We recently released the first Release Candidate version of Security Onion 2.4:
https://blog.securityonion.net/2023/07/security-onion-24-release-candidate-1.html
Today, we are excited to release Security Onion 2.4 Release Candidate 2 (RC2)!
Highlights
A few highlights of this release:
You can now directly add a value from Alerts, Dashboards, or Hunt as an observable to a new or existing case:
https://github.com/Security-Onion-Solutions/securityonion/issues/7992
Security Onion Desktop now includes NetworkMiner:
https://github.com/Security-Onion-Solutions/securityonion/issues/10865
Elastic has been upgraded to 8.8.2:
https://github.com/Security-Onion-Solutions/securityonion/issues/10864
Please review the Release Notes for all other changes in this release:
https://docs.securityonion.net/en/2.4/release-notes.html
Base OS
If you haven't already, please review our recent blog post on our 2.4 base OS changes:
https://blog.securityonion.net/2023/07/security-onion-24-base-os.html
Known Issues
Here are some known issues that should be resolved in later releases:
- You cannot do an in-place upgrade from 2.3 to 2.4. We are still investigating data migration.
- Security Onion Desktop is still considered experimental. It should work when installing from our ISO image but will not work for network installations currently.
- File extraction may not work if you've manually switched from the default of Zeek metadata to Suricata metadata.
In-place Upgrades
If you have an existing installation of 2.4 RC1 (not Beta), then you should be able to update to RC2 via soup. Please be aware of a couple of issues:
- Due to a bug in RC1, you may be prompted to re-run soup up to four times so that it gets fully updated.
- Soup may fail due to a non-critical error while updating Elastic Fleet (more likely with Import or Eval installations).
- If you upgrade an Import or Eval installation and do not have new logs coming in, then you may need to go to Elastic Fleet - Settings - Outputs - so-manager_elasticsearch - Actions and enable both options at the bottom marked "Make this output the default".
- Elastic Agents are not automatically updated.
- If you tried to run soup before this announcement was posted, then you may need to run the following command to remove any old remnants:
sudo rm -f /tmp/supersoup/soup*
For more information about soup, please see:
https://docs.securityonion.net/en/2.4/soup.html
Transition from 2.3 to 2.4
When we release the final version of Security Onion 2.4, we will announce an End Of Life (EOL) date for Security Onion 2.3. Security Onion 2.3 will continue to receive security patches and priority bug fixes until it reaches EOL.
Documentation
You can find 2.4 documentation at:
https://docs.securityonion.net/en/2.4/
Documentation is always a work in progress. If you find documentation that needs to be updated, please let us know as described in the Feedback section below.
Warnings and Disclaimers
- Things may change between this release candidate version and the final GA release.
- Ask your doctor if pre-GA software is right for you.
- If it breaks, you get to keep both pieces!
Enough warnings and disclaimers? Let’s go!
License Reminder
Please be reminded of the license change we posted last year:
https://blog.securityonion.net/2022/08/security-onion-enterprise-features-and.html
Installation
We highly recommend starting with an IMPORT installation as shown at:
https://docs.securityonion.net/en/2.4/first-time-users.html
Once you’re comfortable with your IMPORT installation, then you can move on to more advanced installations as shown at:
https://docs.securityonion.net/en/2.4/architecture.html
Questions, Problems, and Feedback
If you have any questions or problems relating to Security Onion 2.4, please use the new 2.4 category at our Discussions site:
https://github.com/Security-Onion-Solutions/securityonion/discussions/categories/2-4
We welcome your detailed feedback!
Screenshot Tour
If you want the quickest and easiest way to try out Security Onion 2.4, just follow the screenshots below to install an Import node. This can be done in a minimal VM with only 4GB RAM! For more information, please see:
https://docs.securityonion.net/en/2.4/first-time-users.html
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.