Monday, October 23, 2023

Security Onion 2.4 Feature o' the Day - Dynamic Observable Extraction in SOC Cases

Security Onion 2.4 includes lots of new features! SOC Cases now supports dynamic observable extraction! For example, we escalated this alert to a case:


Going to Cases and then the Events tab, we see the escalated alert:

Going to the Observables tab, we see that the IP addresses were automatically extracted as observables:


You can read more about Cases and Observables in our documentation:
https://docs.securityonion.net/en/2.4/cases.html


More Security Onion 2.4 Features

To see other Security Onion 2.4 features, please see our other Feature o' the Day blog posts:
https://blog.securityonion.net/search/label/feature%20o%27%20the%20day


You can also check out our Release Notes:
https://docs.securityonion.net/en/2.4/release-notes.html


Migrating from 2.3 to 2.4

If you're still running Security Onion 2.3, please note that it reaches End Of Life on April 6, 2024:

If you would like to migrate your data from 2.3 to 2.4, you can find an overview of the process at:

No comments:

Search This Blog

Featured Post

New Security Onion Online Training Class - Detection Engineering with Security Onion!

We've just added an exciting new course to our online Security Onion 2.4 training catalog! It's called "Detection Engineering w...

Popular Posts

Blog Archive