Doug Burks edited this page Oct 20, 2018 · 265 revisions
  • January 2018

    • Issue 1191: sostat: don't show sensor stats if sensortab exists but is empty
    • Issue 1190: soup: if Elastic is enabled, ensure that Docker repo is enabled
    • Issue 1189: securityonion-ossec-rules: add rules for Elastic integration
    • Issue 1194: ELSA XSS vulnerabilities
    • Issue 905: Sguil: disable DNS lookups in pcap transcripts
    • Issue 1171: Sguil: update DShield URL
    • Issue 1186: Sguil: dynamically generate lookups based on filters table
    • Issue 1197: Squert 1.7.0
    • Issue 1196: NSM: when configuring Squert, run securityonion_update.sh
    • Issue 1195: sostat: check for connection to cross cluster search nodes
    • Issue 1179: Elastic Stack Release Candidate 1
    • Issue 1184: 14.04.5.7 ISO image
  • February 2018

  • March 2018

  • April 2018

  • May 2018

  • June 2018

    • Issue 1255: Bro 2.5.4
    • Issue 1253: NSM: securityonion.service should set TimeoutStartSec=300
    • Issue 1257: Setup: remove ELSA references from so-email
    • Issue 1258: soup: install HWE metapackages if necessary
    • Issue 1260: tcpflow -c should print a dot for non-printable chars
    • Issue 1259: Squert: turning grouping off results in no alerts
    • Issue 1261: so-iso-build: need to disable services in /etc/nsm/securityonion.conf
    • Issue 1254: pinguybuilder: make BIOS and EFI boot menus consistent
    • Issue 1262: 16.04.4.2 ISO image
    • Issue 1263: sostat: support Bro logs in JSON and TSV
    • Issue 1264: sostat: fix netsniff-ng packet loss info
  • July 2018

    • Issue 1274: securityonion-pfring-module: compile on kernel 4.15
    • Issue 1270: sosetup -w not writing answer file correctly in some cases
    • Issue 1272: sosetup: move elasticsearch/logstash jvm.options and write new ones
    • Issue 1271: NSM: improper confirmation of password should throw an error
    • Issue 1277: Squert: Priority counts incorrect
    • Issue 1279: securityonion-samples-mta: Add 2018 samples
    • Issue 1273: pinguybuilder: some installs are missing /etc/apt
    • Issue 1278: 16.04.4.3 ISO image
    • Issue 1281: Suricata 4.0.5
  • August 2018

    • Issue 1283: soup: avoid issues with mysql 5.7 and systemd
    • Issue 1275: securityonion-sguil-server: update dependencies to new tcl version
    • Issue 1286: pinguybuilder: do not remove linux hwe package
    • Issue 1287: securityonion-iso: so-iso-build should purge grub-legacy-ec2
    • Issue 1288: securityonion-iso: so-iso-build should install xserver-xorg-hwe-16.04
    • Issue 1289: securityonion-iso: so-iso-build should purge dev/test repos
    • Issue 1284: 16.04.5.1 ISO image
    • Issue 1290: securityonion-web-page: CyberChef 8.0.0
    • Issue 1295: securityonion-desktop-gnome: install gnome-screensaver
    • Issue 1296: soup: install gnome-screensaver if necessary
    • Issue 1294: Elastic 6.3.2
    • Issue 1302: securityonion-elastic: dashboard updates
    • Issue 1303: securityonion-elastic: disable delete all in Elasticsearch
    • Issue 1298: securityonion-elastic: so-import-pcap should write to unique subdirectories
    • Issue 1297: securityonion-elastic: add script to disable dark theme in Kibana
    • Issue 1299: securityonion-elastic: add so-elasticsearch-template scripts
    • Issue 1265: securityonion-elastic: Rotate /var/log/kibana/kibana.log
    • Issue 1301: securityonion-elastic: provide option to tail log after restart
    • Issue 1269: securityonion-elastic: Logstash should include all inputs
    • Issue 1267: securityonion-elastic: so-elastalert-test
    • Issue 1268: securityonion-elastic: so-elastalert-create
    • Issue 1312: securityonion-web-page: CyberChef 8.5
    • Issue 1309: NetworkMiner 2.3.2
    • Issue 1313: securityonion-menu: add icon for NetworkMiner and update Exec
    • Issue 1310: securityonion-et-rules: Update to latest rules
    • Issue 1307: securityonion-setup: allow ES exposure through so-allow
    • Issue 1308: securityonion-setup: so-email advanced mode to set FROM email addresses
    • Issue 1306: securityonion-onionsalt: Replicate Logstash config from master to minions
    • Issue 1314: Bro 2.5.5
  • September 2018

    • Issue 1317: pinguybuilder: increment version to 16.04.5.2
    • Issue 1304: 16.04.5.2 ISO image
    • Issue 1325: so-allow: fix verbiage for ES REST Endpoint
    • Issue 1322: securityonion-setup: increase MySQL open files limit
    • Issue 1318: sostat: provide PF_RING loss as percentage
    • Issue 1332: sostat: adjust FREQ_SERVER_RESPONSE to accommodate updates
  • October 2018

    • Issue 708: Wazuh 3.6.1
    • Issue 707: OSSEC: add decoders/rules for sysmon
    • Issue 852: OSSEC: remove Snorby logs from ossec.conf
    • Issue 1328: securityonion-sguil-agent-ossec: update for Wazuh
    • Issue 1329: securityonion-elastic: update for Wazuh
    • Issue 1315: securityonion-elastic: so-elastic-reset workaround disabled wildcard delete
    • Issue 1319: securityonion-elastic: add ES node listing and removal scripts
    • Issue 1327: securityonion-elastic: increase default logstash heap for Eval Mode
    • Issue 1330: so-allow: allowing an OSSEC agent should allow both UDP and TCP traffic
    • Issue 1331: Elastic 6.4.1
    • Issue 1341: securityonion-web-page: Cyberchef 8.7.0
    • Issue 1336: onionsalt: modify enforced packages
    • Issue 1321: 16.04.5.3 ISO image
    • Issue 1339: so-iso-build: remove /var/ossec/etc/sslmanager*
    • Issue 1320: pinguybuilder: increment version to 16.04.5.3
  • November 2018

    • Issue 1340: securityonion-elastic: curator won't delete closed indices
    • Issue 1348: logstash parsing issues when ingesting pfsense filterlog
    • Issue 1350: securityonion-elastic: so-elastic-reset should run so-bro-restart
    • Issue 1342: soup: improve detection of Docker image updates
    • Issue 1291: NSM: add cron jobs for backing up server/sensor config daily
    • Issue 1292: NSM: Delay watchdog checks while any other nsm_sensor_ps script runs
    • Issue 1176: nsm_sensor_clear: check for FORCE_YES
    • Issue 1337: Setup: remove unneeded cron jobs from storage nodes
    • Issue 1345: ossec-hids-server: include local_rules.xml
    • Issue 1346: securityonion-ossec-rules: do not alert on /etc/nsm/rules/backup/
    • Issue 1115: Add Bro script for JA3
    • Issue 1338: Consider adding HASSH
    • Issue 1293: Improve Host Hunting - OSSEC Dashboard
    • Issue 1343: securityonion-elastic: avoid overwriting logstash.yml
  • Beyond

    • Issue 1311: securityonion-squert: histogram should refresh when grouping option is set to 'off'
    • Issue 1221: securityonion-elastic: Post GA
    • Issue 1266: Index Stats Visualization
    • Issue 1334: netsniff-ng 0.6.5
    • Issue 1324: securityonion-bro-pkg: create a new package for bro-pkg
    • Issue 1323: Consider adding json-cut
    • Issue 1217: Collect Bro logs using Filebeat
    • Issue 1249: Avoid restarting IDS Engine where possible
    • Issue 1142: Snort 2.9.12.0
    • Issue 1143: PulledPork 0.7.3
    • Issue 1151: PF_RING 7.0
    • Issue 1204: Bro: Intel Seen More
    • Issue 1205: Setup: Validate HOME_NET during install/setup
    • Issue 1160: soup: purge old linux kernel headers
    • Issue 1154: securityonion-et-rules: include both snort and suricata versions of ET ruleset
    • Issue 1148: PulledPork: include all Suricata events rules in local_rules
    • Issue 1150: rule-update: include all Suricata events rules in local_rules
    • Issue 1134: sostat: netsniff-ng bc can cause (standard_in) 1: syntax error
    • Issue 1082: onionsalt: Snort dynamicrules directory needs to be cleaned of old files
    • Issue 1077: NSM: if Bro in cluster mode and sufficient RAM, add logger to node.cfg
    • Issue 1090: NSM: purge old pcaps in /nsm/server_data/securityonion/archive/
    • Issue 1138: NSM: increase process priority for sniffing processes
    • Issue 1230: NSM: Fix config threads issue
    • Issue 1098: netsniff-ng is not capturing jumbo frames by default
    • Issue 1121: Squert: only aggregate if sid and gid match
    • Issue 1087: Sguil agent for Suricata
    • Issue 1088: NSM: switch Suricata to EVE output
    • Issue 938: CapMe: improve error message if pcap_agent is running but no pcap is found
    • Issue 947: CapMe: clicking submit after session expires needs to redirect to login
    • Issue 826: Bro intel linter
    • Issue 999: Setup: reduce the number of RSS queues to 1 on sniffing interfaces
    • Issue 1159: Setup: when running with -f option, validate sosetup.conf before making changes to system
    • Issue 1020: Suricata Hyperscan
    • Issue 825: NSM: remove extra Bro output
    • Issue 833: soup: error checking
    • Issue 819: soup: check to see if PF_RING updates are available
    • Issue 817: sostat: awk division error when Bro doesn't report stats correctly
    • Issue 813: Setup: bug when configuring 10 or more interfaces
    • Issue 977: Setup: interactive setup via command line
    • Issue 615: NSM: add "exit $RET" where necessary
    • Issue 588: NSM: purge old OSSEC logs
    • Issue 523: sensor-clean: add option to skip removal of bro or argus logs
    • Issue 534: NSM: Patches for adding PCAP snap length for Netsniff-NG
    • Issue 645: NSM: check if sensor is disabled when --sensor-name= is specified
    • Issue 1118: NSM: nsm_sensor_ps-restart --sensor-name=$i --only-pcap should only restart pcap
    • Issue 653: NSM: nsm_sensor_ps-stop should kill the processes tailing the snort.stats files
    • Issue 654: NSM: disable SNORT_PERF_STATS in snort_agent.conf for suricata
    • Issue 643: Rotate logs in /var/log/nsm/
    • Issue 870: Sguil: new package
    • Issue 1027: securityonion-sguil-client: check that user exists
    • Issue 1006: Sguil client: fix OSSEC alert rendering improperly in HTML
    • Issue 1019: Sguil: crash when trying to connect to pcap_agent that is down
    • Issue 1013: NSM: update for Sguil
    • Issue 571: securityonion-web-page: add Security Onion cheat sheet PDF
    • Issue 644: sostat-quick: check server/sensor
    • Issue 591: Bro Intel Whitelist
    • Issue 593: sosetup: check for Internet access takes a while if DNS doesn't immediately fail
    • Issue 480: sosetup: sensor should automatically create autossh account on server
    • Issue 532: sosetup: Limit what autossh keys can do
    • Issue 978: syslog-ng.conf should include conf.d directory
    • Issue 778: QA tests
    • Issue 603: securityonion-bro-scripts: drwatson
    • Issue 467: Kibana dashboard for Snort performance
    • Issue 594: securityonion-sudoers: 10_securityonion
    • Issue 559: sosetup: support for NIC bonding configuration
    • Issue 777: sosetup: refactor into more functions
    • Issue 608: Update bash scripts to use /bin/sh
    • Issue 1114: Full uninstall method
    • Issue 1120: Incorrect PulledPork BlackList File Location
Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.