Month: January 2024
Security Onion 2.4.40 and so-elastalert running on the manager
We upgraded our Security Onion nodes today. We really had no choice. I was surprised to see the so-elastalert container normally running on the manager being unable to start. I happened to glance at the release notes, and tried the commands suggested there. Suffice it to say, I got nowhere.
Read More → Security Onion 2.4.40 and so-elastalert running on the managerKB5034441 and new Microsoft Windows 10 setups
In the aftermath of KB5034441, I experimented with creating a 1 GiB large Windows Recovery Partition on a new Microsoft Windows 10 VM, ensuring enough free space for KB5034441 and hopefully any later versions of the “Windows Recovery Environment.”
Read More → KB5034441 and new Microsoft Windows 10 setupsSecurity Onion 2.4.30, Zeek 6.0.2, and single IPv4 address in $HOME_NET
If Zeek on your forward node (sensor) keeps restarting and its detailed status never changes from “health: starting,” to simply “healthy,” have a look at zeek.config.networks.HOME_NET in the Grid Configuration.
Read More → Security Onion 2.4.30, Zeek 6.0.2, and single IPv4 address in $HOME_NET