It looks like things are coming along quite nicely with the recent rebuild effort of Security Onion for Ubuntu 14.04 LTS.
Doug Burks recently announced and invited others to be involved in the testing of in-place upgrades for Security Onion from Ubuntu 12.04 to 14.04, here:
http://blog.securityonion.net/2015/11/bdr2-testers-wanted.html
Burks and team have been working hard to rebuild the numerous packages included with the Security Onion distribution since the announcement of the rebuild back in September.
http://blog.securityonion.net/2015/09/bdr2-electric-boogaloo-towards-ubuntu.html).
The new effort, titled BDR2 (Big Distro Rebuild 2), affords NSM practitioners the ability to use a more updated, supported version of Ubuntu. For those of you who are not aware of Security Onion, it “is a Linux distro for intrusion detection, network security monitoring, and log management”. The distro neatly and effectively ties together many open source components/tools to assist an analyst in an everyday capacity. These tools include:
Snort/Suricata: Intrustion detection (https://www.snort.org/ , http://suricata-ids.org/)
Bro: Network analysis framework (https://www.bro.org/)
OSSEC: HIDS, File-based integrity monitoring, active response (https://ossec.github.io/)
Sguil: Store and view alert data; Integration with Security Onion allows for quick pivoting between different tools/datatypes (https://bammv.github.io/sguil/index.html)
ELSA: Enterprise Log and Search Engine; Can store a massive amount of logs; Uses Sphinx to make searching of indexed logs a snap; Custom hooks and queries packaged with Security Onion allows an analyst to quickly and easily investigate suspicious activity and pivot between data types (https://code.google.com/p/enterprise-log-search-and-archive/)
Squert: Web interface for Sguil (http://www.squertproject.org/)
Xplico: Network forensics tool; Dissect and review PCAPs, manage cases (http://www.xplico.org/)
NetworkMiner: Can be used as a passive sniffer, but in Security Onion is mostly used for parsing PCAPs to retrieve hostnames, images, files, etc (http://www.netresec.com/?page=NetworkMiner)
CapMe: Allows for generation of a PCAP/transcript; Currenlt used when pivoting from ELSA (https://github.com/int13h/capme)
syslog-ng: Transports syslog for log storage and analysis (https://www.balabit.com/network-security/syslog-ng)
PF_RING: Uses a zero-copy mechanism to efficiently copy packets off the wire (http://www.ntop.org/products/packet-capture/pf_ring/)
barnyard2: Interpreter for Snort unified2 files; allows Snort to write to disk in a efficient manner (https://github.com/firnsy/barnyard2)
These are just some of the components/tools that tie it all together for Security Onion.
For more information, you can visit the Security Onion wiki, here:
https://github.com/Security-Onion-Solutions/security-onion/wiki
or the blog, here:
nsmlife[dot]org 