Doug Burks edited this page Mar 25, 2015 · 2 revisions

January 2014
Issue 413 : Extend CapMe? to pull pcap file
Issue 449 : CapMe?: add timeout:0 to ELSA query
Issue 450 : CapMe?: add support for Snorby timezones
Issue 460 : Fix tunnel.log entry in syslog-ng.conf
Issue 455 : securityonion-web-page: update hyperlink
Issue 456 : securityonion-web-page: add example ELSA queries
Issue 466 : securityonion-web-page: change elsa/menu.php to fix Tunnel query
Issue 469 : securityonion-web-page: add SSH queries for country and status
Issue 461 : sostat: improve pf_ring output
Issue 427 : Snort 2.9.5.6
Issue 443 : Suricata 1.4.7
February 2014
Issue 477 : ELSA menu should include BRO_CONN groupby:node
Issue 471 : sostat-redacted should redact IPv6 and MAC addresses
Issue 476 : sostat: add verbosity for troubleshooting ELSA
Issue 463 : sosetup: prompt for ELSA log_size_limit
Issue 470 : sosetup: Add verbiage to ELSA screen about running on sensors
Issue 474 : sosetup: increase default query_timeout in /etc/elsa_web.conf
Issue 388 : sosetup: configure MySQL to create an innodb file per table to prevent ibdata1 growing indefinitely
Issue 416 : sosetup: increase default MySQL open-files-limit
Issue 478 : securityonion-elsa-extras: randomize API key in master's elsa_web.conf
Issue 487 : securityonion-web-page: add DNS zone transfer query
Issue 475 : CapMe? should check for active pcap_agent
Issue 448 : When changing time zone in Squert, it needs to revert to UTC when requesting transcripts
Issue 432 : 12.04.4 ISO image
March 2014
Issue 495 : securityonion-web-page: OSSEC logs query should exclude MARK
Issue 498 : securityonion-web-page: add DNS IXFR query
Issue 505 : rule-update: check to see if barnyard and IDS engine are enabled
Issue 481 : soup: Add skip interactive option
Issue 494 : sostat should display ELSA v_indexes
Issue 497 : sostat should ignore "Cannot set NIC flags!" in netsniff-ng.log
Issue 508 : sostat should include full process output but exclude usernames
Issue 502 : securityonion-elsa-node-perl: add libtext-csv-perl as a dependency
Issue 503 : securityonion-elsa-extras: parsers for BRO_INTEL feed
Issue 485 : sosetup-network: mention MTU and other custom config can be manually added to /etc/network/interfaces
Issue 499 : sosetup-network: fix backup path in /etc/network/interfaces
Issue 511 : sosetup-network: management interface selection should be a radiolist
Issue 489 : sosetup: capture rmmod output
Issue 479 : sosetup: should verify that it can resolve server hostname before trying to connect
Issue 496 : sosetup: VRT policy screen should be a radiolist
Issue 514 : sosetup: fix df /nsm check
April 2014
Issue 506 : securityonion-web-page: add FTP command query
Issue 507 : securityonion-web-page: add queries for BRO_INTEL
Issue 501 : /etc/init/securityonion.conf needs to check that variables were only declared once
Issue 516 : Update sysctl settings
Issue 518 : NSM scripts: run "broctl install" when (re)starting Bro
Issue 520 : Configure /etc/ssh/sshd_config with ClientAliveInterval? 60 and ClientAliveCountMax? 3
Issue 521 : Replace test.com domain in /etc/nsm/ossec/ossec_agent.conf
Issue 519 : onionsalt: improve ids/bro/ossec updates
Issue 524 : Setup should test connection to master server using ssh instead of nc
Issue 528 : Re-running Setup should wipe ELSA databases
Issue 529 : nsm: check for null dns domain before updating ossec_agent.conf
Issue 530 : nsm: change sshd_config ClientAliveInterval? to 30
Issue 483 : sostat-redacted should redact usernames
Issue 509 : sostat-quick
Issue 510 : sostat: change "ELSA Date Range" to "ELSA Index Date Range"
Issue 515 : sostat: avoid displaying "ELSA Log Node SSH Tunnels:" if there are no SSH tunnels
Issue 517 : sostat: only display "Top 50 URLs for yesterday" if http_agent is enabled
Issue 531 : sostat: improve checking of autossh tunnels
May 2014
Issue 533 : sostat-redacted: fix ssh_port redact
June 2014
Issue 542 : Setup: when disabling salt, avoid modifying salt package files
Issue 540 : Update Salt packages/scripts
Issue 537 : sostat-quick: check for root
Issue 406 : sguil-db-purge needs to purge history table as well
Issue 428 : sguil-db-purge should check for existence of tables
Issue 294 : Barnyard2-1.13
Issue 550 : securityonion-server: add barnyard2 as a dependency
Issue 411 : NSM: sensors should not update signature reference table
Issue 551 : rule-update: have server use barnyard2 to update Snorby reference table
Issue 399 : rule-update should allow LOCAL_NIDS_RULE_TUNING to be yes or true
Issue 544 : rule-update: notify user if LOCAL_NIDS_RULE_TUNING=true
Issue 555 : NSM: replace "2>1" with "2>&1"
Issue 549 : securityonion-web-page: add ELSA query for Sites Hosting CABs
Issue 556 : rule-update: add so-snorby-fix-sigs script
Issue 557 : rule-update: only delete sig_reference table once
July 2014
Issue 390 : PulledPork? 0.7.0
Issue 425 : Pulledpork should request ET rules using proper Suricata version
Issue 552 : rule-update: run PulledPork? with -P option to process tarball
Issue 522 : sosetup should handle more than 10 interfaces correctly
Issue 525 : sosetup: configure all available sniffing interfaces and prompt for which interfaces to enable
Issue 527 : sosetup: when choosing sensor-only and entering server name, don't allow hostname/IP of the sensor itself
Issue 543 : sosetup: if no Internet access, notify user that we're setting LOCAL_NIDS_RULE_TUNING=yes
Issue 539 : sosetup: support more network card naming stuff
Issue 538 : sosetup: add references to sostat, sostat-redacted and sostat-quick
Issue 545 : sosetup: add comments to /etc/nsm/securityonion.conf
Issue 546 : sosetup: change true/false options to yes/no
Issue 564 : sosetup: avoid breaking ELSA syslog-ng.conf
Issue 565 : sosetup: run PulledPork? with -T option if ENGINE=suricata
Issue 560 : rule-update: run PulledPork? with -T option if ENGINE=suricata
Issue 562 : securityonion-web-page: break OSSEC alerts out into separate queries
Issue 563 : securityonion-web-page: add link for training/support
August 2014
Issue 569 : securityonion-server: add p0f as a dependency
Issue 570 : CapMe?: Ignore extra data from ELSA cli.pl
Issue 574 : NSM: prevent checking for new Ubuntu releases
Issue 576 : Setup: restart MySQL to make config changes take effect
Issue 535 : PF_RING 6.0.2 SVN
Issue 462 : Snort 2.9.6.2
Issue 567 : Snort Daq 2.0.2
Issue 465 : Suricata 2.0.3
Issue 445 : Bro 2.3
Issue 484 : securityonion-bro-scripts: update APT1 scripts with Seth's changes for certificate matching
Issue 414 : Bro script should lookup interface in /etc/nsm/sensortab to obtain sensorname
Issue 577 : ELSA: update parsers for Bro 2.3 log changes
September 2014
Issue 568 : New package securityonion-samples-jackcr
Issue 572 : securityonion-et-rules: update for new ISO
Issue 553 : NetworkMiner? 1.6.1
Issue 581 : NSM: avoid filling disk if CRIT_DISK_USAGE exceeded in one day
Issue 582 : NSM: only run "broctl cron" if Bro is enabled
Issue 587 : Setup: allow for automated setup using answer file
Issue 412 : OSSEC 2.8
Issue 573 : OSSEC setmaxagents
Issue 330 : ossec.conf changes
Issue 536 : ISO: deleting desktop icons for live user sometimes doesn't work properly
Issue 584 : ISO: 14.04 HWE stack
Issue 554 : 12.04.5 ISO image
Issue 590 : Setup: sosetup.conf SALT="yes"
Issue 586 : Bro 2.3.1
Issue 612 : securityonion-bro-scripts: include ShellShock? detection
Issue 606 : securityonion-bro-scripts: create /opt/bro/share/bro/intel/
Issue 579 : Update salt
Issue 580 : onionsalt should copy OSSEC agent.conf and local_decoder.xml
Issue 609 : Onionsalt should copy /opt/bro/share/bro/intel/
Issue 613 : sosetup: if user chooses VRT rules, enable Community as well
Issue 600 : Suricata 2.0.4
Issue 616 : securityonion-bro-scripts: ShellShock? Qmail SMTP "MAIL FROM" attack vector
October 2014
Issue 617 : securityonion-web-page: add queries for Bro ShellShock? Notices
Issue 583 : securityonion-web-page: update "All OSSEC Logs" query
Issue 599 : securityonion-web-page: highlight current ELSA query
Issue 618 : securityonion-bro-scripts: ShellShock? Add shellscripts as a post-exploit detection mechanism
Issue 589 : OSSEC 2.8.1
Issue 621 : sostat: add sostat-interface
Issue 628 : securityonion-web-page: add ELSA queries for SSLv3
Issue 629 : securityonion-web-page: disable SSLv3 in Apache ssl.conf
Issue 627 : securityonion-web-page: separate syslog-ng into program and host queries
Issue 631 : securityonion-web-page: collapse query categories by default
Issue 634 : securityonion-web-page: add queries for ssl_version and ssl_cipher
Issue 633 : securityonion-elsa-extras: parse ssl_version and ssl_cipher out of Bro ssl.log
Issue 640 : securityonion-web-page: previous update broke ssl symlink
Issue 287 : Sguil 0.9
Issue 622 : Update http_agent for Sguil 0.9 and move from SSL to TLS
Issue 623 : Update ossec_agent for Sguil 0.9 and move from SSL to TLS
Issue 624 : Update CapMe? for Sguil 0.9 and move from SSL to TLS
Issue 625 : Update NSM for Sguil 0.9
Issue 626 : Update Setup for Sguil 0.9
Issue 491 : Squert 1.5.0
Issue 638 : securityonion-ossec-rules: add rule to ignore Squert POST
November 2014
Issue 382 : Argus 3.0.8
Issue 620 : NSM: stop netsniff-ng only after checking all interfaces for pcaps to delete
Issue 647 : NSM: rotate netsniff-ng.log
Issue 597 : nsm_all_del_quick: delete /nsm/bro/logs and /nsm/bro/extracted
Issue 595 : NSM: prevent Bro version warning
Issue 611 : nsm_sensor_clean: replace server with sensor
December 2014
Issue 636 : Snort 2.9.7.0
Issue 637 : Snort DAQ 2.0.4
Issue 648 : Rebuild securityonion-pfring-daq for new DAQ
Issue 646 : Sguil client highlighting issue
Issue 513 : securityonion-elsa-extras: when adding sources to syslog-ng.conf, do not search-and-replace using "log"
Issue 575 : ELSA: parsers for new Bro logs added in Bro 2.3
Issue 578 : securityonion-web-page: add ELSA queries for new Bro 2.3 logs
Issue 639 : rule-update should disable Suricata rules if running Snort
Issue 650 : rule-update: wipe snort_dynamicrules directory

Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.