This repository has been archived by the owner on Apr 16, 2021. It is now read-only.
2015
Doug Burks edited this page Mar 15, 2019
·
9 revisions
- January 2015
- Issue 655: Suricata 2.0.5
- Issue 658: NSM: fix umask on Snort unified2 output
- Issue 548: NSM: run barnyard2 as non-root user
- Issue 649: nsm_all_del_quick: check for /etc/nsm/servertab and /etc/nsm/sensortab before trying to read
- Issue 598: so-snorby-wipe
- Issue 610: NSM: ossec_agent alert level should be configurable
- Issue 660: Setup: add OSSEC_AGENT_LEVEL to /etc/nsm/securityonion.conf
- Issue 656: ELSA: update parser for bro_conn to parse country code
- Issue 659: securityonion-web-page: add ELSA query for bro_conn groupby:resp_country_code
- Issue 667: New packages for shellshock and malware-traffic-analysis samples
- Issue 673: Suricata 2.0.6
- Issue 642: Update Salt packages/scripts to 2014.7.0
- Issue 619: Onionsalt: backup /opt/onionsalt/pillar/top.sls
- Issue 661: Onionsalt: replicate /usr/local/lib/snort_dynamicrules/
- Issue 672: sguil-db-purge: check for UNCAT_MAX
- Issue 663: sosetup: sosetup.conf SGUIL_CLIENT_PASSWORD_1 should say Sguil/Squert/ELSA/Snorby
- Issue 664: sosetup: run Bro as non-root user
- Issue 666: sostat: run Bro as non-root user
- Issue 665: NSM: run Bro as non-root user
- Issue 676: NSM: run Sguil as non-root user
- Issue 671: NSM: /etc/cron.d/sensor-clean needs 2>&1
- February 2015
- Issue 668: ELSA: pdbtool errors
- Issue 669: ELSA: update parsers for Bro DNS and BIND
- Issue 670: securityonion-web-page: add queries for updated bro_dns parser
- Issue 685: securityonion-web-page: update links
- Issue 684: NSM: nsm_server_ps-start needs to create /var/log/sguild/ if it doesn't already exist
- Issue 686: NSM: nsm_server_ps-start needs to set permissions on /var/log/nsm/so-elsa/ properly
- Issue 687: NSM: nsm_sensor_ps-start should set permissions on /var/log/nsm/ properly
- Issue 689: NSM: add USE_DNS option to ossec_agent.conf
- Issue 688: ossec_agent: add option to disable DNS lookups
- Issue 680: Bro 2.3.2
- Issue 683: securityonion-et-rules: update for new ISO
- Issue 632: ISO: add bridge-utils
- Issue 601: ISO: add foremost
- Issue 614: ISO: add securityonion-samples-shellshock
- Issue 662: ISO: add securityonion-samples-mta
- Issue 675: ISO: add xfsprogs
- Issue 602: 12.04.5.1 ISO image
- March 2015
- Issue 695: Suricata 2.0.7
- Issue 696: ELSA custom menu
- Issue 691: NSM: chown -R $BRO_USER:$BRO_GROUP /nsm/bro >/dev/null 2>&1
- Issue 698: NSM: nsm_server_del line 170 echo_msg 0 "Deleting server: $SERVER_NAME"
- Issue 699: NSM: Bro node.cfg host=localhost
- Issue 700: Setup: Bro node.cfg host=localhost
- Issue 702: Snort 2.9.7.2
- Issue 703: Move from Google Code to Github
- Issue 706: Add Josh Brower's ELSA parsers for process logs and sysmon
- Issue 709: Add fear.nothing's ELSA parsers for pfSense
- Issue 710: securityonion-web-page: add ELSA queries for Firewall logs and Windows Processes~~
- April 2015
- Issue 711: Add "date" command to /usr/bin/sguil-db-purge
- Issue 692: sostat: list number of ELSA buffers in queue and warn if higher than 20
- Issue 701: sostat: include number of CPU cores
- Issue 681: rule-update: wipe snort_dynamicrules directory on sensor
- Issue 677: rule-update: create /usr/local/lib/snort_dynamicrules/ if it doesn't already exist
- Issue 678: rule-update: /etc/cron.d/rule-update should have 2>&1
- Issue 697: rule-update: log snorby reference table update to barnyard2-snorby.log
- Issue 679: rule-update: run pulledpork as unprivileged user
- Issue 715: securityonion-rule-update: sensor-only boxes running salt shouldn't try to copy /etc/cron.d/rule-update
- May 2015
- Issue 725: Suricata 2.0.8
- Issue 718: Sphinx 2.1.9
- Issue 241: NSM scripts should have a timeout period when stopping services
- Issue 392: Patch for lib-nsm-common-utils from Mark Seiden
- Issue 714: nsm_server_user-disable
- Issue 705: ossec_agent: improvements from Brian Kellogg
- Issue 716: ossec_agent: tighten regex to only look for -> anchored to hostname or IP
- Issue 717: ossec_agent: send alerts to sguild immediately instead of waiting for next alert
- June 2015
- Issue 742: securityonion-suricata package missing debian/install
- Issue 730: Snort 2.9.7.3
- Issue 731: Snort DAQ 2.0.5
- Issue 657: ELSA 1205
- Issue 447: ELSA syslog-ng.conf rewrite r_pipes
- Issue 512: ELSA syslog-ng.conf filter f_bro_headers
- Issue 726: ELSA syslog-ng.conf - add filesystem destinations
- Issue 674: ELSA - update bro_notice parser to parse src and dst fields
- Issue 722: securityonion-web-page: update HTTP mime type queries for ELSA 1205
- Issue 723: CapMe: Update for new ELSA API
- Issue 500: sosetup: restart starman
- Issue 504: sosetup: avoid writing ELSA_PORT twice in SSH_CONF
- Issue 547: sosetup: if enabling salt on a sensor, check top.sls to make sure it doesn't already exist
- Issue 740: sosetup: sensor should use sudo to restart apache on master
- Issue 741: sosetup: sometimes local salt-minion doesn't check in with local salt-master quickly enough
- Issue 732: NSM: only output color codes if running on a tty
- Issue 746: ELSA 1205 package enabled perl module on non-ELSA systems
- Issue 747: ELSA 1205 package duplicated syslog-ng.conf entries on non-ELSA systems
- Issue 748: ELSA 1205 package didn't add the pid column to the query_log table for upgrades
- Issue 749: Update tcl-tls package and replace DH512 key with DH2048
- Issue 751: NSM: change watchdog run time to avoid race condition
- Issue 744: sosetup: Restart Apache to activate new ELSA apikey
- Issue 745: OSSEC 2.8.2
- July 2015
- Issue 733: 12.04.5.2 ISO image
- Issue 763: sostat: show last update
- Issue 761: securityonion-tcpudpflow: remove connection_state_remove event handler
- Issue 760: ossec_agent: Add source of syslog as destination IP for Sguil alert
- Issue 769: sosetup: allow user to enable/disable Snorby
- Issue 596: sosetup: sensor should stop/disable Apache and Snorby worker
- Issue 693: sosetup: improve input validation for email address
- Issue 764: sosetup: fix typo in sosetup.conf
- Issue 605: sosetup: replace tmp with mktemp
- Issue 771: sosetup: comment out 2 examples in top.sls
- Issue 767: securityonion-web-page: add SSL Top Subjects query
- Issue 775: securityonion-web-page: add groupby:site to ELSA HTTP SQL Injection query
- August 2015
- Issue 743: Bro 2.4
- Issue 752: securityonion-bro-scripts: update sensortab.bro for Bro 2.4
- Issue 753: securityonion-bro-scripts: update shellshock module for Bro 2.4
- Issue 754: securityonion-bro-scripts: update extract.bro for Bro 2.4
- Issue 762: securityonion-elsa-extras: update bro_conn parser for Bro 2.4
- Issue 765: securityonion-elsa-extras: update bro_intel parser for Bro 2.4
- Issue 768: securityonion-elsa-extras: update bro_ssl parser for Bro 2.4
- Issue 774: securityonion-elsa-extras: update bro_ssh parser for Bro 2.4
- Issue 773: securityonion-elsa-extras: add Windows and Cisco parsers from Brian Kellogg
- Issue 793: CapMe: Update for Bro 2.4 conn.log
- Issue 766: Snorby 2.6.3
- Issue 784: Snort 2.9.7.5
- Issue 788: DAQ 2.0.6
- Issue 724: /etc/cron.d/rule-update should avoid overwhelming rule sites
- Issue 791: sosetup: change rule-update verbiage
-
Issue 728: securityonion-libcapture-tiny-perl should
Provides: libcapture-tiny-perl - Issue 797: NSM: update SpoolDir and LogDir in broctl.cfg
- Issue 799: NSM: add stderr redirect to stdout on adduser
- Issue 800: Setup: update SpoolDir and LogDir in broctl.cfg
- September 2015
- Issue 755: securityonion-elsa-extras: add parser for Bro 2.4 mysql.log
- Issue 756: securityonion-elsa-extras: add parser for Bro 2.4 kerberos.log
- Issue 757: securityonion-elsa-extras: add parser for Bro 2.4 rdp.log
- Issue 758: securityonion-elsa-extras: add parser for Bro 2.4 pe.log
- Issue 759: securityonion-elsa-extras: add parser for Bro 2.4 sip.log
- Issue 780: securityonion-elsa-extras: add parser for IIS logs
- Issue 782: securityonion-elsa-extras: update sysmon parser
- Issue 776: securityonion-elsa-extras: set version 3.3 in syslog-ng.conf
- Issue 796: securityonion-elsa-extras: Add script to fix ELSA syslogs_archive_1 issue
- Issue 801: securityonion-web-page: add queries for Bro kerberos logs
- Issue 802: securityonion-web-page: add queries for Bro mysql logs
- Issue 803: securityonion-web-page: add queries for Bro pe logs
- Issue 804: securityonion-web-page: add queries for Bro rdp logs
- Issue 805: securityonion-web-page: add queries for Bro sip logs
- Issue 794: securityonion-web-page: add DHCP Servers query
- Issue 798: securityonion-web-page: add HTTP sites hosting SWF
- Issue 795: 12.04.5.3 ISO image
- Introduction
- Use Cases
- Hardware Requirements
- Release Notes
- Download/Install
- Booting Issues
- After Installation
- UTC and Time Zones
- Services
- VirtualBox Walkthrough
- VMWare Walkthrough
- Videos
- Architecture
- Cheat Sheet
- Conference
- Elastic Stack
- Elastic Architecture
- Elasticsearch
- Logstash
- Kibana
- ElastAlert
- Curator
- FreqServer
- DomainStats
- Docker
- Redis
- Data Fields
- Beats
- Pre-Releases
- ELSA to Elastic
- Network Configuration
- Proxy Configuration
- Firewall/Hardening
- Email Configuration
- Integrating with other systems
- Changing IP Addresses
- NTP
- Managing Alerts
- Managing Rules
- Adding Local Rules
- Disabling Processes
- Filtering with BPF
- Adjusting PF_RING for traffic
- MySQL Tuning
- Adding a new disk
- High Performance Tuning
- Trimming PCAPs