Monday, October 23, 2023

Security Onion 2.4 Feature o' the Day - Dynamic Observable Extraction in SOC Cases

Security Onion 2.4 includes lots of new features! SOC Cases now supports dynamic observable extraction! For example, we escalated this alert to a case:


Going to Cases and then the Events tab, we see the escalated alert:

Going to the Observables tab, we see that the IP addresses were automatically extracted as observables:


You can read more about Cases and Observables in our documentation:
https://docs.securityonion.net/en/2.4/cases.html


More Security Onion 2.4 Features

To see other Security Onion 2.4 features, please see our other Feature o' the Day blog posts:
https://blog.securityonion.net/search/label/feature%20o%27%20the%20day


You can also check out our Release Notes:
https://docs.securityonion.net/en/2.4/release-notes.html


Migrating from 2.3 to 2.4

If you're still running Security Onion 2.3, please note that it reaches End Of Life on April 6, 2024:

If you would like to migrate your data from 2.3 to 2.4, you can find an overview of the process at:

No comments:

Search This Blog

Featured Post

Did You Know Security Onion Scales to the Enterprise?

Did you know Security Onion scales to the enterprise? Security Onion is designed to scale from simple standalone deployments all the way up ...

Popular Posts

Blog Archive