mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-08 02:02:50 +01:00
Merge pull request #3171 from Security-Onion-Solutions/foxtrot
Add changes.json for 2.3.30
This commit is contained in:
Jason Ertel
GitHub
@@ -1,54 +1,48 @@
|
|||||||
{
|
{
|
||||||
"title": "Security Onion 2.3.20 is here!",
|
"title": "Security Onion 2.3.30 is here!",
|
||||||
"changes": [
|
"changes": [
|
||||||
{ "summary": "soup has been refactored. You will need to run it a few times to get all the changes properly. We are working on making this even easier for future releases."},
|
{ "summary": "Zeek is now at version 3.0.13." },
|
||||||
{ "summary": "soup now has awareness of Elastic Features and now downloads the appropriate Docker containers."},
|
{ "summary": "CyberChef is now at version 9.27.2." },
|
||||||
{ "summary": "The Sensors interface has been renamed to Grid. This interface now includes all Security Onion nodes."},
|
{ "summary": "Elastic components are now at version 7.10.2. This is the last version that uses the Apache license." },
|
||||||
{ "summary": "Grid interface now includes the status of the node. The status currently shows either Online (blue) or Offline (orange). If a node does not check-in on time then it will be marked as Offline."},
|
{ "summary": "Suricata is now at version 6.0.1." },
|
||||||
{ "summary": "Grid interface now includes the IP and Role of each node in the grid."},
|
{ "summary": "Suricata metadata parsing is now vastly improved." },
|
||||||
{ "summary": "Grid interface includes a new Filter search input to filter the visible list of grid nodes to a desired subset. As an example, typing in “sensor” will hide all nodes except those that behave as a sensor."},
|
{ "summary": "If you choose Suricata for metadata parsing, it will now extract files from the network and send them to Strelka. You can add additional mime types <a href='https://github.com/Security-Onion-Solutions/securityonion/blob/dev/salt/idstools/sorules/extraction.rules'>here</a>." },
|
||||||
{ "summary": "The Grid description field can now be customized via the local minion pillar file for each node."},
|
{ "summary": "It is now possible to filter Suricata events from being written to the logs. This is a new Suricata 6 feature. We have included some examples <a href='https://github.com/Security-Onion-Solutions/securityonion/blob/dev/salt/idstools/sorules/filters.rules'>here</a>." },
|
||||||
{ "summary": "SOC will now draw attention to an unhealthy situation within the grid or with the connection between the user’s browser and the manager node. For example, when the Grid has at least one Offline node the SOC interface will show an exclamation mark in front of the browser tab’s title and an exclamation mark next to the Grid menu option in SOC. Additionally, the favicon will show an orange marker in the top-right corner (dynamic favicons not supported in Safari). Additionally, if the user’s web browser is unable to communicate with the manager the unhealth indicators appear along with a message at the top of SOC that states there is a connection problem."},
|
{ "summary": "The Kratos docker container will now perform DNS lookups locally before reaching out to the network DNS provider." },
|
||||||
{ "summary": "Docker has been upgraded to the latest version."},
|
{ "summary": "Network configuration is now more compatible with manually configured OpenVPN or Wireguard VPN interfaces." },
|
||||||
{ "summary": "Docker should be more reliable now as Salt is now managing daemon.json."},
|
{ "summary": "<pre>so-sensor-clean</pre> will no longer spawn multiple instances." },
|
||||||
{ "summary": "You can now install Elastic in a traditional cluster. When setting up the manager select Advanced and follow the prompts. Replicas are controlled in global.sls."},
|
{ "summary": "Suricata eve.json logs will now be cleaned up after 7 days. This can be changed via the pillar setting." },
|
||||||
{ "summary": "You can now use Hot and Warm routing with Elastic in a traditional cluster. You can change the box.type in the minion’s sls file. You will need to create a curator job to re-tag the indexes based on your criteria."},
|
{ "summary": "The automated backup script on the manager now backs up all keys along with the salt configurations. Backup retention is now set to 7 days." },
|
||||||
{ "summary": "Telegraf has been updated to version 1.16.3."},
|
{ "summary": "Strelka logs are now being rotated properly." },
|
||||||
{ "summary": "Grafana has been updated to 7.3.4 to resolve some XSS vulnerabilities."},
|
{ "summary": "Elastalert can now be customized via a pillar." },
|
||||||
{ "summary": "Grafana graphs have been changed to graphs vs guages so alerting can be set up."},
|
{ "summary": "Introduced new script <pre>so-monitor-add</pre> that allows the user to easily add interfaces to the bond for monitoring." },
|
||||||
{ "summary": "Grafana is now completely pillarized, allowing users to customize alerts and making it customizable for email, Slack, etc. See the docs <a href=\"https://securityonion.net/docs/grafana\">here</a>."},
|
{ "summary": "Setup now validates all user input fields to give up-front feedback if an entered value is invalid." },
|
||||||
{ "summary": "Yara rules now should properly install on non-airgap installs. Previously, users had to wait for an automated job to place them in the correct location."},
|
{ "summary": "There have been several changes to improve install reliability. Many install steps have had their validation processes reworked to ensure that required tasks have been completed before moving on to the next step of the install." },
|
||||||
{ "summary": "Strelka backend will not stop itself any more. Previously, its behavior was to shut itself down after fifteen minutes and wait for Salt to restart it to look for work before shutting down again."},
|
{ "summary": "Users are now warned if they try to set <i>securityonion</i> as their hostname." },
|
||||||
{ "summary": "Strelka daily rule updates are now logged to <code>/nsm/strelka/log/yara-update.log</code>"},
|
{ "summary": "The ISO should now identify xvda and nvme devices as install targets." },
|
||||||
{ "summary": "Several changes to the setup script to improve install reliability."},
|
{ "summary": "At the end of the first stage of the ISO setup, the ISO device should properly unmount and eject." },
|
||||||
{ "summary": "Airgap now supports the import node type."},
|
{ "summary": "The text selection of choosing Suricata vs Zeek for metadata is now more descriptive." },
|
||||||
{ "summary": "Custom Zeek file extraction values in the pillar now work properly."},
|
{ "summary": "The logic for properly setting the <pre>LOG_SIZE_LIMIT</pre> variable has been improved." },
|
||||||
{ "summary": "TheHive has been updated to support Elastic 7."},
|
{ "summary": "When installing on Ubuntu, Setup will now wait for cloud init to complete before trying to start the install of packages." },
|
||||||
{ "summary": "Cortex image now includes whois package to correct an issue with the CERTatPassiveDNS analyzer."},
|
{ "summary": "The firewall state runs considerably faster now." },
|
||||||
{ "summary": "Hunt and Alert quick action menu has been refactored into submenus."},
|
{ "summary": "ICMP timestamps are now disabled." },
|
||||||
{ "summary": "New clipboard quick actions now allow for copying fields or entire events to the clipboard."},
|
{ "summary": "Copyright dates on all Security Onion specific files have been updated." },
|
||||||
{ "summary": "PCAP Add Job form now retains previous job details for quickly adding additional jobs. A new Clear button now exists at the bottom of this form to clear out these fields and forget the previous job details."},
|
{ "summary": "<pre>so-tcpreplay</pre> (and indirectly <pre>so-test</pre>) should now work properly." },
|
||||||
{ "summary": "PCAP Add Job form now allows users to perform arbitrary PCAP lookups of imported PCAP data (data imported via the <code>so-import-pcap</code> script)."},
|
{ "summary": "The Zeek packet loss script is now more accurate." },
|
||||||
{ "summary": "Downloads page now allows direct download of Wazuh agents for Linux, Mac, and Windows from the manager, and shows the version of Wazuh and Elastic installed with Security Onion."},
|
{ "summary": "Grafana now includes an estimated EPS graph for events ingested on the manager." },
|
||||||
{ "summary": "PCAP job interface now shows additional job filter criteria when expanding the job filter details."},
|
{ "summary": "Updated Elastalert to release 0.2.4-alt2 based on the <a href='https://github.com/jertel/elastalert'>jertel/elastalert</a> alt branch." },
|
||||||
{ "summary": "Upgraded authentication backend to Kratos 0.5.5."},
|
{ "summary": "Pivots from Alerts/Hunts to action links will properly URI encode values." },
|
||||||
{ "summary": "SOC tables with the “Rows per Page” dropdown no longer show truncated page counts."},
|
{ "summary": "Hunt timeline graph will properly scale the data point interval based on the search date range." },
|
||||||
{ "summary": "Several Hunt errors are now more descriptive, particularly those around malformed queries."},
|
{ "summary": "Grid interface will properly show <i>Search</i> as the node type instead of <i>so-node</i>." },
|
||||||
{ "summary": "SOC Error banner has been improved to avoid showing raw HTML syntax, making connection and server-side errors more readable."},
|
{ "summary": "Import node now supports airgap environments." },
|
||||||
{ "summary": "Hunt and Alerts interfaces will now allow pivoting to PCAP from a group of results if the grouped results contain a network.community_id field."},
|
{ "summary": "The so-mysql container will now show <i>healthy</i> when viewing the docker ps output." },
|
||||||
{ "summary": "New “Correlate” quick action will pivot to a new Hunt search for all events that can be correlated by at least one of various event IDs."},
|
{ "summary": "The Soctopus configuration now uses private IPs instead of public IPs, allowing network communications to succeed within the grid." },
|
||||||
{ "summary": "Fixed bug that caused some Hunt queries to not group correctly without a .keyword suffix. This has been corrected so that the .keyword suffix is no longer necessary on those groupby terms."},
|
{ "summary": "The Correlate action in Hunt now groups the OR filters together to ensure subsequent user-added filters are correctly ANDed to the entire OR group." },
|
||||||
{ "summary": "Fixed issue where PCAP interface loses formatting and color coding when opening multiple PCAP tabs."},
|
{ "summary": "Add support to <pre>so-firewall</pre> script to display existing port groups and host groups." },
|
||||||
{ "summary": "Alerts interface now has a Refresh button that allows users to refresh the current alerts view without refreshing the entire SOC application."},
|
{ "summary": "TheHive initialization during Security Onion setup will now properly check for a running ES instance and will retry connectivity checks to TheHive before proceeding." },
|
||||||
{ "summary": "Hunt and Alerts interfaces now have an auto-refresh dropdown that will automatically refresh the current view at the selected frequency."},
|
{ "summary": "Changes to the <i>.security</i> analyzer yields more accurate query results when using Playbook." },
|
||||||
{ "summary": "The <code>so-elastalert-test</code> script has been refactored to work with Security Onion 2.3."},
|
{ "summary": "Several Hunt queries have been updated." },
|
||||||
{ "summary": "The included Logstash image now includes Kafka plugins."},
|
{ "summary": "The pfSense firewall log parser has been updated to improve compatibility." },
|
||||||
{ "summary": "Wazuh agent registration process has been improved to support slower hardware and networks."},
|
{ "summary": "Kibana dashboard hyperlinks have been updated for faster navigation." }
|
||||||
{ "summary": "An Elasticsearch ingest pipeline has been added for suricata.ftp_data."},
|
|
||||||
{ "summary": "Elasticsearch’s indices.query.bool.max_clause_count value has been increased to accommodate a slightly larger number of fields (1024 -> 1500) when querying using a wildcard."},
|
|
||||||
{ "summary": "On nodes being added to an existing grid, setup will compare the version currently being installed to the manager (>=2.3.20), pull the correct Security Onion version from the manager if there is a mismatch, and run that version."},
|
|
||||||
{ "summary": "Setup will gather any errors found during a failed install into <code>/root/errors.log</code> for easy copy/paste and debugging."},
|
|
||||||
{ "summary": "Selecting Suricata as the metadata engine no longer results in the install failing."},
|
|
||||||
{ "summary": "<code>so-rule-update</code> now accepts arguments to idstools. For example, <code>so-rule-update -f</code> will force idstools to pull rules, ignoring the default 15-minute pull limit."}
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user