CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Final changes.json update

Browse Source
This commit is contained in:
Mike Reeves
2020-08-20 19:18:39 -04:00
parent 2b88f22eb2
commit 05d727e599
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
salt/soc/files/soc/changes.json
View File

@@ -4,6 +4,7 @@
{ "summary": "Known Issues <ul><li>Once you update your grid to RC2, any new nodes that join the grid must be RC2 so if you try to join a new RC1 node it will fail. For best results, use the latest RC2 ISO (or RC2 installer from github) when joining to an RC2 grid.</li><li>Shipping Windows Eventlogs with Osquery will fail intermittently with utf8 errors logged in the Application log. This is scheduled to be fixed in Osquery 4.5.</li><li>When running soup to upgrade from RC1 to RC2, there is a Salt error that occurs during the final highstate. This error is related to the patch_os_schedule and can be ignored as it will not occur again in subsequent highstates.</li><li>When Search Nodes are upgraded from RC1 to RC2, there is a chance of a race condition where certificates are missing. This will show errors in the manager log to the remote node. To fix this run the following on the search node that is having the issue:<ol><li>Stop elasticsearch - <i>sudo so-elasticsearch-stop</i></li><li>Run the SSL state - <i>sudo salt-call state.apply ssl</i></li><li>Restart elasticsearch - <i>sudo so-elasticsearch-restart</i></li></ol></li></ul>" }, { "summary": "Known Issues <ul><li>Once you update your grid to RC2, any new nodes that join the grid must be RC2 so if you try to join a new RC1 node it will fail. For best results, use the latest RC2 ISO (or RC2 installer from github) when joining to an RC2 grid.</li><li>Shipping Windows Eventlogs with Osquery will fail intermittently with utf8 errors logged in the Application log. This is scheduled to be fixed in Osquery 4.5.</li><li>When running soup to upgrade from RC1 to RC2, there is a Salt error that occurs during the final highstate. This error is related to the patch_os_schedule and can be ignored as it will not occur again in subsequent highstates.</li><li>When Search Nodes are upgraded from RC1 to RC2, there is a chance of a race condition where certificates are missing. This will show errors in the manager log to the remote node. To fix this run the following on the search node that is having the issue:<ol><li>Stop elasticsearch - <i>sudo so-elasticsearch-stop</i></li><li>Run the SSL state - <i>sudo salt-call state.apply ssl</i></li><li>Restart elasticsearch - <i>sudo so-elasticsearch-restart</i></li></ol></li></ul>" },
{ "summary": "Fixed an issue where the console was timing out and making it appear that the installer was hung." }, { "summary": "Fixed an issue where the console was timing out and making it appear that the installer was hung." },
{ "summary": "Introduced <i>Import</i> node, which is ideal for running so-import-pcap to import pcap files and view the resulting logs in Hunt or Kibana." }, { "summary": "Introduced <i>Import</i> node, which is ideal for running so-import-pcap to import pcap files and view the resulting logs in Hunt or Kibana." },
{ "summary": "Suricata stats.log now rotates once a day. If you have a bunch of suriloss defunct processes on nodes that have it, do the following:<ul><li>Stop suricata - <i>sudo so-suricata-stop</i></li><li>Remove the current stats.log - <i>sudo rm /opt/so/log/suricata/stats.log</i></li><li>Reboot the machine - <i>shutdown -r now</i></li></ul>" },
{ "summary": "Moved static.sls to global.sls to align the name with the functionality." }, { "summary": "Moved static.sls to global.sls to align the name with the functionality." },
{ "summary": "Traffic between nodes in a distributed deployment is now fully encrypted." }, { "summary": "Traffic between nodes in a distributed deployment is now fully encrypted." },
{ "summary": "Playbook<ul><li>Elastalert now runs active Plays every 3 minutes</li><li>Changed default rule-update config to only import Windows rules from the Sigma Community repo</li><li>Lots of bug fixes & stability improvements</li></ul>" }, { "summary": "Playbook<ul><li>Elastalert now runs active Plays every 3 minutes</li><li>Changed default rule-update config to only import Windows rules from the Sigma Community repo</li><li>Lots of bug fixes & stability improvements</li></ul>" },
@@ -17,4 +18,4 @@
{ "summary": "SOC now allows for arbitrary, time-bounded PCAP job creation, with optional filtering by host and port." }, { "summary": "SOC now allows for arbitrary, time-bounded PCAP job creation, with optional filtering by host and port." },
{ "summary": "Historical release notes can be found on our docs website: <a href='https://docs.securityonion.net/en/2.1/release-notes.html'>https://docs.securityonion.net/en/2.1/release-notes.html</a>" } { "summary": "Historical release notes can be found on our docs website: <a href='https://docs.securityonion.net/en/2.1/release-notes.html'>https://docs.securityonion.net/en/2.1/release-notes.html</a>" }
] ]
} }