Skip to content
This repository has been archived by the owner on Apr 16, 2021. It is now read-only.

2016

Jump to bottom
Doug Burks edited this page Mar 15, 2019 · 372 revisions

  • January 2016

    • Issue 820: Snort 2.9.8.0
    • Issue 839: securityonion-capme needs additional input validation
    • Issue 814: Move to Ubuntu 14.04
    • Issue 739: Salt 2015.5.3
    • Issue 829: Apache reverse proxy /elsa-query to ELSA port 3154
    • Issue 824: securityonion-web-page: fix links to ELSA
    • Issue 810: securityonion-web-page: move SSH Logins query to Host Logs category
    • Issue 811: securityonion-tcpudpflow: add SMTP and RDP support
    • Issue 807: securityonion-elsa-extras: Remove NameVirtualHost to eliminate warning
    • Issue 729: Setup: add option for pivot URL (no longer needed)
    • Issue 821: Setup: fix domain name cancellation
    • Issue 822: Setup: remove alphanumeric password requirement
    • Issue 828: Setup: desktop shortcuts
    • Issue 790: sostat: remove snorby
    • Issue 830: soup: remove old linux kernels
    • Issue 815: NSM: add log directory creation to postinst
    • Issue 831: Snort Community Ruleset has moved
    • Issue 812: Bro 2.4.1
    • Issue 816: Snort needs liblzma
    • Issue 818: Suricata 3.0RC3
    • Issue 836: syslog-ng warning when restarting
    • Issue 838: Move downloads from SourceForge to Github
    • Issue 843: NSM: services fail to start when choosing Master only
    • Issue 844: Setup: sosetup-network needs same interface regex as sosetup
    • Issue 845: Setup: Production Mode - Custom - not enabling some services properly

  • February 2016

    • Issue 842: securityonion-elsa: map dashboard displays empty screen
    • Issue 840: securityonion-capme: remove include config from callback
    • Issue 846: Setup: X11 error when running via ssh -X
    • Issue 848: Setup: master-only shouldn't show Snort/Bro in final confirmation screen
    • Issue 847: Suricata 3.0
    • Issue 856: securityonion-capme needs additional input validation in index.php
    • Issue 857: NetworkMiner 2.0
    • Issue 835: PF_RING 6.2
    • Issue 853: NSM: if BPF file is empty, omit option from snort/suricata command
    • Issue 854: NSM: improve check for snort/suricata
    • Issue 855: NSM: remove old references to disable_signature_reference
    • Issue 859: NSM: mkdir -p /var/run/nsm/ before trying to chown
    • Issue 849: sostat: check timezone and warn if not UTC
    • Issue 858: sostat: check default_start_time_offset

  • March 2016

    • Issue 869: GPG signature for ISO image
    • Issue 862: securityonion-capme: merge timestamp changes from Wes Lambert
    • Issue 832: pulledpork.pl refinement
    • Issue 785: sostat: show number of available updates
    • Issue 792: soup: add note about running on master server before running on sensor
    • Issue 865: Setup: only open port 22 in ufw firewall
    • Issue 860: Setup: disable noisy SURICATA events
    • Issue 735: Setup: Production Mode should automatically configure PF_RING instances
    • Issue 874: Setup: add -w option to write out sosetup.conf file
    • Issue 866: NSM: Squert object_mappings table has wrong permissions
    • Issue 876: Setup: division by 0 error on SNIFFING_INTERFACES
    • Issue 861: 14.04.4.1 ISO image

  • April 2016

    • Issue 891: Setup: fix errors when sensors add firewall rules
    • Issue 894: Setup: remove old keyring files
    • Issue 892: securityonion-rule-update: avoid su error
    • Issue 893: Snort 2.9.8.2
    • Issue 896: Suricata 3.0.1
    • Issue 882: ELSA: fix email
    • Issue 881: ELSA: remove non-ascii character from securityonion-elsa-reset-archive
    • Issue 902: Setup: Additonal debug info and input validation
    • Issue 890: Squert ip2c cron job should sleep a random number of minutes
    • Issue 899: Squert ip2c cron job should run as a non-root user
    • Issue 903: Squert ip2c cron job should log to a log file

  • May 2016

    • Issue 864: ELSA: Improve dashboard map shading
    • Issue 906: sosetup.conf: allow passwords with special characters
    • Issue 907: sosetup-fix-ppconf duplicating Snort community ruleset entries
    • Issue 904: Setup should run pulledpork and squert-ip2c as limited user
    • Issue 914: securityonion-setup: mysql calls should use --defaults-file
    • Issue 909: securityonion-rule-update: ensure barnyard/IDS are running before restarting
    • Issue 911: securityonion-rule-update: add cron option to force delay
    • Issue 918: securityonion-rule-update: cron delay should be at least 10 minutes
    • Issue 910: securityonion-squert-cron: add cron option to force delay
    • Issue 917: securityonion-squert-cron: cron delay should be at least 10 minutes
    • Issue 915: securityonion-sostat: mysql calls should use --defaults-file
    • Issue 924: NSM: set DEBUG 1 in /etc/sguild/sguild.conf
    • Issue 736: CapMe: Debug information occasionally gets rendered inside the transcript
    • Issue 738: CapMe: handle large pcaps more gracefully
    • Issue 916: CapMe: Check for gzip encoding and automatically switch to Bro transcript
    • Issue 922: CapMe: Handle sguild failure more gracefully
    • Issue 493: CapMe: send credentials interactively to avoid exposing on command line

  • June 2016

    • Issue 919: Setup: check minimum RAM requirements
    • Issue 923: Setup: warn user if they disable full packet capture
    • Issue 932: Setup: consistently apply title to all zenity windows
    • Issue 931: nsm_sensor_backup-data missing leading slash in directory
    • Issue 908: securityonion-elsa-extras: add securityonion-elsa-reset script
    • Issue 871: CapMe: add session support to avoid re-authenticating every time
    • Issue 930: CapMe: increase memory limit
    • Issue 933: CapMe: handle inactive/failed pcap_agents more gracefully
    • Issue 927: CapMe: Handle pcaps that generate no p0f output
    • Issue 934: CapMe: subdirectories should redirect to main page
    • Issue 935: CapMe: improve input validation on stime and etime variables
    • Issue 936: CapMe: replace include_once with require_once
    • Issue 867: Squert: pivot to CapMe for pcap
    • Issue 929: Squert: update mysql call in scripts
    • Issue 913: 14.04.4.2 ISO image

  • July 2016

    • Issue 952: securityonion-web-page: add FTP Data query to FTP category
    • Issue 957: securityonion-web-page: change public site hyperlinks to https
    • Issue 956: CapMe: only close transcript when 'close' button is clicked
    • Issue 951: sostat: group packet loss stats into one section
    • Issue 960: sostat: output when current monitoring interval has not completed
    • Issue 925: Setup: ask user for MTU of sniffing interface(s) and allow VLAN tags
    • Issue 926: Setup: ask user for HOME_NET
    • Issue 948: Setup: configure email
    • Issue 949: Setup: change http links to https
    • Issue 953: Setup: change "Emerging Threats GPL" to "Emerging Threats Open"
    • Issue 955: Setup: Nonstandard interface names not being detected
    • Issue 304: Setup: support unique interface names
    • Issue 944: NSM: backup scripts should not prompt when run with --force-yes
    • Issue 561: NSM: nsm_server_backup-config should check FORCE_YES
    • Issue 937: NSM: remove sguild DEBUG 1 from postinst
    • Issue 943: NSM: add nsm_server_user-list
    • Issue 941: PF_RING 6.4.1
    • Issue 945: Suricata 3.1.1
    • Issue 946: Snort 2.9.8.3
    • Issue 963: sostat: improve formatting

  • August 2016

    • Issue 966: Setup: sosetup.conf needs to include MTU
    • Issue 592: sosetup: add -y option
    • Issue 967: Squert: Parameter not escaped in ip2c.php
    • Issue 969: Squert: prevent directory listing for subdirectories
    • Issue 827: securityonion-elsa-extras: merge additional patterns
    • Issue 950: ELSA: change Help link to point to ELSA Github
    • Issue 970: securityonion-web-page: add queries for autoruns, dnp3, and modbus
    • Issue 973: securityonion-web-page: Apache ServerName localhost
    • Issue 964: securityonion-web-page: add "bottom" queries for long tail analysis
    • Issue 976: securityonion-web-page: additional protections in securityonion.conf
    • Issue 971: securityonion-sguil-db-purge: add command line options
    • Issue 972: securityonion-sguil-db-purge: update mysql calls
    • Issue 974: securityonion-sguil-db-purge: check for privileges
    • Issue 968: NSM: wipe stats.log when restarting Suricata
    • Issue 980: Setup: sosetup.conf SGUIL_CLIENT_USERNAME alphanumeric only
    • Issue 979: securityonion-elsa-extras: additional patterns for Sysmon 4 and 4.11
    • Issue 983: securityonion-elsa-extras: add "AR-LOG" header to autoruns pattern
    • Issue 975: NSM: configure Snort snaplen via command line argument
    • Issue 981: sosetup-network: bug when configuring management interface only
    • Issue 984: securityonion-web-page: add HTTP top status code
    • Issue 986: Setup: use default MTU

  • September 2016

    • Issue 879: 14.04.5.1 ISO image
    • Issue 994: Suricata 3.1.2
    • Issue 987: Squert ip2c cron job should lock to prevent multiple instances
    • Issue 997: securityonion-elsa-extras: better parsing for event id 4776
    • Issue 985: rule-update should always log to /var/log/nsm/pulledpork.log
    • Issue 990: sostat: Fix redirect to file issue
    • Issue 991: sostat: Remove redundant source call
    • Issue 992: sostat: Enable nullglobs to prevent string literal bug in various for loops
    • Issue 996: sostat: report OS version and sostat version
    • Issue 998: sostat: only show last run of rule-update
    • Issue 961: soup: remove any autoremove recommendations
    • Issue 962: soup: recommend upgrading to 16.04 HWE stack
    • Issue 1001: securityonion-web-page: move Top/Bottom links to beginning of line
    • Issue 1002: securityonion-web-page: fix ELSA FIREWALL_ACCESS_DENY queries
    • Issue 1004: securityonion-web-page: standardize Autoruns queries

  • October 2016

    • Issue 1007: CapMe: transcript data sometimes overruns the transcript window
    • Issue 993: NSM: start/restart errors on systems with ethXX (2 or more numbers)
    • Issue 1005: NSM: redirect iostreams to logfile during ossec-agent restart
    • Issue 1009: soup: change "2>1" to "2>&1"

  • November 2016

    • Issue 1014: Suricata 3.1.3
    • Issue 1010: securityonion-elsa-extras: Windows process enhancements
    • Issue 988: Setup: use lowercase of hostname when creating sensornames
    • Issue 1000: Setup: rename VRT to Talos
    • Issue 989: Setup: postinst should check for existence of account before chown

  • December 2016

    • Issue 492: CapMe needs to handle UDP better
    • Issue 1024: soup: when running on sensor, ensure master server has been updated first
    • Issue 1030: NSM: remove chown from /usr/sbin/so-bro-cron
    • Issue 1026: Suricata 3.2
    • Issue 1032: NSM: don't chown every file in /nsm/bro/extracted
    • Issue 942: NSM: more gracefully handle large number of files in /nsm/bro/extracted
    • Issue 1033: NSM: only allow one instance of nsm_sensor_clean at a time
    • Issue 1023: Bro 2.5
    • Issue 1028: securityonion-bro-scripts: update for Bro 2.5
    • Issue 1029: securityonion-elsa-extras: update for Bro 2.5
    • Issue 883: Squert 1.6.3
    • Issue 868: Squert: Summary page, clicking country, src/dst results in empty page
    • Issue 958: Squert: OSSEC HIDS alerts display NIDS rules

Getting Started

Update/Upgrade

Analyst Tools

Network Visibility

Host Visibility

Elastic Stack

Customizing for your network

Tuning

Tricks and Tips

Help

Issues

Other

Scripts

Clone this wiki locally