Skip to content
This repository has been archived by the owner on Apr 16, 2021. It is now read-only.

2018

Jump to bottom
Doug Burks edited this page Nov 14, 2018 · 316 revisions

  • January 2018

    • Issue 1191: sostat: don't show sensor stats if sensortab exists but is empty
    • Issue 1190: soup: if Elastic is enabled, ensure that Docker repo is enabled
    • Issue 1189: securityonion-ossec-rules: add rules for Elastic integration
    • Issue 1194: ELSA XSS vulnerabilities
    • Issue 905: Sguil: disable DNS lookups in pcap transcripts
    • Issue 1171: Sguil: update DShield URL
    • Issue 1186: Sguil: dynamically generate lookups based on filters table
    • Issue 1197: Squert 1.7.0
    • Issue 1196: NSM: when configuring Squert, run securityonion_update.sh
    • Issue 1195: sostat: check for connection to cross cluster search nodes
    • Issue 1179: Elastic Stack Release Candidate 1
    • Issue 1184: 14.04.5.7 ISO image

  • February 2018

  • March 2018

  • April 2018

  • May 2018

  • June 2018

    • Issue 1255: Bro 2.5.4
    • Issue 1253: NSM: securityonion.service should set TimeoutStartSec=300
    • Issue 1257: Setup: remove ELSA references from so-email
    • Issue 1258: soup: install HWE metapackages if necessary
    • Issue 1260: tcpflow -c should print a dot for non-printable chars
    • Issue 1259: Squert: turning grouping off results in no alerts
    • Issue 1261: so-iso-build: need to disable services in /etc/nsm/securityonion.conf
    • Issue 1254: pinguybuilder: make BIOS and EFI boot menus consistent
    • Issue 1262: 16.04.4.2 ISO image
    • Issue 1263: sostat: support Bro logs in JSON and TSV
    • Issue 1264: sostat: fix netsniff-ng packet loss info

  • July 2018

    • Issue 1274: securityonion-pfring-module: compile on kernel 4.15
    • Issue 1270: sosetup -w not writing answer file correctly in some cases
    • Issue 1272: sosetup: move elasticsearch/logstash jvm.options and write new ones
    • Issue 1271: NSM: improper confirmation of password should throw an error
    • Issue 1277: Squert: Priority counts incorrect
    • Issue 1279: securityonion-samples-mta: Add 2018 samples
    • Issue 1273: pinguybuilder: some installs are missing /etc/apt
    • Issue 1278: 16.04.4.3 ISO image
    • Issue 1281: Suricata 4.0.5

  • August 2018

    • Issue 1283: soup: avoid issues with mysql 5.7 and systemd
    • Issue 1275: securityonion-sguil-server: update dependencies to new tcl version
    • Issue 1286: pinguybuilder: do not remove linux hwe package
    • Issue 1287: securityonion-iso: so-iso-build should purge grub-legacy-ec2
    • Issue 1288: securityonion-iso: so-iso-build should install xserver-xorg-hwe-16.04
    • Issue 1289: securityonion-iso: so-iso-build should purge dev/test repos
    • Issue 1284: 16.04.5.1 ISO image
    • Issue 1290: securityonion-web-page: CyberChef 8.0.0
    • Issue 1295: securityonion-desktop-gnome: install gnome-screensaver
    • Issue 1296: soup: install gnome-screensaver if necessary
    • Issue 1294: Elastic 6.3.2
    • Issue 1302: securityonion-elastic: dashboard updates
    • Issue 1303: securityonion-elastic: disable delete all in Elasticsearch
    • Issue 1298: securityonion-elastic: so-import-pcap should write to unique subdirectories
    • Issue 1297: securityonion-elastic: add script to disable dark theme in Kibana
    • Issue 1299: securityonion-elastic: add so-elasticsearch-template scripts
    • Issue 1265: securityonion-elastic: Rotate /var/log/kibana/kibana.log
    • Issue 1301: securityonion-elastic: provide option to tail log after restart
    • Issue 1269: securityonion-elastic: Logstash should include all inputs
    • Issue 1267: securityonion-elastic: so-elastalert-test
    • Issue 1268: securityonion-elastic: so-elastalert-create
    • Issue 1312: securityonion-web-page: CyberChef 8.5
    • Issue 1309: NetworkMiner 2.3.2
    • Issue 1313: securityonion-menu: add icon for NetworkMiner and update Exec
    • Issue 1310: securityonion-et-rules: Update to latest rules
    • Issue 1307: securityonion-setup: allow ES exposure through so-allow
    • Issue 1308: securityonion-setup: so-email advanced mode to set FROM email addresses
    • Issue 1306: securityonion-onionsalt: Replicate Logstash config from master to minions
    • Issue 1314: Bro 2.5.5

  • September 2018

    • Issue 1317: pinguybuilder: increment version to 16.04.5.2
    • Issue 1304: 16.04.5.2 ISO image
    • Issue 1325: so-allow: fix verbiage for ES REST Endpoint
    • Issue 1322: securityonion-setup: increase MySQL open files limit
    • Issue 1318: sostat: provide PF_RING loss as percentage
    • Issue 1332: sostat: adjust FREQ_SERVER_RESPONSE to accommodate updates

  • October 2018

    • Issue 708: Wazuh 3.6.1
    • Issue 707: OSSEC: add decoders/rules for sysmon
    • Issue 852: OSSEC: remove Snorby logs from ossec.conf
    • Issue 1328: securityonion-sguil-agent-ossec: update for Wazuh
    • Issue 1329: securityonion-elastic: update for Wazuh
    • Issue 1315: securityonion-elastic: so-elastic-reset workaround disabled wildcard delete
    • Issue 1319: securityonion-elastic: add ES node listing and removal scripts
    • Issue 1327: securityonion-elastic: increase default logstash heap for Eval Mode
    • Issue 1330: so-allow: allowing an OSSEC agent should allow both UDP and TCP traffic
    • Issue 1331: Elastic 6.4.1
    • Issue 1341: securityonion-web-page: Cyberchef 8.7.0
    • Issue 1336: onionsalt: modify enforced packages
    • Issue 1321: 16.04.5.3 ISO image
    • Issue 1339: so-iso-build: remove /var/ossec/etc/sslmanager*
    • Issue 1320: pinguybuilder: increment version to 16.04.5.3

  • November 2018

    • Issue 1355: Setup: ensure Apache SSO config is enabled
    • Issue 1357: CyberChef 8.8.1
    • Issue 1356: Elastic 6.4.2
    • Issue 1340: securityonion-elastic: curator won't delete closed indices
    • Issue 1350: securityonion-elastic: so-elastic-reset should run so-bro-restart
    • Issue 1343: securityonion-elastic: avoid overwriting logstash.yml
    • Issue 1359: securityonion-elastic: avoid duplicating logs into multiple indices
    • Issue 1361: Suricata 4.1.0
    • Issue 1291: NSM: add cron jobs for backing up server/sensor config daily
    • Issue 1292: NSM: Delay watchdog checks while any other nsm_sensor_ps script runs
    • Issue 1176: nsm_sensor_clear: check for FORCE_YES
    • Issue 1362: NSM: wait for network-online on boot
    • Issue 1342: soup: improve detection of Docker image updates
    • Issue 1358: soup: initialize MYSQL_DISABLED
    • Issue 1366: 16.04.5.4 ISO image
    • Issue 1367: pinguybuilder: increment version to 16.04.5.4

  • December 2018

    • Issue 1365: Elastic 6.4.3
    • Issue 1369: securityonion-elastic: Cron job not finishing since latest upgrade
    • Issue 1370: securityonion-elastic: rotate /var/log/nsm/so-curator-closed-delete.log
    • Issue 1364: securityonion-elastic: so-boot should log to /var/log/so-boot.log
    • Issue 1368: Setup: after configuring network, remind user to run Setup after reboot
    • Issue 1337: Setup: remove unneeded cron jobs from storage nodes
    • Issue 1363: Wazuh 3.7.0
    • Issue 1345: ossec-hids-server: include local_rules.xml
    • Issue 1346: securityonion-ossec-rules: do not alert on /etc/nsm/rules/backup/
    • Issue 1353: Wazuh API
    • Issue 1360: Wazuh: ossec-init.conf
    • Issue 1115: Add Bro script for JA3
    • Issue 1338: Consider adding HASSH
    • Issue 1293: Improve Host Hunting - OSSEC Dashboard
    • Issue 1348: logstash parsing issues when ingesting pfsense filterlog

  • 2019

    • Issue 1311: securityonion-squert: histogram should refresh when grouping option is set to 'off'
    • Issue 1221: securityonion-elastic: Post GA
    • Issue 1266: Index Stats Visualization
    • Issue 1334: netsniff-ng 0.6.5
    • Issue 1324: securityonion-bro-pkg: create a new package for bro-pkg
    • Issue 1323: Consider adding json-cut
    • Issue 1217: Collect Bro logs using Filebeat
    • Issue 1249: Avoid restarting IDS Engine where possible
    • Issue 1142: Snort 2.9.12.0
    • Issue 1143: PulledPork 0.7.3
    • Issue 1151: PF_RING 7.0
    • Issue 1204: Bro: Intel Seen More
    • Issue 1205: Setup: Validate HOME_NET during install/setup
    • Issue 1160: soup: purge old linux kernel headers
    • Issue 1154: securityonion-et-rules: include both snort and suricata versions of ET ruleset
    • Issue 1148: PulledPork: include all Suricata events rules in local_rules
    • Issue 1150: rule-update: include all Suricata events rules in local_rules
    • Issue 1134: sostat: netsniff-ng bc can cause (standard_in) 1: syntax error
    • Issue 1082: onionsalt: Snort dynamicrules directory needs to be cleaned of old files
    • Issue 1077: NSM: if Bro in cluster mode and sufficient RAM, add logger to node.cfg
    • Issue 1090: NSM: purge old pcaps in /nsm/server_data/securityonion/archive/
    • Issue 1138: NSM: increase process priority for sniffing processes
    • Issue 1230: NSM: Fix config threads issue
    • Issue 1098: netsniff-ng is not capturing jumbo frames by default
    • Issue 1121: Squert: only aggregate if sid and gid match
    • Issue 1087: Sguil agent for Suricata
    • Issue 1088: NSM: switch Suricata to EVE output
    • Issue 938: CapMe: improve error message if pcap_agent is running but no pcap is found
    • Issue 947: CapMe: clicking submit after session expires needs to redirect to login
    • Issue 826: Bro intel linter
    • Issue 999: Setup: reduce the number of RSS queues to 1 on sniffing interfaces
    • Issue 1159: Setup: when running with -f option, validate sosetup.conf before making changes to system
    • Issue 1020: Suricata Hyperscan
    • Issue 825: NSM: remove extra Bro output
    • Issue 833: soup: error checking
    • Issue 819: soup: check to see if PF_RING updates are available
    • Issue 817: sostat: awk division error when Bro doesn't report stats correctly
    • Issue 813: Setup: bug when configuring 10 or more interfaces
    • Issue 977: Setup: interactive setup via command line
    • Issue 615: NSM: add "exit $RET" where necessary
    • Issue 588: NSM: purge old OSSEC logs
    • Issue 523: sensor-clean: add option to skip removal of bro or argus logs
    • Issue 534: NSM: Patches for adding PCAP snap length for Netsniff-NG
    • Issue 645: NSM: check if sensor is disabled when --sensor-name= is specified
    • Issue 1118: NSM: nsm_sensor_ps-restart --sensor-name=$i --only-pcap should only restart pcap
    • Issue 653: NSM: nsm_sensor_ps-stop should kill the processes tailing the snort.stats files
    • Issue 654: NSM: disable SNORT_PERF_STATS in snort_agent.conf for suricata
    • Issue 643: Rotate logs in /var/log/nsm/
    • Issue 870: Sguil: new package
    • Issue 1027: securityonion-sguil-client: check that user exists
    • Issue 1006: Sguil client: fix OSSEC alert rendering improperly in HTML
    • Issue 1019: Sguil: crash when trying to connect to pcap_agent that is down
    • Issue 1013: NSM: update for Sguil
    • Issue 571: securityonion-web-page: add Security Onion cheat sheet PDF
    • Issue 644: sostat-quick: check server/sensor
    • Issue 591: Bro Intel Whitelist
    • Issue 593: sosetup: check for Internet access takes a while if DNS doesn't immediately fail
    • Issue 480: sosetup: sensor should automatically create autossh account on server
    • Issue 532: sosetup: Limit what autossh keys can do
    • Issue 978: syslog-ng.conf should include conf.d directory
    • Issue 778: QA tests
    • Issue 603: securityonion-bro-scripts: drwatson
    • Issue 467: Kibana dashboard for Snort performance
    • Issue 594: securityonion-sudoers: 10_securityonion
    • Issue 559: sosetup: support for NIC bonding configuration
    • Issue 777: sosetup: refactor into more functions
    • Issue 608: Update bash scripts to use /bin/sh
    • Issue 1114: Full uninstall method
    • Issue 1120: Incorrect PulledPork BlackList File Location

Getting Started

Update/Upgrade

Analyst Tools

Network Visibility

Host Visibility

Elastic Stack

Customizing for your network

Tuning

Tricks and Tips

Help

Issues

Other

Scripts

Clone this wiki locally