Corrected JSON syntax to avoid a blank Overview screen in SOC; Applied HTML formatting of changes.json summaries for better markup handling.

salt/soc/files/soc/changes.json

@@ -2,10 +2,10 @@
   "title": "Security Onion 2.0.0 RC1 is here!",
   "changes": [
     { "summary": "Re-branded 2.0 to give it a fresh look." },
-    { "summary": "All documentation has moved to https://docs.securityonion.net/en/2.0 " },
+    { "summary": "All documentation has moved to <a target='so-help' href='https://docs.securityonion.net/en/2.0'>https://docs.securityonion.net/en/2.0</a>" },
-    { "summary": "soup is alive! Note: This tool only updates Security Onion components. Please use the built-in OS update process to keep the OS and other components up to date." },
+    { "summary": "<i>soup</i> is alive! Note: This tool only updates Security Onion components. Please use the built-in OS update process to keep the OS and other components up to date." },
-    { "summary": "so-import-pcap is back! See the docs here: http://docs.securityonion.net/en/2.0/so-import-pcap " },
+    { "summary": "<i>so-import-pcap</i> is back! See the docs here: <a target='so-help' href='http://docs.securityonion.net/en/2.0/so-import-pcap'>http://docs.securityonion.net/en/2.0/so-import-pcap</a>." },
-    { "summary": "Fixed issue with so-features-enable." }, 
+    { "summary": "Fixed issue with <i>so-features-enable</i>." }, 
     { "summary": "Users can now pivot to PCAP from Suricata alerts." },
     { "summary": "ISO install now prompts users to create an admin/sudo user instead of using a default account name." },
     { "summary": "The web email & password set during setup is now used to create the initial accounts for TheHive, Cortex, and Fleet." },
@@ -16,25 +16,17 @@
     { "summary": "Users can now easily customize shard counts per index." },
     { "summary": "Improved Elastic ingest parsers including Windows event logs and Sysmon logs shipped with WinLogbeat and Osquery (ECS)." },
     { "summary": "Elastic nodes are now HOT by default, making it easier to add a warm node later." },
-    { "summary": "so-allow now runs at the end of an install so users can enable access right away." },
+    { "summary": "<i>so-allow</i> now runs at the end of an install so users can enable access right away." },
-    { "summary": "Alert severities across Wazuh, Suricata and Playbook (Sigma) have been standardized and copied to `event.severity`:" },
+    { "summary": "Alert severities across Wazuh, Suricata and Playbook (Sigma) have been standardized and copied to <i>event.severity</i>:<ol><li>Low</li><li>Medium</li><li>High</li><li>Critical</li></ol>" },
-    { "summary": "  - 1-Low / 2-Medium / 3-High / 4-Critical." },
+    { "summary": "Initial implementation of alerting queues:<ul><li>Low & Medium alerts are accessible through Kibana & Hunt.</li><li>High & Critical alerts are accessible through Kibana, Hunt and TheHive for immediate analysis.</li><li>ATT&CK Navigator is now a statically-hosted site in the nginx container.</li></ul>" },
-    { "summary": "Initial implementation of alerting queues:" },
+    { "summary": "Playbook updates:<ul><li>All Sigma rules in the community repo (500+) are now imported and kept up to date.</li><li>Initial implementation of automated testing when a Play's detection logic has been edited (i.e., Unit Testing).</li><li>Updated UI Theme.</li><li>Once authenticated through SOC, users can now access Playbook with analyst permissions without login.</li></ul>" },
-    { "summary": "  - Low & Medium alerts are accessible through Kibana & Hunt." },
+    { "summary": "Kolide Launcher has been updated to include the ability to pass arbitrary flags. This new functionality was sponsored by SOS." },
-    { "summary": "  - High & Critical alerts are accessible through Kibana, Hunt and sent to TheHive for immediate analysis." },
-    { "summary": "  - ATT&CK Navigator is now a statically-hosted site in the nginx container." },
-    { "summary": "Playbook:" },
-    { "summary": "  - All Sigma rules in the community repo (500+) are now imported and kept up to date." },
-    { "summary": "  - Initial implementation of automated testing when a Play's detection logic has been edited (i.e., Unit Testing)." },
-    { "summary": "  - Updated UI Theme." },
-    { "summary": "  - Once authenticated through SOC, users can now access Playbook with analyst permissions without login." },
-    { "summary": "Kolide Launcher has been updated to include the ability to pass arbitrary flags. - New functionality sponsored by SOS." },
     { "summary": "Fixed issue with Wazuh authd registration service port not being correctly exposed." },
-    { "summary": "Added option for exposure of Elasticsearch REST API (port 9200) to so-allow for easier external querying/integration with other tools." },
+    { "summary": "Added option for exposure of Elasticsearch REST API (port 9200) to <i>so-allow</i> for easier external querying/integration with other tools." },
-    { "summary": "Added option to so-allow for external Strelka file uploads (e.g., via strelka-fileshot)." },
+    { "summary": "Added option to <i>so-allow</i> for external Strelka file uploads (e.g., via strelka-fileshot)." },
-    { "summary": "Added default YARA rules for Strelka -  Default rules are maintained by Florian Roth and pulled from https://github.com/Neo23x0/signature-base" },
+    { "summary": "Added default YARA rules for Strelka. Default rules are maintained by Florian Roth and pulled from <a href='https://github.com/Neo23x0/signature-base'>https://github.com/Neo23x0/signature-base</a>." },
     { "summary": "Added the ability to use custom Zeek scripts." },
-    { "summary": "Renamed \"master server\" to \"manager node\"." },
+    { "summary": "Renamed <i>master server</i> to <i>manager node</i>." },
-    { "summary": "Improved unification of Zeek and Strelka file data." },
+    { "summary": "Improved unification of Zeek and Strelka file data." }
   ]
 }