Security Onion Blog
Showing posts with label snort. Show all posts
Showing posts with label snort. Show all posts

Wednesday, February 17, 2021

Snort 3 and Security Onion 2

Recently, the Snort team released Snort 3! We want to congratulate them on bringing their product to market after much anticipation from the community. We're long-time Snort fans here. Like many of you, we understand Snort's value in the open source network IDS community and, yes, many of our team have lots of cute cushy pigs on our desks!

One of our guiding principles for Security Onion is to encourage, foster, and champion free and open security tools with the goal of providing defenders necessary tools to win. Snort has been one of those tools since Security Onion’s inception in 2008 and is still in our most recent Security Onion 16.04 release. When we released Security Onion 2 in October 2020, it did not include Snort since much has changed in the last decade. We added Suricata to produce NIDS alerts as well as network metadata (previously only provided by Zeek/Bro), all in one multi-threaded application. Security Onion moved away from the unsigned kernel module PF_RING to AF_PACKET, which made integration with Snort 2 a significant challenge. Snort 3 continued in development for a fair bit of time, and represents a fundamental shift in how Snort and, by extension, its rules, work. With the explosive growth of Security Onion 2, our internal road map is stacked with priority items and so we’re not able to integrate Snort 3 right now. However, once we free up some cycles, we will see what it would take to integrate Snort 3.

We strive to bring the best product to market in order to shift the advantage from the adversaries to you in our user community. To that end, improvement of the user experience with data remains our current priority. As always, we value your input. Reach out to us on our Community Support Forum if you have questions or additional feedback.

at No comments:
Labels: , , , ,

Tuesday, December 15, 2020

Snort 2.9.17.0 now available for Security Onion 16.04!

First, please note that Security Onion 16.04 reaches EOL in less than 5 months. Instead of applying this update, most Security Onion 16.04 users should upgrade directly to Security Onion 2:
https://blog.securityonion.net/2020/11/5-month-eol-notice-for-security-onion.html

If you do decide to proceed with this update for Security Onion 16.04, please be reminded of the recent Docker Hub rate limit changes:
https://blog.securityonion.net/2020/10/docker-hub-rate-limits-effective.html

The following update is now available for Security Onion 16.04!

securityonion-snort - 2.9.17.0-1ubuntu1securityonion1

This update resolves the following issues:

Snort 2.9.17.0 #1802
https://github.com/Security-Onion-Solutions/security-onion/issues/1802

Thanks

Thanks to the Snort team for Snort 2.9.17.0!

Thanks to Chris Morgret for testing and QA!

Updating

Please see the following page for full update instructions:
https://docs.securityonion.net/en/16.04/upgrade.html

Support

Need support?  Please see:
https://docs.securityonion.net/en/16.04/support.html

Thanks!


at No comments:
Labels: , , , , ,

Tuesday, August 18, 2020

Snort 2.9.16.1 now available for Security Onion 16.04!

The following package is now available for Security Onion 16.04:
securityonion-snort - 2.9.16.1-1ubuntu1securityonion1

This package resolves the following issue:

Snort 2.9.16.1 #1780
https://github.com/Security-Onion-Solutions/security-onion/issues/1780

Thanks

Thanks to Cisco for Snort 2.9.16.1!
Thanks to Chris Morgret for testing!

Updating

Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Support

Need support?  Please see:
https://securityonion.net/docs/Support

Documentation

We've got a new documentation site!  Please let us know if anything needs to be updated:
https://securityonion.net/docs

Also, we're now offering a printed copy of our official documentation with foreword by Richard Bejtlich and proceeds going to Rural Technology Fund:
https://securityonion.net/book

Training

Security Onion Solutions is the only official authorized training provider for Security Onion.  For more information about our training classes, please see:
https://securityonionsolutions.com

Appliances

We also offer hardware appliances!  For more information, please see:
https://securityonionsolutions.com

Thanks!


at No comments:
Labels: , ,

Thursday, April 30, 2020

Snort 2.9.16.0 now available for Security Onion!

The following packages are now available for Security Onion:

securityonion-daq - 2.0.7-1ubuntu1securityonion2
securityonion-snort - 2.9.16.0-1ubuntu1securityonion1

These packages resolve the following issue:

Snort 2.9.16.0 #1755
https://github.com/Security-Onion-Solutions/security-onion/issues/1755

Thanks
Thanks to Cisco for Snort 2.9.16.0!
Thanks to Wes Lambert for testing!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Documentation
We've got a new documentation site!  Please let us know if anything needs to be updated:
https://securityonion.net/docs

Also, we're now offering a printed copy of our official documentation with foreword by Richard Bejtlich and proceeds going to Rural Technology Fund:
https://securityonion.net/book

Training
Security Onion Solutions is the only official authorized training provider for Security Onion and we have 4-day Basic and 4-day Advanced onsite training classes.  We also offer online classes as well.  For more information, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://securityonionsolutions.com

Thanks!

at No comments:
Labels: , , , , ,

Thursday, March 19, 2020

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion226 now available for Security Onion!

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion226 is now available for Security Onion and should resolve the following issue:

NSM: add ability to pin snort via IDS_LB_CPUS #1729
https://github.com/Security-Onion-Solutions/security-onion/issues/1729

You can read more about this new capability here:
https://securityonion.readthedocs.io/en/latest/performance.html#cpu-affinity-pinning

Thanks
Thanks to Pete Nelson for submitting the Pull Request!
Thanks to Bryant Treacle for testing and QA!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Documentation
You can find our documentation here:
https://securityonion.net/docs

Also, we're now offering a printed copy of our official documentation with foreword by Richard Bejtlich and proceeds going to Rural Technology Fund:
https://securityonion.net/book

Training
Security Onion Solutions is the only official authorized training provider for Security Onion.  For more information about our training classes, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://securityonionsolutions.com

Thanks!

at No comments:
Labels: , , , , , ,

Tuesday, February 18, 2020

Security Onion 16.04.6.4 ISO image now available featuring Zeek 3.0.1, Suricata 4.1.6, Snort 2.9.15.1, Elastic 6.8.6, CyberChef 9.12.0, and more!

Our Security Onion 16.04.6.4 ISO image is now available!

Security Onion 16.04.6.4 boot menu

Major Changes Since Last ISO Image

Zeek 3.0.1
Suricata 4.1.6
Snort 2.9.15.1
Elastic 6.8.6
CyberChef 9.12.0

Thanks
Thanks to the following for testing this ISO image!
Bryant Treacle
Josh Brower
Wilk4013

Package Updates
This release also includes the following updated packages:
pinguybuilder - 20180514-1ubuntu1securityonion21
securityonion-iso - 20151016-1ubuntu1securityonion34

These packages resolve the following issues:

pinguybuilder: increment version to 16.04.6.4 #1701
https://github.com/Security-Onion-Solutions/security-onion/issues/1701

Build 16.04.6.4 ISO image #1704
https://github.com/Security-Onion-Solutions/security-onion/issues/1704

Issues Resolved
For a list of all issues resolved in this release, please see:
https://github.com/Security-Onion-Solutions/security-onion/projects/10

Release Notes
For more information about this release, please see:
https://securityonion.net/docs/release-notes.html

Installation Guide
We've updated the Installation guide to reflect the download locations for the new ISO image:
https://securityonion.net/docs/installation.html

Existing Deployments
If you have existing 16.04 installations, there is no need to download the new ISO image.  You can simply continue using our standard update process to install updated packages as they are made available:
https://securityonion.net/docs/Upgrade

If you have existing installations of Security Onion 14.04, you can upgrade from 14.04 to 16.04:
https://securityonion.net/docs/upgrading-from-14.04-to-16.04.html

Documentation
You can find our documentation here:
https://securityonion.net/docs

Also, we're now offering a printed copy of our official documentation with foreword by Richard Bejtlich and proceeds going to Rural Technology Fund:
https://securityonion.net/book

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Training
Security Onion Solutions is the only official authorized training provider for Security Onion and we have 4-day Basic and 4-day Advanced onsite training classes.  We also offer online classes as well.  For more information, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://securityonionsolutions.com

Screenshot Tour
ISO boot menu
Once the Live Desktop appears, double-click the Install icon and follow the prompts



Once you've completed the installer and rebooted, login using the username and password you created in the installer

After logging in, you are prompted to run Setup

Setup can now run interactively via CLI and sosetup-minimal can be used to minimize RAM and CPU usage

Welcome to Setup

Configure network interfaces

If your hostname is securityonion, Setup gives you the opportunity to rename it

Configure your network interfaces, reboot, then log back in

Launch Setup again and skip network configuration to go to service configuration

sosetup-minimal can run Evaluation Mode in 4GB RAM

Confirm sniffing interface

Create username

Create Password

Confirm Password

Confirm all options

Please wait while Setup configures your system

Setup complete

Desktop no longer prompts to run Setup and includes icons for analyst applications 

The README shortcut includes links to the cheat sheet and online and offline documentation

CyberChef 9.12.0

Single Sign On (SSO) for Squert, CapMe, and Kibana

sosetup-minimal can run Evaluation Mode in only 4GB RAM

Analyze IDS alerts using Squert

Retrieve full packet capture with CapMe

Kibana Overview Dashboard

Help

Zeek Notices

HIDS Alerts from OSSEC/Wazuh

NIDS Alerts from Snort or Suricata

Zeek Connections

Zeek Total Bytes

Zeek DCERPC
Zeek DHCP



Zeek DNP3

Zeek DNS

Zeek Files

Zeek FTP

Zeek HTTP

Zeek Intel

Zeek IRC

Zeek Kerberos
Zeek Modbus



Zeek MySQL

Zeek NTLM

Zeek PE

Zeek RADIUS

Zeek RDP

Zeek RFB

Zeek SIP

Zeek SMB
Zeek SMTP



Zeek SNMP

Zeek Software

Zeek SSH
Zeek SSL



Zeek Syslog

Zeek Tunnels

Zeek Weird

Zeek X.509

OSSEC/Wazuh Logs

Syslog

at No comments:
Labels: , , , , , , , ,
Subscribe to: Comments (Atom)

Search This Blog

Featured Post

Security Onion Essentials 2026

We've updated our popular Security Onion Essentials video series!

Popular Posts

Blog Archive