Wednesday, July 12, 2023

Security Onion 2.4 Beta 4 Release Now Available!

We recently released the third Beta version of Security Onion 2.4:
https://blog.securityonion.net/2023/06/security-onion-24-beta-3-release-now.html

Today, we are excited to release the fourth Beta (Beta 4) version of Security Onion 2.4!

One of the new features in this release is the ability to upload PCAP and EVTX files right in Security Onion Console (SOC)! When you go to the Grid page, you can select a node in your deployment. If the node is a network sensor or import node, then there will be an icon in the Node Status section for uploading your own PCAP or EVTX file. 


Clicking this upload icon results in an upload form. Once you’ve selected a file and initiated the upload, a status message appears. Uploaded PCAP files are automatically imported via so-import-pcap and EVTX files are automatically imported via so-import-evtx. Only one file can be imported at a time, so upload will be disabled until import is complete. Once the import is complete, a message will appear containing a hyperlink to view the logs from the import.

We also added a new passwordless login option using the WebAuthn standard. You can read more about this at https://docs.securityonion.net/en/2.4/passwords.html#passwordless-logins-to-soc.


Finally, we've implemented lots of fixes to improve feature parity with 2.3 and overall user experience.

Release Notes

Please review the Release Notes for changes in this release:
https://docs.securityonion.net/en/2.4/release-notes.html

Red Hat, Rocky Linux, and Security Onion

For background, please see https://blog.securityonion.net/2023/06/red-hat-rocky-linux-and-security-onion.html. For this release, our ISO image is still based on Rocky Linux. We are continuing to monitor this situation and will provide updates as necessary.

Known Issues

Here are some known issues that should be resolved in later releases:

  • You cannot do an in-place upgrade from 2.3 to 2.4. We are still investigating data migration.
  • Upgrades from this 2.4 Beta release to anything else will not be supported. Starting in RC2 we will support soup to upgrade 2.4 grids.
  • ATT&CK Navigator doesn’t work correctly yet.
  • The following installation modes are NOT fully tested at this time:
    • Heavy Node
    • Receiver Node
    • Analyst Workstation

Transition from 2.3 to 2.4

When we release the final version of Security Onion 2.4, we will announce an End Of Life (EOL) date for Security Onion 2.3. Security Onion 2.3 will continue to receive security patches and priority bug fixes until it reaches EOL.

Documentation

You can find 2.4 documentation at:
https://docs.securityonion.net/en/2.4/

Documentation is always a work in progress. If you find documentation that needs to be updated, please let us know as described in the Feedback section below.

Warnings and Disclaimers

  • Things may change between this beta version and the final release.
  • Ask your doctor if beta software is right for you.
  • If it breaks, you get to keep both pieces!

Enough warnings and disclaimers? Let’s go!

License Reminder

Please be reminded of the license change we posted last year:
https://blog.securityonion.net/2022/08/security-onion-enterprise-features-and.html

Installation

We highly recommend starting with an IMPORT installation as shown at:
https://docs.securityonion.net/en/2.4/first-time-users.html

Once you’re comfortable with your IMPORT installation, then you can move on to more advanced installations.

Questions, Problems, and Feedback

If you have any questions or problems relating to Security Onion 2.4, please use the new 2.4 category at our Discussions site:
https://github.com/Security-Onion-Solutions/securityonion/discussions/categories/2-4

We welcome your detailed feedback!

Screenshot Tour

If you want the quickest and easiest way to try out Security Onion 2.4, just follow the screenshots below to install an Import node. This can be done in a minimal VM with only 4GB RAM! For more information, please see:

https://docs.securityonion.net/en/2.4/first-time-users.html














































No comments:

Post a Comment

Note: Only a member of this blog may post a comment.