Security Onion: Security Onion 2.3.40 now available!

Last October, we released Security Onion 2.3:
https://blog.securityonion.net/2020/10/security-onion-2-has-reached-general.html

Today, we are releasing Security Onion 2.3.40, which adds new features and resolves a few issues: 
https://docs.securityonion.net/en/2.3/release-notes.html#changes

Elastic 7.11.2

Elastic recently changed their licensing:
https://securityonion.net/elastic-license

Elastic 7.11.2 is available under the Elastic License. You will be prompted to accept the Elastic License for new installations or upgrades.

Accept the Elastic License

Our Elastic integration now uses Elastic Security for encryption. All Elastic communication will be encrypted with TLS/SSL. Enabling HTTPS encryption in Elastic automatically turns on Elastic authentication as well. To maintain the current functionality, we will enable anonymous access to Elasticsearch and Kibana. This anonymous access mimics the access controls of previous versions of Security Onion where access is controlled via the firewall for these services. If you are using any external services that are connecting directly to Elasticsearch on port 9200, then you will need to change those to use HTTPS when you upgrade to Security Onion 2.3.40.

You will also notice changes in Kibana. First, you will see several new menu options that come with the new Elastic License. You will also see in the upper right corner that you are logged in as the user "anonymous". In previous OSS versions of Kibana, you were logged in as anonymous by default, it just didn't display the user in the upper right corner.

Documentation

We've started migrating our documentation to 2.3: 
https://docs.securityonion.net/en/2.3/

However, this is a work in progress and some documentation may be missing or incorrect. Please let us know if you notice any issues.

Known Issues

Please review the Known Issues list:
https://docs.securityonion.net/en/2.3/release-notes.html#known-issues

New Installations

If you want to perform a new installation, please review the 2.3 documentation and then you can find instructions here: 
https://docs.securityonion.net/en/2.3/download.html

Existing 2.3 Installations

If you have an existing Security Onion 2.3 installation, please see: 
https://docs.securityonion.net/en/2.3/soup.html

AWS Marketplace

For new Security Onion 2 installations, version 2.3.40 is now also available on AWS Marketplace via the official Security Onion 2 AMI:
https://securityonion.net/aws/?ref=_ptnr_soc_blog_210323

UPDATE 2021/03/23 2:06 PM Eastern
We've identified an issue with the 2.3.40 AMI that would prevent ssh access after reboot and so we have requested removal from the AWS Marketplace. This issue only affects the AWS AMI and should not affect any other installation method. You can use the 2.3.30 AMI and update via soup.

AMI Documentation:
https://securityonion.net/docs/cloud-ami

Existing Security Onion 2 AMI users should use the "soup" command to upgrade.

Security Onion 16.04 EOL

Ubuntu 16.04 reaches EOL in April 2021 and so therefore Security Onion 16.04 does as well. Please make plans to replace or upgrade any existing Security Onion 16.04 deployments before then: 
https://blog.securityonion.net/2021/03/1-month-eol-notice-for-security-onion.html

Upgrading from Security Onion 16.04

If you're currently running Security Onion 16.04, please see the following for upgrade options: 
https://docs.securityonion.net/en/2.3/appendix.html

Questions or Problems

If you have questions or problems, please see our community support forum guidelines: 
https://docs.securityonion.net/en/2.3/community-support.html

You can then find the community support forum at: 
https://securityonion.net/discuss

Thanks

Lots of love went into this release!

Special thanks to all our folks working so hard to make this release happen!

Josh Brower
Jason Ertel
Wes Lambert
Josh Patterson
Mike Reeves
Bryant Treacle
William Wernert

Training

Need training? Start with our free Security Onion Essentials training and then take a look at some of our other official Security Onion training, including our new Detection Playbook class!

https://securityonion.net/training

Hardware Appliances

We know Security Onion's hardware needs, and our appliances are the perfect match for the platform. Leave the hardware research, testing, and support to us, so you can focus on what's important for your organization. Not only will you have confidence that your Security Onion deployment is running on the best-suited hardware, you will also be supporting future development and maintenance of the Security Onion project!

https://securityonionsolutions.com/hardware

Screenshot Tour

If you want the quickest and easiest way to try out Security Onion 2, just follow the screenshots below to install an Import node and then optionally enable the Analyst Workstation. This can be done in a minimal VM with only 4GB RAM!