Merge pull request #15554 from Security-Onion-Solutions/jertel/wip

update repo readme

.github/DISCUSSION_TEMPLATE/2-4.yml

@@ -35,6 +35,7 @@ body:
         - 2.4.200
         - 2.4.201
         - 2.4.210
+        - 3.0.0
         - Other (please provide detail below)
     validations:
       required: true

README.md

@@ -1,50 +1,58 @@
-## Security Onion 2.4
+<p align="center">
+  <img src="https://securityonionsolutions.com/logo/logo-so-onion-dark.svg" width="400" alt="Security Onion Logo">
+</p>
 
-Security Onion 2.4 is here!
+# Security Onion
 
-## Screenshots
+Security Onion is a free and open Linux distribution for threat hunting, enterprise security monitoring, and log management. It includes a comprehensive suite of tools designed to work together to provide visibility into your network and host activity.
 
-Alerts
+## ✨ Features
-![Alerts](https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion-docs/2.4/images/50_alerts.png)
 
-Dashboards
+Security Onion includes everything you need to monitor your network and host systems:
-![Dashboards](https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion-docs/2.4/images/53_dashboards.png)
 
-Hunt
+*   **Security Onion Console (SOC)**: A unified web interface for analyzing security events and managing your grid.
-![Hunt](https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion-docs/2.4/images/56_hunt.png)
+*   **Elastic Stack**: Powerful search backed by Elasticsearch.
+*   **Intrusion Detection**: Network-based IDS with Suricata and host-based monitoring with Elastic Fleet.
+*   **Network Metadata**: Detailed network metadata generated by Zeek or Suricata.
+*   **Full Packet Capture**: Retain and analyze raw network traffic with Suricata PCAP.
 
-Detections
+## ⭐ Security Onion Pro
-![Detections](https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion-docs/2.4/images/57_detections.png)
 
-PCAP
+For organizations and enterprises requiring advanced capabilities, **Security Onion Pro** offers additional features designed for scale and efficiency:
-![PCAP](https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion-docs/2.4/images/62_pcap.png)
 
-Grid
+*   **Onion AI**: Leverage powerful AI-driven insights to accelerate your analysis and investigations.
-![Grid](https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion-docs/2.4/images/75_grid.png)
+*   **Enterprise Features**: Enhanced tools and integrations tailored for enterprise-grade security operations.
 
-Config
+For more information, visit the [Security Onion Pro](https://securityonionsolutions.com/pro) page.
-![Config](https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion-docs/2.4/images/87_config.png)
 
-### Release Notes
+## ☁️ Cloud Deployment
 
-https://securityonion.net/docs/release-notes
+Security Onion is available and ready to deploy in the **AWS**, **Azure**, and **Google Cloud (GCP)** marketplaces.
 
-### Requirements
+## 🚀 Getting Started
 
-https://securityonion.net/docs/hardware
+| Goal | Resource |
+| :--- | :--- |
+| **Download** | [Security Onion ISO](https://securityonion.net/docs/download) |
+| **Requirements** | [Hardware Guide](https://securityonion.net/docs/hardware) |
+| **Install** | [Installation Instructions](https://securityonion.net/docs/installation) |
+| **What's New** | [Release Notes](https://securityonion.net/docs/release-notes) |
 
-### Download
+## 📖 Documentation & Support
 
-https://securityonion.net/docs/download
+For more detailed information, please visit our [Documentation](https://docs.securityonion.net).
 
-### Installation
+*   **FAQ**: [Frequently Asked Questions](https://securityonion.net/docs/faq)
+*   **Community**: [Discussions & Support](https://securityonion.net/docs/community-support)
+*   **Training**: [Official Training](https://securityonion.net/training)
 
-https://securityonion.net/docs/installation
+## 🤝 Contributing
 
-### FAQ
+We welcome contributions! Please see our [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines on how to get involved.
 
-https://securityonion.net/docs/faq
+## 🛡️ License
 
-### Feedback
+Security Onion is licensed under the terms of the license found in the [LICENSE](LICENSE) file.
 
-https://securityonion.net/docs/community-support
+---
+*Built with 🧅 by Security Onion Solutions.*

VERSION

@@ -1 +1 @@
-2.4.210
+3.0.0

salt/nginx/defaults.yaml

@@ -3,6 +3,7 @@ nginx:
   external_suricata: False
   ssl:
     replace_cert: False
+    alt_names: []
   config:
     throttle_login_burst: 12
     throttle_login_rate: 20

salt/nginx/etc/nginx.conf

@@ -60,6 +60,8 @@ http {
     {%- endif %}
 
 	{%- if GLOBALS.is_manager %}
+	{%- set all_names = [GLOBALS.hostname, GLOBALS.url_base] + NGINXMERGED.ssl.alt_names %}
+	{%- set full_server_name = all_names | unique | join(' ') %}
 
 	server {
 		listen 80 default_server;
@@ -69,7 +71,7 @@ http {
 
 	server {
 		listen 8443;
-		server_name {{ GLOBALS.url_base }};
+		server_name {{ full_server_name }};
 		root /opt/socore/html;
 		location /artifacts/ {
 			try_files $uri =206;
@@ -112,7 +114,7 @@ http {
 
 	server {
 		listen 7788;
-		server_name {{ GLOBALS.url_base }};
+		server_name {{ full_server_name }};
 		root /nsm/rules;
 		location / {
 			allow all;
@@ -128,7 +130,7 @@ http {
     server {
         listen 7789 ssl;
 		http2 on;
-        server_name {{ GLOBALS.url_base }};
+        server_name {{ full_server_name }};
         root /surirules;
 
 		add_header 	Content-Security-Policy     "default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: wss:; frame-ancestors 'self'";
@@ -161,7 +163,7 @@ http {
 	server {
 		listen       443 ssl;
 		http2 on;
-		server_name  {{ GLOBALS.url_base }};
+		server_name  {{ full_server_name }};
 		root         /opt/socore/html;
 		index        index.html;
 

salt/nginx/soc_nginx.yaml

@@ -30,6 +30,12 @@ nginx:
       advanced: True
       global: True
       helpLink: nginx.html
+    alt_names:
+      description: Provide a list of alternate names to allow remote systems the ability to refer to the SOC API as another hostname.
+      global: True
+      forcedType: '[]string'
+      multiline: True
+      helpLink: nginx.html
   config:
     throttle_login_burst:
       description: Number of login requests that can burst without triggering request throttling. Higher values allow more repeated login attempts. Values greater than zero are required in order to provide a usable login flow.

salt/nginx/ssl.sls

@@ -49,6 +49,17 @@ managerssl_key:
       - docker_container: so-nginx
 
 # Create a cert for the reverse proxy
+{% set san_list = [GLOBALS.hostname, GLOBALS.node_ip, GLOBALS.url_base] + NGINXMERGED.ssl.alt_names %}
+{% set unique_san_list = san_list | unique %}
+{% set managerssl_san_list = [] %}
+{% for item in unique_san_list %}
+{%   if item | ipaddr %}
+{%     do managerssl_san_list.append("IP:" + item) %}
+{%   else %}
+{%     do managerssl_san_list.append("DNS:" + item) %}
+{%   endif %}
+{% endfor %}
+{% set managerssl_san = managerssl_san_list | join(', ') %}
 managerssl_crt:
   x509.certificate_managed:
     - name: /etc/pki/managerssl.crt
@@ -56,7 +67,7 @@ managerssl_crt:
     - signing_policy: managerssl
     - private_key: /etc/pki/managerssl.key
     - CN: {{ GLOBALS.hostname }}
-    - subjectAltName: "DNS:{{ GLOBALS.hostname }}, IP:{{ GLOBALS.node_ip }}, DNS:{{ GLOBALS.url_base }}" 
+    - subjectAltName: {{ managerssl_san }}
     - days_remaining: 7
     - days_valid: 820
     - backup: True