From 38d2de076b68a5167beb45f5792cbc06d145e715 Mon Sep 17 00:00:00 2001 From: Doug Burks Date: Thu, 10 Oct 2024 07:11:08 -0400 Subject: [PATCH 1/3] update release notes for 20241010 hotfix --- cases.rst | 4 ++++ release-notes.rst | 31 ++++++++++++++++++++++++++++++- 2 files changed, 34 insertions(+), 1 deletion(-) diff --git a/cases.rst b/cases.rst index b951b7b5..011ced4f 100644 --- a/cases.rst +++ b/cases.rst @@ -150,6 +150,10 @@ Virustotal ✓ ✓ ✓ ✓ WhoisLookup ✓ ======================= ======= === ==== == ==== ===== === === ========== +.. note:: + + The ``malwarehashregistry`` analyzer is no longer working as of 2.4.100. This is due to a stale third-party library that is incompatible with the latest Python version. `#13571 `_ + Running Analyzers ~~~~~~~~~~~~~~~~~ diff --git a/release-notes.rst b/release-notes.rst index 03262cf3..f5065f51 100644 --- a/release-notes.rst +++ b/release-notes.rst @@ -6,7 +6,36 @@ Release Notes Known Issues ~~~~~~~~~~~~ -- The ``malwarehashregistry`` analyzer (Case -> Observables Tab) is no longer working as of 2.4.100. This is due to a stale third-party library that is incompatible with the latest Python version. `#13571 `_ +If you had previously updated to version 2.4.100 and had indices with incorrect data like source IP address, then you may need to delete the incorrect indices via the command line as follows. + +First, become root: + +:: + + sudo -i + +Next, roll over each of the affected data streams (replacing ``YOUR-DATASTREAM`` as necessary): + +:: + + for i in YOUR-DATASTREAM-1 YOUR-DATASTREAM-2; do + so-elasticsearch-query $i/_rollover -XPOST + done + +Then, delete the previous index for each of the affected data streams (replacing ``YOUR-DATASTREAM`` as necessary): + +:: + + for i in YOUR-DATASTREAM-1 YOUR-DATASTREAM-2; do + INDEX_TO_DELETE=$(so-elasticsearch-query $i | jq -r 'keys[]' | tail -2 | head -1); so-elasticsearch-query $INDEX_TO_DELETE -XDELETE + done + +Finally, navigate to Kibana -> Security Onion - Home -> Network dashboard to confirm that the fields now display as expected. + +2.4.110 Hotfix [20241010] Changes +--------------------------------- + +- FIX: Use ID instead of name for getting integrations from agent policies `#13795 `_ 2.4.110 [20241004] Changes -------------------------- From f0bb59d1cceec7eeebc0e94e479ee1e9ff953765 Mon Sep 17 00:00:00 2001 From: Doug Burks Date: Thu, 10 Oct 2024 07:31:11 -0400 Subject: [PATCH 2/3] update release notes --- release-notes.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/release-notes.rst b/release-notes.rst index f5065f51..71e5203f 100644 --- a/release-notes.rst +++ b/release-notes.rst @@ -30,7 +30,7 @@ Then, delete the previous index for each of the affected data streams (replacing INDEX_TO_DELETE=$(so-elasticsearch-query $i | jq -r 'keys[]' | tail -2 | head -1); so-elasticsearch-query $INDEX_TO_DELETE -XDELETE done -Finally, navigate to Kibana -> Security Onion - Home -> Network dashboard to confirm that the fields now display as expected. +Finally, check to see that the fields now display as expected. 2.4.110 Hotfix [20241010] Changes --------------------------------- From c035cb08578580e878695780115ad720918f0c2c Mon Sep 17 00:00:00 2001 From: Doug Burks Date: Thu, 10 Oct 2024 10:10:27 -0400 Subject: [PATCH 3/3] update elastic-fleet to fix typos --- elastic-fleet.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/elastic-fleet.rst b/elastic-fleet.rst index f39d436e..dd241d3f 100644 --- a/elastic-fleet.rst +++ b/elastic-fleet.rst @@ -153,7 +153,7 @@ The section provides details such as: - Method in which agent binaries will be downloaded - - this will be a a local artifact repository if running an airgapped deployment) + - this will be a local artifact repository if running an airgapped deployment .. warning::