Security Onion 2.4.70 now available including our new Detections interface and much more!
Tune your:
βοΈ#NIDS rules for #Suricata
βοΈ#Sigma rules for #ElastAlert
βοΈ#YARA rules for #Strelka
Take your #DetectionEngineering game to a new level!
https://blog.securityonion.net/2024/05/security-onion-2470-now-available.html
Wow that meme post from the other day was by far my most popular toot. I definitely was not expecting that, but I appreciate that our community supports the same kind of humor :D
I have been doing lots of work with Elastalert the past few days:
https://github.com/Yelp/elastalert
It's been super fun! I am porting over certain threat detection alerts over to a slack channel. Utilizing Elastalert allows me to do it for free. The only catch is you have to hand build the YAML files, but honestly it's been a great learning experience. I highly recommend it anyone using ELK and wants alerting!
I think the best part about the false positive alert that fired tonight for a developer account getting domain admin was my boss posting an xzibit meme at the end. 
Security Onion π§
β
Weary Android
acrypthashπ¨π»βπ»
Martin Boller 
