Skip to content
This repository has been archived by the owner on Apr 16, 2021. It is now read-only.

2017

Jump to bottom
Doug Burks edited this page Mar 15, 2019 · 220 revisions

  • January 2017

    • Issue 1031: Snort 2.9.9.0
    • Issue 1017: PulledPork 0.7.2
    • Issue 1034: securityonion-rule-update: update for PulledPork 0.7.2
    • Issue 1035: Setup: update for PulledPork 0.7.2
    • Issue 1040: securityonion-sudoers: remove secure_path
    • Issue 1043: NSM: create /usr/sbin/broctl
    • Issue 1044: sostat: use full path for bro-cut
    • Issue 1042: Move scripts from /usr/bin/ to /usr/sbin/
    • Issue 1056: sostat: update location of sostat-interface in /var/ossec/etc/ossec.conf
    • Issue 1057: sostat: sostat-redacted - change "Port" to "Port "
    • Issue 1054: securityonion-rule-update: Restore stdout/stderr redirect in crontab
    • Issue 1055: NSM: fix spelling error
    • Issue 1018: salt: use /etc/sudoers.d/ instead of directly editing /etc/sudoers
    • Issue 1058: securityonion-http-agent: update for Bro 2.5
    • Issue 1036: securityonion-elsa-extras: add pattern for Bro rfb.log
    • Issue 1037: securityonion-web-page: add ELSA queries for Bro rfb.log
    • Issue 1062: NSM: avoid loading IDS rules twice
    • Issue 1060: NetworkMiner 2.1
    • Issue 1065: securityonion-elsa-extras: new MySQL packages require changes to elsa user
    • Issue 1066: Squert: error when removing comment
    • Issue 1067: Squert: ip2c avoid hard loop when file unavailable
    • Issue 863: Xplico 1.2.0
    • Issue 1041: Segmentation fault /opt/xplico/bin/msite
    • Issue 1045: Segmentation fault /opt/xplico/bin/trigcap
    • Issue 1046: Segmentation fault /opt/xplico/bin/mfile
    • Issue 1047: Segmentation fault /opt/xplico/bin/mfbc
    • Issue 1048: Segmentation fault /opt/xplico/bin/mwebymsg
    • Issue 1049: Segmentation fault /opt/xplico/bin/mwmail
    • Issue 1050: Segmentation fault /opt/xplico/bin/xplico
    • Issue 1051: Segmentation fault /opt/xplico/bin/mpaltalk

  • February 2017

  • June 2017

    • Issue 1101: PF_RING 6.6
    • Issue 1102: Suricata 3.2.2
    • Issue 1021: sostat: netsniff-ng log section can get quite lengthy
    • Issue 1061: sostat: check for stuck ELSA cron.pl
    • Issue 1107: sostat: calculate netsniff-ng packet drops as percentage
    • Issue 1086: NSM: stderr redirects when listing logfiles
    • Issue 1106: Update so-allow to allow apt-cacher-ng clients and add so-disallow

  • July 2017

  • August 2017

    • Issue 1116: Suricata 4.0.0
    • Issue 652: NSM: barnyard sending blank interface to syslog output
    • Issue 1117: NSM: cron to check if netsniff-ng is recording to date other than today
    • Issue 1119: Squert: comment search not working
    • Issue 1127: NetworkMiner 2.2
    • Issue 1074: securityonion-elsa-extras: add 5140 parser
    • Issue 1075: securityonion-elsa-extras: add storage calculator
    • Issue 1076: securityonion-elsa-extras: refactor securityonion-elsa-reset
    • Issue 1080: securityonion-elsa-extras: add delaycompress for elsa logs
    • Issue 1122: securityonion-elsa: remove 300px limitation
    • Issue 928: soup: if snort/suricata/bro updated, remind user to re-apply local changes
    • Issue 1072: soup: include reference to blog.securityonion.net
    • Issue 1108: soup: handle situations where apt prompts to keep/replace file
    • Issue 1124: soup: update docker images if enabled
    • Issue 1125: sostat: report on docker images if enabled

  • September 2017

  • October 2017

    • Issue 1129: sostat: replace localhost:9200 with $ELASTICSEARCH variables
    • Issue 1133: sostat: silence progress output for curl requests
    • Issue 1136: sostat: provide Docker container interface correlation
    • Issue 1137: soup: remove "One or more docker images have been updated."
    • Issue 1144: Bro 2.5.2
    • Issue 1145: Suricata 4.0.1
    • Issue 1141: rule-update: enable Suricata events rules if necessary
    • Issue 1069: rule-update: change labs.snort.org to talosintelligence.com
    • Issue 1146: sostat - fix FreqServer/DomainStats tests
    • Issue 1147: sostat - remove header for Kibana when disabled
    • Issue 1153: rule-update: disable noisy Suricata events if Setup hasn't already
    • Issue 1140: securityonion-et-rules: update package
    • Issue 1135: Setup: add support for Elastic via sosetup.conf

  • November 2017

    • Issue 1130: Elastic Stack Beta Release
    • Issue 1094: 14.04.5.4 ISO image
    • Issue 1161: so-email: fix any references to sosetup
    • Issue 1163: Setup: disable Xplico when choosing Evaluation Mode
    • Issue 1164: securityonion-iso: remove xplico dependency
    • Issue 1162: NSM: Add new script to clear sensor backlog
    • Issue 1167: NSM: need to handle /etc/init/securityonion.conf properly
    • Issue 1168: NSM: check for /etc/init.d/xplico before trying to execute
    • Issue 1170: Xplico: vulnerabilities reported by Mehmet Ince
    • Issue 1166: soup: if Elastic enabled, copy /etc/apt/preferences.d/securityonion-docker
    • Issue 1149: soup: final message about ids/bro updates only output if enabled
    • Issue 1132: Elastic Stack Beta 2
    • Issue 1158: 14.04.5.5 ISO image

  • December 2017

    • Issue 1156: soup: delete old Docker images
    • Issue 1157: sostat: provide statistics on logstash queue
    • Issue 1180: so-allow: if elastic is enabled, run so-allow-elastic
    • Issue 1181: soup: don't check for docker images if docker is not installed
    • Issue 1172: Elastic Stack Beta 3
    • Issue 1173: 14.04.5.6 ISO image
    • Issue 1175: sostat: clean up error/output when performing Docker interface correlation

Getting Started

Update/Upgrade

Analyst Tools

Network Visibility

Host Visibility

Elastic Stack

Customizing for your network

Tuning

Tricks and Tips

Help

Issues

Other

Scripts

Clone this wiki locally