Tuesday, September 3, 2024

Security Onion 2.4.100 Hotfix 20240903 now available!

Last week's 2.4.100 release contained an issue that affects deployments that use Kibana dashboards AND have deployed remote agents to endpoints. Today, we are releasing a hotfix which resolves this issue:

https://docs.securityonion.net/en/2.4/release-notes.html


If you have already updated to 2.4.100 and Kibana is not showing source IP addresses correctly, then you should update to this hotfix using soup:

https://docs.securityonion.net/en/2.4/soup.html


After updating to the hotfix, you may still have indices with incorrect data. If so, you can delete the incorrect indices via the command line as follows.


First, become root:


sudo -i


Next, roll over each of the affected data streams:


for i in logs-system.application-default logs-system.security-default logs-system.system-default; do 

    so-elasticsearch-query $i/_rollover -XPOST

done


Then, delete the previous index for each of the affected data streams:


for i in logs-system.application-default logs-system.security-default logs-system.system-default; do

    INDEX_TO_DELETE=$(so-elasticsearch-query $i | jq -r 'keys[]' | tail -2 | head -1); so-elasticsearch-query $INDEX_TO_DELETE -XDELETE

done


Finally, navigate to Kibana -> Security Onion - Home -> Network dashboard to confirm that source IP addresses now display as expected.


New Installations


If this is your first time installing Security Onion 2.4, then we highly recommend starting with an IMPORT installation as shown at:

https://docs.securityonion.net/en/2.4/first-time-users.html




Once you’re comfortable with your IMPORT installation, then you can move on to more advanced installations as shown at:

https://docs.securityonion.net/en/2.4/architecture.html


Documentation


You can find our online documentation here:

https://docs.securityonion.net/en/2.4/


Documentation is always a work in progress. If you find documentation that needs to be updated, please let us know as described in the Feedback section below.


Questions, Problems, and Feedback


If you have any questions or problems relating to Security Onion 2.4, please use the 2.4 category at our Discussions site:

https://github.com/Security-Onion-Solutions/securityonion/discussions/categories/2-4


Security Onion Pro


We recently celebrated 10 years in business by announcing Security Onion Pro:

https://blog.securityonion.net/2024/07/celebrating-10-years-of-security-onion.html


Security Onion Pro includes many enterprise features that folks have been asking for:


  • Open ID Connect (OIDC)
  • Data at Rest Encryption
  • FIPS for the OS
  • DoD STIG for the OS
  • External Notifications in SOC (this feature got even better in this release!)
  • Time Tracking inside of Cases
  • Guaranteed Message Delivery


You can read more about these enterprise features at:

https://securityonion.com/pro


Training


Need training? Start with our free Security Onion Essentials training and then take a look at some of our other official Security Onion training!

https://securityonion.net/training



Security Onion Solutions Hardware Appliances


We know Security Onion's hardware needs, and our appliances are the perfect match for the platform. Leave the hardware research, testing, and support to us, so you can focus on what's important for your organization. Not only will you have confidence that your Security Onion deployment is running on the best-suited hardware, you will also be supporting future development and maintenance of the Security Onion project!

https://securityonionsolutions.com/hardware



No comments:

Post a Comment

Note: Only a member of this blog may post a comment.