Tuesday, August 15, 2023

Security Onion 2.4 Has Reached General Availability (GA)!

After more than 12 months of development, 3 Beta releases, and 2 Release Candidates, we are thrilled to announce that Security Onion 2.4 has now reached General Availability (GA)!

About Security Onion

Security Onion is a free and open platform built by defenders for defenders. It includes network visibility, host visibility, intrusion detection honeypots, log management, and case management. 

For network visibility, we offer signature based detection via Suricata, rich protocol metadata and file extraction using your choice of either Zeek or Suricata, full packet capture via Stenographer, and file analysis via Strelka. For host visibility, we offer the Elastic Agent which provides data collection, live queries via osquery, and centralized management using Elastic Fleet. Intrusion detection honeypots based on OpenCanary can be added to your deployment for even more enterprise visibility. All of these logs flow into Elasticsearch and we’ve built our own user interfaces for alerts, dashboards, threat hunting, case management, and grid management. 

Security Onion has been downloaded over 2 million times and is being used by security teams around the world to monitor and defend their enterprises. Our easy-to-use Setup wizard allows you to build a distributed grid for your enterprise in minutes!

Changes from Security Onion 2.3

Over the past year of developing Security Onion 2.4, we've added lots of new features to give you a better experience and make you more efficient and effective!

Changes from Security Onion 2.4 RC2

We recently released Security Onion 2.4 RC2:

We've resolved several issues from 2.4 RC2. To see all changes in this release, please review the Release Notes:

Base OS

If you haven't already, please review our recent blog post on our 2.4 base OS changes:

Known Issues

Here are some known issues that should be resolved in later releases:

  • You cannot do an in-place upgrade from 2.3 to 2.4. We are still investigating data migration.
  • Security Onion Desktop is still considered experimental. It should work when installing from our ISO image but will not work for network installations currently.
  • Importing a PCAP file followed by an EVTX file (or vice versa) fails to ingest logs into Elastic.
  • Heavy Nodes will not ingest Suricata logs due to a permissions issue.
  • so-ip-update, while not an officially supported tool to begin with, has not been given any attention for 2.4 and may not work at all.
  • Some system/OS logs (for example /var/log/secure) logs may not fully ingest, resulting in a pipeline with id [logs-system.syslog-1.6.4] does not exist error.
  • SOC Grid is unable to display EPS production values for sensors.
  • ISO install does not remove NOPASSWD option from sudo configuration.

In-place Upgrades

If you have an existing installation of 2.4 RC1 or RC2 (not Beta), then you should be able to update to GA via soup. You may be prompted to re-run soup multiple times so that it gets fully updated. 

For more information about soup, please see:

Security Onion 2.3 Maintenance Mode and EOL

Since Security Onion 2.4 GA has been released, 2.3 is now officially in maintenance mode. No new features will be added to 2.3. Security Onion 2.3 will only receive security patches and priority bug fixes until it reaches EOL. We will announce Security Onion 2.3 End Of Life (EOL) date soon.


You can find 2.4 documentation at:

Documentation is always a work in progress. If you find documentation that needs to be updated, please let us know as described in the Feedback section below.

License Reminder

Please be reminded of the license change we posted last year:


We highly recommend starting with an IMPORT installation as shown at:

Once you’re comfortable with your IMPORT installation, then you can move on to more advanced installations as shown at:


Lots of love went into this release!

Special thanks to all our folks working so hard to make this release happen!

  • Josh Brower
  • Jason Ertel
  • Wes Lambert
  • Corey Ogburn
  • Josh Patterson
  • Mike Reeves

Questions, Problems, and Feedback

If you have any questions or problems relating to Security Onion 2.4, please use the new 2.4 category at our Discussions site:


Our 10th Annual Security Onion Conference is coming up soon! You don't want to miss great speakers like:

  • Dave Kennedy
  • Wes Lambert
  • Josh Kamdjou
  • Scott Hall
  • Pete Di Giorgio
  • Josh Brower
  • David Bianco
  • Doug Burks

Reserve your seat today! Last day to register is September 29!



Need training? Start with our free Security Onion Essentials training and then take a look at some of our other official Security Onion training including a 4-day class in Augusta GA leading up to Security Onion Conference and BSidesAugusta!


Security Onion Solutions Hardware Appliances

We know Security Onion's hardware needs, and our appliances are the perfect match for the platform. Leave the hardware research, testing, and support to us, so you can focus on what's important for your organization. Not only will you have confidence that your Security Onion deployment is running on the best-suited hardware, you will also be supporting future development and maintenance of the Security Onion project!


Cloud Installations

For new Security Onion 2 installations in the cloud, Security Onion 2.4 will soon be available on the AWS, Azure, and GCP marketplaces!

AWS Marketplace and Documentation:

Azure Marketplace and documentation:

GCP Marketplace and documentation:

Screenshot Tour

If you want the quickest and easiest way to try out Security Onion 2.4, just follow the screenshots below to install an Import node. This can be done in a minimal VM with only 4GB RAM! For more information, please see:


No comments:

Search This Blog

Featured Post

Security Onion 2.4.70 now available including our new Detections interface and much more!

Security Onion 2.4.70 is now available! It includes some new features for our fellow defenders including our new Detections interface to hel...

Popular Posts

Blog Archive