2.1.0 Release notes in changes.json

salt/soc/files/soc/changes.json

@@ -1,43 +1,24 @@
 {
-  "title": "Security Onion 2.0.3 RC1 is here!",
+  "title": "Security Onion 2.1.0 RC2 is here!",
   "changes": [
-    { "summary": "Resolved an issue with large drives and the ISO install." },
-    { "summary": "Modified ISO installation to use Logical Volume Management (LVM) for disk partitioning." },
-    { "summary": "Updated Elastic Stack components to version 7.8.1." },
-    { "summary": "Updated Zeek to version 3.0.8." },
-    { "summary": "Fixed standalone pcap interval issue." },
-    { "summary": "<a target='so-github' href='https://github.com/Security-Onion-Solutions/securityonion/issues/1067'>Security Fix 1067:</a> variables.txt from ISO install stays on disk for 10 days." }, 
-    { "summary": "<a target='so-github' href='https://github.com/Security-Onion-Solutions/securityonion/issues/1068'>Security Fix 1068:</a> Remove user values from static.sls." },
-    { "summary": "<a target='so-github' href='https://github.com/Security-Onion-Solutions/securityonion/issues/1059'>Issue 1059:</a> Fix distributed deployment sensor interval issue allowing PCAP." }, 
-    { "summary": "<a target='so-github' href='https://github.com/Security-Onion-Solutions/securityonion/issues/1058'>Issue 1058:</a> Support for passwords that start with special characters." },
-    { "summary": "Minor soup updates." },
-    { "summary": "Re-branded 2.0 to give it a fresh look." },
-    { "summary": "All documentation has moved to <a target='so-help' href='https://docs.securityonion.net/en/2.0'>https://docs.securityonion.net/en/2.0</a>" },
-    { "summary": "<i>soup</i> is alive! Note: This tool only updates Security Onion components. Please use the built-in OS update process to keep the OS and other components up to date." },
-    { "summary": "<i>so-import-pcap</i> is back! See the docs here: <a target='so-help' href='http://docs.securityonion.net/en/2.0/so-import-pcap'>http://docs.securityonion.net/en/2.0/so-import-pcap</a>." },
-    { "summary": "Fixed issue with <i>so-features-enable</i>." }, 
-    { "summary": "Users can now pivot to PCAP from Suricata alerts." },
-    { "summary": "ISO install now prompts users to create an admin/sudo user instead of using a default account name." },
-    { "summary": "The web email & password set during setup is now used to create the initial accounts for TheHive, Cortex, and Fleet." },
-    { "summary": "Fixed issue with disk cleanup." },
-    { "summary": "Changed the default permissions for /opt/so to keep non-priviledged users from accessing salt and related files." },
-    { "summary": "Locked down access to certain SSL keys." },
-    { "summary": "Suricata logs now compress after they roll over." },
-    { "summary": "Users can now easily customize shard counts per index." },
-    { "summary": "Improved Elastic ingest parsers including Windows event logs and Sysmon logs shipped with WinLogbeat and Osquery (ECS)." },
-    { "summary": "Elastic nodes are now HOT by default, making it easier to add a warm node later." },
-    { "summary": "<i>so-allow</i> now runs at the end of an install so users can enable access right away." },
-    { "summary": "Alert severities across Wazuh, Suricata and Playbook (Sigma) have been standardized and copied to <i>event.severity</i>:<ul><li>1 = Low</li><li>2 = Medium</li><li>3 = High</li><li>4 = Critical</li></ul>" },
-    { "summary": "Initial implementation of alerting queues:<ul><li>Low & Medium alerts are accessible through Kibana & Hunt.</li><li>High & Critical alerts are accessible through Kibana, Hunt and TheHive for immediate analysis.</li></ul>" },
-    { "summary": "ATT&CK Navigator is now a statically-hosted site in the nginx container." },
-    { "summary": "Playbook updates:<ul><li>All Sigma rules in the community repo (500+) are now imported and kept up to date.</li><li>Initial implementation of automated testing when a Play's detection logic has been edited (i.e., Unit Testing).</li><li>Updated UI Theme.</li><li>Once authenticated through SOC, users can now access Playbook with analyst permissions without login.</li></ul>" },
-    { "summary": "Kolide Launcher has been updated to include the ability to pass arbitrary flags. This new functionality was sponsored by SOS." },
-    { "summary": "Fixed issue with Wazuh authd registration service port not being correctly exposed." },
-    { "summary": "Added option for exposure of Elasticsearch REST API (port 9200) to <i>so-allow</i> for easier external querying/integration with other tools." },
-    { "summary": "Added option to <i>so-allow</i> for external Strelka file uploads (e.g., via strelka-fileshot)." },
-    { "summary": "Added default YARA rules for Strelka. Default rules are maintained by Florian Roth and pulled from <a href='https://github.com/Neo23x0/signature-base'>https://github.com/Neo23x0/signature-base</a>." },
-    { "summary": "Added the ability to use custom Zeek scripts." },
-    { "summary": "Renamed <i>master server</i> to <i>manager node</i>." },
-    { "summary": "Improved unification of Zeek and Strelka file data." }
+    { "summary": "Known Issue: Once you update your grid to RC2, any new nodes that join the grid must be RC2 so if you try to join a new RC1 node it will fail. For best results, use the latest RC2 ISO (or RC2 installer from github) when joining to an RC2 grid." },
+    { "summary": "Known Issue: Shipping Windows Eventlogs with Osquery will fail intermittently with utf8 errors logged in the Application log. This is scheduled to be fixed in Osquery 4.5." },
+    { "summary": "Known Issue: When running soup to upgrade from RC1 to RC2, there is a Salt error that occurs during the final highstate. This error is related to the patch_os_schedule and can be ignored as it will not occur again in subsequent highstates." },
+    { "summary": "Known Issue: When Search Nodes are upgraded from RC1 to RC2, there is a chance of a race condition where certificates are missing. This will show errors in the manager log to the remote node. To fix this run the following on the search node that is having the issue:<ul><li>Stop elasticsearch - <i>sudo so-elasticsearch-stop</i></li><li>Run the SSL state - <i>sudo salt-call state.apply ssl</i></li><li>Restart elasticsearch - <i>sudo so-elasticsearch-restart</i></li></ul>" },
+    { "summary": "" },
+    { "summary": "Fixed an issue where the console was timing out and making it appear that the installer was hung" },
+    { "summary": "Introduced Import node type ideal for running so-import-pcap to import pcap files and view the resulting logs in Hunt or Kibana" },
+    { "summary": "Moved static.sls to global.sls to align the name with the functionality" },
+    { "summary": "Traffic between nodes in a distributed deployment is now fully encrypted" },
+    { "summary": "Playbook<ul><li>Elastalert now runs active Plays every 3 minutes</li><li>Changed default rule-update config to only import Windows rules from the Sigma Community repo</li><li>Lots of bug fixes & stability improvements</li></ul>" },
+    { "summary": "Ingest Node parsing updates for Osquery and Winlogbeat - implemented single pipeline for Windows eventlogs & sysmon logs" },
+    { "summary": "Upgraded Osquery to 4.4 and re-enabled auto-updates" },
+    { "summary": "Upgraded to Salt 3001.1" },
+    { "summary": "Upgraded Wazuh to 3.13.1" },
+    { "summary": "Hunt interface now shows the timezone being used for the selected date range" },
+    { "summary": "Fixed Cortex initialization so that TheHive integration and initial user set is correctly configured" },
+    { "summary": "Improved management of TheHive/Cortex credentials" },
+    { "summary": "SOC now allows for arbitrary, time-bounded PCAP job creation, with optional filtering by host and port" },
+    { "summary": "Historical release notes can be found on our docs site. <a href='https://docs.securityonion.net/en/2.1/release-notes.html'>https://docs.securityonion.net/en/2.1/release-notes.html</a>." },
   ]
 }