Changelog v-12.04.5.3:
+ tcpudpflow: remove connection_state_remove event handler
+ ossec_agent: Add source of syslog as destination IP for Sguil alert
+ sosetup: allow user to enable/disable Snorby
+ web-page: add groupby:site to ELSA HTTP SQL Injection query
+ web-page: add SSL Top Subjects query
+ add Windows and Cisco parsers
+ update shellshock module for Bro 2.4
+ NSM: update SpoolDir and LogDir in broctl.cfg
+ NSM: add stderr redirect to stdout on adduser
+ and many more..
Security Onion is a Linux distro for IDS (Intrusion Detection) and NSM (Network Security Monitoring). It’s based on Ubuntu and contains Snort, Suricata, Bro, Sguil, Squert, Snorby, ELSA, Xplico, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!
Pivot between multiple data types with Sguil and send pcaps to Wireshark and NetworkMiner
Security Onion 12.04 Update Procedure
Initiating an update over SSH
If you’re updating your Security Onion box over an SSH connection and your connection drops, then your update process may be left in an inconsistent state. It is therefore recommended to run byobu so that your session will continue to run on the Security Onion box even if your connection drops. Byobu is very handy and we recommend running it all the time to avoid forgetting about it before an update.
# install byobu
sudo apt-get install byobu
# enable byobu
byobu-enable
# you’re now ready to update
Download latest version : securityonion-12.04.53.iso (1.5 GB)
Find Other Version |
Source : http://blog.securityonion.net/p/securityonion.html
Our Post Before : http://seclist.us/updates-security-union-v-12-04-4-20140222-is-a-linux-distro-for-ids-nsm-and-log-management.html