From 11def72790d2d8b13c17923092f95ce2fd987ebb Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Mon, 27 Feb 2023 09:39:52 -0500
Subject: [PATCH 1/6] Update VERSION

---
 VERSION | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/VERSION b/VERSION
index 108d96ff2..02eba2fcf 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.3.220
+2.3.230

From e5c0058dd1b4ec34e119aaec84469bce14c44c10 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Wed, 1 Mar 2023 16:36:08 -0500
Subject: [PATCH 2/6] Update HOTFIX

---
 HOTFIX | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/HOTFIX b/HOTFIX
index e63769900..d3f5a12fa 100644
--- a/HOTFIX
+++ b/HOTFIX
@@ -1 +1 @@
-20230301
+

From aa2e18fca9e19f89459591dbf09b4132f8dfb823 Mon Sep 17 00:00:00 2001
From: Doug Burks <doug.burks@securityonionsolutions.com>
Date: Fri, 24 Mar 2023 12:31:51 -0400
Subject: [PATCH 3/6] Update soup for 2.3.230

---
 salt/common/tools/sbin/soup | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup
index d7074619f..254ea6580 100755
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -554,6 +554,8 @@ preupgrade_changes() {
     [[ "$INSTALLEDVERSION" == 2.3.190 ]] && up_to_2.3.200
     [[ "$INSTALLEDVERSION" == 2.3.200 ]] && up_to_2.3.210
     [[ "$INSTALLEDVERSION" == 2.3.210 ]] && up_to_2.3.220
+    [[ "$INSTALLEDVERSION" == 2.3.220 ]] && up_to_2.3.230
+    
     true
 }
 
@@ -580,6 +582,7 @@ postupgrade_changes() {
     [[ "$POSTVERSION" == 2.3.190 ]] && post_to_2.3.200
     [[ "$POSTVERSION" == 2.3.200 ]] && post_to_2.3.210
     [[ "$POSTVERSION" == 2.3.210 ]] && post_to_2.3.220
+    [[ "$POSTVERSION" == 2.3.220 ]] && post_to_2.3.230
 
     true
 }
@@ -713,6 +716,11 @@ post_to_2.3.220() {
   POSTVERSION=2.3.220
 }
 
+post_to_2.3.230() {
+  echo "Nothing to do for .230"
+  POSTVERSION=2.3.230
+}
+
 stop_salt_master() {
     # kill all salt jobs across the grid because the hang indefinitely if they are queued and salt-master restarts
     set +e
@@ -1053,6 +1061,11 @@ up_to_2.3.220() {
   INSTALLEDVERSION=2.3.220
 }
 
+up_to_2.3.230() {
+  echo "Upgrading to 2.3.230"
+  INSTALLEDVERSION=2.3.230
+}
+
 verify_upgradespace() {
   CURRENTSPACE=$(df -BG / | grep -v Avail | awk '{print $4}' | sed 's/.$//')
   if [ "$CURRENTSPACE" -lt "10" ]; then

From 46fc62b8dc48b0db99fa5662f8cfb6b58e1078d8 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Wed, 12 Apr 2023 10:29:54 -0400
Subject: [PATCH 4/6] Update init.sls

---
 pillar/zeek/init.sls | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pillar/zeek/init.sls b/pillar/zeek/init.sls
index b4bce17fd..01023fb60 100644
--- a/pillar/zeek/init.sls
+++ b/pillar/zeek/init.sls
@@ -15,6 +15,7 @@ zeek:
     SpoolDir: /nsm/zeek/spool
     CfgDir: /opt/zeek/etc
     CompressLogs: 1
+    ZeekPort: 27760
   local:
     '@load':
       - misc/loaded-scripts

From 272b345892279d7c150aee36f67791c6f0f04ebb Mon Sep 17 00:00:00 2001
From: Doug Burks <doug.burks@securityonionsolutions.com>
Date: Thu, 13 Apr 2023 10:52:37 -0400
Subject: [PATCH 5/6] FIX: Suricata DNS A and CNAME parsing #10117

---
 salt/elasticsearch/files/ingest/suricata.dns | 32 ++++++++++----------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/salt/elasticsearch/files/ingest/suricata.dns b/salt/elasticsearch/files/ingest/suricata.dns
index 2f5958e2e..3ef68f28b 100644
--- a/salt/elasticsearch/files/ingest/suricata.dns
+++ b/salt/elasticsearch/files/ingest/suricata.dns
@@ -1,21 +1,21 @@
 {
   "description" : "suricata.dns",
   "processors" : [
-    { "rename": 	{ "field": "message2.proto", 		"target_field": "network.transport",		"ignore_missing": true 	} },
-    { "rename": 	{ "field": "message2.app_proto", 	"target_field": "network.protocol",		"ignore_missing": true 	} },
-    { "rename": 	{ "field": "message2.dns.type", 	"target_field": "dns.query.type",		"ignore_missing": true 	} },
-    { "rename": 	{ "field": "message2.dns.tx_id",	"target_field": "dns.id",			"ignore_missing": true 	} },
-    { "rename": 	{ "field": "message2.dns.version", 	"target_field": "dns.version",			"ignore_missing": true 	} },
-    { "rename": 	{ "field": "message2.dns.rrname", 	"target_field": "dns.query.name",		"ignore_missing": true 	} },
-    { "rename": 	{ "field": "message2.dns.rrtype", 	"target_field": "dns.query.type_name",		"ignore_missing": true 	} },
-    { "rename": 	{ "field": "message2.dns.flags", 	"target_field": "dns.flags",			"ignore_missing": true 	} },
-    { "rename": 	{ "field": "message2.dns.qr", 		"target_field": "dns.qr",			"ignore_missing": true 	} },
-    { "rename": 	{ "field": "message2.dns.rd", 		"target_field": "dns.recursion.desired",	"ignore_missing": true 	} },
-    { "rename": 	{ "field": "message2.dns.ra", 		"target_field": "dns.recursion.available",	"ignore_missing": true 	} },
-    { "rename": 	{ "field": "message2.dns.rcode", 	"target_field": "dns.response.code_name",	"ignore_missing": true 	} },
-    { "rename": 	{ "field": "message2.grouped.A", 	"target_field": "dns.answers.data",		"ignore_missing": true 	} },
-    { "rename": 	{ "field": "message2.grouped.CNAME", 	"target_field": "dns.answers.name",		"ignore_missing": true 	} },
-    { "pipeline": 	{ "if": "ctx.dns.query?.name != null && ctx.dns.query.name.contains('.')", "name": "dns.tld"			} },
-    { "pipeline": { "name": "common" } }
+    { "rename": 	{ "field": "message2.proto", 			"target_field": "network.transport",		"ignore_missing": true 	} },
+    { "rename": 	{ "field": "message2.app_proto", 		"target_field": "network.protocol",		"ignore_missing": true 	} },
+    { "rename": 	{ "field": "message2.dns.type", 		"target_field": "dns.query.type",		"ignore_missing": true 	} },
+    { "rename": 	{ "field": "message2.dns.tx_id",		"target_field": "dns.id",			"ignore_missing": true 	} },
+    { "rename": 	{ "field": "message2.dns.version", 		"target_field": "dns.version",			"ignore_missing": true 	} },
+    { "rename": 	{ "field": "message2.dns.rrname", 		"target_field": "dns.query.name",		"ignore_missing": true 	} },
+    { "rename": 	{ "field": "message2.dns.rrtype", 		"target_field": "dns.query.type_name",		"ignore_missing": true 	} },
+    { "rename": 	{ "field": "message2.dns.flags", 		"target_field": "dns.flags",			"ignore_missing": true 	} },
+    { "rename": 	{ "field": "message2.dns.qr", 			"target_field": "dns.qr",			"ignore_missing": true 	} },
+    { "rename": 	{ "field": "message2.dns.rd", 			"target_field": "dns.recursion.desired",	"ignore_missing": true 	} },
+    { "rename": 	{ "field": "message2.dns.ra", 			"target_field": "dns.recursion.available",	"ignore_missing": true 	} },
+    { "rename": 	{ "field": "message2.dns.rcode", 		"target_field": "dns.response.code_name",	"ignore_missing": true 	} },
+    { "rename":		{ "field": "message2.dns.grouped.A", 		"target_field": "dns.answers.data",		"ignore_missing": true 	} },
+    { "rename":		{ "field": "message2.dns.grouped.CNAME",	"target_field": "dns.answers.name",		"ignore_missing": true 	} },
+    { "pipeline":	{ "if": "ctx.dns.query?.name != null && ctx.dns.query.name.contains('.')", "name": "dns.tld"				} },
+    { "pipeline": 	{ "name": "common"													} }
   ]
 }

From ef92815a085171426b1cf81490a8c6708c2cd109 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Mon, 17 Apr 2023 10:22:39 -0400
Subject: [PATCH 6/6] 2.3.230

---
 VERIFY_ISO.md                               |  22 ++++++++++----------
 sigs/securityonion-2.3.230-20230417.iso.sig | Bin 0 -> 543 bytes
 2 files changed, 11 insertions(+), 11 deletions(-)
 create mode 100644 sigs/securityonion-2.3.230-20230417.iso.sig

diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md
index 633b1513c..b13c645e4 100644
--- a/VERIFY_ISO.md
+++ b/VERIFY_ISO.md
@@ -1,18 +1,18 @@
-### 2.3.220-20230301 ISO image built on 2023/03/01
+### 2.3.230-20230417 ISO image built on 2023/04/17
 
 
 
 ### Download and Verify
 
-2.3.220-20230301 ISO image:  
-https://download.securityonion.net/file/securityonion/securityonion-2.3.220-20230301.iso
+2.3.230-20230417 ISO image:  
+https://download.securityonion.net/file/securityonion/securityonion-2.3.230-20230417.iso
 
-MD5: 76870CF09FF27893574FC104F9AC6642  
-SHA1: CBF5B407C5982CA40C7660FE5CD9E3C6C551D280  
-SHA256: 0719D441DF8B77266CE16F5FA182BF0680567BE7AD0AE36979D4FE8E0953F094 
+MD5: EBE7E5407AF9AF6F1ADCB9A8E011729B  
+SHA1: EC101F5C633D368205F5B756F063308A0BE0466E  
+SHA256: CBB9BE490AB44BCC2C8CAB8AAE65288BE130B43927DFA4DFBDD9D95B3564D65F 
 
 Signature for ISO image:  
-https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.220-20230301.iso.sig
+https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.230-20230417.iso.sig
 
 Signing key:  
 https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS  
@@ -26,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma
 
 Download the signature file for the ISO:  
 ```
-wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.220-20230301.iso.sig
+wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.230-20230417.iso.sig
 ```
 
 Download the ISO image:  
 ```
-wget https://download.securityonion.net/file/securityonion/securityonion-2.3.220-20230301.iso
+wget https://download.securityonion.net/file/securityonion/securityonion-2.3.230-20230417.iso
 ```
 
 Verify the downloaded ISO image using the signature file:  
 ```
-gpg --verify securityonion-2.3.220-20230301.iso.sig securityonion-2.3.220-20230301.iso
+gpg --verify securityonion-2.3.230-20230417.iso.sig securityonion-2.3.230-20230417.iso
 ```
 
 The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
 ```
-gpg: Signature made Wed 01 Mar 2023 03:50:25 PM EST using RSA key ID FE507013
+gpg: Signature made Fri 14 Apr 2023 11:12:57 AM EDT using RSA key ID FE507013
 gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:          There is no indication that the signature belongs to the owner.
diff --git a/sigs/securityonion-2.3.230-20230417.iso.sig b/sigs/securityonion-2.3.230-20230417.iso.sig
new file mode 100644
index 0000000000000000000000000000000000000000..b321509f6730d5add1d14c34568fd5ea35cd226d
GIT binary patch
literal 543
zcmV+)0^t3L0vrSY0RjL91p;I_ZFv9+2@re`V7LBIa1%nk5CDoi^p)Tf-Zq%w`S+2B
zwVf4yzml-3W$xuKD`X%W5mth4oVXPDL4RCsumsBGJ_Dsm&5LQ;dQM>sKjM3<zrNbz
zx5BewzMwBMa8UKCkK+?Bgv|jOI;8ENX7!Vu-biFO=;9k>>=F+H@|t@Q3TY(ay|+^!
z|9!r6f@oJ<@5#d=XEDST6-R+BUU&=B@z$Ilz3&UY5791DW)nNR^R^BcgfM9!xbS{p
zqRVO34j+_@UV`mqBqS*%@DfLVs<BE$#R$WG14=e{SlG~&5`oS(sq2|<iksugdjVBf
zvi{QUykRJ57Td6>{sywXZ?JQ#UE>R_I;e+CoJ+>b$hw{5LV2xu77)Z5g>|qDQ_v*f
zpu&quV22YQY!BA}`eJJ&(H-Ng(4`UWs(3-i;ecat@U8v35h>Q<aEe3C3*{#)xGe>W
z=-w;>tFJg!euI+ZxsVx)qX<lg6TDTzI&<f8p3JyiTG%zwY+!Fg;sX@*6sU5x*uS5`
zn6mP5U>dHutRV0(EKaYu*ZOff*BL+Qi;<9T3c{<nQw<PQ(J^L#{fGUiIc=Vhq<sHS
z;b!@z0>J4plODfC9Q`<0!Q)&n^Niwt5@Fv7$9_9MI%F)o3ValJ8VgV<-_o2}{2g^C
hbNualq~TYfeshscLa`G%r#fN^N+3oIWmPq6No!&61KI!p

literal 0
HcmV?d00001