Merge pull request #12050 from Security-Onion-Solutions/hotfix/2.4.30

Hotfix/2.4.30
Merge pull request #12051 from Security-Onion-Solutions/jertel/hotfixm
2026-01-23 16:33:29 +01:00 · 2023-12-19 14:37:35 -05:00 · 2023-12-19 13:48:21 -05:00 · 2023-12-19 13:42:13 -05:00 · 2023-12-19 13:10:51 -05:00 · 2023-12-19 13:07:25 -05:00
12 changed files with 87 additions and 20 deletions
--- a/DOWNLOAD_AND_VERIFY_ISO.md
+++ b/DOWNLOAD_AND_VERIFY_ISO.md
@@ -1,18 +1,18 @@
-### 2.4.30-20231113 ISO image released on 2023/11/13
+### 2.4.30-20231219 ISO image released on 2023/12/19



 ### Download and Verify

-2.4.30-20231113 ISO image:  
-https://download.securityonion.net/file/securityonion/securityonion-2.4.30-20231113.iso
+2.4.30-20231219 ISO image:  
+https://download.securityonion.net/file/securityonion/securityonion-2.4.30-20231219.iso
 
-MD5: 15EB5A74782E4C2D5663D29E275839F6  
-SHA1: BBD4A7D77ADDA94B866F1EFED846A83DDFD34D73  
-SHA256: 4509EB8E11DB49C6CD3905C74C5525BDB1F773488002179A846E00DE8E499988  
+MD5: 69DDC559C0ACF44397662B732E70DFF4  
+SHA1: 38344CDEB7AC9A62F33688087FC2577298E9390C  
+SHA256: 05731E767EBC46DA5BAF1D9483EE9D50B354EC3393274743A185F1A0411C4F4C  

 Signature for ISO image:  
-https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.30-20231113.iso.sig
+https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.30-20231219.iso.sig

 Signing key:  
 https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2.4/main/KEYS  
@@ -26,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2.

 Download the signature file for the ISO:  
 ```
-wget https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.30-20231113.iso.sig
+wget https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.30-20231219.iso.sig
 ```

 Download the ISO image:  
 ```
-wget https://download.securityonion.net/file/securityonion/securityonion-2.4.30-20231113.iso
+wget https://download.securityonion.net/file/securityonion/securityonion-2.4.30-20231219.iso
 ```

 Verify the downloaded ISO image using the signature file:  
 ```
-gpg --verify securityonion-2.4.30-20231113.iso.sig securityonion-2.4.30-20231113.iso
+gpg --verify securityonion-2.4.30-20231219.iso.sig securityonion-2.4.30-20231219.iso
 ```

 The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
 ```
-gpg: Signature made Mon 13 Nov 2023 09:23:21 AM EST using RSA key ID FE507013
+gpg: Signature made Mon 18 Dec 2023 05:10:29 PM EST using RSA key ID FE507013
 gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:          There is no indication that the signature belongs to the owner.
--- a/2
+++ b/2
@@ -1 +1 @@
-
+20231204
--- a/salt/ca/files/signing_policies.conf
+++ b/salt/ca/files/signing_policies.conf
@@ -37,7 +37,7 @@ x509_signing_policies:
    - ST: Utah
    - L: Salt Lake City
    - basicConstraints: "critical CA:false"
-    - keyUsage: "critical keyEncipherment"
+    - keyUsage: "critical keyEncipherment digitalSignature"
    - subjectKeyIdentifier: hash
    - authorityKeyIdentifier: keyid,issuer:always
    - extendedKeyUsage: serverAuth
--- a/salt/elasticfleet/files/integrations/grid-nodes_general/import-evtx-logs.json
+++ b/salt/elasticfleet/files/integrations/grid-nodes_general/import-evtx-logs.json
@@ -20,8 +20,8 @@
            ],
            "data_stream.dataset": "import",
            "custom": "",
-	    "processors": "- dissect:\n    tokenizer: \"/nsm/import/%{import.id}/evtx/%{import.file}\"\n    field: \"log.file.path\"\n    target_prefix: \"\"\n- decode_json_fields:\n    fields: [\"message\"]\n    target: \"\"\n- drop_fields:\n    fields: [\"host\"]\n    ignore_missing: true\n- add_fields:\n    target: data_stream\n    fields:\n      type: logs\n      dataset: system.security\n- add_fields:\n    target: event\n    fields:\n      dataset: system.security\n      module: system\n      imported: true\n- add_fields:\n    target: \"@metadata\"\n    fields:\n        pipeline: logs-system.security-1.34.0\n- if:\n    equals:\n      winlog.channel: 'Microsoft-Windows-Sysmon/Operational'\n  then: \n    - add_fields:\n        target: data_stream\n        fields:\n          dataset: windows.sysmon_operational\n    - add_fields:\n        target: event\n        fields:\n          dataset: windows.sysmon_operational\n          module: windows\n          imported: true\n    - add_fields:\n        target: \"@metadata\"\n        fields:\n            pipeline: logs-windows.sysmon_operational-1.24.0\n- if:\n    equals:\n      winlog.channel: 'Application'\n  then: \n    - add_fields:\n        target: data_stream\n        fields:\n          dataset: system.application\n    - add_fields:\n        target: event\n        fields:\n          dataset: system.application\n    - add_fields:\n        target: \"@metadata\"\n        fields:\n            pipeline: logs-system.application-1.34.0\n- if:\n    equals:\n      winlog.channel: 'System'\n  then: \n    - add_fields:\n        target: data_stream\n        fields:\n          dataset: system.system\n    - add_fields:\n        target: event\n        fields:\n          dataset: system.system\n    - add_fields:\n        target: \"@metadata\"\n        fields:\n            pipeline: logs-system.system-1.34.0\n    \n- if:\n    equals:\n      winlog.channel: 'Microsoft-Windows-PowerShell/Operational'\n  then: \n    - add_fields:\n        target: data_stream\n        fields:\n          dataset: windows.powershell_operational\n    - add_fields:\n        target: event\n        fields:\n          dataset: windows.powershell_operational\n          module: windows\n    - add_fields:\n        target: \"@metadata\"\n        fields:\n            pipeline: logs-windows.powershell_operational-1.24.0\n- add_fields:\n    target: data_stream\n    fields:\n        dataset: import",
-	    "tags": [
+            "processors": "- dissect:\n    tokenizer: \"/nsm/import/%{import.id}/evtx/%{import.file}\"\n    field: \"log.file.path\"\n    target_prefix: \"\"\n- decode_json_fields:\n    fields: [\"message\"]\n    target: \"\"\n- drop_fields:\n    fields: [\"host\"]\n    ignore_missing: true\n- add_fields:\n    target: data_stream\n    fields:\n      type: logs\n      dataset: system.security\n- add_fields:\n    target: event\n    fields:\n      dataset: system.security\n      module: system\n      imported: true\n- add_fields:\n    target: \"@metadata\"\n    fields:\n        pipeline: logs-system.security-1.43.0\n- if:\n    equals:\n      winlog.channel: 'Microsoft-Windows-Sysmon/Operational'\n  then: \n    - add_fields:\n        target: data_stream\n        fields:\n          dataset: windows.sysmon_operational\n    - add_fields:\n        target: event\n        fields:\n          dataset: windows.sysmon_operational\n          module: windows\n          imported: true\n    - add_fields:\n        target: \"@metadata\"\n        fields:\n            pipeline: logs-windows.sysmon_operational-1.38.0\n- if:\n    equals:\n      winlog.channel: 'Application'\n  then: \n    - add_fields:\n        target: data_stream\n        fields:\n          dataset: system.application\n    - add_fields:\n        target: event\n        fields:\n          dataset: system.application\n    - add_fields:\n        target: \"@metadata\"\n        fields:\n            pipeline: logs-system.application-1.43.0\n- if:\n    equals:\n      winlog.channel: 'System'\n  then: \n    - add_fields:\n        target: data_stream\n        fields:\n          dataset: system.system\n    - add_fields:\n        target: event\n        fields:\n          dataset: system.system\n    - add_fields:\n        target: \"@metadata\"\n        fields:\n            pipeline: logs-system.system-1.43.0\n    \n- if:\n    equals:\n      winlog.channel: 'Microsoft-Windows-PowerShell/Operational'\n  then: \n    - add_fields:\n        target: data_stream\n        fields:\n          dataset: windows.powershell_operational\n    - add_fields:\n        target: event\n        fields:\n          dataset: windows.powershell_operational\n          module: windows\n    - add_fields:\n        target: \"@metadata\"\n        fields:\n            pipeline: logs-windows.powershell_operational-1.38.0\n- add_fields:\n    target: data_stream\n    fields:\n        dataset: import",
+            "tags": [
              "import"
            ]
          }
--- a/salt/kibana/defaults.yaml
+++ b/salt/kibana/defaults.yaml
@@ -21,8 +21,10 @@ kibana:
        appenders: 
          - default
          - file
+    migrations:
+      discardCorruptObjects: "8.10.4"
    telemetry:
-        enabled: False
+      enabled: False
    security:
      showInsecureClusterWarning: False
    xpack:
--- a/salt/kibana/tools/sbin/so-kibana-api-check
+++ b/salt/kibana/tools/sbin/so-kibana-api-check
@@ -0,0 +1,20 @@
+#!/bin/bash
+#
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+. /usr/sbin/so-common
+
+echo "Checking to make sure that Kibana API is up & ready..."
+RETURN_CODE=0
+wait_for_web_response "http://localhost:5601/api/fleet/settings" "fleet" 300 "curl -K /opt/so/conf/elasticsearch/curl.config"
+RETURN_CODE=$?
+if [[ "$RETURN_CODE" != "0" ]]; then
+    echo "Kibana API not accessible, exiting script..."
+    exit 1
+fi
+
+
+
--- a/salt/manager/tools/sbin/soup
+++ b/salt/manager/tools/sbin/soup
@@ -450,6 +450,16 @@ post_to_2.4.20() {
 post_to_2.4.30() {
  echo "Regenerating Elastic Agent Installers"
  /sbin/so-elastic-agent-gen-installers
+  # there is an occasional error with this state: pki_public_ca_crt: TypeError: list indices must be integers or slices, not str
+  set +e
+  salt-call state.apply ca queue=True
+  set -e
+  stop_salt_minion
+  mv /etc/pki/managerssl.crt /etc/pki/managerssl.crt.old
+  mv /etc/pki/managerssl.key /etc/pki/managerssl.key.old
+  systemctl_func "start" "salt-minion"
+  salt-call state.apply nginx queue=True
+  enable_highstate
  POSTVERSION=2.4.30
 }

@@ -529,6 +539,16 @@ up_to_2.4.20() {
 }

 up_to_2.4.30() {
+
+  # Remove older defend integration json & installed integration
+  rm -f /opt/so/conf/elastic-fleet/integrations/endpoints-initial/elastic-defend-endpoints.json
+
+  . $UPDATE_DIR/salt/elasticfleet/tools/sbin/so-elastic-fleet-common
+  elastic_fleet_integration_remove endpoints-initial elastic-defend-endpoints
+
+  rm -f /opt/so/state/eaintegrations.txt
+
+  # Elastic Update for this release, so download Elastic Agent files
  determine_elastic_agent_upgrade
  rm -f /opt/so/state/estemplates*.txt

@@ -577,7 +597,11 @@ unmount_update() {

 update_airgap_rules() {
  # Copy the rules over to update them for airgap.
-  rsync -av $UPDATE_DIR/agrules/* /nsm/repo/rules/
+  rsync -av $UPDATE_DIR/agrules/suricata/* /nsm/rules/suricata/
+  rsync -av $UPDATE_DIR/agrules/yara/* /nsm/rules/yara/
+  if [ -d /nsm/repo/rules/sigma ]; then
+    rsync -av $UPDATE_DIR/agrules/sigma/* /nsm/repo/rules/sigma/
+  fi
 }

 update_airgap_repo() {
@@ -735,8 +759,27 @@ apply_hotfix() {
    . /usr/sbin/so-elastic-fleet-common
    elastic_fleet_integration_remove endpoints-initial elastic-defend-endpoints
    /usr/sbin/so-elastic-fleet-integration-policy-elastic-defend
-#  elif [[ "$INSTALLEDVERSION" == "2.3.110" ]] ; then
-#    2_3_10_hotfix_1
+  elif [[ "$INSTALLEDVERSION" == "2.4.30" ]] ; then
+    if [[ $is_airgap -eq 0 ]]; then
+      update_airgap_rules
+    fi
+    if [[ -f /etc/pki/managerssl.key.old ]]; then
+      echo "Skipping Certificate Generation"
+    else
+      rm -f /opt/so/conf/elastic-fleet/integrations/endpoints-initial/elastic-defend-endpoints.json
+      so-kibana-restart --force
+      so-kibana-api-check
+      . /usr/sbin/so-elastic-fleet-common
+
+      elastic_fleet_integration_remove endpoints-initial elastic-defend-endpoints
+      rm -f /opt/so/state/eaintegrations.txt
+      salt-call state.apply ca queue=True
+      stop_salt_minion
+      mv /etc/pki/managerssl.crt /etc/pki/managerssl.crt.old
+      mv /etc/pki/managerssl.key /etc/pki/managerssl.key.old
+      systemctl_func "start" "salt-minion"
+      (wait_for_salt_minion "$MINIONID" "5" '/dev/stdout' || fail "Salt minion was not running or ready.") 2>&1 | tee -a "$SOUP_LOG"
+    fi  
  else
   echo "No actions required. ($INSTALLEDVERSION/$HOTFIXVERSION)"
  fi
@@ -843,7 +886,6 @@ main() {
    echo "Hotfix applied"
    update_version
    enable_highstate
-    (wait_for_salt_minion "$MINIONID" "5" '/dev/stdout' || fail "Salt minion was not running or ready.") 2>&1 | tee -a "$SOUP_LOG"
    highstate
  else
    echo ""
--- a/setup/so-verify
+++ b/setup/so-verify
@@ -38,6 +38,8 @@ log_has_errors() {
    # may be requested by dependency only (it is configured to refuse manual start/stop).

    # Command failed with exit code is output during retry loops.
+
+    # "remove failed" is caused by a warning generated by upgrade of libwbclient
    
    grep -E "FAILED|Failed|failed|ERROR|Result: False|Error is not recoverable" "$setup_log" | \
        grep -vE "The Salt Master has cached the public key for this node" | \
@@ -53,6 +55,7 @@ log_has_errors() {
        grep -vE "code: 100" | \
        grep -vE "/nsm/rules/sigma*" | \
        grep -vE "/nsm/rules/yara*" | \
+        grep -vE "remove failed" | \
        grep -vE "Failed to restart snapd" | \
        grep -vE "Login Failed Details" | \
        grep -vE "response from daemon: unauthorized" | \
--- a/sigs/securityonion-2.4.30-20231117.iso.sig
+++ b/sigs/securityonion-2.4.30-20231117.iso.sig
--- a/sigs/securityonion-2.4.30-20231121.iso.sig
+++ b/sigs/securityonion-2.4.30-20231121.iso.sig
--- a/sigs/securityonion-2.4.30-20231204.iso.sig
+++ b/sigs/securityonion-2.4.30-20231204.iso.sig
--- a/sigs/securityonion-2.4.30-20231219.iso.sig
+++ b/sigs/securityonion-2.4.30-20231219.iso.sig
Author	SHA1	Message	Date
Mike Reeves	552e4c0d1c	Merge pull request #12050 from Security-Onion-Solutions/hotfix/2.4.30 Hotfix/2.4.30	2023-12-19 14:37:35 -05:00
Mike Reeves	72fbf386eb	Merge pull request #12051 from Security-Onion-Solutions/jertel/hotfixm Jertel/hotfixm	2023-12-19 13:48:21 -05:00
Jason Ertel	ce8a774129	Merge branch '2.4/main' into jertel/hotfixm	2023-12-19 13:42:13 -05:00
Mike Reeves	cb956fb399	Merge pull request #12049 from Security-Onion-Solutions/2.4.30hf4 2.4.30 hotfix	2023-12-19 13:10:51 -05:00
Mike Reeves	5c34cdd943	2.4.30 hotfix	2023-12-19 13:07:25 -05:00
Mike Reeves	d7bf52de76	Merge pull request #11918 from Security-Onion-Solutions/hotfix/2.4.30 Hotfix/2.4.30	2023-12-06 13:31:33 -05:00
Mike Reeves	b878728882	Merge pull request #11951 from Security-Onion-Solutions/2.4.30hf3 2.4.30 hotfix	2023-12-06 08:36:13 -05:00
Mike Reeves	386e9214fc	2.4.30 hotfix	2023-12-06 08:34:46 -05:00
Mike Reeves	8eaa07a186	Merge pull request #11942 from Security-Onion-Solutions/TOoSmOotH-patch-4 Update soup	2023-12-05 11:26:42 -05:00
Mike Reeves	9446b750c0	Update soup	2023-12-05 11:25:25 -05:00
Mike Reeves	fdd4173632	Update soup	2023-12-05 11:20:56 -05:00
Mike Reeves	b7227e15eb	Merge pull request #11939 from Security-Onion-Solutions/TOoSmOotH-patch-3 Update soup	2023-12-05 10:26:56 -05:00
Mike Reeves	90d9e5b927	Update soup	2023-12-05 10:24:31 -05:00
Mike Reeves	802bf9ce27	Merge pull request #11931 from Security-Onion-Solutions/TOoSmOotH-patch-2 Update soup	2023-12-04 14:00:40 -05:00
Mike Reeves	0b6ba6d2f2	Update soup	2023-12-04 13:51:12 -05:00
Mike Reeves	55a8b1064d	Update soup	2023-12-04 13:36:04 -05:00
Josh Patterson	11a3e12e94	Merge pull request #11929 from Security-Onion-Solutions/hf_soup avoid exiting salt when ca state applied in post for 2.4.30	2023-12-04 11:46:27 -05:00
m0duspwnens	38868af08a	avoid exiting salt when ca state applied in post for 2.4.30	2023-12-04 10:11:38 -05:00
Josh Patterson	ace5dff351	Merge pull request #11923 from Security-Onion-Solutions/hf_soup move wait_for_salt_minion for hotfix	2023-12-01 15:37:35 -05:00
m0duspwnens	265cde5296	move wait_for_salt_minion for hotfix	2023-12-01 15:31:15 -05:00
weslambert	55052c4811	Merge pull request #11919 from Security-Onion-Solutions/fix/remove_curator_changes Remove Curator Changes	2023-12-01 11:15:23 -05:00
Wes	e36044e164	Remove close changes	2023-12-01 16:10:56 +00:00
Wes	6fa4a69753	Remove action changes	2023-12-01 16:10:07 +00:00
Doug Burks	4fc3c852a1	Merge pull request #11890 from chateaulav/chateaulav-import-evtx-logs-11889 Update import-evtx-logs.json	2023-11-30 13:57:59 -05:00
weslambert	32b03f514e	Merge pull request #11907 from Security-Onion-Solutions/fix/curator_close Curator close fixes	2023-11-30 11:05:49 -05:00
Wes	a605c5c62c	Ensure indices managed by ILM can be managed by Curator	2023-11-29 22:13:20 +00:00
Wes	2368e8b793	Fix action file names	2023-11-29 22:06:11 +00:00
weslambert	317b6cb614	Merge pull request #11902 from Security-Onion-Solutions/fix/hotfix_version Update HOTFIX	2023-11-29 17:03:59 -05:00
weslambert	a6d20bdc71	Update HOTFIX	2023-11-29 17:01:29 -05:00
Jonathan Race	ece3c367b5	Update import-evtx-logs.json version updates to match 2.4 release pipelines	2023-11-29 09:20:37 -05:00
Mike Reeves	d3802c1668	Merge pull request #11854 from Security-Onion-Solutions/hotfix/2.4.30 Hotfix/2.4.30	2023-11-21 16:39:40 -05:00
Mike Reeves	874618d512	Merge pull request #11853 from Security-Onion-Solutions/2.4.30hf2 2.4.30 hotfix	2023-11-21 14:32:53 -05:00
Mike Reeves	fa9032b323	2.4.30 hotfix	2023-11-21 14:28:23 -05:00
Mike Reeves	17942676c6	Merge pull request #11844 from Security-Onion-Solutions/TOoSmOotH-patch-5 Update soup	2023-11-21 10:32:24 -05:00
Mike Reeves	458c6de39d	Update soup	2023-11-21 10:30:21 -05:00
Mike Reeves	a39f696a34	Merge pull request #11843 from Security-Onion-Solutions/TOoSmOotH-patch-4 Update soup	2023-11-21 10:19:21 -05:00
Mike Reeves	9aa193af3b	Update soup	2023-11-21 10:18:02 -05:00
Mike Reeves	3f1f256748	Merge pull request #11842 from Security-Onion-Solutions/TOoSmOotH-patch-3 Update HOTFIX	2023-11-21 10:01:13 -05:00
Mike Reeves	c78ea0183f	Update HOTFIX	2023-11-21 09:59:51 -05:00
Mike Reeves	e9417dd437	Merge pull request #11841 from Security-Onion-Solutions/TOoSmOotH-patch-2 Update soup	2023-11-21 09:56:45 -05:00
Mike Reeves	14b5aa476e	Update soup	2023-11-21 09:55:44 -05:00
Mike Reeves	4b0033c60a	Merge pull request #11827 from Security-Onion-Solutions/hotfix/2.4.30 Hotfix 2.4.30	2023-11-20 15:26:16 -05:00
Mike Reeves	c20004c210	Merge pull request #11826 from Security-Onion-Solutions/2.4.30hf 2.4.30 hotfix	2023-11-20 11:35:11 -05:00
Mike Reeves	45dc1ce036	2.4.30 hotfix	2023-11-20 11:32:21 -05:00
Jason Ertel	0cc10fbf80	Merge pull request #11823 from Security-Onion-Solutions/jertel/igwarn ignore libwbclient upgrade warning	2023-11-19 19:46:19 -05:00
Jason Ertel	e71ee97717	ignore libwbclient upgrade warning	2023-11-19 19:03:23 -05:00
Mike Reeves	77d0a7277a	Merge pull request #11818 from Security-Onion-Solutions/TOoSmOotH-patch-2 Update soup	2023-11-17 17:07:54 -05:00
Mike Reeves	2ae87de409	Merge branch 'hotfix/2.4.30' into TOoSmOotH-patch-2	2023-11-17 17:05:11 -05:00
Josh Brower	a69a65c44f	Merge pull request #11819 from Security-Onion-Solutions/hftesting Remove state file	2023-11-17 16:54:08 -05:00
Mike Reeves	d89beefc8c	Update soup	2023-11-17 16:53:11 -05:00
Josh Brower	9c371fc374	Remove state file	2023-11-17 16:52:34 -05:00
Mike Reeves	4fb9cce41c	Update signing_policies.conf	2023-11-17 16:38:50 -05:00
Mike Reeves	e226efa799	Update soup	2023-11-17 16:35:12 -05:00
Josh Brower	82a41894f3	Merge pull request #11817 from Security-Onion-Solutions/hftesting Hftesting	2023-11-17 13:12:06 -05:00
Josh Brower	7aadc3851f	Remove state file	2023-11-17 13:08:15 -05:00
Josh Brower	ca1498fca1	Dont update Defend Integration	2023-11-17 12:19:22 -05:00
Josh Brower	15fc4f2655	Merge pull request #11815 from Security-Onion-Solutions/hftesting use updated code	2023-11-17 11:23:45 -05:00
Josh Brower	089a111ae8	use updated code	2023-11-17 11:20:13 -05:00
Josh Brower	33bd04b797	Merge pull request #11811 from Security-Onion-Solutions/hftesting Move API check logic	2023-11-17 06:02:26 -05:00
Josh Brower	5920a14478	Move API check logic	2023-11-16 20:34:01 -05:00
Josh Brower	3ede19a106	Merge pull request #11808 from Security-Onion-Solutions/2.4/defendhotfix2 Update HOTFIX	2023-11-16 15:25:24 -05:00
weslambert	b6e2df45c7	Update HOTFIX	2023-11-16 14:48:00 -05:00
Josh Brower	af98c8e2da	Merge pull request #11805 from Security-Onion-Solutions/2.4/defendhotfix2 .30 hotfix	2023-11-16 11:42:49 -05:00
Josh Brower	6b8e48c973	Remove highstate	2023-11-16 11:41:20 -05:00
Josh Brower	109ee55d8c	Add to pre for .30 soup	2023-11-16 11:37:38 -05:00
Josh Brower	ff8cd194f1	Make sure kibana API is up	2023-11-16 11:21:34 -05:00
Josh Brower	d5dd0d88ed	.30 hotfix	2023-11-16 10:58:23 -05:00
weslambert	46c5bf40e0	Merge pull request #11804 from Security-Onion-Solutions/fix/kibana_corrupt_integration Discard corrupt integration	2023-11-16 10:49:39 -05:00
Wes	3ed7b36865	Discard corrupt integration	2023-11-16 15:45:38 +00:00