Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merge dev to 2.4 for hotfix 20241010 #116

Merged
merged 3 commits into from
Oct 10, 2024
Merged

Merge dev to 2.4 for hotfix 20241010 #116

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
38d2de0
update release notes for 20241010 hotfix
dougburks Oct 10, 2024
f0bb59d
update release notes
dougburks Oct 10, 2024
c035cb0
update elastic-fleet to fix typos
dougburks Oct 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions cases.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -150,6 +150,10 @@ Virustotal ✓ ✓ ✓ ✓
WhoisLookup ✓
======================= ======= === ==== == ==== ===== === === ==========

.. note::

The ``malwarehashregistry`` analyzer is no longer working as of 2.4.100. This is due to a stale third-party library that is incompatible with the latest Python version. `#13571 <https://github.com/Security-Onion-Solutions/securityonion/issues/13571>`_

Running Analyzers
~~~~~~~~~~~~~~~~~

Expand Down
2 changes: 1 addition & 1 deletion elastic-fleet.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -153,7 +153,7 @@ The section provides details such as:

- Method in which agent binaries will be downloaded

- this will be a a local artifact repository if running an airgapped deployment)
- this will be a local artifact repository if running an airgapped deployment

.. warning::

Expand Down
31 changes: 30 additions & 1 deletion release-notes.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,36 @@ Release Notes
Known Issues
~~~~~~~~~~~~

- The ``malwarehashregistry`` analyzer (Case -> Observables Tab) is no longer working as of 2.4.100. This is due to a stale third-party library that is incompatible with the latest Python version. `#13571 <https://github.com/Security-Onion-Solutions/securityonion/issues/13571>`_
If you had previously updated to version 2.4.100 and had indices with incorrect data like source IP address, then you may need to delete the incorrect indices via the command line as follows.

First, become root:

::

sudo -i

Next, roll over each of the affected data streams (replacing ``YOUR-DATASTREAM`` as necessary):

::

for i in YOUR-DATASTREAM-1 YOUR-DATASTREAM-2; do
so-elasticsearch-query $i/_rollover -XPOST
done

Then, delete the previous index for each of the affected data streams (replacing ``YOUR-DATASTREAM`` as necessary):

::

for i in YOUR-DATASTREAM-1 YOUR-DATASTREAM-2; do
INDEX_TO_DELETE=$(so-elasticsearch-query $i | jq -r 'keys[]' | tail -2 | head -1); so-elasticsearch-query $INDEX_TO_DELETE -XDELETE
done

Finally, check to see that the fields now display as expected.

2.4.110 Hotfix [20241010] Changes
---------------------------------

- FIX: Use ID instead of name for getting integrations from agent policies `#13795 <https://github.com/Security-Onion-Solutions/securityonion/issues/13795>`_

2.4.110 [20241004] Changes
--------------------------
Expand Down
Loading