Monday, October 23, 2023

Security Onion 2.4 Feature o' the Day - Dynamic Observable Extraction in SOC Cases

Security Onion 2.4 includes lots of new features! SOC Cases now supports dynamic observable extraction! For example, we escalated this alert to a case:


Going to Cases and then the Events tab, we see the escalated alert:

Going to the Observables tab, we see that the IP addresses were automatically extracted as observables:


You can read more about Cases and Observables in our documentation:
https://docs.securityonion.net/en/2.4/cases.html


More Security Onion 2.4 Features

To see other Security Onion 2.4 features, please see our other Feature o' the Day blog posts:
https://blog.securityonion.net/search/label/feature%20o%27%20the%20day


You can also check out our Release Notes:
https://docs.securityonion.net/en/2.4/release-notes.html


Migrating from 2.3 to 2.4

If you're still running Security Onion 2.3, please note that it reaches End Of Life on April 6, 2024:

If you would like to migrate your data from 2.3 to 2.4, you can find an overview of the process at:

No comments:

Search This Blog

Featured Post

State of the Onion 2024

We usually have our State of the Onion at the annual Security Onion Conference, but we had to cancel the conference due to Hurricane Helene ...

Popular Posts

Blog Archive