Security Onion 2.3.130 releases: Linux distro for intrusion detection, enterprise security monitoring, and log management
Security Onion is a free and open-source Linux distribution for intrusion detection, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort, Suricata, Bro, OSSEC, Sguil, Squert, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!
Below are several diagrams to represent the current architecture and deployment scenarios for Security Onion on the Elastic Stack.
High-Level Architecture Diagram
Curator – Manage indices through scheduled maintenance.
ElastAlert – Query Elasticsearch and alert on user-defined anomalous behavior or other interesting bits of information.
FreqServer -Detect DGAs and find random file names, script names, process names, service names, workstation names, TLS certificate subjects and issuer subjects, etc.
DomainStats – Get additional info about a domain by providing additional context, such as creation time, age, reputation, etc.
- FEATURE: Add “observable” button next to hash for case attachments #7222
- FEATURE: Add set of default analyzers #7945
- FEATURE: Make classification.config user-configurable #7918
- FEATURE: Native analyzer infrastructure #7944
- FEATURE: Playbook False Positive Tuning #8059
- FEATURE: SOC Dashboards #1211
- FIX: Allow quick actions on a field value with the number 0 #8023
- FIX: Elastalert query in Hunt #8049
- FIX: Ensure failed elastic queries show an error on the SOC UI #7846
- FIX: Firefox OQL edits should release focus after pressing ENTER #8063
- UPGRADE: ElastAlert 2 from 2.2.2 to 2.5.0 #8008
- UPGRADE: Elastic 7.17.4 #8002
- UPGRADE: FleetDM 4.14.0 #8012
- UPGRADE: Kratos 0.8.2-alpha.1 to 0.9.0-alpha.3 #7943
- UPGRADE: TensorFlow from 2.5 to 2.9.1 #8009
- UPGRADE: attack-navigator v4.6.4 #7977
- UPGRADE: Zeek 4.0.6 to 4.0.7 #8067