Jump to content
YOUR-AD-HERE
HOSTING
TOOLS
SERVICE

Locked Security Onion 2.3.80 - Linux distro for intrusion detection


itsMe

Recommended Posts

This is the hidden content, please

Security Onion

Security Onion is a free and open source Linux distribution for intrusion detection, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort, Suricata, Bro, OSSEC, Sguil, Squert, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!

Below are several diagrams to represent the current architecture and deployment scenarios for Security Onion on the Elastic Stack.

Core Components

Logstash – Parse and format logs.
Elasticsearch – Ingest and index logs.
Kibana – Visualize ingested log data.
Auxiliary Components

Curator – Manage indices through scheduled maintenance.
ElastAlert – Query Elasticsearch and alert on user-defined anomalous behavior or other interesting bits of information.
FreqServer -Detect DGAs and find random file names, script names, process names, service names, workstation names, TLS certificate subjects and issuer subjects, etc.
DomainStats – Get additional info about a domain by providing additional context, such as creation time, age, reputation, etc.

Changelog v2.3.80

    FEATURE: Ability to disable Zeek, Suricata #4429
    FEATURE: Add docs link to Setup #5459
    FEATURE: Add evtx support in Import Node #2206
    FEATURE: Consolidate whiptail screens when selecting optional components #5456
    FEATURE: Distinguish between Zeek generated syslog and normal syslog in hunt for event fields #5403
    FEATURE: Enable index sorting to increase search speed #5287
    FEATURE: Expose options for elasticsearch.yml via Salt pillar #1257
    FEATURE: Role-based access control (RBAC) #5614
    FEATURE: soup -y for automation #5043
    FIX: Add new default filebeat module indices to the global pillar. #5526
    FIX: all.rules file can become empty on non-airgap deployments if manager does not have access to the internet. #3619
    FIX: Curator cron should run less often #5189
    FIX: Improve unit test maintainability by refactoring to use Golang assertion library #5604
    FIX: Invalid password message should also mention dollar signs are not allowed #5381
    FIX: Max files for steno should use a pillar value for easy tuning. #5393
    FIX: Remove raid check for official cloud appliances #5449
    FIX: Remove watermark settings from global pillar. #5520
    FIX: SOC Username case sensitivity #5154
    FIX: so-user tool should validate password before adding user to SOC #5606
    FIX: Switch to new Curator auth params #5273
    UPGRADE: Curator to 5.8.4 #5272
    UPGRADE: CyberChef to 9.32.2 #5158
    UPGRADE: SOC UI 3rd Party dependencies to latest versions #5603
    UPGRADE: Zeek to 4.0.4 #5630

This is the hidden content, please

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.