Security Onion 2.3.250 releases: Linux distro for intrusion detection, enterprise security monitoring, and log management
Security Onion
Security Onion is a free and open-source Linux distribution for intrusion detection, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort, Suricata, Bro, OSSEC, Sguil, Squert, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!
Below are several diagrams to represent the current architecture and deployment scenarios for Security Onion on the Elastic Stack.
High-Level Architecture Diagram
Core Components
Logstash – Parse and format logs.
Elasticsearch – Ingest and index logs.
Kibana – Visualize ingested log data.
Auxiliary Components
Curator – Manage indices through scheduled maintenance.
ElastAlert – Query Elasticsearch and alert on user-defined anomalous behavior or other interesting bits of information.
FreqServer -Detect DGAs and find random file names, script names, process names, service names, workstation names, TLS certificate subjects and issuer subjects, etc.
DomainStats – Get additional info about a domain by providing additional context, such as creation time, age, reputation, etc.
Changelog v2.3.250
- FIX: Bump SOCtopus Flask Version to 2.3.2 #10272
- FIX: Improve soup’s local file modification logic #8972
- FIX: Kibana: Ensure _id fields beginning with a hyphen work properly when pivoting to SOC from Kibana #10305
- FIX: Simplify cloud detection #10261
- FIX: Strelka YARA Compilation #10271
- UPGRADE: Elastic 8.7.1 #10269
- UPGRADE: FleetDM 4.31.1 #10379
- UPGRADE: Grafana 9.2.17 #10262
- UPGRADE: Kratos to 0.13.0 #10309
- UPGRADE: SOC external dependencies #10268
- UPGRADE: Suricata 6.0.12 #10311
- UPGRADE: Zeek 5.0.9 #10374
