Security Onion's Avatar

Security Onion

@securityonion.bsky.social

By defenders. For defenders. Peel back the layers of your network and make your adversaries cry. https://www.securityonion.com

548 Followers  |  4 Following  |  64 Posts  |  Joined: 19.11.2024  |  2.0368

Latest posts by securityonion.bsky.social on Bluesky

Post image Post image Post image Post image

🚨 Security Onion 2.4.170 now available including JA4, more SOC dashboards, and updated components! 🚨

πŸ”Let's find more hackers! πŸ”

If you like Security Onion, please like and share to help spread the word!

blog.securityonion.net/2025/08/secu...

12.08.2025 14:55 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 1
Preview
Security Onion 2.4.160 now available including Playbooks, Guided Analysis, MCP Server, and more! Security Onion 2.4.160 is now available and includes Playbooks and Guided Analysis to help you more quickly triage and respond to alerts! Se...

For more information, please see the blog post!

blog.securityonion.net/2025/06/secu...

25.06.2025 18:35 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

This leverages Playbooks to show you plays associated with the alert. These plays include questions which help guide your investigation. Each question has an associated query and the results of that query will be automatically displayed to help you answer the question.

25.06.2025 18:35 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Post image

Security Onion 2.4.160 now available including Playbooks, Guided Analysis, MCP Server, and more!

Have you ever had an alert and were unsure of what to do next? In this release, when you expand an alert you'll see a new tab called Guided Analysis.

25.06.2025 18:34 β€” πŸ‘ 2    πŸ” 2    πŸ’¬ 1    πŸ“Œ 0
Sneak Peek: Security Onion Playbooks
YouTube video by Security Onion Sneak Peek: Security Onion Playbooks

We've got a new AI-powered Playbooks feature coming in Security Onion 2.4.160 that will turbocharge your analysis and incident response!

www.youtube.com/watch?v=SLGR...

18.06.2025 13:28 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 1
Security Onion Pro Notifications
YouTube video by Security Onion Security Onion Pro Notifications

Check out our latest video, covering the Notifications feature in Security Onion Pro. Send your alerts directly to another platform, like email, Slack, or Jira!

www.youtube.com/watch?v=quy8...

12.06.2025 17:12 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 1
Preview
Security Onion 2.4.150: Celebrating Mother's Day with MoM (Manager of Managers) Yesterday was Mother's Day and we are very thankful for our mothers! Today, we are releasing Security Onion 2.4.150 which includes a new Pro...

Today, we are releasing Security Onion 2.4.150 which includes a new Pro feature called MoM (Manager of Managers).

If you have multiple Security Onion deployments, check out this new feature that will allow you to manage them from a single manager!

blog.securityonion.net/2025/05/secu...

12.05.2025 17:14 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Tattoo of an onion with an arrow through it and a banner beneath that says MOM

Tattoo of an onion with an arrow through it and a banner beneath that says MOM

πŸ§…β™₯️Security Onion 2.4.150: Celebrating Mother's Day with MoM (Manager of Managers) πŸ§…β™₯️

Yesterday was Mother's Day and we are very thankful for our mothers!

12.05.2025 17:13 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 1    πŸ“Œ 1
Peeling Back the Network Layers with Doug Burks | S3 E2
YouTube video by Simply Cyber - Gerald Auger, PhD Peeling Back the Network Layers with Doug Burks | S3 E2

Thanks to Simply Cyber for having me on the podcast to talk about @securityonion.bsky.social !

Peeling Back the Network Layers with Doug Burks | S3 E2

www.youtube.com/watch?v=FNB6...

25.04.2025 14:56 β€” πŸ‘ 1    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Elasticsearch β€” Security Onion Documentation 2.4 documentation

There's also lots of good information in the Elasticsearch section of our documentation:

docs.securityonion.net/en/2.4/elast...

23.04.2025 12:29 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Index Lifecycle Management in Security Onion
YouTube video by Security Onion Index Lifecycle Management in Security Onion

Need more information on index lifecycle management? Good news, there's a primer on our Youtube channel!

www.youtube.com/watch?v=Y6HV...

23.04.2025 12:29 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Upcoming Change to Elasticsearch Index Management for Multi-Node Deployments Elasticsearch indices are managed by both the so-elasticsearch-indices-delete utility and Index Lifecycle Management (ILM). so-elasticsearch...

Upcoming change to Elasticsearch index management in Security Onion -- read this, especially if you're running a distributed, multinode deployment.

blog.securityonion.net/2025/04/upco...

23.04.2025 12:27 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 1    πŸ“Œ 1
Index Lifecycle Management in Security Onion
YouTube video by Security Onion Index Lifecycle Management in Security Onion

Index Lifecycle Management in Security Onion

www.youtube.com/watch?v=Y6HV...

17.04.2025 14:08 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 0    πŸ“Œ 1

Security Onion is BY defenders FOR defenders!

If you like Security Onion, please scroll to the very top of this thread and LIKE and REPOST the first post of the thread to help spread the word!

THANKS!

25.03.2025 13:59 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Security Onion 2.4.140 now available including Suricata 7.0.9, Zeek 7.0.6, and much more! Security Onion 2.4.140 is now availableΒ including Suricata 7.0.9, Zeek 7.0.6, and much more! Component Updates The main focus of this releas...

There are many more fixes included in this release!

For more information, please see the full blog post at:

blog.securityonion.net/2025/03/secu...

25.03.2025 13:59 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

This release also adds a new feature to SOC Config that allows you to move certain configuration entries up or down. This includes things like SOC Dashboard queries, SOC Hunt queries, and SOC Actions:

25.03.2025 13:59 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 2    πŸ“Œ 0
Post image

Zeek 7.0.6 includes some bug fixes:

github.com/zeek/zeek/re...

25.03.2025 13:58 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Post image

The main focus of this release is upgrading Suricata and Zeek.

Suricata 7.0.9 includes some security fixes:

suricata.io/2025/03/18/s...

25.03.2025 13:58 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Post image Post image Post image Post image

Security Onion 2.4.140 now available including Suricata 7.0.9, Zeek 7.0.6, and much more!

For more details, please see the thread 🧡and the link below!

25.03.2025 13:58 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Preview
Early Bird Discount for upcoming Security Onion Detection Engineering and Analysis training class Security Onion Detection Engineering and Analysis In-Depth Tuesday, July 22, 2025 through Friday, July 25, 2025 in Columbia MD Use the follo...

We've just announced a Detection Engineering and Analysis course, coming up this July in Columbia, MD. Register now for an early bird discount!

blog.securityonion.net/2025/03/earl...

20.03.2025 13:42 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 1
Preview
Quick Malware Analysis: REMCOS RAT pcap from 2025-03-10 Thanks to Brad Duncan for sharing this pcap from 2025-03-10 on his malware traffic analysis site! Due to issues with Google flagging a warni...

Quick Malware Analysis: REMCOS RAT pcap from 2025-03-10

blog.securityonion.net/2025/03/quic...

18.03.2025 18:18 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

If you like Security Onion, please scroll to the top of this thread and LIKE and SHARE with your network to help spread the word!

Thanks!

11.03.2025 17:49 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Security Onion 2.4.130 now available including Elastic 8.17.3 and much more! Security Onion 2.4.130 is now availableΒ including Elastic 8.17.3 and much more! Elastic 8.17.3 The main focus of this release is upgrading t...

For more information and a full screenshot tour, please see our blog post at:

blog.securityonion.net/2025/03/secu...

11.03.2025 17:49 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Post image

This release includes support for some additional Zeek logs for protocol metadata like NTP and LDAP.

11.03.2025 17:48 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Post image

Our SOC Configuration interface is now even easier to use, especially for config items like Actions, Dashboard queries, and Hunt queries.

11.03.2025 17:48 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Post image

SOC Alerts has an advanced interface that provides more data similar to SOC Dashboards. You can now permanently enable that advanced interface using the toggle under the Options menu.

11.03.2025 17:48 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Post image

Also, we've included ALL Elastic integrations in this release!

11.03.2025 17:48 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Post image

The main focus of this release is upgrading to Elastic 8.17.3!

11.03.2025 17:47 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Post image Post image Post image Post image

Security Onion 2.4.130 now available including Elastic 8.17.3 and much more!

Please see thread 🧡below for more details!

11.03.2025 17:47 β€” πŸ‘ 5    πŸ” 2    πŸ’¬ 2    πŸ“Œ 2
Preview
Quick Malware Analysis: SMARTAPESG / NETSUPPORT RAT / STEALC pcap from 2025-02-18 Thanks to Brad Duncan for sharing this pcap from 2025-02-18 on his malware traffic analysis site! Due to issues with Google flagging a warni...

Quick Malware Analysis: SMARTAPESG / NETSUPPORT RAT / STEALC pcap from 2025-02-18

blog.securityonion.net/2025/02/quic...

28.02.2025 14:45 β€” πŸ‘ 3    πŸ” 1    πŸ’¬ 0    πŸ“Œ 1

@securityonion is following 4 prominent accounts