Monday, August 21, 2023

Security Onion 2.4.10 Hotfix 20230821 Now Available!

We recently released Security Onion 2.4.10 (2.4 GA):

Today, we are releasing a hotfix which resolves a few issues:

New Installations

If you want to perform a new installation, please review the documentation and then you can find instructions here:

Existing 2.4 Installations

If you have an existing installation of 2.4, then you should update to this hotfix. If your 2.4 installation is RC or GA (not Beta), then you can run soup to update.

If you are upgrading an Import node and have already imported a pcap or evtx file, then you may need to delete the import data stream for all imports to work correctly. You can either run the following command:
sudo so-elasticsearch-query _data_stream/logs-import-so -XDELETE

OR you can clear Elastic altogether with the following command:
sudo so-elastic-clear -d -y

In many cases, Import nodes are only temporary anyway, so you may just want to perform a fresh installation.

For more information about the update process, please see:

Known Issues

Here are some known issues that should be resolved in later releases:

  • You cannot do an in-place upgrade from 2.3 to 2.4. We are still investigating data migration.
  • Security Onion Desktop is still considered experimental. It should work when installing from our ISO image but will not work for network installations currently.
  • so-ip-update, while not an officially supported tool to begin with, has not been given any attention for 2.4 and may not work at all.
  • SOC Grid is unable to display EPS production values for sensors.
  • ISO install does not remove NOPASSWD option from sudo configuration.

Questions, Problems, and Feedback

If you have any questions or problems relating to Security Onion 2.4, please use the new 2.4 category at our Discussions site:


Our 10th Annual Security Onion Conference is coming up soon! You don't want to miss great speakers like:

  • Dave Kennedy
  • Wes Lambert
  • Josh Kamdjou
  • Scott Hall
  • Pete Di Giorgio
  • Josh Brower
  • David Bianco
  • Doug Burks

Reserve your seat today! Last day to register is September 29!


Do you want to deploy the new Security Onion 2.4 to your enterprise but need training? 

Our first 4-day public training class on Security Onion 2.4 will be in beautiful Augusta GA as part of Augusta Cyber Week! 

The class is at a very special price AND you get a free ticket to BOTH Security Onion Conference AND BSidesAugusta!

For more information, please see:

Security Onion Solutions Hardware Appliances

We know Security Onion's hardware needs, and our appliances are the perfect match for the platform. Leave the hardware research, testing, and support to us, so you can focus on what's important for your organization. Not only will you have confidence that your Security Onion deployment is running on the best-suited hardware, you will also be supporting future development and maintenance of the Security Onion project!

No comments:

Search This Blog

Featured Post

Top 5 Reasons to Sign Up for our 4-day Security Onion Fundamentals for Analysts & Admins Class in June 2024

Security Onion Solutions has been teaching Security Onion classes since 2014. Since that time, we've taught students around the globe to...

Popular Posts

Blog Archive