Tuesday, December 29, 2020

Security Onion 2 in 2020 and 2021

As 2020 comes to a close, we want to thank you, our community, for your overwhelming response to Security Onion 2! Let’s talk about the journey of Security Onion 2 and the guiding principles that are going to carry us into the first half of 2021.

Since its release in October, Security Onion 2 has seen many improvements in reliability of the install process on a wider scope of hardware and configurations. Taking multiple Linux distributions, multiple kernel versions, and endless hardware configs, then making it all work with a single install script has been a hefty challenge. We have already successfully reduced installation issues and will continue to improve our setup process with every release.

Along with improving the reliability of the install process we have added several features to improve the usefulness of the product. Some of the major features delivered were:

  • Hunt interface specifically designed for threat hunting
  • Alerts module for managing and escalating alerts
  • Grid interface that allows visibility of all nodes in the grid
  • Multiple Elasticsearch clustering options

We have been delivering these features via our regular release cycle, which has been on a monthly cadence since RC1. We plan to keep that same pace in 2021, with the exception of January, when there will be no major feature releases. We will take some time to catch our breath as well as improve some of our testing capabilities. Currently, we dedicate at least a week for testing between feature freeze and production release. Much of this testing is done manually and the more of this that we can automate, the more time we can spend fixing bugs and bringing new features to Security Onion 2.

Here are our first three major feature goals for 2021:

  • bring playbook functionality directly into the Security Onion Console (SOC) web interface
  • bring case management functionality directly into SOC
  • continued improvement of our SOC Grid interface so that you can more easily manage and maintain your sensor grid

These features will not only simplify the user experience, but also reduce overall complexity. In order to accomplish these goals, you will also see us begin to add other features such as Role Based Access Control (RBAC). RBAC has been a highly requested feature and will enable better control of how data is presented to users in SOC. We have some other exciting features in this space which we will add to the roadmap as we finalize the design.

Again, we want to thank the community for your continued support in 2020. Security Onion remains free and open source because of you. Hardware appliances, training, and professional services drive our business and allow us to keep bringing you all these great features. We are really excited for what 2021 will bring! Have a safe and relaxing holiday season and a Happy New Year!


No comments:

Search This Blog

Featured Post

Security Onion 2.4.111 now available!

In October, we released version 2.4.110: https://blog.securityonion.net/2024/10/security-onion-24110-hurricane-helene.html Last week, Surica...

Popular Posts

Blog Archive