Skip to content
This repository has been archived by the owner on Apr 16, 2021. It is now read-only.

2017

Jump to bottom
Doug Burks edited this page Nov 23, 2017 · 220 revisions

Please note that this is all subject to change!

  • January 2017

    • Issue 1031: Snort 2.9.9.0
    • Issue 1017: PulledPork 0.7.2
    • Issue 1034: securityonion-rule-update: update for PulledPork 0.7.2
    • Issue 1035: Setup: update for PulledPork 0.7.2
    • Issue 1040: securityonion-sudoers: remove secure_path
    • Issue 1043: NSM: create /usr/sbin/broctl
    • Issue 1044: sostat: use full path for bro-cut
    • Issue 1042: Move scripts from /usr/bin/ to /usr/sbin/
    • Issue 1056: sostat: update location of sostat-interface in /var/ossec/etc/ossec.conf
    • Issue 1057: sostat: sostat-redacted - change "Port" to "Port "
    • Issue 1054: securityonion-rule-update: Restore stdout/stderr redirect in crontab
    • Issue 1055: NSM: fix spelling error
    • Issue 1018: salt: use /etc/sudoers.d/ instead of directly editing /etc/sudoers
    • Issue 1058: securityonion-http-agent: update for Bro 2.5
    • Issue 1036: securityonion-elsa-extras: add pattern for Bro rfb.log
    • Issue 1037: securityonion-web-page: add ELSA queries for Bro rfb.log
    • Issue 1062: NSM: avoid loading IDS rules twice
    • Issue 1060: NetworkMiner 2.1
    • Issue 1065: securityonion-elsa-extras: new MySQL packages require changes to elsa user
    • Issue 1066: Squert: error when removing comment
    • Issue 1067: Squert: ip2c avoid hard loop when file unavailable
    • Issue 863: Xplico 1.2.0
    • Issue 1041: Segmentation fault /opt/xplico/bin/msite
    • Issue 1045: Segmentation fault /opt/xplico/bin/trigcap
    • Issue 1046: Segmentation fault /opt/xplico/bin/mfile
    • Issue 1047: Segmentation fault /opt/xplico/bin/mfbc
    • Issue 1048: Segmentation fault /opt/xplico/bin/mwebymsg
    • Issue 1049: Segmentation fault /opt/xplico/bin/mwmail
    • Issue 1050: Segmentation fault /opt/xplico/bin/xplico
    • Issue 1051: Segmentation fault /opt/xplico/bin/mpaltalk

  • February 2017

  • June 2017

    • Issue 1101: PF_RING 6.6
    • Issue 1102: Suricata 3.2.2
    • Issue 1021: sostat: netsniff-ng log section can get quite lengthy
    • Issue 1061: sostat: check for stuck ELSA cron.pl
    • Issue 1107: sostat: calculate netsniff-ng packet drops as percentage
    • Issue 1086: NSM: stderr redirects when listing logfiles
    • Issue 1106: Update so-allow to allow apt-cacher-ng clients and add so-disallow

  • July 2017

  • August 2017

    • Issue 1116: Suricata 4.0.0
    • Issue 652: NSM: barnyard sending blank interface to syslog output
    • Issue 1117: NSM: cron to check if netsniff-ng is recording to date other than today
    • Issue 1119: Squert: comment search not working
    • Issue 1127: NetworkMiner 2.2
    • Issue 1074: securityonion-elsa-extras: add 5140 parser
    • Issue 1075: securityonion-elsa-extras: add storage calculator
    • Issue 1076: securityonion-elsa-extras: refactor securityonion-elsa-reset
    • Issue 1080: securityonion-elsa-extras: add delaycompress for elsa logs
    • Issue 1122: securityonion-elsa: remove 300px limitation
    • Issue 928: soup: if snort/suricata/bro updated, remind user to re-apply local changes
    • Issue 1072: soup: include reference to blog.securityonion.net
    • Issue 1108: soup: handle situations where apt prompts to keep/replace file
    • Issue 1124: soup: update docker images if enabled
    • Issue 1125: sostat: report on docker images if enabled

  • September 2017

  • October 2017

    • Issue 1129: sostat: replace localhost:9200 with $ELASTICSEARCH variables sourced from /etc/nsm/securityonion.conf
    • Issue 1133: sostat: silence progress output for curl requests
    • Issue 1136: sostat: provide Docker container interface correlation
    • Issue 1137: soup: remove "One or more docker images have been updated."
    • Issue 1144: Bro 2.5.2
    • Issue 1145: Suricata 4.0.1
    • Issue 1141: rule-update: enable Suricata events rules if necessary
    • Issue 1069: rule-update: change labs.snort.org to talosintelligence.com
    • Issue 1146: sostat - fix FreqServer and DomainStats tests since their ports are no longer published
    • Issue 1147: sostat - remove header for Kibana when disabled
    • Issue 1153: rule-update: disable noisy Suricata events if Setup hasn't already
    • Issue 1140: securityonion-et-rules: update package
    • Issue 1135: Setup: add support for Elastic via sosetup.conf

  • November 2017

    • Issue 1130: Elastic Stack Beta Release
    • Issue 1094: 14.04.5.4 ISO image
    • Issue 1161: so-email: fix any references to sosetup
    • Issue 1163: Setup: disable Xplico when choosing Evaluation Mode
    • Issue 1164: securityonion-iso: remove xplico dependency
    • Issue 1162: NSM: Add new script to clear sensor backlog
    • Issue 1167: NSM: need to handle /etc/init/securityonion.conf properly
    • Issue 1168: NSM: check for /etc/init.d/xplico before trying to execute
    • Issue 1170: Xplico: vulnerabilities reported by Mehmet Ince
    • Issue 1166: soup: if Elastic enabled, copy /etc/apt/preferences.d/securityonion-docker
    • Issue 1149: soup: final message about snort/suricata/bro updates should only output if they are enabled
    • Issue 1132: Elastic Stack Beta 2
    • Issue 1158: 14.04.5.5 ISO image

  • December 2017

  • 2018 and beyond

    • Issue 1151: PF_RING 7.0
    • Issue 1142: Snort 2.9.11.0
    • Issue 1143: PulledPork: update for Snort 2.9.11.0
    • Issue 1154: securityonion-et-rules: include both snort and suricata versions of ET ruleset
    • Issue 1148: PulledPork: include all Suricata events rules in local_rules
    • Issue 1150: rule-update: include all Suricata events rules in local_rules
    • Issue 1134: sostat: netsniff-ng bc can cause (standard_in) 1: syntax error
    • Issue 1082: onionsalt: Snort dynamicrules directory needs to be cleaned of old files
    • Issue 1077: NSM: if Bro in cluster mode and sufficient RAM, add logger to node.cfg
    • Issue 1090: NSM: purge old pcaps in /nsm/server_data/securityonion/archive/
    • Issue 1138: NSM: increase process priority for sniffing processes
    • Issue 1098: netsniff-ng is not capturing jumbo frames by default
    • Issue 1121: Squert: only aggregate if sid and gid match
    • Issue 1171: Sguil: update DShield URL
    • Issue 1087: Sguil agent for Suricata
    • Issue 1088: NSM: switch Suricata to EVE output
    • Issue 875: Allow mysql root password
    • Issue 938: CapMe: improve error message if pcap_agent is running but no pcap is found
    • Issue 947: CapMe: clicking submit after session expires needs to redirect to login
    • Issue 826: Bro intel linter
    • Issue 999: Setup: reduce the number of RSS queues to 1 on sniffing interfaces
    • Issue 1159: Setup: when running with -f option, validate sosetup.conf before making changes to system
    • Issue 1020: Suricata Hyperscan
    • Issue 852: OSSEC: remove Snorby logs from ossec.conf
    • Issue 825: NSM: remove extra Bro output
    • Issue 833: soup: error checking
    • Issue 819: soup: check to see if PF_RING updates are available
    • Issue 817: sostat: awk division error when Bro doesn't report stats correctly
    • Issue 813: Setup: bug when configuring 10 or more interfaces
    • Issue 977: Setup: interactive setup via command line
    • Issue 727: Argus 3.0.8.2
    • Issue 690: http_agent: ---disable-inotify
    • Issue 615: NSM: add "exit $RET" where necessary
    • Issue 588: NSM: purge old OSSEC logs
    • Issue 523: sensor-clean: add option to skip removal of bro or argus logs
    • Issue 534: NSM: Patches for adding PCAP snap length for Netsniff-NG
    • Issue 645: NSM: check if sensor is disabled when --sensor-name= is specified
    • Issue 1118: NSM: nsm_sensor_ps-restart --sensor-name=$i --only-pcap should only restart pcap
    • Issue 653: NSM: nsm_sensor_ps-stop should kill the processes tailing the snort.stats files
    • Issue 654: NSM: disable SNORT_PERF_STATS in snort_agent.conf for suricata
    • Issue 643: Rotate logs in /var/log/nsm/
    • Issue 870: Sguil: new package
    • Issue 1027: securityonion-sguil-client: check that user exists
    • Issue 1006: Sguil client: fix OSSEC alert rendering improperly in HTML
    • Issue 1019: Sguil: crash when trying to connect to pcap_agent that is down
    • Issue 1013: NSM: update for Sguil
    • Issue 905: Sguil: DNS lookups in pcap transcripts should be disabled or optional
    • Issue 571: securityonion-web-page: add Security Onion cheat sheet PDF
    • Issue 644: sostat-quick: check server/sensor
    • Issue 591: Bro Intel Whitelist
    • Issue 418: netsniff-ng 0.6.3
    • Issue 593: sosetup: check for Internet access takes a while if DNS doesn't immediately fail
    • Issue 480: sosetup: sensor should automatically create autossh account on server
    • Issue 532: sosetup: Limit what autossh keys can do
    • Issue 772: onionsalt: replicate ELSA parsers in /etc/elsa/patterns.d/local
    • Issue 978: syslog-ng.conf should include conf.d directory
    • Issue 708: OSSEC 2.9
    • Issue 707: Add Josh Brower's OSSEC decoders/rules for sysmon
    • Issue 778: QA tests
    • Issue 603: securityonion-bro-scripts: drwatson
    • Issue 467: Kibana dashboard for Snort performance
    • Issue 594: securityonion-sudoers: 10_securityonion
    • Issue 559: sosetup: support for NIC bonding configuration
    • Issue 777: sosetup: refactor into more functions
    • Issue 608: Update bash scripts to use /bin/sh
    • Issue 1114: Full uninstall method
    • Issue 1115: Add Bro script for JA3
    • Issue 1120: Incorrect PulledPork BlackList File Location

Getting Started

Update/Upgrade

Analyst Tools

Network Visibility

Host Visibility

Elastic Stack

Customizing for your network

Tuning

Tricks and Tips

Help

Issues

Other

Scripts

Clone this wiki locally