Releases: Security-Onion-Solutions/securityonion
Releases · Security-Onion-Solutions/securityonion
2.4.20-20231012
Download the ISO
https://github.com/Security-Onion-Solutions/securityonion/blob/2.4/main/DOWNLOAD_AND_VERIFY_ISO.md
What's Changed
- Add hotfix changes by @defensivedepth in #11522
- Apply state correctly by @defensivedepth in #11524
- Apply named state by @defensivedepth in #11525
- 2.4.20 hotfix by @TOoSmOotH in #11531
- Hotfix 2.4.20 by @TOoSmOotH in #11532
Full Changelog: 2.4.20-20231006...2.4.20-20231012
Contributors
defensivedepth and TOoSmOotH
Assets 2
Security Onion 2.4.20-20231006
Download the ISO
https://github.com/Security-Onion-Solutions/securityonion/blob/2.4/main/DOWNLOAD_AND_VERIFY_ISO.md
What's Changed
- Update VERSION by @TOoSmOotH in #11047
- set timezone during setup. set salt log levels to info by @m0duspwnens in #11060
- Add soup for 2.4.20 by @TOoSmOotH in #11075
- force image pulls to go into soup log by @jertel in #11083
- Issue/10998 by @m0duspwnens in #11090
- Fix certs for Rec & Heavy by @defensivedepth in #11113
- add missing containers to soc_docker.yaml. force port bindings to []string by @m0duspwnens in #11124
- Exclude console log by @weslambert in #11123
- Merge in hotfix by @TOoSmOotH in #11128
- Update HOTFIX by @TOoSmOotH in #11129
- Update SOC event fields by @weslambert in #11139
- Add more Elastic Fleet integrations by @weslambert in #11153
- use consistent cert dir and reduce jinja complexity by @jertel in #11161
- allow testing runs to proceed with unsupported os by @jertel in #11165
- use the correct var by @jertel in #11166
- fix centos install by @jertel in #11169
- new python watchdog by @m0duspwnens in #11177
- ingest pfsense sample data by @jertel in #11178
- dont need to repo_sync rocky or centos by @m0duspwnens in #11184
- fix path to intermediate ca cert on heavy nodes by @jertel in #11186
- Failreposync by @m0duspwnens in #11190
- Fix Heavy Node for acks by @TOoSmOotH in #11193
- Add Apache package and templates by @weslambert in #11197
- Make sure a data stream is created for syslog by @weslambert in #11208
- Add syslog to heavynode by @weslambert in #11212
- Issue/10975 by @m0duspwnens in #11217
- Correct Fortigate Integration by @weslambert in #11219
- iso desktop join grid - set install_type and minion_type by @m0duspwnens in #11221
- Analyzer SOC Administration by @weslambert in #11218
- New Config Default: longRelayTimeoutMs by @coreyogburn in #11222
- Update motd.md by @dougburks in #11226
- Issue/10975 by @m0duspwnens in #11231
- Strelka entropy mapping by @weslambert in #11232
- Add so-elastic-agent by @weslambert in #11239
- testing; desktop; configuration improvements by @jertel in #11241
- ensure hostname is set by @jertel in #11243
- ensure hostname is set by @jertel in #11245
- MS testing by @jertel in #11249
- Issue/10975 by @m0duspwnens in #11255
- only ingest pfsense on sensor nodes by @jertel in #11256
- Remove templates by @weslambert in #11261
- Issue/11210 by @m0duspwnens in #11269
- addl node types by @jertel in #11271
- give priority to presets by @jertel in #11276
- Issue/11229 by @m0duspwnens in #11288
- dont manage sorules by @m0duspwnens in #11295
- FIX: SOC Config pcap doc links should point to steno docs #11302 by @dougburks in #11303
- Update so-minion by @TOoSmOotH in #11308
- exclude docker pull unauth errors from failing setup by @jertel in #11315
- Regex & Transform Role by @defensivedepth in #11317
- improvents for checking system requirements by @m0duspwnens in #11328
- Clean component template directory by @weslambert in #11329
- Change description to indicate that opencanary modules only apply to IDH nodes by @weslambert in #11297
- fix idstool extra_env for container by @m0duspwnens in #11344
- ensure all binds are present to avoid volume sprawl by @jertel in #11345
- ignore debian apt update output by @jertel in #11351
- Fix EVTX Imports by @weslambert in #11352
- FIX: SOC Config sensoroni doc links should point to correct docs #11362 by @dougburks in #11363
- Update soup to prune in background by @jertel in #11369
- /app/dashboards to /kibana/app/dashboards by @weslambert in #11289
- Add a note about testing analyzers outside of the Sensoroni Docker container by @weslambert in #11384
- Make scan.pe.image_version type of 'float' by @weslambert in #11391
- Issue/11390 by @m0duspwnens in #11393
- log check tool initial by @jertel in #11397
- skip zeek spool logs due to test data false positives by @jertel in #11398
- don't inspect imported zeek output by @jertel in #11399
- Update nginx.conf to use user nobody by @TOoSmOotH in #11403
- Fix/filecheckcron by @m0duspwnens in #11404
- deb OS doesn't use /var/log/cron, skip by @jertel in #11405
- ignore generic python stack trace log lines of code, rely on actual e… by @jertel in #11406
- Fix sendmail errors in zeek by @TOoSmOotH in #11408
- Fix zeek from creating summary files by @TOoSmOotH in #11409
- FIX: Remove telegraf beats EPS script by @TOoSmOotH in #11411
- ignore generic python stack trace log lines of code, rely on actual e… by @jertel in #11414
- Issue/11390 by @m0duspwnens in #11415
- Jertel/lc by @jertel in #11416
- logcheck improvements by @jertel in #11417
- more exclusions by @jertel in #11418
- Exclude known_certs by @weslambert in #11423
- exclude known issues by @jertel in #11422
- Fix Yara crontab by @TOoSmOotH in #11426
- Upgrade packages and load integrations when packages change by @weslambert in https://github.com/Se...
Contributors
defensivedepth, dougburks, and 5 other contributors
Assets 2
Security Onion 2.3.270-20231006
What's Changed
- Update VERSION by @TOoSmOotH in #10622
- Supersoup by @TOoSmOotH in #10916
- Soup by @TOoSmOotH in #10919
- Create template for Github Discussions in the 2.4 Category by @dougburks in #11102
- Merge 2.4 discussion template to dev by @dougburks in #11103
- Elastic 8.8.2 by @weslambert in #11183
- Remove migration version by @weslambert in #11187
- Update 2-4.yml discussion template with additional fields for CPU, RAM, and storage by @dougburks in #11227
- Merge master to dev for updated 2.4 discussion template by @dougburks in #11228
- Update soup for 2.3.270 by @dougburks in #11287
- Jertel/vol by @jertel in #11360
- Update soup by @TOoSmOotH in #11367
- 2.3.270 by @TOoSmOotH in #11373
- 2.3.270 by @TOoSmOotH in #11374
Full Changelog: 2.3.260-20230620...2.3.270-1006
Contributors
dougburks, TOoSmOotH, and 2 other contributors
Assets 2
2.4.10-20230821
Download the ISO
https://github.com/Security-Onion-Solutions/securityonion/blob/2.4/main/DOWNLOAD_AND_VERIFY_ISO.md
What's Changed
- Force package installation by @weslambert in #11064
- Fix so-elastic-fleet-package-load by @weslambert in #11068
- Assign pipeline to import by @weslambert in #11079
- Update HOTFIX by @TOoSmOotH in #11088
- force soup docker output to log by @jertel in #11100
- Update soup by @TOoSmOotH in #11098
- Fix Hotfix by @TOoSmOotH in #11101
- Fix certs on Rec and Heavy by @defensivedepth in #11116
- Update config.sls by @TOoSmOotH in #11120
- 2.4.10 Hotfix by @TOoSmOotH in #11126
- Hotfix/2.4.10 by @TOoSmOotH in #11127
Full Changelog: 2.4.10-20230815...2.4.10-202030821
Contributors
defensivedepth, TOoSmOotH, and 2 other contributors
Assets 2
2.4.10-20230815
What's Changed
- update version by @jertel in #10978
- Fix/tgrafzeekcloss by @m0duspwnens in #10983
- Set as default by @defensivedepth in #10977
- Fix/windows event table by @bryant-treacle in #10986
- Update soup for 2.4.10 by @dougburks in #10987
- Issue/10973 by @m0duspwnens in #10989
- Fix/desktop by @m0duspwnens in #10995
- RC2 Fixes by @defensivedepth in #10994
- Enable Agent Upgrade Check during highstate by @defensivedepth in #10997
- Issue/10954 by @m0duspwnens in #11000
- Move base_url to cert SAN by @defensivedepth in #11002
- Unset defaults by @defensivedepth in #11004
- Fix/esanno by @m0duspwnens in #11008
- ensure only 1 instance of so-rule-update runs. execute the cmd at the end of state run by @m0duspwnens in #11009
- Update motd.md by @dougburks in #11011
- set desktop background by @m0duspwnens in #11012
- Upgrade integration packages by @defensivedepth in #11014
- set SO desktop wallpaper for iso install by @m0duspwnens in #11016
- add missing annotations to avoid soc crash by @jertel in #11023
- Set default for import and eval only by @defensivedepth in #11021
- soup should respect current indentation in soc_global.sls by @dougburks in #11034
- 2.4.10 by @TOoSmOotH in #11042
- Jertel/up by @jertel in #11043
- Update DOWNLOAD_AND_VERIFY_ISO.md by @TOoSmOotH in #11044
- 2.4.10 by @jertel in #11040
Full Changelog: 2.4.5...2.4.10-20230815
Contributors
defensivedepth, dougburks, and 4 other contributors
Assets 2
Security Onion 2.4.5-20230807
What's Changed
- Update VERSION by @TOoSmOotH in #10870
- Update README.md to 2.4 RC2 by @dougburks in #10871
- New Action "Add to Case" by @coreyogburn in #10842
- Update so-yara-download by @TOoSmOotH in #10881
- Sensor Fix by @TOoSmOotH in #10885
- Iptables by @m0duspwnens in #10886
- Soup by @TOoSmOotH in #10887
- Update Soup by @TOoSmOotH in #10888
- add managersearch and standlone fw rules for searchnode by @m0duspwnens in #10889
- import DOCKER in idh.enabled by @m0duspwnens in #10891
- Elastic 8.8.2 by @weslambert in #10892
- Elastic 8.2.2 by @weslambert in #10893
- SOC Auth msg fix by @weslambert in #10894
- 2.4/heavyrc2 by @defensivedepth in #10897
- Fix Offload by @TOoSmOotH in #10899
- Move syslog to the INPUT chain where needed by @weslambert in #10904
- Update verbiage and links in soc_sensor.yaml by @dougburks in #10905
- Fix login flicker; so-status sluggishness by @jertel in #10910
- Mine error by @m0duspwnens in #10912
- EA Container Logs by @weslambert in #10907
- Add package list by @weslambert in #10914
- Set version for Elastic Defend and enable updates by @weslambert in #10915
- force portgroups added to hostgroups in roles to be list of strings by @m0duspwnens in #10918
- Pfsense fix by @weslambert in #10920
- Soupaloop by @m0duspwnens in #10923
- ensure suri rules are synced for import installs by @jertel in #10925
- Regen Agent Installers by @defensivedepth in #10924
- add mono-devel by @m0duspwnens in #10927
- add gtk2 by @m0duspwnens in #10930
- refactor elastic-agent download for soup ctrl+c anomalies by @jertel in #10931
- remove unused vars by @jertel in #10932
- ensure AIRGAP is lowercase and check for true by @m0duspwnens in #10934
- Update soup for airgap by @dougburks in #10937
- Desktopyummv by @m0duspwnens in #10938
- 2.4/fleet-Enhancements by @defensivedepth in #10926
- Update soup for airgap by @dougburks in #10939
- Update for 8.8.2 by @defensivedepth in #10941
- Add time shift for so-import-evtx by @weslambert in #10940
- Raid refactor + yara and rule proxy by @TOoSmOotH in #10944
- Don't watch certs on search nodes by @defensivedepth in #10946
- Generate community_id for defend endpoint logs by @defensivedepth in #10947
- Update so-whiptail by @dougburks in #10948
- Fix/idhfirewall by @m0duspwnens in #10950
- FEATURE: soup should rotate its log file #10951 by @dougburks in #10953
- Desktopyummv by @m0duspwnens in #10959
- Refactor to remove new line by @defensivedepth in #10960
- fix count of WORKERS for zeekcaptureloss script for telegraf by @m0duspwnens in #10961
- Revert yesterday's change to zeekcaptureloss.sh by @dougburks in #10964
- prepare for 2.4.5 ISO image release by @dougburks in #10968
- add spaces for proper rendering DOWNLOAD_AND_VERIFY_ISO.md by @dougburks in #10969
- 2.4/main to 2.4/dev by @dougburks in #10971
- 2.4.5 RC2 by @dougburks in #10970
Full Changelog: 2.4.4-20230728...2.4.5
Contributors
defensivedepth, dougburks, and 5 other contributors
Assets 2
Security Onion 2.4.4-20230728
Merge pull request #10868 from Security-Onion-Solutions/2.4/dev 2.4.4
Security Onion 2.4.3-20230711
Merge pull request #10755 from Security-Onion-Solutions/2.4/dev 2.4.3
Security Onion 2.3.260-20230620
Merge pull request #10621 from Security-Onion-Solutions/dev 2.3.260
2.4.2-20230531
Merge pull request #10481 from Security-Onion-Solutions/2.4/dev 2.4.2