Releases: Security-Onion-Solutions/securityonion
Releases · Security-Onion-Solutions/securityonion
2.4.201-20260114
Download the ISO
What's Changed
- 2.4.201 by @TOoSmOotH in #15385
- 2.4.201 by @TOoSmOotH in #15386
Full Changelog: 2.4.200-20251216...2.4.201-20260114
Contributors
TOoSmOotH
Assets 2
2.4.200-20251216
Download the ISO
What's Changed
- managerhype by @m0duspwnens in #14966
- Vlb2 by @m0duspwnens in #14972
- merge with 2.4/dev by @m0duspwnens in #14990
- pass pillar properly by @m0duspwnens in #14994
- Vlb2 by @m0duspwnens in #15015
- Vlb2 by @m0duspwnens in #15056
- only update mine for managerhype during setup by @m0duspwnens in #15061
- update service file, use salt.minion state to update mine_functions by @m0duspwnens in #15065
- set interface for network.ip_addrs for hypervisors by @m0duspwnens in #15066
- Vlb2 by @m0duspwnens in #15067
- Vlb2 by @m0duspwnens in #15076
- Byoh by @m0duspwnens in #15098
- nsm virtual disk and new nsm_total grain by @m0duspwnens in #15122
- bump version by @jertel in #15169
- bump version by @jertel in #15170
- estimate elasticsearch retention by @reyesj2 in #15176
- create libvirt volumes directory by @m0duspwnens in #15181
- add manager role to elasticsearch ingest time spent by @reyesj2 in #15182
- Upgrade Salt 3006.16 by @m0duspwnens in #15185
- Available Models by @coreyogburn in #15188
- Salt 3006.16 by @m0duspwnens in #15193
- move off of cmd.script with args \ by @reyesj2 in #15194
- ensure previous setup outcomes are cleared by @jertel in #15198
- strelka use single master image by @reyesj2 in #15192
- update so-elasticsearch-retention-estimate by @reyesj2 in #15201
- rename forward node -> sensor node by @reyesj2 in #15207
- Update defaults.yaml by @TOoSmOotH in #15209
- Suricata 8.0.2 by @m0duspwnens in #15211
- reduce pcapMaxCount to fit better with max upload size by @jertel in #15213
- add support to so-yaml for using yaml file content for values by @jertel in #15219
- update so-elasticsearch-retention-estimate by @reyesj2 in #15204
- configure salt, then install. update bootstrap-salt. reduce salt install fail timeout by @m0duspwnens in #15223
- CompressContextPrompt by @coreyogburn in #15221
- wait for 200 from registry before proceeding by @m0duspwnens in #15228
- Add Enabled Flag to Models by @coreyogburn in #15229
- pcap annotations by @jertel in #15225
- suricata pipeline updates by @reyesj2 in #15230
- fix so-setup error duplicate bond0 by @reyesj2 in #15231
- rm salt keyring and repo file for deb by @m0duspwnens in #15237
- update zeek pipelines by @reyesj2 in #15234
- communicate to the viewer that OS patches may take some time by @jertel in #15240
- suricata capture file by @reyesj2 in #15244
- Notify user of hypervisor environment setup failures by @m0duspwnens in #15247
- clarify hypervisor annotation by @m0duspwnens in #15248
- use timestamp in volume path to prevent duplicates by @m0duspwnens in #15251
- Add JA4D option to config.zeek.ja4 by @TOoSmOotH in #15271
- add force & certs flag to update fleet certs as needed by @reyesj2 in #15264
- add new so-yaml_test for removefromlist by @m0duspwnens in #15275
- need additional line bw class by @m0duspwnens in #15277
- reserve group ids by @m0duspwnens in #15280
- skip continue prompt if user cannot actually continue by @jertel in #15281
- FEATURE: Advanced ILM actions via SOC UI by @reyesj2 in #15241
- Idstools refactor by @defensivedepth in #15232
- Fixup Airgap by @defensivedepth in #15283
- Make sure local salt dir is created by @defensivedepth in #15284
- be more verbose by @defensivedepth in #15286
- Rework ordering by @defensivedepth in #15287
- match correct custom ruleset name by @defensivedepth in #15290
- Fix custom name by @defensivedepth in #15292
- Remove Claude Sonnet 4 model configuration by @TOoSmOotH in #15293
- small fixes by @defensivedepth in #15297
- Fixup logic by @defensivedepth in #15298
- Update Assistant Models by @TOoSmOotH in #15289
- Rework backup by @defensivedepth in #15301
- Add Airgap check by @defensivedepth in #15303
- fix cleaning repos on remote nodes if airgap by @m0duspwnens in #15304
- Add trailing nl if it doesnt already exist by @defensivedepth in #15308
- Update so-minion by @TOoSmOotH in #15311
Full Changelog: 2.4.190-20251024...2.4.200-20251216
Contributors
defensivedepth, TOoSmOotH, and 4 other contributors
Assets 2
2.4.190-20251024
Download the ISO
What's Changed
- bump version by @jertel in #15044
- Update 2-4.yml by @dougburks in #15045
- add oom check to so-log-check by @reyesj2 in #15051
- rework fleet scripts by @reyesj2 in #15047
- typo by @reyesj2 in #15064
- make sure fleet-default-output is not set as either default output p… by @reyesj2 in #15070
- Updated default investigation prompt by @mc-wright in #15071
- retry kratos pulls since this is the first image to install during setup by @jertel in #15072
- update so-elastic-fleet-setup by @reyesj2 in #15075
- restart registry after upgrading images (in airgap mode) by @jertel in #15080
- fix hypervisor bridge setup by @m0duspwnens in #15082
- less strict exits for fleet configuration by @reyesj2 in #15086
- New field for assistant health check by @coreyogburn in #15087
- Made lowBalanceColorAlert global by @mc-wright in #15091
- updates for wiretap lib by @jertel in #15092
- byoh by @m0duspwnens in #15103
- update logstash fleet output policy by @reyesj2 in #15105
- Filters by @TOoSmOotH in #15114
- UPGRADE: ES 8.18.8 by @reyesj2 in #15111
- support non-async state apply by @jertel in #15118
- ignore error for elastic-fleet agent by @reyesj2 in #15124
- csv delimiter and query name by @jertel in #15127
- missed commit by @jertel in #15130
- allow user to create VMs that mount virtual disk for /nsm. new nsm_total grain by @m0duspwnens in #15137
- Update so-saltstack-update by @m0duspwnens in #15063
- New Config Entries by @coreyogburn in #15142
- event.module elasticsearch by @reyesj2 in #15139
- logstash helpers by @reyesj2 in #15141
- implement host os overhead based on role by @m0duspwnens in #15144
- Should be multiline by @coreyogburn in #15145
- omit new hypervisor state name fp by @m0duspwnens in #15147
- do not log set_timezone in setup by @m0duspwnens in #15148
- update log4j2 policy for ES json output by @reyesj2 in #15151
- log4j2 settings by @reyesj2 in #15153
- add exclusion toggle by @jertel in #15161
- 2.4.190 by @TOoSmOotH in #15166
- 2.4.190 by @TOoSmOotH in #15167
Full Changelog: 2.4.180-20250916...2.4.190-20251024
Contributors
dougburks, TOoSmOotH, and 5 other contributors
Assets 2
2.4.180-20250916
Download the ISO
What's Changed
- hardware virtualization by @m0duspwnens in #14778
- Vlb2 by @m0duspwnens in #14893
- Update VERSION by @TOoSmOotH in #14922
- firewall allow hypervisor for managersearch and standalone by @m0duspwnens in #14925
- Vlb2 by @m0duspwnens in #14930
- profile update by @reyesj2 in #14933
- update pcap permissions when no stenographer user exists by @reyesj2 in #14949
- 180 soup base by @m0duspwnens in #14950
- Ruleset Name UiElement by @coreyogburn in #14956
- rpt by @jertel in #14959
- and nic channel customization by @m0duspwnens in #14971
- enable additional fleetnode state by @reyesj2 in #14957
- only manage bond script if bond0 exists by @m0duspwnens in #14978
- Mikebond by @TOoSmOotH in #14980
- ES 8.18.6 upgrade by @reyesj2 in #14975
- Move EnableReverseLookup by @coreyogburn in #14986
- so-elastic-agent-monitor by @reyesj2 in #14996
- manager do hypervisor things by @m0duspwnens in #14998
- Make it clear that Fleet Nodes will need to be reinstalled by @defensivedepth in #15003
- Cogburn/wip module by @coreyogburn in #14991
- Fix Index Patterns by @coreyogburn in #15008
- fix repo files to remove by @m0duspwnens in #15010
- so-elastic-agent-monitor by @reyesj2 in #15009
- don't show sensoroni config changes by @m0duspwnens in #15011
- add configurable realert threshold per agent by @reyesj2 in #15012
- lower filestream fingerprint length by @reyesj2 in #15019
- suricata metadata index rollover 1d -> 30d by @reyesj2 in #15020
- receiver custom fqdn by @reyesj2 in #15022
- update kafka output policy by @reyesj2 in #15013
- fix analyzers and upgrade deps by @reyesj2 in #15024
- Parsing fix by @defensivedepth in #15025
- zeek dns.resolved_ip by @reyesj2 in #14941
- fix role check by @m0duspwnens in #15026
- agent monitor template & dataset name update by @reyesj2 in #15028
- 8.18.6 agent by @reyesj2 in #15033
- run so-elastic-agent-gen-installers by @reyesj2 in #15034
- fix case of broken kafka output policy when new receiver is added and… by @reyesj2 in #15031
- 2.4.180 by @dougburks in #15040
- Merge pull request #14917 from Security-Onion-Solutions/2.4/dev by @dougburks in #15042
- 2.4.180 by @dougburks in #15043
Full Changelog: 2.4.170-20250812...2.4.180-20250916
Contributors
defensivedepth, dougburks, and 5 other contributors
Assets 2
2.4.170-20250812
Download the ISO
What's Changed
- 2.4/dev by @m0duspwnens in #14200
- Get ready for .160 by @TOoSmOotH in #14614
- improve consistency by @jertel in #14619
- Update soup by @TOoSmOotH in #14621
- Cogburn/playbooks by @coreyogburn in #14623
- logstash isn't running on receivers or manager when kafka is the glob… by @reyesj2 in #14629
- Add RulesetName to Rule Repos by @coreyogburn in #14639
- Add parsing for Playbook by @defensivedepth in #14638
- Tighten parsing by @defensivedepth in #14643
- Backport Hotfix to dev by @jertel in #14651
- use zeek network.community_id when available by @reyesj2 in #14668
- FIX: Improve annotation for Elasticsearch index deletion #14682 by @dougburks in #14683
- FIX: so-suricata-testrule should disable pcap logging #14685 by @dougburks in #14687
- FIX: so-elasticsearch-ilm-start needs shebang #14688 by @dougburks in #14689
- add echo to end of so-elasticsearch-ilm-start and so-elasticsearch-ilm-stop by @dougburks in #14691
- Use Stable branch by @defensivedepth in #14697
- add so-elasticsearch-index-growth by @reyesj2 in #14698
- fix system integration time overwrite and delete unused ingest pipeline by @reyesj2 in #14676
- Updated Playbook Repo Config by @coreyogburn in #14700
- upgrade registry to 3.0.0 by @jertel in #14701
- update to new config location by @jertel in #14711
- enable STS for browser redirects by @jertel in #14714
- Add support for Airgap for Playbooks by @defensivedepth in #14718
- Airgap tweaks by @defensivedepth in #14719
- Supress alerts by @defensivedepth in #14721
- Add nsm bind by @defensivedepth in #14722
- Create dir if needed by @defensivedepth in #14723
- Add support for dns.resolved_ip by @defensivedepth in #14759
- refactor airgap playbook to eliminate dupe code and shrink ISO by @jertel in #14764
- fix logging by @jertel in #14765
- change salt upgrade process by @m0duspwnens in #14770
- Revert "change salt upgrade process" by @m0duspwnens in #14771
- 2.4.160 by @TOoSmOotH in #14772
- 2.4.160 by @TOoSmOotH in #14773
- Update VERSION by @TOoSmOotH in #14775
- soup 2.4.170 by @reyesj2 in #14776
- hardware virtualization by @m0duspwnens in #14784
- allow standalone and managersearch to run salt.cloud state by @m0duspwnens in #14791
- allow libvirt states by @m0duspwnens in #14792
- Refactors playbook repo configuration by @coreyogburn in #14793
- only run storage state if box has nvme by @m0duspwnens in #14800
- ensure hypervisor is remove from salt cloud profiles when key is deleted by @m0duspwnens in #14803
- es 8.18.3 by @reyesj2 in #14813
- Add user.name to kratos query by @defensivedepth in #14816
- es 8.18.3 by @reyesj2 in #14824
- ES 8.18.3 by @reyesj2 in #14825
- check required files exist before loading map file by @reyesj2 in #14827
- exclude component updates indexes with error in the name by @jertel in #14828
- split up bulk install of integrations by @reyesj2 in #14830
- fix typo by @jertel in #14832
- templates with error in name by @reyesj2 in #14833
- kibana listingLimit by @reyesj2 in #14840
- Issues #14836 #14837 #14838 by @dougburks in #14842
- Simplify UniFi dashboards #14838 by @dougburks in #14845
- hosted image. sos hw support by @m0duspwnens in #14848
- ja4 by @reyesj2 in #14850
- ja4 ignore empty strings by @reyesj2 in #14854
- elasticsearch troubleshoot script by @reyesj2 in #14856
- fix incorrect file ownership by @reyesj2 in #14858
- Add JA4 support by @TOoSmOotH in #14860
- don't allow bootstrap-salt to start daemons. splay non manager highstates 120 seconds by @m0duspwnens in #14865
- UPGRADE: Zeek Ethercat plugin #14783 by @dougburks in #14867
- add some retry to so-elastic-fleet-integration-upgrade by @reyesj2 in #14868
- add pack only holding package if installed. remove redundant hold on salt-master package by @m0duspwnens in #14869
- 8.18.4 by @reyesj2 in #14870
- FIX: opencanary startup logs cause ingest error by @reyesj2 in #14871
- update ASN organization name field by @reyesj2 in #14880
- increase so-elasticsearch-roles-load timeout by @reyesj2 in #14883
- only show data nodes in disk usage output by @reyesj2 in #14889
- exclude so_agent_installer dir from config backups by @reyesj2 in #14890
- match user soqemussh, allow user additions to persist, for ssh config. by @m0duspwnens in #14892
- fix hyper bridge setup. simplify cpu/mem regex by @m0duspwnens in #14896
- handle - in hypervisor hostname by @m0duspwnens in #14899
- Vlb2 by @m0duspwnens in #14909
- remove managerhype from whiptail by @m0duspwnens in #14910
- 2.4.170 by @TOoSmOotH in #14916
- 2.4.170 by @TOoSmOotH in #14918
- 2.4.170 by @TOoSmOotH in #14919
- 2.4.170 by @TOoSmOotH in #14917
Full Changelog: 2.4.150-20250522...2.4.170-20250812
Contributors
defensivedepth, dougburks, and 5 other contributors
Assets 2
2.4.160-20250625
Download the ISO
What's Changed
- Get ready for .160 by @TOoSmOotH in #14614
- improve consistency by @jertel in #14619
- Update soup by @TOoSmOotH in #14621
- Cogburn/playbooks by @coreyogburn in #14623
- logstash isn't running on receivers or manager when kafka is the glob… by @reyesj2 in #14629
- Add RulesetName to Rule Repos by @coreyogburn in #14639
- Add parsing for Playbook by @defensivedepth in #14638
- Tighten parsing by @defensivedepth in #14643
- Backport Hotfix to dev by @jertel in #14651
- use zeek network.community_id when available by @reyesj2 in #14668
- FIX: Improve annotation for Elasticsearch index deletion #14682 by @dougburks in #14683
- FIX: so-suricata-testrule should disable pcap logging #14685 by @dougburks in #14687
- FIX: so-elasticsearch-ilm-start needs shebang #14688 by @dougburks in #14689
- add echo to end of so-elasticsearch-ilm-start and so-elasticsearch-ilm-stop by @dougburks in #14691
- Use Stable branch by @defensivedepth in #14697
- add so-elasticsearch-index-growth by @reyesj2 in #14698
- fix system integration time overwrite and delete unused ingest pipeline by @reyesj2 in #14676
- Updated Playbook Repo Config by @coreyogburn in #14700
- upgrade registry to 3.0.0 by @jertel in #14701
- update to new config location by @jertel in #14711
- enable STS for browser redirects by @jertel in #14714
- Add support for Airgap for Playbooks by @defensivedepth in #14718
- Airgap tweaks by @defensivedepth in #14719
- Supress alerts by @defensivedepth in #14721
- Add nsm bind by @defensivedepth in #14722
- Create dir if needed by @defensivedepth in #14723
- Add support for dns.resolved_ip by @defensivedepth in #14759
- refactor airgap playbook to eliminate dupe code and shrink ISO by @jertel in #14764
- fix logging by @jertel in #14765
- change salt upgrade process by @m0duspwnens in #14770
- Revert "change salt upgrade process" by @m0duspwnens in #14771
- 2.4.160 by @TOoSmOotH in #14772
Full Changelog: 2.4.150-20250522...2.4.160-20250615
Contributors
defensivedepth, dougburks, and 5 other contributors
Assets 2
2.4.150-20250522
Download the ISO
What's Changed
- Update HOTFIX by @TOoSmOotH in #14646
- 2.4.150 Hotfix by @TOoSmOotH in #14649
- Hotfix 2.4.150 by @TOoSmOotH in #14650
Full Changelog: 2.4.150-20250512...2.4.150-20250522
Contributors
TOoSmOotH
Assets 2
2.4.150-20250512
Download the ISO
What's Changed
- Update VERSION by @TOoSmOotH in #14440
- soup for 2.4.150 by @m0duspwnens in #14443
- salt-minion service wait for ip on mainint by @m0duspwnens in #14444
- patch x509_v2 state salt issue 66929 by @m0duspwnens in #14453
- prevent manager node type highstate failure from missing network.ip_addrs in mine by @m0duspwnens in #14457
- break out manager from non manager in top by @m0duspwnens in #14463
- heavy node exclude so-import-pcap and so-pcap-import by @m0duspwnens in #14477
- Patchmerge by @TOoSmOotH in #14481
- Update 2-4.yml by @TOoSmOotH in #14482
- Update soup by @TOoSmOotH in #14486
- Add missing scanners and fix forcedType for Strelka SOC UI annotations. Restart Strelka containers on config change. by @m0duspwnens in #14499
- support background actions via config UI by @jertel in #14502
- Extract log level and drop INFO level by @defensivedepth in #14531
- Change timeout to 1s by @defensivedepth in #14530
- Fix comma by @defensivedepth in #14532
- external access to kafka topics via user/pass auth by @reyesj2 in #14528
- ensure the highstate retry runs only once by @m0duspwnens in #14535
- update log rollover configuration by @reyesj2 in #14538
- Run so-rule-update when it changes by @defensivedepth in #14537
- fix kafka delayed initial connection with remote clients on multi-broker deployments by @reyesj2 in #14539
- FIX: Add log.origin.file.line to base templates by @reyesj2 in #14540
- additional grid support by @jertel in #14551
- Support Kratos user.name lookup by @defensivedepth in #14543
- Disable Elasticsearch delete delete by @TOoSmOotH in #14556
- researching install failures by @jertel in #14558
- make homedirs by @reyesj2 in #14560
- Fixem by @m0duspwnens in #14568
- Disable auto-upgrading non-default integrations by @reyesj2 in #14561
- fix storage metrics on stig installs by @reyesj2 in #14569
- Add url_base to the web certificate by @TOoSmOotH in #14575
- excluded harmless log error; suppress so-user grep output by @jertel in #14578
- update analyser deps for py 3.13 by @jertel in #14584
- update deps by @jertel in #14587
- enable the delete on heavynodes by @TOoSmOotH in #14588
- check master status after highstate incase master service restart by @m0duspwnens in #14590
- copy so_agent-installers to nsm for nginx by @m0duspwnens in #14592
- collect es index sizes by @reyesj2 in #14580
- missing globals.is_manager swap by @reyesj2 in #14593
- update default actions for subgrid support by @jertel in #14595
- Show user.name instead of id by @defensivedepth in #14596
- Only upgrade node agents for local stack version by @defensivedepth in #14601
- Update defaults.yaml to replace remaining instances of identity_id with user.name by @dougburks in #14604
- add null check by @reyesj2 in #14603
- more analyzer dep updates by @jertel in #14605
- Regen installers by @defensivedepth in #14607
- fix file permissions for download by @m0duspwnens in #14608
- Cleanup by @defensivedepth in #14609
Full Changelog: 2.4.141-20250331...2.4.150-20250512
Contributors
defensivedepth, dougburks, and 4 other contributors
Assets 2
2.4.141-20250331
Download the ISO
What's Changed
- 2.4.141 by @TOoSmOotH in #14478
- 2.4.141 by @TOoSmOotH in #14479
Full Changelog: 2.4.140-20250324...2.4.141-20250331
Contributors
TOoSmOotH
Assets 2
2.4.140-20250324
Download the ISO
What's Changed
- Update VERSION by @TOoSmOotH in #14375
- update event pipeline annotation by @reyesj2 in #14379
- add zeek file_extraction forcedType for instances where a single line… by @reyesj2 in #14396
- use specified role on new user add by @jertel in #14394
- ldap_search include observer.name by @reyesj2 in #14402
- add no-op soup functions for 2.4.140 by @jertel in #14403
- upgrade salt 3006.10 by @m0duspwnens in #14415
- Update bootstrap-salt.sh by @m0duspwnens in #14413
- add bootstrap-salt to preloaded soup_scripts by @m0duspwnens in #14416
- make string to not drop 0 by @m0duspwnens in #14419
- Salt3006.10 by @m0duspwnens in #14420
- fix SALTVERSION grep to work with or without quote by @m0duspwnens in #14422
- work with quotes in version by @m0duspwnens in #14423
- support pcap imports for sensors in distributed grids by @jertel in #14425
- move pcapoutdir by @m0duspwnens in #14427
- ignore false positives by @jertel in #14428
- FIX: elastic fleet package list get more than 300 results per query by @reyesj2 in #14429
- Remove pcapoutdir by @defensivedepth in #14432
- update mine by @m0duspwnens in #14433
- roll back to 3006.9 but leave prep in place for future upgrades by @m0duspwnens in #14434
Full Changelog: 2.4.130-20250311...2.4.140-20250324
Contributors
defensivedepth, TOoSmOotH, and 3 other contributors