Thursday, May 6, 2021

Security Onion 2.3.50 Hotfix available!

Security Onion Solutions recently announced the release of Security Onion 2.3.50 which brings a ton of great fixes and features to the community. There have been many occasions where we have wanted to deploy small updates to Security Onion 2 but due to how the platform is built this was difficult to do… until now! Today we are announcing the introduction of hotfixes in Security Onion 2. This hotfix (GRIDFIX) addresses the following issues: 

  • Mixed or capital cased grid members will show up properly in the Grid view.
  • SOC will need to be restarted to remove the duplicate entries - so-soc-restart.
  • Raid status for Security Onion Solutions appliances should now properly update.

For those of you who have grids with capabilities to connect to the Internet for updates you can simply run “soup” on the manager and it will automatically apply the latest hotfix. Hotfixes will typically include updates to the salt code and small configuration changes that we want to get out to you without having to do a full release update. Any changes to docker containers will follow our normal release process and the version number will change. You will notice that the version numbers after a hotfix has been applied stays the same. The application of the hotfix is tracked on the manager in the /etc/sohotfix file. For more information, please see our soup documentation:
https://securityonion.net/docs/soup

If you are an airgap user we want you to know we have not forgotten about you. You too will be able to apply hotfixes starting in Security Onion 2.3.60. Users will see a couple of new commands for applying hotfixes. The first command so-airgap-hotfixdownload will be run from a computer with Internet access. This will download the hotfix and drop it into a tarball that you will then need to sneakernet over to your airgapped manager. Once you have copied that sohotfix.tar to a location on the manager you will run so-airgap-hotfixapply /path/to/sohotfix.tar and it will apply the hotfix. For more information, please see our airgap documentation:
https://securityonion.net/docs/airgap

We hope you are as excited as we are for this new functionality and look forward to continuing to bring cool and innovative features to the Security Onion Platform.

Documentation

You can find our documentation here:
https://docs.securityonion.net/en/2.3/

Documentation is always a work in progress and some documentation may be missing or incorrect. Please let us know if you notice any issues.

Known Issues

Please review the Known Issues list:
https://docs.securityonion.net/en/2.3/release-notes.html#known-issues

New Installations

If you want to perform a new installation, please review the 2.3 documentation and then you can find instructions here:

https://docs.securityonion.net/en/2.3/download.html

Existing 2.3 Installations

If you have an existing Security Onion 2.3 installation, please see:

https://docs.securityonion.net/en/2.3/soup.html

AWS Marketplace

For new Security Onion 2 installations, version 2.3.50 is now also available on AWS Marketplace via the official Security Onion 2 AMI:
https://securityonion.net/aws/?ref=_ptnr_soc_blog_210428

AMI Documentation:
https://securityonion.net/docs/cloud-ami

Existing Security Onion 2 AMI users should use the "soup" command to upgrade:
https://docs.securityonion.net/en/2.3/soup.html

Security Onion 16.04 EOL

As a reminder, Security Onion 16.04 has reached End Of Life (EOL):
https://blog.securityonion.net/2021/04/security-onion-1604-has-reached-end-of.html

If you're still running Security Onion 16.04, please see the following for upgrade options:

https://docs.securityonion.net/en/2.3/appendix.html

Questions or Problems

If you have questions or problems, please see our community support forum guidelines:

https://docs.securityonion.net/en/2.3/community-support.html

You can then find the community support forum at:

https://securityonion.net/discuss

Training

Need training? Start with our free Security Onion Essentials training and then take a look at some of our other official Security Onion training, including our new Detection Playbook class!

https://securityonion.net/training

Hardware Appliances

We know Security Onion's hardware needs, and our appliances are the perfect match for the platform. Leave the hardware research, testing, and support to us, so you can focus on what's important for your organization. Not only will you have confidence that your Security Onion deployment is running on the best-suited hardware, you will also be supporting future development and maintenance of the Security Onion project!

https://securityonionsolutions.com/hardware

No comments: