and we have 4-day Security Onion Training classes coming up in Columbia MD and Augusta GA! If you can't make it to an onsite class, we have a new online training platform. For more information and other training options, please see:
https://securityonionsolutions.com
Appliances
We now offer hardware appliances! For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html
Support
Need support? Please see:
https://securityonion.net/docs/Support
Thanks!
Tuesday, September 3, 2019
Bro 2.6.4 now available for Security Onion!
Bro 2.6.4 is now available for Security Onion! The new package versions are as follows:
securityonion-bro - 2.6.4-1ubuntu1securityonion1
securityonion-bro-afpacket - 1.3.0-1ubuntu1securityonion13
securityonion-bro-scripts - 20121004-0ubuntu0securityonion73
These packages should resolve the following issue:
Bro 2.6.4 #1628
https://github.com/Security-Onion-Solutions/security-onion/issues/1628
Thanks
Thanks to the Bro/Zeek team for Bro 2.6.4!
Thanks to Wylie Bayes for testing!
Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade
Documentation
We've got a brand new documentation site! Please let us know if anything needs to be updated:
https://securityonion.net/docs
Also, we're now offering a printed copy of our official documentation with foreword by Richard Bejtlich and proceeds going to Rural Technology Fund:
https://securityonion.net/book
Conference
Only a few weeks left to register for Security Onion Conference 2019 on Friday, October 4, 2019!
https://socaugusta2019.eventbrite.com/
Training
Security Onion Solutions is the only official authorized training provider for Security Onion and we have 4-day Security Onion Training classes coming up in Columbia MD and Augusta GA! If you can't make it to an onsite class, we have a new online training platform. For more information and other training options, please see:
https://securityonionsolutions.com
Appliances
We now offer hardware appliances! For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html
Support
Need support? Please see:
https://securityonion.net/docs/Support
Thanks!
securityonion-bro - 2.6.4-1ubuntu1securityonion1
securityonion-bro-afpacket - 1.3.0-1ubuntu1securityonion13
securityonion-bro-scripts - 20121004-0ubuntu0securityonion73
 |
| Bro 2.6.4 |
Bro 2.6.4 #1628
https://github.com/Security-Onion-Solutions/security-onion/issues/1628
Thanks
Thanks to the Bro/Zeek team for Bro 2.6.4!
Thanks to Wylie Bayes for testing!
Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade
Documentation
We've got a brand new documentation site! Please let us know if anything needs to be updated:
https://securityonion.net/docs
Also, we're now offering a printed copy of our official documentation with foreword by Richard Bejtlich and proceeds going to Rural Technology Fund:
https://securityonion.net/book
Conference
Only a few weeks left to register for Security Onion Conference 2019 on Friday, October 4, 2019!
https://socaugusta2019.eventbrite.com/
Training
Security Onion Solutions is the only official authorized training provider for Security Onion and we have 4-day Security Onion Training classes coming up in Columbia MD and Augusta GA! If you can't make it to an onsite class, we have a new online training platform. For more information and other training options, please see:
https://securityonionsolutions.com
Appliances
We now offer hardware appliances! For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html
Support
Need support? Please see:
https://securityonion.net/docs/Support
Thanks!
Wednesday, August 28, 2019
Security Onion 16.04.6.2 now available featuring Elastic 6.8.2, Wazuh 3.9.5, CyberChef 9.2.0, Bro 2.6.3, Snort 2.9.13.0, and more!
Security Onion 16.04.6.2 is now available!
Major Changes Since Last ISO Image
sosetup-minimal
sosetup-minimal will run the normal sosetup and then reconfigure the Elastic Stack to run in minimal mode. This minimal mode is designed to minimize RAM and CPU usage. This means that sosetup-minimal can run Evaluation Mode in only 4GB RAM! However, please note that the minimal Logstash config is intended to only do a basic parsing of NIDS alerts and JSON-formatted Bro logs so it won't support additional logs like sysmon and autoruns by default. It also doesn't do additional decoration or augmentation like domainstats or freqserver. You can see an example of sosetup-minimal in the Screenshot Tour at the end of this blog post.
Thanks
Thanks to Josh Brower for testing this ISO image!
Package Updates
This release also includes the following updated packages:
pinguybuilder - 20180514-1ubuntu1securityonion19
securityonion-iso - 20151016-1ubuntu1securityonion33
These packages resolve the following issues:
pinguybuilder: increment version to 16.04.6.2 #1624
https://github.com/Security-Onion-Solutions/security-onion/issues/1624
so-iso-build: purge /var/ossec/queue/diff #1543
https://github.com/Security-Onion-Solutions/security-onion/issues/1543
Issues Resolved
For a list of all issues resolved in this release, please see:
https://github.com/Security-Onion-Solutions/security-onion/projects/7
Release Notes
For more information about this release, please see:
https://securityonion.net/docs/release-notes.html
Installation Guide
We've updated the Installation guide to reflect the download locations for the new ISO image:
https://securityonion.net/docs/installation.html
Existing Deployments
If you have existing 16.04 installations, there is no need to download the new ISO image. You can simply continue using our standard update process to install updated packages as they are made available:
https://securityonion.net/docs/Upgrade
If you have existing installations of Security Onion 14.04, you can upgrade from 14.04 to 16.04:
https://securityonion.net/docs/upgrading-from-14.04-to-16.04.html
Conference
Only a few weeks left to register for Security Onion Conference 2019 on Friday, October 4, 2019!
https://socaugusta2019.eventbrite.com/
Training
Security Onion Solutions is the only official authorized training provider for Security Onion and we have 4-day Security Onion Training classes coming up in Columbia MD and Augusta GA! If you can't make it to an onsite class, we have a new online training platform. For more information and other training options, please see:
https://securityonionsolutions.com
Appliances
We now offer hardware appliances! For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html
Documentation
We've got a brand new documentation site! Please let us know if anything needs to be updated:
https://securityonion.net/docs
Also, we're now offering a printed copy of our official documentation with foreword by Richard Bejtlich and proceeds going to Rural Technology Fund:
https://securityonion.net/book
Support
Need support? Please see:
https://securityonion.net/docs/Support
Screenshot Tour
 |
| Security Onion 16.04.6.2 |
Major Changes Since Last ISO Image
- Elastic 6.8.2
- Wazuh 3.9.5
- CyberChef 9.2.0
- Bro 2.6.3
- Snort 2.9.13.0
- PulledPork 0.7.3
- Users can now run Setup interactively via GUI or CLI
- Users can now optionally switch from open source Elastic Stack to Elastic Features using so-elastic-features
- Users can now optionally enable native Elastic auth using so-elastic-auth (which automatically runs so-elastic-features and then configures all processes for native Elastic auth)
- so-import-pcap has been overhauled!
- fixed lots of bugs!
sosetup-minimal
sosetup-minimal will run the normal sosetup and then reconfigure the Elastic Stack to run in minimal mode. This minimal mode is designed to minimize RAM and CPU usage. This means that sosetup-minimal can run Evaluation Mode in only 4GB RAM! However, please note that the minimal Logstash config is intended to only do a basic parsing of NIDS alerts and JSON-formatted Bro logs so it won't support additional logs like sysmon and autoruns by default. It also doesn't do additional decoration or augmentation like domainstats or freqserver. You can see an example of sosetup-minimal in the Screenshot Tour at the end of this blog post.
Thanks
Thanks to Josh Brower for testing this ISO image!
Package Updates
This release also includes the following updated packages:
pinguybuilder - 20180514-1ubuntu1securityonion19
securityonion-iso - 20151016-1ubuntu1securityonion33
These packages resolve the following issues:
pinguybuilder: increment version to 16.04.6.2 #1624
https://github.com/Security-Onion-Solutions/security-onion/issues/1624
so-iso-build: purge /var/ossec/queue/diff #1543
https://github.com/Security-Onion-Solutions/security-onion/issues/1543
Issues Resolved
For a list of all issues resolved in this release, please see:
https://github.com/Security-Onion-Solutions/security-onion/projects/7
Release Notes
For more information about this release, please see:
https://securityonion.net/docs/release-notes.html
Installation Guide
We've updated the Installation guide to reflect the download locations for the new ISO image:
https://securityonion.net/docs/installation.html
Existing Deployments
If you have existing 16.04 installations, there is no need to download the new ISO image. You can simply continue using our standard update process to install updated packages as they are made available:
https://securityonion.net/docs/Upgrade
If you have existing installations of Security Onion 14.04, you can upgrade from 14.04 to 16.04:
https://securityonion.net/docs/upgrading-from-14.04-to-16.04.html
Conference
Only a few weeks left to register for Security Onion Conference 2019 on Friday, October 4, 2019!
https://socaugusta2019.eventbrite.com/
Training
Security Onion Solutions is the only official authorized training provider for Security Onion and we have 4-day Security Onion Training classes coming up in Columbia MD and Augusta GA! If you can't make it to an onsite class, we have a new online training platform. For more information and other training options, please see:
https://securityonionsolutions.com
Appliances
We now offer hardware appliances! For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html
Documentation
We've got a brand new documentation site! Please let us know if anything needs to be updated:
https://securityonion.net/docs
Also, we're now offering a printed copy of our official documentation with foreword by Richard Bejtlich and proceeds going to Rural Technology Fund:
https://securityonion.net/book
Support
Need support? Please see:
https://securityonion.net/docs/Support
Screenshot Tour
 |
| ISO Boot Menu |
 |
| Once the Live Desktop appears, double-click the Install icon and follow the prompts |
 |
| Once you've completed the installer and rebooted, login using the username and password you created in the installer |
 |
| After logging in, you are prompted to run Setup |
 |
| Setup can now run interactively via CLI and sosetup-minimal can be used to minimize RAM and CPU usage |
 |
| Welcome to Setup |
 |
| Configure network interfaces |
 |
| If your hostname is securityonion, Setup gives you the opportunity to rename it |
 |
| Configure your network interfaces, reboot, then log back in |
 |
| Launch Setup again and skip network configuration to go to service configuration |
 |
| sosetup-minimal can run Evaluation Mode in 4GB RAM |
 |
| Confirm sniffing interface |
 |
| Create username |
 |
| Create Password |
 |
| Confirm Password |
 |
| Confirm all options |
 |
| Please wait while Setup configures your system |
 |
| Setup complete |
 |
| Desktop no longer prompts to run Setup and includes icons for analyst applications |
 |
| The README shortcut includes links to the cheat sheet and online and offline documentation |
 |
| CyberChef 9.2.0 |
 |
| Single Sign On (SSO) for Squert, CapMe, and Kibana |
 |
| sosetup-minimal can run Evaluation Mode in only 4GB RAM |
 |
| Review IDS alerts using Squert |
 |
| Retrieve full packet capture with CapMe |
 |
| Kibana Overview Dashboard |
 |
| Help |
 |
| Bro Notices |
 |
| HIDS Alerts from OSSEC/Wazuh |
 |
| NIDS Alerts from Snort or Suricata |
 |
| Bro Connections |
 |
| Bro DCERPC |
 |
| Bro DHCP |
 |
| Bro DNP3 |
 |
| Bro DNS |
 |
| Bro Files |
 |
| Bro FTP |
 |
| Bro HTTP |
 |
| Bro Intel |
 |
| Bro IRC |
 |
| Bro Kerberos |
 |
| Bro Modbus |
 |
| Bro MySQL |
 |
| Bro NTLM |
 |
| Bro PE |
 |
| Bro RADIUS |
 |
| Bro RDP |
 |
| Bro RFB |
 |
| Bro SIP |
 |
| Bro SMB |
 |
| Bro SMTP |
 |
| Bro SNMP |
 |
| Bro Software |
 |
| Bro SSH |
 |
| Bro SSL |
 |
| Bro Syslog |
 |
| Bro Tunnels |
 |
| Bro Weird |
 |
| Bro X.509 |
 |
| OSSEC (Wazuh) |
 |
| Syslog |
Subscribe to:
Posts (Atom)