Releases: Security-Onion-Solutions/securityonion
Releases · Security-Onion-Solutions/securityonion
2.3.290-20240229
Merge pull request #12463 from Security-Onion-Solutions/dev 2.3.290
Security Onion 2.4.50-20240220
Download the ISO
https://download.securityonion.net/file/securityonion/securityonion-2.4.50-20240220.iso
What's Changed
- Update VERSION by @TOoSmOotH in #12197
- Add Suricata IKE pipeline by @weslambert in #12201
- Add stig state by @reyesj2 in #12202
- Remove need for stig script by @reyesj2 in #12206
- Update metrics for telegraf by @reyesj2 in #12208
- Update soup by @reyesj2 in #12213
- Add stig pillar dir during soup by @reyesj2 in #12214
- Update suricata.common by @TOoSmOotH in #12216
- Disable stigs setting/verifying umask is set to 077. Known issue with … by @reyesj2 in #12220
- Additional integrations #4 by @weslambert in #12221
- Handle non-zero by @reyesj2 in #12230
- RITA Logs by @weslambert in #12227
- Exclude specific Strelka key values by @weslambert in #12241
- UPGRADE: Strelka 0.24.01.18 by @weslambert in #12240
- Fix quote by @weslambert in #12242
- standardize feature names by @jertel in #12248
- Fix PE Flags by @weslambert in #12250
- Add template for endpoint.diagnostic.collection by @weslambert in #12260
- Update soup by @reyesj2 in #12267
- Remove remediate from initial oscap scan by @reyesj2 in #12283
- fix salt lock for airgap version mismatches by @TOoSmOotH in #12293
- Manage custom Elasticsearch and Logstash pipelines in UI by @weslambert in #12297
- Jppffa by @m0duspwnens in #12294
- FEATURE: Improve Correlate and Hunt actions on SOC Actions menu #12315 by @dougburks in #12316
- FEATURE: Add new dashboards for community_id and firewall auth #12323 by @dougburks in #12324
- Salt3006.6 by @m0duspwnens in #12325
- Fixup shell by @defensivedepth in #12333
- Salt3006.6v2 by @m0duspwnens in #12337
- Add putty to SOD by @reyesj2 in #12332
- Wait for ES to be ready by @defensivedepth in #12343
- Feature/fleet artifacts by @defensivedepth in #12268
- FIX: Remove intca symlink on reinstall by @petiepooo in #12290
- FEATURE: Check for mountpoint during Elastic size limit calculations by @petiepooo in #12308
- Remove unused file by @reyesj2 in #12346
- Fix conflicting id by @defensivedepth in #12349
- FEATURE: Add new SOC action to show process ancestry #12345 by @dougburks in #12350
- Add table columns to process dashboard in defaults.yaml by @dougburks in #12355
- modify soup to update soup scripts using salt by @m0duspwnens in #12354
- `2450soup by @m0duspwnens in #12360
Full Changelog: 2.4.40-20240116...2.4.50-20240220
Contributors
defensivedepth, dougburks, and 6 other contributors
Assets 2
Security Onion 2.4.40-20240116
Download the ISO
https://download.securityonion.net/file/securityonion/securityonion-2.4.40-20240116.iso
What's Changed
- Update VERSION by @TOoSmOotH in #11778
- FIX: SOC Hunt HTTP EXE query #11784 by @dougburks in #11785
- avoid startup error by @jertel in #11792
- improve timing of responses by @jertel in #11809
- Merge hoftix back to 2.4/dev by @jertel in #11832
- add support for nested keys by @jertel in #11835
- Jertel/hfm by @jertel in #11855
- Ignore analyzer log by @weslambert in #11891
- Add certificate fingerprints by @weslambert in #11896
- FIX: Update NIDS rule.reference in common.nids pipeline #11846 by @dougburks in #11897
- Sublime Platform Analyzer by @weslambert in #11945
- Add eml observable type by @weslambert in #11950
- Fix indentation for rule_results by @weslambert in #11954
- Sublime Analyzer Documentation by @weslambert in #11955
- Merge Main into Dev by @TOoSmOotH in #11957
- FIX: Documentation links under SOC - Administration - Configuration need updating #11828 by @dougburks in #11960
- Remove Curator close configuration by @weslambert in #11967
- grid page enhancements by @jertel in #11970
- fix import stats by @jertel in #11981
- Remove Curator by @weslambert in #11990
- upgrade cla action by @jertel in #11998
- FIX: Update clear scripts #11991 by @dougburks in #12001
- Additional Integrations #2 by @weslambert in #12000
- more log false alarms by @jertel in #12012
- fix extra_hosts by @m0duspwnens in #12019
- Add force option to integrations by @weslambert in #12020
- FIX: Update dashboard and hunt query for firewall logs #12021 by @dougburks in #12023
- Fix receivers by @m0duspwnens in #12037
- exclude log false positives by @jertel in #12047
- 2.4/dev Analyzers for Threatfox, MalwareBazaar, Echotrail, Elasticsearch by @HoangLongVu in #12003
- FIX: Update dashboard and hunt query for firewall logs #12021 by @dougburks in #12048
- Fix analyzer images by @weslambert in #12052
- 2.4/main by @TOoSmOotH in #12053
- Curator Remove Changes by @weslambert in #12062
- Ignore Curator logs by @weslambert in #12063
- only run the file.absent state if there are files to delete by @jertel in #12067
- exclude transient influxdb error by @jertel in #12071
- show last highstate date/time on grid metrics screen; expose maxUploa… by @jertel in #12090
- Change salt-minion startup_states by @m0duspwnens in #12095
- 2.4/main by @TOoSmOotH in #12102
- Add brasero to packages list for SOD by @reyesj2 in #12109
- Issue/12033 by @m0duspwnens in #12116
- enable startup_states: highstate on managers during setup and not wit… by @m0duspwnens in #12118
- Update so-raid-status for SM based appliances by @TOoSmOotH in #12120
- Fix/fim by @defensivedepth in #12138
- Fix/fleet reset by @defensivedepth in #12141
- Salt3006.5 by @m0duspwnens in #12144
- exempt transient license check errors by @jertel in #12149
- Update so-functions by @TOoSmOotH in #12154
- Fix reinstall & reset stability by @defensivedepth in #12151
- Update soup by @TOoSmOotH in #12155
- Upgrade Navigator and fix Playbook layer by @defensivedepth in #12156
- Additional Supported Integrations #3 by @weslambert in #12160
- Check Kibana API not Web by @defensivedepth in #12161
- Make sure optional integration pillar values are merged with defaults by @weslambert in #12164
- Remove old nav layers by @defensivedepth in #12170
- Merge 2.4 dev by @weslambert in #12171
- Add endpoint metrics templates by @weslambert in #12173
- FIX: OTX pulses template by @weslambert in #12176
- Needsrestarted by @m0duspwnens in #12192
New Contributors
- @HoangLongVu made their first contribution in #12003
Full Changelog: 2.4.30-20231228...2.4.40-20240116
Contributors
defensivedepth, dougburks, and 6 other contributors
Assets 2
Security Onion 2.4.30-20231228
Security Onion 2.4.30-20231219
Security Onion 2.4.30-20231204
Download the ISO
https://download.securityonion.net/file/securityonion/securityonion-2.4.30-20231204.iso
What's Changed
- Update HOTFIX by @weslambert in #11902
- Update import-evtx-logs.json by @chateaulav in #11890
- move wait_for_salt_minion for hotfix by @m0duspwnens in #11923
- avoid exiting salt when ca state applied in post for 2.4.30 by @m0duspwnens in #11929
New Contributors
- @chateaulav made their first contribution in #11890
Full Changelog: 2.4.30-20231121...2.4.30-20231204
Contributors
weslambert, m0duspwnens, and chateaulav
Assets 2
2.3.280
What's Changed
- Update VERSION by @jertel in #11506
- Zeek 6 upgrade by @reyesj2 in #11561
- Update soup by @TOoSmOotH in #11749
- Add EOL warning to README.md by @dougburks in #11771
- Elastic 8.10.4 by @weslambert in #11772
- Update soup by @m0duspwnens in #11798
- Update signing_policies.conf by @TOoSmOotH in #11831
- Update signing_policies.conf by @TOoSmOotH in #11834
- suricata interface None if so-import by @m0duspwnens in #11864
- enable highstate after starting minion by @m0duspwnens in #11873
- so-nginx watch managerssl to restart if changed by @m0duspwnens in #11874
Full Changelog: 2.3.270-1006...2.3.280-20231128
Contributors
dougburks, TOoSmOotH, and 4 other contributors
Assets 2
2.4.30-20231121
Merge pull request #11854 from Security-Onion-Solutions/hotfix/2.4.30 Hotfix/2.4.30
2.4.30-20231117
Merge pull request #11827 from Security-Onion-Solutions/hotfix/2.4.30 Hotfix 2.4.30
Security Onion 2.4.30-20231113
Download the ISO
https://download.securityonion.net/file/securityonion/securityonion-2.4.30-20231113.iso
What's Changed
- accept icmp on input chain by @m0duspwnens in #11496
- Update VERSION by @TOoSmOotH in #11497
- Minechanges by @m0duspwnens in #11503
- 2.4/main by @TOoSmOotH in #11533
- Update HOTFIX by @TOoSmOotH in #11534
- avoid rebooting when testing deb installs by @jertel in #11535
- only add heavynodes to remoteHostUrls by @jertel in #11552
- Zeek 6 upgrade by @reyesj2 in #11554
- Minechanges by @m0duspwnens in #11555
- mark suricata 7 log line as fp fo so-log-check by @m0duspwnens in #11558
- Elastic 8.10.4 by @weslambert in #11560
- Minechanges by @m0duspwnens in #11563
- Add note regarding DNS resolver by @weslambert in #11567
- Add back plugin-tds/ plugin-profinet. Using patched versions for Zeek 6 by @reyesj2 in #11568
- Minechanges by @m0duspwnens in #11572
- remove extra space by @m0duspwnens in #11573
- Additional integrations by @weslambert in #11570
- handle a minion not being in the mine data return by @m0duspwnens in #11582
- Minechanges by @m0duspwnens in #11592
- FIX: Add -watch to soctopus saltstate for file SOCtopus.conf. Makes contai… by @reyesj2 in #11594
- Parse pkt_src for Suricata logs by @weslambert in #11600
- Enable http2 for Suricata by @TOoSmOotH in #11606
- Upgrade/salt3006.3 by @m0duspwnens in #11612
- fix issue/11610 by @m0duspwnens in #11613
- Revert "Upgrade/salt3006.3" by @m0duspwnens in #11619
- Add kibana curl config by @defensivedepth in #11609
- oidc by @jertel in #11631
- UPGRADE: Influxdb 2.7.1 & telegraf 1.28.2 by @reyesj2 in #11633
- 2.4/kibanauser by @defensivedepth in #11637
- Warm Node UI Changes by @TOoSmOotH in #11623
- oidc by @jertel in #11643
- UPGRADE: influxdb 2.7.1 & telegraf 1.28.2 by @reyesj2 in #11644
- Upgrade/salt3006.3v2 by @m0duspwnens in #11647
- Remove ILM policies for Cases and OSQuery manager indices by @weslambert in #11648
- ensure networkminer is latest version by @m0duspwnens in #11659
- Add roles for eval mode by @weslambert in #11661
- Add import roles by @weslambert in #11664
- ignore specific Suricata errors by @jertel in #11665
- Remove unused scripts and functions by @TOoSmOotH in #11666
- Fix/soupagrepo by @m0duspwnens in #11670
- Remove legacy pillar info by @TOoSmOotH in #11671
- Foxtrot by @m0duspwnens in #11674
- Sublime Platform Integration by @weslambert in #11676
- Allow 16GB of memory by @TOoSmOotH in #11677
- adjust log filter to include all hosts by @jertel in #11687
- Add eval and import roles by @weslambert in #11688
- more log bypass by @jertel in #11689
- fix UPGRADECOMMAND used for distrib salt upgrade. remove unneeded vars by @m0duspwnens in #11690
- more log bypass by @jertel in #11691
- Add Elastic Fleet reset script by @defensivedepth in #11678
- Jertel/auto by @jertel in #11695
- Don't source so-elastic-fleet-common if not there by @weslambert in #11701
- ignore connectivity problems to docker containers during startup by @jertel in #11702
- Checkpoint and VSphere Integrations by @weslambert in #11704
- Dont overwrite metadata by @defensivedepth in #11708
- ignore malformed open canary log lines by @jertel in #11709
- exit 0 by @defensivedepth in #11710
- Update soc_elasticsearch.yaml by @TOoSmOotH in #11712
- Upgrade Elastic Agent by @defensivedepth in #11713
- apply es and soc states to manager if new search or hn are added by @m0duspwnens in #11714
- disregard false positives by @jertel in #11718
- Set execute permissions by @defensivedepth in #11722
- improve verbosity of setup logs by @jertel in #11726
- Change pipeline to 1.8.0 by @weslambert in #11732
- Change pipeline to 1.13.1 by @weslambert in #11735
- Improve error handling and add retry logic by @weslambert in #11734
- Remove template files by @weslambert in #11740
- remove comments from BPFs by @m0duspwnens in #11741
- add yaml helper script; refactor python testing by @jertel in #11742
- Additional fixes for index template check by @weslambert in #11743
- re-add source pkgs from accidental commit by @jertel in #11745
- remove state file by @defensivedepth in #11747
- Upgrade Defend Integration policy by @defensivedepth in #11750
- Remove unneeded datastreams by @defensivedepth in #11751
- Add Elastic Agent package and upgrade packages when elasticfleet.packages list changes by @weslambert in #11760
- Update soup by @TOoSmOotH in #11769
- 2.4.30 by @TOoSmOotH in #11776
- 2.4.30 by @TOoSmOotH in #11777
Full Changelog: 2.4.20-20231012...2.4.30-20231113
Contributors
defensivedepth, TOoSmOotH, and 4 other contributors