Intel has been named in a classaction lawsuit over spectre, meltdown, and downfall. These hardware vulnerabilities significantly impact performance if the code mitigation Intel provides is used. Running these CPUs without mitigation was a risk determination many organizations knew about and consciously chose. Consumers on the other hand had little to no protection for this.

https://www.classaction.org/blog/class-action-alleges-intel-sold-billions-of-defective-cpus-with-security-flaws-performance-issues

Interesting reading from the week ending 2023-11-19

Read more

Security Onion is a fantastic and continually impressive suite of SOC tools that work very well for small organizations. Most of the time at least. The installation is not user-friendly, and it is clearly expected that you know why or why not to chose a particular option.

For all my love of SecurityOnion 2.x, I am continually wishing it natively had more up-to-date wazuh agent support. There were significant changes in Wazuh 3.x to 4.x, including the change to TCP as the default communications protocol for the agents.

 

2022/10/13 21:52:06 wazuh-agent: ERROR: (1216): Unable to connect to '10.X.X.X:1514/tcp': 'No connection could be made because the target machine actively refused it.'.

 

*sigh*

Manipulating the SO firewall wasn’t sufficient. I thought that perhaps just adding tcp as a valid protocol:

sudo so-firewall addportgroup wazuh_4_agents
sudo so-firewall addport wazuh_4_agents tcp 1514
sudo so-firewall apply

 

Sadly, that was insufficient. I gave up and went back to 3.13 which was released years ago.