Security Onion 2.3.140 is coming soon! Here are a couple of things you should be aware of and potentially prepare for.
As we move from Security Onion 2.3.130 to 2.3.140, the Elastic components will undergo a major version upgrade from version 7 to version 8. Elastic's requirement for upgrading to version 8 is to be on Elastic 7.17.0 or later:
https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-upgrade.html
This means that if you are currently using a version of Security Onion prior to 2.3.110, then you will need to update to Security Onion 2.3.130 before updating to 2.3.140. Failure to do so could result in loss of access to all data stored inside of Elastic and a non-functioning Security Onion installation. Our soup utility should check for applicable versions and advise on the proper method to upgrade appropriately.
If you are currently using a version of Security Onion prior to 2.3.110, then you may want to go ahead and upgrade to 2.3.130 this week to make sure you are ready for 2.3.140:
https://docs.securityonion.net/en/2.3/soup.html
When you do eventually update to Security Onion 2.3.140 or later, Elastalert indices will be deleted to ensure compatibility with Elastic version 8. You don't have to worry about loss of alerts or alert data generated by Playbook as they should remain in their native HIDS/NIDS/Playbook indices. However, if you currently leverage the Elastalert indices for other purposes, you may want to back up the indices to manually review at a later date as needed. This process is not supported or documented, and is left up to the user to perform as needed.
No comments:
Post a Comment