Doug Burks edited this page Dec 28, 2016 · 6 revisions
  • January 2015
    • Issue 655: Suricata 2.0.5
    • Issue 658: NSM: fix umask on Snort unified2 output
    • Issue 548: NSM: run barnyard2 as non-root user
    • Issue 649: nsm_all_del_quick: check for /etc/nsm/servertab and /etc/nsm/sensortab before trying to read
    • Issue 598: so-snorby-wipe
    • Issue 610: NSM: ossec_agent alert level should be configurable
    • Issue 660: Setup: add OSSEC_AGENT_LEVEL to /etc/nsm/securityonion.conf
    • Issue 656: ELSA: update parser for bro_conn to parse country code
    • Issue 659: securityonion-web-page: add ELSA query for bro_conn groupby:resp_country_code
    • Issue 667: New packages for shellshock and malware-traffic-analysis samples
    • Issue 673: Suricata 2.0.6
    • Issue 642: Update Salt packages/scripts to 2014.7.0
    • Issue 619: Onionsalt: backup /opt/onionsalt/pillar/top.sls
    • Issue 661: Onionsalt: replicate /usr/local/lib/snort_dynamicrules/
    • Issue 672: sguil-db-purge: check for UNCAT_MAX
    • Issue 663: sosetup: sosetup.conf SGUIL_CLIENT_PASSWORD_1 should say Sguil/Squert/ELSA/Snorby
    • Issue 664: sosetup: run Bro as non-root user
    • Issue 666: sostat: run Bro as non-root user
    • Issue 665: NSM: run Bro as non-root user
    • Issue 676: NSM: run Sguil as non-root user
    • Issue 671: NSM: /etc/cron.d/sensor-clean needs 2>&1
  • February 2015
    • Issue 668: ELSA: pdbtool errors
    • Issue 669: ELSA: update parsers for Bro DNS and BIND
    • Issue 670: securityonion-web-page: add queries for updated bro_dns parser
    • Issue 685: securityonion-web-page: update links
    • Issue 684: NSM: nsm_server_ps-start needs to create /var/log/sguild/ if it doesn't already exist
    • Issue 686: NSM: nsm_server_ps-start needs to set permissions on /var/log/nsm/so-elsa/ properly
    • Issue 687: NSM: nsm_sensor_ps-start should set permissions on /var/log/nsm/ properly
    • Issue 689: NSM: add USE_DNS option to ossec_agent.conf
    • Issue 688: ossec_agent: add option to disable DNS lookups
    • Issue 680: Bro 2.3.2
    • Issue 683: securityonion-et-rules: update for new ISO
    • Issue 632: ISO: add bridge-utils
    • Issue 601: ISO: add foremost
    • Issue 614: ISO: add securityonion-samples-shellshock
    • Issue 662: ISO: add securityonion-samples-mta
    • Issue 675: ISO: add xfsprogs
    • Issue 602: 12.04.5.1 ISO image
  • March 2015
    • Issue 695: Suricata 2.0.7
    • Issue 696: ELSA custom menu
    • Issue 691: NSM: chown -R $BRO_USER:$BRO_GROUP /nsm/bro >/dev/null 2>&1
    • Issue 698: NSM: nsm_server_del line 170 echo_msg 0 "Deleting server: $SERVER_NAME"
    • Issue 699: NSM: Bro node.cfg host=localhost
    • Issue 700: Setup: Bro node.cfg host=localhost
    • Issue 702: Snort 2.9.7.2
    • Issue 703: Move from Google Code to Github
    • Issue 706: Add Josh Brower's ELSA parsers for process logs and sysmon
    • Issue 709: Add fear.nothing's ELSA parsers for pfSense
    • Issue 710: securityonion-web-page: add ELSA queries for Firewall logs and Windows Processes~~
  • April 2015
    • Issue 711: Add "date" command to /usr/bin/sguil-db-purge
    • Issue 692: sostat: list number of ELSA buffers in queue and warn if higher than 20
    • Issue 701: sostat: include number of CPU cores
    • Issue 681: rule-update: wipe snort_dynamicrules directory on sensor
    • Issue 677: rule-update: create /usr/local/lib/snort_dynamicrules/ if it doesn't already exist
    • Issue 678: rule-update: /etc/cron.d/rule-update should have 2>&1
    • Issue 697: rule-update: log snorby reference table update to barnyard2-snorby.log
    • Issue 679: rule-update: run pulledpork as unprivileged user
    • Issue 715: securityonion-rule-update: sensor-only boxes running salt shouldn't try to copy /etc/cron.d/rule-update
  • May 2015
    • Issue 725: Suricata 2.0.8
    • Issue 718: Sphinx 2.1.9
    • Issue 241: NSM scripts should have a timeout period when stopping services
    • Issue 392: Patch for lib-nsm-common-utils from Mark Seiden
    • Issue 714: nsm_server_user-disable
    • Issue 705: ossec_agent: improvements from Brian Kellogg
    • Issue 716: ossec_agent: tighten regex to only look for -> anchored to hostname or IP
    • Issue 717: ossec_agent: send alerts to sguild immediately instead of waiting for next alert
  • June 2015
    • Issue 742: securityonion-suricata package missing debian/install
    • Issue 730: Snort 2.9.7.3
    • Issue 731: Snort DAQ 2.0.5
    • Issue 657: ELSA 1205
    • Issue 447: ELSA syslog-ng.conf rewrite r_pipes
    • Issue 512: ELSA syslog-ng.conf filter f_bro_headers
    • Issue 726: ELSA syslog-ng.conf - add filesystem destinations
    • Issue 674: ELSA - update bro_notice parser to parse src and dst fields
    • Issue 722: securityonion-web-page: update HTTP mime type queries for ELSA 1205
    • Issue 723: CapMe: Update for new ELSA API
    • Issue 500: sosetup: restart starman
    • Issue 504: sosetup: avoid writing ELSA_PORT twice in SSH_CONF
    • Issue 547: sosetup: if enabling salt on a sensor, check top.sls to make sure it doesn't already exist
    • Issue 740: sosetup: sensor should use sudo to restart apache on master
    • Issue 741: sosetup: sometimes local salt-minion doesn't check in with local salt-master quickly enough
    • Issue 732: NSM: only output color codes if running on a tty
    • Issue 746: ELSA 1205 package enabled perl module on non-ELSA systems
    • Issue 747: ELSA 1205 package duplicated syslog-ng.conf entries on non-ELSA systems
    • Issue 748: ELSA 1205 package didn't add the pid column to the query_log table for upgrades
    • Issue 749: Update tcl-tls package and replace DH512 key with DH2048
    • Issue 751: NSM: change watchdog run time to avoid race condition
    • Issue 744: sosetup: Restart Apache to activate new ELSA apikey
    • Issue 745: OSSEC 2.8.2
  • July 2015
    • Issue 733: 12.04.5.2 ISO image
    • Issue 763: sostat: show last update
    • Issue 761: securityonion-tcpudpflow: remove connection_state_remove event handler
    • Issue 760: ossec_agent: Add source of syslog as destination IP for Sguil alert
    • Issue 769: sosetup: allow user to enable/disable Snorby
    • Issue 596: sosetup: sensor should stop/disable Apache and Snorby worker
    • Issue 693: sosetup: improve input validation for email address
    • Issue 764: sosetup: fix typo in sosetup.conf
    • Issue 605: sosetup: replace tmp with mktemp
    • Issue 771: sosetup: comment out 2 examples in top.sls
    • Issue 767: securityonion-web-page: add SSL Top Subjects query
    • Issue 775: securityonion-web-page: add groupby:site to ELSA HTTP SQL Injection query
  • August 2015
    • Issue 743: Bro 2.4
    • Issue 752: securityonion-bro-scripts: update sensortab.bro for Bro 2.4
    • Issue 753: securityonion-bro-scripts: update shellshock module for Bro 2.4
    • Issue 754: securityonion-bro-scripts: update extract.bro for Bro 2.4
    • Issue 762: securityonion-elsa-extras: update bro_conn parser for Bro 2.4
    • Issue 765: securityonion-elsa-extras: update bro_intel parser for Bro 2.4
    • Issue 768: securityonion-elsa-extras: update bro_ssl parser for Bro 2.4
    • Issue 774: securityonion-elsa-extras: update bro_ssh parser for Bro 2.4
    • Issue 773: securityonion-elsa-extras: add Windows and Cisco parsers from Brian Kellogg
    • Issue 793: CapMe: Update for Bro 2.4 conn.log
    • Issue 766: Snorby 2.6.3
    • Issue 784: Snort 2.9.7.5
    • Issue 788: DAQ 2.0.6
    • Issue 724: /etc/cron.d/rule-update should avoid overwhelming rule sites
    • Issue 791: sosetup: change rule-update verbiage
    • Issue 728: securityonion-libcapture-tiny-perl should Provides: libcapture-tiny-perl
    • Issue 797: NSM: update SpoolDir and LogDir in broctl.cfg
    • Issue 799: NSM: add stderr redirect to stdout on adduser
    • Issue 800: Setup: update SpoolDir and LogDir in broctl.cfg
  • September 2015
    • Issue 755: securityonion-elsa-extras: add parser for Bro 2.4 mysql.log
    • Issue 756: securityonion-elsa-extras: add parser for Bro 2.4 kerberos.log
    • Issue 757: securityonion-elsa-extras: add parser for Bro 2.4 rdp.log
    • Issue 758: securityonion-elsa-extras: add parser for Bro 2.4 pe.log
    • Issue 759: securityonion-elsa-extras: add parser for Bro 2.4 sip.log
    • Issue 780: securityonion-elsa-extras: add parser for IIS logs
    • Issue 782: securityonion-elsa-extras: update sysmon parser
    • Issue 776: securityonion-elsa-extras: set version 3.3 in syslog-ng.conf
    • Issue 796: securityonion-elsa-extras: Add script to fix ELSA syslogs_archive_1 issue
    • Issue 801: securityonion-web-page: add queries for Bro kerberos logs
    • Issue 802: securityonion-web-page: add queries for Bro mysql logs
    • Issue 803: securityonion-web-page: add queries for Bro pe logs
    • Issue 804: securityonion-web-page: add queries for Bro rdp logs
    • Issue 805: securityonion-web-page: add queries for Bro sip logs
    • Issue 794: securityonion-web-page: add DHCP Servers query
    • Issue 798: securityonion-web-page: add HTTP sites hosting SWF
    • Issue 795: 12.04.5.3 ISO image
Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.