mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-07 09:42:46 +01:00
Update Release Notes
This commit is contained in:
Mike Reeves
@@ -1,32 +1,40 @@
|
||||
{
|
||||
"title": "Introducing Hybrid Hunter 1.4.0 Beta 3",
|
||||
"title": "Security Onion 2.0.0 RC1 is here!",
|
||||
"changes": [
|
||||
{ "summary": "Complete overhaul of the way we handle custom and default settings and data. You will now see a default and local directory under the saltstack directory. All customizations are stored in local." },
|
||||
{ "summary": "The way firewall rules are handled has been completely revamped. This will allow the user to customize firewall rules much easier." },
|
||||
{ "summary": "Users can now change their own password in SOC." },
|
||||
{ "summary": "Hunt now allows users to enable auto-hunt. This is a toggle which, when enabled, automatically submits a new hunt when filtering, grouping, etc." },
|
||||
{ "summary": "Title bar now reflects current Hunt query. This will assist users in locating a previous query from their browser history." },
|
||||
{ "summary": "Zeek 3.0.7" },
|
||||
{ "summary": "Elastic 7.7.1" },
|
||||
{ "summary": "Suricata can now be used for meta data generation." },
|
||||
{ "summary": "Suricata eve.json has been moved to `/nsm` to align with storage of other data." },
|
||||
{ "summary": "Suricata will now properly rotate its logs." },
|
||||
{ "summary": "Grafana dashboards now work properly in standalone mode." },
|
||||
{ "summary": "Kibana Dashboard updates including osquery, community_id." },
|
||||
{ "summary": "New Elasticsearch Ingest processor to generate community_id from any log that includes the required fields." },
|
||||
{ "summary": "Community_id generated for additional logs: Zeek HTTP/SMTP/ , Sysmon shipped with Osquery or Winlogbeat." },
|
||||
{ "summary": "Major streamlining of Fleet setup & configuration - no need to run a secondary setup script anymore." },
|
||||
{ "summary": "Fleet Standalone node now includes the ability to set a FQDN to point osquery endpoints to." },
|
||||
{ "summary": "Distributed installs now support ingesting Windows Eventlogs via Winlogbeat - includes full parsing support for Sysmon." },
|
||||
{ "summary": "SOC Downloads section now includes a link to the supported version of Winlogbeat." },
|
||||
{ "summary": "Basic syslog ingestion capability now included." },
|
||||
{ "summary": "Elasticsearch index name transition fixes for various components." },
|
||||
{ "summary": "Updated URLs for pivot fields in Kibana." },
|
||||
{ "summary": "Instances of \"hive\" renamed to \"thehive\"." },
|
||||
{ "summary": "KNOWN ISSUE: The Hunt feature is currently considered \"Preview\" and although very useful in its current state, not everything works. We wanted to get this out as soon as possible to get the feedback from you! Let us know what you want to see! Let us know what you think we should call it!" },
|
||||
{ "summary": "KNOWN ISSUE: You cannot pivot to PCAP from Suricata alerts in Kibana or Hunt." },
|
||||
{ "summary": "KNOWN ISSUE: Navigator is currently not working when using hostname to access SOC. IP mode works correctly." },
|
||||
{ "summary": "KNOWN ISSUE: Due to the move to ECS, the current Playbook plays may not alert correctly at this time." },
|
||||
{ "summary": "KNOWN ISSUE: The osquery MacOS package does not install correctly." }
|
||||
{ "summary": "Re-branded 2.0 to give it a fresh look." },
|
||||
{ "summary": "All documentation has moved to https://docs.securityonion.net/en/2.0 " },
|
||||
{ "summary": "soup is alive! Note: This tool only updates Security Onion components. Please use the built-in OS update process to keep the OS and other components up to date." },
|
||||
{ "summary": "so-import-pcap is back! See the docs here: http://docs.securityonion.net/en/2.0/so-import-pcap " },
|
||||
{ "summary": "Fixed issue with so-features-enable." },
|
||||
{ "summary": "Users can now pivot to PCAP from Suricata alerts." },
|
||||
{ "summary": "ISO install now prompts users to create an admin/sudo user instead of using a default account name." },
|
||||
{ "summary": "The web email & password set during setup is now used to create the initial accounts for TheHive, Cortex, and Fleet." },
|
||||
{ "summary": "Fixed issue with disk cleanup." },
|
||||
{ "summary": "Changed the default permissions for /opt/so to keep non-priviledged users from accessing salt and related files." },
|
||||
{ "summary": "Locked down access to certain SSL keys." },
|
||||
{ "summary": "Suricata logs now compress after they roll over." },
|
||||
{ "summary": "Users can now easily customize shard counts per index." },
|
||||
{ "summary": "Improved Elastic ingest parsers including Windows event logs and Sysmon logs shipped with WinLogbeat and Osquery (ECS)." },
|
||||
{ "summary": "Elastic nodes are now HOT by default, making it easier to add a warm node later." },
|
||||
{ "summary": "so-allow now runs at the end of an install so users can enable access right away." },
|
||||
{ "summary": "Alert severities across Wazuh, Suricata and Playbook (Sigma) have been standardized and copied to `event.severity`:" },
|
||||
{ "summary": " - 1-Low / 2-Medium / 3-High / 4-Critical." },
|
||||
{ "summary": "Initial implementation of alerting queues:" },
|
||||
{ "summary": " - Low & Medium alerts are accessible through Kibana & Hunt." },
|
||||
{ "summary": " - High & Critical alerts are accessible through Kibana, Hunt and sent to TheHive for immediate analysis." },
|
||||
{ "summary": " - ATT&CK Navigator is now a statically-hosted site in the nginx container." },
|
||||
{ "summary": "Playbook:" },
|
||||
{ "summary": " - All Sigma rules in the community repo (500+) are now imported and kept up to date." },
|
||||
{ "summary": " - Initial implementation of automated testing when a Play's detection logic has been edited (i.e., Unit Testing)." },
|
||||
{ "summary": " - Updated UI Theme." },
|
||||
{ "summary": " - Once authenticated through SOC, users can now access Playbook with analyst permissions without login." },
|
||||
{ "summary": "Kolide Launcher has been updated to include the ability to pass arbitrary flags. - New functionality sponsored by SOS." },
|
||||
{ "summary": "Fixed issue with Wazuh authd registration service port not being correctly exposed." },
|
||||
{ "summary": "Added option for exposure of Elasticsearch REST API (port 9200) to so-allow for easier external querying/integration with other tools." },
|
||||
{ "summary": "Added option to so-allow for external Strelka file uploads (e.g., via strelka-fileshot)." },
|
||||
{ "summary": "Added default YARA rules for Strelka - Default rules are maintained by Florian Roth and pulled from https://github.com/Neo23x0/signature-base" },
|
||||
{ "summary": "Added the ability to use custom Zeek scripts." },
|
||||
{ "summary": "Renamed "master server" to "manager node"." },
|
||||
{ "summary": "Improved unification of Zeek and Strelka file data." },
|
||||
]
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user