The Security Onion Solutions team has been working hard the past few months to bring some exciting features to the release of Security Onion 2.3.60. As we get closer to this release, we’d like to share some of the major changes that you will notice.
Elastic 7.13.2
We are pleased to announce that Elastic 7.13.2 will be included in the 2.3.60 release. This version of Elastic enables us to utilize some of the newer features in the Elastic stack that will improve the overall user experience.
Elastic Authentication
New installations of Security Onion 2.3.60 will utilize Elastic authentication by default. This will allow you to log into Kibana using your Security Onion Console (SOC) credentials. These credentials are synced between Kibana and SOC.
For existing installations, once you run soup to upgrade to Security Onion 2.3.60, you will then be able to enable Elastic authentication manually. All SOC users are required to change their passwords in order to sync with Kibana, so if users do not change their password they will have access to SOC but will not be able to log into Kibana.
Filebeat Module Support
Starting in Security Onion 2.3.60, we are enabling all Filebeat module pipelines. This will make it much easier for you to send additional log types to Security Onion and get them parsed and indexed properly. We will continue to use the existing Security Onion taxonomy for Zeek, Wazuh, Suricata and osquery logs but will be migrating it in a future release for full Elastic Common Schema (ECS) compliance.
Connectivity Changes
New installations of Security Onion 2.3.60 will not have any anonymous access to Elasticsearch or Kibana. Existing installations will allow anonymous connections until you manually enable Elastic authentication. Once this happens all unauthenticated access will be denied.
ETA
We don't have a specific release date for Security Onion 2.3.60 yet, but we are working as hard as we can to get this release ready. Stay tuned!
No comments:
Post a Comment