Skip to content
This repository has been archived by the owner on Apr 16, 2021. It is now read-only.

2015

Jump to bottom
Samuel Tarling edited this page Nov 27, 2015 · 9 revisions

Please note that this is all subject to change!

  • January 2015
    • Issue 655: Suricata 2.0.5
    • Issue 658: NSM: fix umask on Snort unified2 output
    • Issue 548: NSM: run barnyard2 as non-root user
    • Issue 649: nsm_all_del_quick: check for /etc/nsm/servertab and /etc/nsm/sensortab before trying to read
    • Issue 598: so-snorby-wipe
    • Issue 610: NSM: ossec_agent alert level should be configurable
    • Issue 660: Setup: add OSSEC_AGENT_LEVEL to /etc/nsm/securityonion.conf
    • Issue 656: ELSA: update parser for bro_conn to parse country code
    • Issue 659: securityonion-web-page: add ELSA query for bro_conn groupby:resp_country_code
    • Issue 667: New packages for shellshock and malware-traffic-analysis samples
    • Issue 673: Suricata 2.0.6
    • Issue 642: Update Salt packages/scripts to 2014.7.0
    • Issue 619: Onionsalt: backup /opt/onionsalt/pillar/top.sls
    • Issue 661: Onionsalt: replicate /usr/local/lib/snort_dynamicrules/
    • Issue 672: sguil-db-purge: check for UNCAT_MAX
    • Issue 663: sosetup: sosetup.conf SGUIL_CLIENT_PASSWORD_1 should say Sguil/Squert/ELSA/Snorby
    • Issue 664: sosetup: run Bro as non-root user
    • Issue 666: sostat: run Bro as non-root user
    • Issue 665: NSM: run Bro as non-root user
    • Issue 676: NSM: run Sguil as non-root user
    • Issue 671: NSM: /etc/cron.d/sensor-clean needs 2>&1
  • February 2015
    • Issue 668: ELSA: pdbtool errors
    • Issue 669: ELSA: update parsers for Bro DNS and BIND
    • Issue 670: securityonion-web-page: add queries for updated bro_dns parser
    • Issue 685: securityonion-web-page: update links
    • Issue 684: NSM: nsm_server_ps-start needs to create /var/log/sguild/ if it doesn't already exist
    • Issue 686: NSM: nsm_server_ps-start needs to set permissions on /var/log/nsm/so-elsa/ properly
    • Issue 687: NSM: nsm_sensor_ps-start should set permissions on /var/log/nsm/ properly
    • Issue 689: NSM: add USE_DNS option to ossec_agent.conf
    • Issue 688: ossec_agent: add option to disable DNS lookups
    • Issue 680: Bro 2.3.2
    • Issue 683: securityonion-et-rules: update for new ISO
    • Issue 632: ISO: add bridge-utils
    • Issue 601: ISO: add foremost
    • Issue 614: ISO: add securityonion-samples-shellshock
    • Issue 662: ISO: add securityonion-samples-mta
    • Issue 675: ISO: add xfsprogs
    • Issue 602: 12.04.5.1 ISO image
  • March 2015
    • Issue 695: Suricata 2.0.7
    • Issue 696: ELSA custom menu
    • Issue 691: NSM: chown -R $BRO_USER:$BRO_GROUP /nsm/bro >/dev/null 2>&1
    • Issue 698: NSM: nsm_server_del line 170 echo_msg 0 "Deleting server: $SERVER_NAME"
    • Issue 699: NSM: Bro node.cfg host=localhost
    • Issue 700: Setup: Bro node.cfg host=localhost
    • Issue 702: Snort 2.9.7.2
    • Issue 703: Move from Google Code to Github
    • Issue 706: Add Josh Brower's ELSA parsers for process logs and sysmon
    • Issue 709: Add fear.nothing's ELSA parsers for pfSense
    • Issue 710: securityonion-web-page: add ELSA queries for Firewall logs and Windows Processes
  • April 2015
    • Issue 711: Add "date" command to /usr/bin/sguil-db-purge
    • Issue 692: sostat: list number of ELSA buffers in queue and warn if higher than 20
    • Issue 701: sostat: include number of CPU cores
    • Issue 681: rule-update: wipe snort_dynamicrules directory on sensor
    • Issue 677: rule-update: create /usr/local/lib/snort_dynamicrules/ if it doesn't already exist
    • Issue 678: rule-update: /etc/cron.d/rule-update should have 2>&1
    • Issue 697: rule-update: log snorby reference table update to barnyard2-snorby.log
    • Issue 679: rule-update: run pulledpork as unprivileged user
    • Issue 715: securityonion-rule-update: sensor-only boxes running salt shouldn't try to copy /etc/cron.d/rule-update
  • May 2015
    • Issue 725: Suricata 2.0.8
    • Issue 718: Sphinx 2.1.9
    • Issue 241: NSM scripts should have a timeout period when stopping services
    • Issue 392: Patch for lib-nsm-common-utils from Mark Seiden
    • Issue 714: nsm_server_user-disable
    • Issue 705: ossec_agent: improvements from Brian Kellogg
    • Issue 716: ossec_agent: tighten regex to only look for -> anchored to hostname or IP
    • Issue 717: ossec_agent: send alerts to sguild immediately instead of waiting for next alert
  • June 2015
    • Issue 742: securityonion-suricata package missing debian/install
    • Issue 730: Snort 2.9.7.3
    • Issue 731: Snort DAQ 2.0.5
    • Issue 657: ELSA 1205
    • Issue 447: ELSA syslog-ng.conf rewrite r_pipes
    • Issue 512: ELSA syslog-ng.conf filter f_bro_headers
    • Issue 726: ELSA syslog-ng.conf - add filesystem destinations
    • Issue 674: ELSA - update bro_notice parser to parse src and dst fields
    • Issue 722: securityonion-web-page: update HTTP mime type queries for ELSA 1205
    • Issue 723: CapMe: Update for new ELSA API
    • Issue 500: sosetup: restart starman
    • Issue 504: sosetup: avoid writing ELSA_PORT twice in SSH_CONF
    • Issue 547: sosetup: if enabling salt on a sensor, check top.sls to make sure it doesn't already exist
    • Issue 740: sosetup: sensor should use sudo to restart apache on master
    • Issue 741: sosetup: sometimes local salt-minion doesn't check in with local salt-master quickly enough
    • Issue 732: NSM: only output color codes if running on a tty
    • Issue 746: ELSA 1205 package enabled perl module on non-ELSA systems
    • Issue 747: ELSA 1205 package duplicated syslog-ng.conf entries on non-ELSA systems
    • Issue 748: ELSA 1205 package didn't add the pid column to the query_log table for upgrades
    • Issue 749: Update tcl-tls package and replace DH512 key with DH2048
    • Issue 751: NSM: change watchdog run time to avoid race condition
    • Issue 744: sosetup: Restart Apache to activate new ELSA apikey
    • Issue 745: OSSEC 2.8.2
  • July 2015
    • Issue 733: 12.04.5.2 ISO image
    • Issue 763: sostat: show last update
    • Issue 761: securityonion-tcpudpflow: remove connection_state_remove event handler
    • Issue 760: ossec_agent: Add source of syslog as destination IP for Sguil alert
    • Issue 769: sosetup: allow user to enable/disable Snorby
    • Issue 596: sosetup: sensor should stop/disable Apache and Snorby worker
    • Issue 693: sosetup: improve input validation for email address
    • Issue 764: sosetup: fix typo in sosetup.conf
    • Issue 605: sosetup: replace tmp with mktemp
    • Issue 771: sosetup: comment out 2 examples in top.sls
    • Issue 767: securityonion-web-page: add SSL Top Subjects query
    • Issue 775: securityonion-web-page: add groupby:site to ELSA HTTP SQL Injection query
  • August 2015
    • Issue 743: Bro 2.4
    • Issue 752: securityonion-bro-scripts: update sensortab.bro for Bro 2.4
    • Issue 753: securityonion-bro-scripts: update shellshock module for Bro 2.4
    • Issue 754: securityonion-bro-scripts: update extract.bro for Bro 2.4
    • Issue 762: securityonion-elsa-extras: update bro_conn parser for Bro 2.4
    • Issue 765: securityonion-elsa-extras: update bro_intel parser for Bro 2.4
    • Issue 768: securityonion-elsa-extras: update bro_ssl parser for Bro 2.4
    • Issue 774: securityonion-elsa-extras: update bro_ssh parser for Bro 2.4
    • Issue 773: securityonion-elsa-extras: add Windows and Cisco parsers from Brian Kellogg
    • Issue 793: CapMe: Update for Bro 2.4 conn.log
    • Issue 766: Snorby 2.6.3
    • Issue 784: Snort 2.9.7.5
    • Issue 788: DAQ 2.0.6
    • Issue 724: /etc/cron.d/rule-update should avoid overwhelming rule sites
    • Issue 791: sosetup: change rule-update verbiage
    • Issue 728: securityonion-libcapture-tiny-perl should Provides: libcapture-tiny-perl
    • Issue 797: NSM: update SpoolDir and LogDir in broctl.cfg
    • Issue 799: NSM: add stderr redirect to stdout on adduser
    • Issue 800: Setup: update SpoolDir and LogDir in broctl.cfg
  • September 2015
    • Issue 755: securityonion-elsa-extras: add parser for Bro 2.4 mysql.log
    • Issue 756: securityonion-elsa-extras: add parser for Bro 2.4 kerberos.log
    • Issue 757: securityonion-elsa-extras: add parser for Bro 2.4 rdp.log
    • Issue 758: securityonion-elsa-extras: add parser for Bro 2.4 pe.log
    • Issue 759: securityonion-elsa-extras: add parser for Bro 2.4 sip.log
    • Issue 780: securityonion-elsa-extras: add parser for IIS logs
    • Issue 782: securityonion-elsa-extras: update sysmon parser
    • Issue 776: securityonion-elsa-extras: set version 3.3 in syslog-ng.conf
    • Issue 796: securityonion-elsa-extras: Add script to fix ELSA syslogs_archive_1 issue
    • Issue 801: securityonion-web-page: add queries for Bro kerberos logs
    • Issue 802: securityonion-web-page: add queries for Bro mysql logs
    • Issue 803: securityonion-web-page: add queries for Bro pe logs
    • Issue 804: securityonion-web-page: add queries for Bro rdp logs
    • Issue 805: securityonion-web-page: add queries for Bro sip logs
    • Issue 794: securityonion-web-page: add DHCP Servers query
    • Issue 798: securityonion-web-page: add HTTP sites hosting SWF
    • Issue 795: 12.04.5.3 ISO image
  • December 2015
    • Issue 814: Move to Ubuntu 14.04
    • Issue 739: Salt 2015.5.3
    • Issue 829: Apache reverse proxy /elsa-query to ELSA port 3154
    • Issue 824: securityonion-web-page: fix links to ELSA
    • Issue 810: securityonion-web-page: move SSH Logins query to Host Logs category
    • Issue 811: securityonion-tcpudpflow: add SMTP and RDP support
    • Issue 807: securityonion-elsa-extras: Remove NameVirtualHost to eliminate warning on apache restart
    • Issue 729: Setup: add option for pivot URL (no longer needed since Apache is proxying /elsa-query to ELSA port 3154)
    • Issue 821: Setup: fix domain name cancellation
    • Issue 822: Setup: remove alphanumeric password requirement
    • Issue 828: Setup: desktop shortcuts
    • Issue 790: sostat: remove snorby
    • Issue 830: soup: remove old linux kernels
    • Issue 815: NSM: add log directory creation to postinst
    • Issue 831: Snort Community Ruleset has moved
    • Issue 812: Bro 2.4.1
    • Issue 820: Snort 2.9.7.6
    • Issue 816: Snort needs liblzma
    • Issue 818: Suricata 3.0
  • January 2016
  • February 2016
    • Issue 825: NSM: remove extra Bro output
    • Issue 833: soup: error checking
    • Issue 813: Setup: bug when configuring 10 or more interfaces
    • Issue 826: Bro intel linter
    • Issue 817: sostat: awk division error when Bro doesn't report stats correctly
    • Issue 819: soup: check to see if PF_RING updates are available
    • Issue 727: Argus 3.0.8.1
    • Issue 690: http_agent: ---disable-inotify
    • Issue 615: NSM: add "exit $RET" where necessary
    • Issue 588: NSM: purge old OSSEC logs
    • Issue 561: nsm_server_backup-config should check FORCE_YES
    • Issue 523: sensor-clean: add option to skip removal of bro or argus logs
    • Issue 534: NSM: Patches for adding PCAP snap length for Netsniff-NG
    • Issue 645: NSM scripts don't check if a sensor is disabled before performing operations when a --sensor-name= is specified
    • Issue 652: NSM: barnyard sending blank interface to ELSA
    • Issue 653: NSM: nsm_sensor_ps-stop should kill the processes tailing the snort.stats files
    • Issue 654: NSM: set SNORT_PERF_STATS in snort_agent.conf to 0 when ENGINE=suricata
    • Issue 643: Rotate logs in /var/log/nsm/
    • Issue 571: securityonion-web-page: add Security Onion cheat sheet PDF
    • Issue 644: sostat-quick: check server/sensor
    • Issue 792: soup: add note about running on master server before running on sensor
    • Issue 591: Bro Intel Whitelist
    • Issue 418: netsniff-ng 0.6.0
    • Issue 737: Bro transcript debug output gets rendered in the transcript
    • Issue 736: CapME: Debug information occasionally gets rendered inside the transcript
    • Issue 492: CapMe needs to handle UDP better
    • Issue 738: CapME: handle large pcaps more gracefully
    • Issue 493: CapMe: send credentials interactively to avoid exposing on command line
    • Issue 608: Update bash scripts to use /bin/sh
    • Issue 304: sosetup: support unique interface names
    • Issue 592: sosetup: add -y option
    • Issue 593: sosetup: checking for Internet access takes a while if DNS doesn't immediately fail
    • Issue 480: sosetup: running on sensor should automatically create autossh account on server
    • Issue 532: sosetup: Limit what autossh keys can do
    • Issue 559: sosetup: support for NIC bonding configuration
    • Issue 735: sosetup: Advanced Setup should automatically configure PF_RING instances based on number of CPU cores
    • Issue 777: sosetup: refactor into more functions
    • Issue 789: sosetup: add ability to write an answer file
    • Issue 785: sostat: show number of available updates
    • Issue 772: onionsalt: replicate ELSA parsers in /etc/elsa/patterns.d/local
    • Issue 708: OSSEC 2.9
    • Issue 707: Add Josh Brower's OSSEC decoders/rules for sysmon
    • Issue 778: QA tests
    • Issue 603: securityonion-bro-scripts: drwatson
    • Issue 331: securityonion-elsa: update dependencies
    • Issue 604: ELSA: parsers for Bro drwatson logs
    • Issue 808: securityonion-elsa-extras: Sysmon RemoteThread ELSA parsers
    • Issue 806: rule-update: replace for with while when LOCAL_NIDS_RULE_TUNING=yes
    • Issue 558: Add VirusTotal uploader
    • Issue 369: Arpwatch
    • Issue 651: ELSA: starman restart doesn't work properly
    • Issue 336: When configuring ELSA log node, change MySQL port using /etc/mysql/conf.d/
    • Issue 467: ELSA dashboard for Snort performance
    • Issue 594: securityonion-sudoers: 10_securityonion

Getting Started

Update/Upgrade

Analyst Tools

Network Visibility

Host Visibility

Elastic Stack

Customizing for your network

Tuning

Tricks and Tips

Help

Issues

Other

Scripts

Clone this wiki locally