CentOS Stream 9 and other Unsupported Network Installations

In 2023, we announced that only official Security Onion images are supported and that network installations on certain Linux distros was possible but NOT supported:
https://blog.securityonion.net/2023/07/security-onion-24-base-os.html

One of those compatible distros was CentOS Stream 9. Due to recent package changes, CentOS Stream 9 is no longer compatible and has been removed from the network installation list.

As a reminder, network installations are NOT supported. Just because a distro works today does NOT guarantee that it will work in the future. If at some point in the future a distro stops working, then we will simply remove it from the list rather than trying to fix an unsupported distro.

Below is a screenshot of the updated documentation reflecting this. This will be published at https://docs.securityonion.net/en/2.4/network-installation.html as soon as we release Security Onion 2.4.120.

Early bird discount for our next Security Onion training class!

Security Onion for Analysts and Threat Hunters

Virtual - Apr 29-May 2, 2025

Use the following code before Friday February 28, 2025 to get 10% off!

earlybird

For more info and to register:

https://securityonionapr2025.eventbrite.com/

Security Onion 2.4.120 Sneak Peek Video

Security Onion 2.4.120 is coming soon! We just added a video to our YouTube channel that covers some of the highlights! Don't forget to like and subscribe to our YouTube channel!

Coming soon to Security Onion: Local IP Lookups!

Our upcoming Security Onion 2.4.120 release includes a new local IP lookup feature! This allows you to define local descriptions for important IP addresses in your environment. This is useful for IP addresses that don't have a reverse DNS entry or for when you want to override the reverse DNS entry with a custom value. 

When you are viewing IP addresses in Security Onion Console (SOC) with reverse lookups enabled, SOC will check the local mappings first. If it doesn’t find a match, then it will attempt a reverse DNS lookup. The lookup will be displayed to the right of the IP address. For example:

Security Onion 2.4.120 is coming soon!

Coming soon to Security Onion: CyberChef 10.19.4!

 Our upcoming Security Onion 2.4.120 release includes CyberChef 10.19.4!

Security Onion 2.4.120 is coming soon!

Coming soon to Security Onion: Elastic Agent Deployment via MSI!

Our upcoming Security Onion 2.4.120 release includes a new MSI option for deploying the Elastic Agent to your Windows endpoints! 

Security Onion 2.4.120 is coming soon!

Coming soon to Security Onion: ATT&CK Navigator Improvements!

Our upcoming Security Onion 2.4.120 release includes improvements for our ATT&CK Navigator integration! Navigator will now have 4 tabs across the top:

• Detections Coverage - All Detections
• Detections Coverage - Sigma
• Detections Coverage - Suricata
• Alerts (Last 3 Days)

Each tab will highlight coverage based on the title of the tab. Also, there are new pivots called View Related Detections and View Related Alerts that allow you to pivot from Navigator back to Detections and Alerts, respectively.

Security Onion 2.4.120 is coming soon!

Coming soon to Security Onion Pro: External API!

Our upcoming Security Onion 2.4.120 release includes a new feature for Security Onion Pro customers! If you have a valid Pro license, you will be able to connect to the Security Onion API from external API clients. This means that you can create cases, pull PCAPs, or acknowledge alerts using automation!

Coming soon: Zeek 7 and support for more protocols like QUIC, HTTP2, OpenVPN, and IPSEC!

Our upcoming Security Onion 2.4.120 release includes Zeek 7! It also adds support for analyzing more network protocols like QUIC, HTTP2, OpenVPN, and IPSEC!

Coming soon: tune alerts without leaving the Alerts interface!

Our Detections interface makes it easy to tune your rules, but have you ever wanted to tune your rules right from the Alerts interface? 

This will be included in Security Onion 2.4.120 which is coming soon!

Coming soon: AI Summaries in Alerts!

In October, we released Security Onion 2.4.110 and it included a new AI Summary feature in our Detections interface:

https://blog.securityonion.net/2024/10/security-onion-24110-hurricane-helene.html

Over the last few months, we've continued to iterate on that AI Summary feature to make it available in the Alerts interface without having to pivot to Detections!

This will be included in Security Onion 2.4.120 which is coming soon!