Releases: Security-Onion-Solutions/securityonion
Releases · Security-Onion-Solutions/securityonion
Security Onion 2.4.30-20231228
Security Onion 2.4.30-20231219
Security Onion 2.4.30-20231204
Download the ISO
https://download.securityonion.net/file/securityonion/securityonion-2.4.30-20231204.iso
What's Changed
- Update HOTFIX by @weslambert in #11902
- Update import-evtx-logs.json by @chateaulav in #11890
- move wait_for_salt_minion for hotfix by @m0duspwnens in #11923
- avoid exiting salt when ca state applied in post for 2.4.30 by @m0duspwnens in #11929
New Contributors
- @chateaulav made their first contribution in #11890
Full Changelog: 2.4.30-20231121...2.4.30-20231204
2.3.280
What's Changed
- Update VERSION by @jertel in #11506
- Zeek 6 upgrade by @reyesj2 in #11561
- Update soup by @TOoSmOotH in #11749
- Add EOL warning to README.md by @dougburks in #11771
- Elastic 8.10.4 by @weslambert in #11772
- Update soup by @m0duspwnens in #11798
- Update signing_policies.conf by @TOoSmOotH in #11831
- Update signing_policies.conf by @TOoSmOotH in #11834
- suricata interface None if so-import by @m0duspwnens in #11864
- enable highstate after starting minion by @m0duspwnens in #11873
- so-nginx watch managerssl to restart if changed by @m0duspwnens in #11874
Full Changelog: 2.3.270-1006...2.3.280-20231128
2.4.30-20231121
Merge pull request #11854 from Security-Onion-Solutions/hotfix/2.4.30 Hotfix/2.4.30
2.4.30-20231117
Merge pull request #11827 from Security-Onion-Solutions/hotfix/2.4.30 Hotfix 2.4.30
Security Onion 2.4.30-20231113
Download the ISO
https://download.securityonion.net/file/securityonion/securityonion-2.4.30-20231113.iso
What's Changed
- accept icmp on input chain by @m0duspwnens in #11496
- Update VERSION by @TOoSmOotH in #11497
- Minechanges by @m0duspwnens in #11503
- 2.4/main by @TOoSmOotH in #11533
- Update HOTFIX by @TOoSmOotH in #11534
- avoid rebooting when testing deb installs by @jertel in #11535
- only add heavynodes to remoteHostUrls by @jertel in #11552
- Zeek 6 upgrade by @reyesj2 in #11554
- Minechanges by @m0duspwnens in #11555
- mark suricata 7 log line as fp fo so-log-check by @m0duspwnens in #11558
- Elastic 8.10.4 by @weslambert in #11560
- Minechanges by @m0duspwnens in #11563
- Add note regarding DNS resolver by @weslambert in #11567
- Add back plugin-tds/ plugin-profinet. Using patched versions for Zeek 6 by @reyesj2 in #11568
- Minechanges by @m0duspwnens in #11572
- remove extra space by @m0duspwnens in #11573
- Additional integrations by @weslambert in #11570
- handle a minion not being in the mine data return by @m0duspwnens in #11582
- Minechanges by @m0duspwnens in #11592
- FIX: Add -watch to soctopus saltstate for file SOCtopus.conf. Makes contai… by @reyesj2 in #11594
- Parse pkt_src for Suricata logs by @weslambert in #11600
- Enable http2 for Suricata by @TOoSmOotH in #11606
- Upgrade/salt3006.3 by @m0duspwnens in #11612
- fix issue/11610 by @m0duspwnens in #11613
- Revert "Upgrade/salt3006.3" by @m0duspwnens in #11619
- Add kibana curl config by @defensivedepth in #11609
- oidc by @jertel in #11631
- UPGRADE: Influxdb 2.7.1 & telegraf 1.28.2 by @reyesj2 in #11633
- 2.4/kibanauser by @defensivedepth in #11637
- Warm Node UI Changes by @TOoSmOotH in #11623
- oidc by @jertel in #11643
- UPGRADE: influxdb 2.7.1 & telegraf 1.28.2 by @reyesj2 in #11644
- Upgrade/salt3006.3v2 by @m0duspwnens in #11647
- Remove ILM policies for Cases and OSQuery manager indices by @weslambert in #11648
- ensure networkminer is latest version by @m0duspwnens in #11659
- Add roles for eval mode by @weslambert in #11661
- Add import roles by @weslambert in #11664
- ignore specific Suricata errors by @jertel in #11665
- Remove unused scripts and functions by @TOoSmOotH in #11666
- Fix/soupagrepo by @m0duspwnens in #11670
- Remove legacy pillar info by @TOoSmOotH in #11671
- Foxtrot by @m0duspwnens in #11674
- Sublime Platform Integration by @weslambert in #11676
- Allow 16GB of memory by @TOoSmOotH in #11677
- adjust log filter to include all hosts by @jertel in #11687
- Add eval and import roles by @weslambert in #11688
- more log bypass by @jertel in #11689
- fix UPGRADECOMMAND used for distrib salt upgrade. remove unneeded vars by @m0duspwnens in #11690
- more log bypass by @jertel in #11691
- Add Elastic Fleet reset script by @defensivedepth in #11678
- Jertel/auto by @jertel in #11695
- Don't source so-elastic-fleet-common if not there by @weslambert in #11701
- ignore connectivity problems to docker containers during startup by @jertel in #11702
- Checkpoint and VSphere Integrations by @weslambert in #11704
- Dont overwrite metadata by @defensivedepth in #11708
- ignore malformed open canary log lines by @jertel in #11709
- exit 0 by @defensivedepth in #11710
- Update soc_elasticsearch.yaml by @TOoSmOotH in #11712
- Upgrade Elastic Agent by @defensivedepth in #11713
- apply es and soc states to manager if new search or hn are added by @m0duspwnens in #11714
- disregard false positives by @jertel in #11718
- Set execute permissions by @defensivedepth in #11722
- improve verbosity of setup logs by @jertel in #11726
- Change pipeline to 1.8.0 by @weslambert in #11732
- Change pipeline to 1.13.1 by @weslambert in #11735
- Improve error handling and add retry logic by @weslambert in #11734
- Remove template files by @weslambert in #11740
- remove comments from BPFs by @m0duspwnens in #11741
- add yaml helper script; refactor python testing by @jertel in #11742
- Additional fixes for index template check by @weslambert in #11743
- re-add source pkgs from accidental commit by @jertel in #11745
- remove state file by @defensivedepth in #11747
- Upgrade Defend Integration policy by @defensivedepth in #11750
- Remove unneeded datastreams by @defensivedepth in #11751
- Add Elastic Agent package and upgrade packages when elasticfleet.packages list changes by @weslambert in #11760
- Update soup by @TOoSmOotH in #11769
- 2.4.30 by @TOoSmOotH in #11776
- 2.4.30 by @TOoSmOotH in #11777
Full Changelog: 2.4.20-20231012...2.4.30-20231113
2.4.20-20231012
Download the ISO
https://github.com/Security-Onion-Solutions/securityonion/blob/2.4/main/DOWNLOAD_AND_VERIFY_ISO.md
What's Changed
- Add hotfix changes by @defensivedepth in #11522
- Apply state correctly by @defensivedepth in #11524
- Apply named state by @defensivedepth in #11525
- 2.4.20 hotfix by @TOoSmOotH in #11531
- Hotfix 2.4.20 by @TOoSmOotH in #11532
Full Changelog: 2.4.20-20231006...2.4.20-20231012
Security Onion 2.4.20-20231006
Download the ISO
https://github.com/Security-Onion-Solutions/securityonion/blob/2.4/main/DOWNLOAD_AND_VERIFY_ISO.md
What's Changed
- Update VERSION by @TOoSmOotH in #11047
- set timezone during setup. set salt log levels to info by @m0duspwnens in #11060
- Add soup for 2.4.20 by @TOoSmOotH in #11075
- force image pulls to go into soup log by @jertel in #11083
- Issue/10998 by @m0duspwnens in #11090
- Fix certs for Rec & Heavy by @defensivedepth in #11113
- add missing containers to soc_docker.yaml. force port bindings to []string by @m0duspwnens in #11124
- Exclude console log by @weslambert in #11123
- Merge in hotfix by @TOoSmOotH in #11128
- Update HOTFIX by @TOoSmOotH in #11129
- Update SOC event fields by @weslambert in #11139
- Add more Elastic Fleet integrations by @weslambert in #11153
- use consistent cert dir and reduce jinja complexity by @jertel in #11161
- allow testing runs to proceed with unsupported os by @jertel in #11165
- use the correct var by @jertel in #11166
- fix centos install by @jertel in #11169
- new python watchdog by @m0duspwnens in #11177
- ingest pfsense sample data by @jertel in #11178
- dont need to repo_sync rocky or centos by @m0duspwnens in #11184
- fix path to intermediate ca cert on heavy nodes by @jertel in #11186
- Failreposync by @m0duspwnens in #11190
- Fix Heavy Node for acks by @TOoSmOotH in #11193
- Add Apache package and templates by @weslambert in #11197
- Make sure a data stream is created for syslog by @weslambert in #11208
- Add syslog to heavynode by @weslambert in #11212
- Issue/10975 by @m0duspwnens in #11217
- Correct Fortigate Integration by @weslambert in #11219
- iso desktop join grid - set install_type and minion_type by @m0duspwnens in #11221
- Analyzer SOC Administration by @weslambert in #11218
- New Config Default: longRelayTimeoutMs by @coreyogburn in #11222
- Update motd.md by @dougburks in #11226
- Issue/10975 by @m0duspwnens in #11231
- Strelka entropy mapping by @weslambert in #11232
- Add so-elastic-agent by @weslambert in #11239
- testing; desktop; configuration improvements by @jertel in #11241
- ensure hostname is set by @jertel in #11243
- ensure hostname is set by @jertel in #11245
- MS testing by @jertel in #11249
- Issue/10975 by @m0duspwnens in #11255
- only ingest pfsense on sensor nodes by @jertel in #11256
- Remove templates by @weslambert in #11261
- Issue/11210 by @m0duspwnens in #11269
- addl node types by @jertel in #11271
- give priority to presets by @jertel in #11276
- Issue/11229 by @m0duspwnens in #11288
- dont manage sorules by @m0duspwnens in #11295
- FIX: SOC Config pcap doc links should point to steno docs #11302 by @dougburks in #11303
- Update so-minion by @TOoSmOotH in #11308
- exclude docker pull unauth errors from failing setup by @jertel in #11315
- Regex & Transform Role by @defensivedepth in #11317
- improvents for checking system requirements by @m0duspwnens in #11328
- Clean component template directory by @weslambert in #11329
- Change description to indicate that opencanary modules only apply to IDH nodes by @weslambert in #11297
- fix idstool extra_env for container by @m0duspwnens in #11344
- ensure all binds are present to avoid volume sprawl by @jertel in #11345
- ignore debian apt update output by @jertel in #11351
- Fix EVTX Imports by @weslambert in #11352
- FIX: SOC Config sensoroni doc links should point to correct docs #11362 by @dougburks in #11363
- Update soup to prune in background by @jertel in #11369
- /app/dashboards to /kibana/app/dashboards by @weslambert in #11289
- Add a note about testing analyzers outside of the Sensoroni Docker container by @weslambert in #11384
- Make scan.pe.image_version type of 'float' by @weslambert in #11391
- Issue/11390 by @m0duspwnens in #11393
- log check tool initial by @jertel in #11397
- skip zeek spool logs due to test data false positives by @jertel in #11398
- don't inspect imported zeek output by @jertel in #11399
- Update nginx.conf to use user nobody by @TOoSmOotH in #11403
- Fix/filecheckcron by @m0duspwnens in #11404
- deb OS doesn't use /var/log/cron, skip by @jertel in #11405
- ignore generic python stack trace log lines of code, rely on actual e… by @jertel in #11406
- Fix sendmail errors in zeek by @TOoSmOotH in #11408
- Fix zeek from creating summary files by @TOoSmOotH in #11409
- FIX: Remove telegraf beats EPS script by @TOoSmOotH in #11411
- ignore generic python stack trace log lines of code, rely on actual e… by @jertel in #11414
- Issue/11390 by @m0duspwnens in #11415
- Jertel/lc by @jertel in #11416
- logcheck improvements by @jertel in #11417
- more exclusions by @jertel in #11418
- Exclude known_certs by @weslambert in #11423
- exclude known issues by @jertel in #11422
- Fix Yara crontab by @TOoSmOotH in #11426
- Upgrade packages and load integrations when packages change by @weslambert in https://github.com/Se...
Security Onion 2.3.270-20231006
What's Changed
- Update VERSION by @TOoSmOotH in #10622
- Supersoup by @TOoSmOotH in #10916
- Soup by @TOoSmOotH in #10919
- Create template for Github Discussions in the 2.4 Category by @dougburks in #11102
- Merge 2.4 discussion template to dev by @dougburks in #11103
- Elastic 8.8.2 by @weslambert in #11183
- Remove migration version by @weslambert in #11187
- Update 2-4.yml discussion template with additional fields for CPU, RAM, and storage by @dougburks in #11227
- Merge master to dev for updated 2.4 discussion template by @dougburks in #11228
- Update soup for 2.3.270 by @dougburks in #11287
- Jertel/vol by @jertel in #11360
- Update soup by @TOoSmOotH in #11367
- 2.3.270 by @TOoSmOotH in #11373
- 2.3.270 by @TOoSmOotH in #11374
Full Changelog: 2.3.260-20230620...2.3.270-1006