Skip to content
This repository has been archived by the owner on Apr 16, 2021. It is now read-only.

2018

Jump to bottom
Doug Burks edited this page Mar 15, 2019 · 316 revisions

  • January 2018

    • Issue 1191: sostat: don't show sensor stats if sensortab exists but is empty
    • Issue 1190: soup: if Elastic is enabled, ensure that Docker repo is enabled
    • Issue 1189: securityonion-ossec-rules: add rules for Elastic integration
    • Issue 1194: ELSA XSS vulnerabilities
    • Issue 905: Sguil: disable DNS lookups in pcap transcripts
    • Issue 1171: Sguil: update DShield URL
    • Issue 1186: Sguil: dynamically generate lookups based on filters table
    • Issue 1197: Squert 1.7.0
    • Issue 1196: NSM: when configuring Squert, run securityonion_update.sh
    • Issue 1195: sostat: check for connection to cross cluster search nodes
    • Issue 1179: Elastic Stack Release Candidate 1
    • Issue 1184: 14.04.5.7 ISO image

  • February 2018

  • March 2018

  • April 2018

  • May 2018

  • June 2018

    • Issue 1255: Bro 2.5.4
    • Issue 1253: NSM: securityonion.service should set TimeoutStartSec=300
    • Issue 1257: Setup: remove ELSA references from so-email
    • Issue 1258: soup: install HWE metapackages if necessary
    • Issue 1260: tcpflow -c should print a dot for non-printable chars
    • Issue 1259: Squert: turning grouping off results in no alerts
    • Issue 1261: so-iso-build: need to disable services in /etc/nsm/securityonion.conf
    • Issue 1254: pinguybuilder: make BIOS and EFI boot menus consistent
    • Issue 1262: 16.04.4.2 ISO image
    • Issue 1263: sostat: support Bro logs in JSON and TSV
    • Issue 1264: sostat: fix netsniff-ng packet loss info

  • July 2018

    • Issue 1274: securityonion-pfring-module: compile on kernel 4.15
    • Issue 1270: sosetup -w not writing answer file correctly in some cases
    • Issue 1272: sosetup: move elasticsearch/logstash jvm.options and write new ones
    • Issue 1271: NSM: improper confirmation of password should throw an error
    • Issue 1277: Squert: Priority counts incorrect
    • Issue 1279: securityonion-samples-mta: Add 2018 samples
    • Issue 1273: pinguybuilder: some installs are missing /etc/apt
    • Issue 1278: 16.04.4.3 ISO image
    • Issue 1281: Suricata 4.0.5

  • August 2018

    • Issue 1283: soup: avoid issues with mysql 5.7 and systemd
    • Issue 1275: securityonion-sguil-server: update dependencies to new tcl version
    • Issue 1286: pinguybuilder: do not remove linux hwe package
    • Issue 1287: securityonion-iso: so-iso-build should purge grub-legacy-ec2
    • Issue 1288: securityonion-iso: so-iso-build should install xserver-xorg-hwe-16.04
    • Issue 1289: securityonion-iso: so-iso-build should purge dev/test repos
    • Issue 1284: 16.04.5.1 ISO image
    • Issue 1290: securityonion-web-page: CyberChef 8.0.0
    • Issue 1295: securityonion-desktop-gnome: install gnome-screensaver
    • Issue 1296: soup: install gnome-screensaver if necessary
    • Issue 1294: Elastic 6.3.2
    • Issue 1302: securityonion-elastic: dashboard updates
    • Issue 1303: securityonion-elastic: disable delete all in Elasticsearch
    • Issue 1298: securityonion-elastic: so-import-pcap should write to unique subdirectories
    • Issue 1297: securityonion-elastic: add script to disable dark theme in Kibana
    • Issue 1299: securityonion-elastic: add so-elasticsearch-template scripts
    • Issue 1265: securityonion-elastic: Rotate /var/log/kibana/kibana.log
    • Issue 1301: securityonion-elastic: provide option to tail log after restart
    • Issue 1269: securityonion-elastic: Logstash should include all inputs
    • Issue 1267: securityonion-elastic: so-elastalert-test
    • Issue 1268: securityonion-elastic: so-elastalert-create
    • Issue 1312: securityonion-web-page: CyberChef 8.5
    • Issue 1309: NetworkMiner 2.3.2
    • Issue 1313: securityonion-menu: add icon for NetworkMiner and update Exec
    • Issue 1310: securityonion-et-rules: Update to latest rules
    • Issue 1307: securityonion-setup: allow ES exposure through so-allow
    • Issue 1308: securityonion-setup: so-email advanced mode to set FROM email addresses
    • Issue 1306: securityonion-onionsalt: Replicate Logstash config from master to minions
    • Issue 1314: Bro 2.5.5

  • September 2018

    • Issue 1317: pinguybuilder: increment version to 16.04.5.2
    • Issue 1304: 16.04.5.2 ISO image
    • Issue 1325: so-allow: fix verbiage for ES REST Endpoint
    • Issue 1322: securityonion-setup: increase MySQL open files limit
    • Issue 1318: sostat: provide PF_RING loss as percentage
    • Issue 1332: sostat: adjust FREQ_SERVER_RESPONSE to accommodate updates

  • October 2018

    • Issue 708: Wazuh 3.6.1
    • Issue 707: OSSEC: add decoders/rules for sysmon
    • Issue 852: OSSEC: remove Snorby logs from ossec.conf
    • Issue 1328: securityonion-sguil-agent-ossec: update for Wazuh
    • Issue 1329: securityonion-elastic: update for Wazuh
    • Issue 1315: securityonion-elastic: so-elastic-reset workaround disabled wildcard delete
    • Issue 1319: securityonion-elastic: add ES node listing and removal scripts
    • Issue 1327: securityonion-elastic: increase default logstash heap for Eval Mode
    • Issue 1330: so-allow: allowing an OSSEC agent should allow both UDP and TCP traffic
    • Issue 1331: Elastic 6.4.1
    • Issue 1341: securityonion-web-page: Cyberchef 8.7.0
    • Issue 1336: onionsalt: modify enforced packages
    • Issue 1339: so-iso-build: remove /var/ossec/etc/sslmanager*
    • Issue 1320: pinguybuilder: increment version to 16.04.5.3
    • Issue 1321: 16.04.5.3 ISO image

  • November 2018

    • Issue 1355: Setup: ensure Apache SSO config is enabled
    • Issue 1357: CyberChef 8.8.1
    • Issue 1356: Elastic 6.4.2
    • Issue 1340: securityonion-elastic: curator won't delete closed indices
    • Issue 1350: securityonion-elastic: so-elastic-reset should run so-bro-restart
    • Issue 1343: securityonion-elastic: avoid overwriting logstash.yml
    • Issue 1359: securityonion-elastic: avoid duplicating logs into multiple indices
    • Issue 1361: Suricata 4.1.0
    • Issue 1291: NSM: add cron jobs for backing up server/sensor config daily
    • Issue 1292: NSM: Delay watchdog checks while any other nsm_sensor_ps script runs
    • Issue 1176: nsm_sensor_clear: check for FORCE_YES
    • Issue 1362: NSM: wait for network-online on boot
    • Issue 1342: soup: improve detection of Docker image updates
    • Issue 1358: soup: initialize MYSQL_DISABLED
    • Issue 1365: Elastic 6.4.3
    • Issue 1371: securityonion-elastic: update evaluation of template addition success/failure
    • Issue 1370: securityonion-elastic: rotate /var/log/nsm/so-curator-closed-delete.log
    • Issue 1364: securityonion-elastic: so-boot should log to /var/log/so-boot.log
    • Issue 1372: securityonion-elastic: prevent multiple instances of so-curator-closed-delete
    • Issue 1369: securityonion-elastic: Cron job not finishing since latest upgrade
    • Issue 1367: pinguybuilder: increment version to 16.04.5.4
    • Issue 1366: 16.04.5.4 ISO image

  • December 2018

Getting Started

Update/Upgrade

Analyst Tools

Network Visibility

Host Visibility

Elastic Stack

Customizing for your network

Tuning

Tricks and Tips

Help

Issues

Other

Scripts

Clone this wiki locally