We recently released the first Beta version of Security Onion 2.4:
https://blog.securityonion.net/2023/03/security-onion-24-beta-release-now.html
Today, we are excited to release the second Beta version of Security Onion 2.4!
Release Notes
Please review the Release Notes for changes in this release:
https://docs.securityonion.net/en/2.4/release-notes.html#beta-2-20230424-changes
Known Issues
Here are some known issues that should be resolved in later releases:
- You cannot do an in-place upgrade from 2.3 to 2.4. We are still investigating data migration.
- You must perform a new installation of Rocky Linux 9 Minimal and have full Internet access. We hope to have a 2.4 ISO image in a future release.
- Upgrades from this 2.4 Beta release to anything else will not be supported. Starting in RC2 we will support soup to upgrade 2.4 grids.
- Airgap mode is not supported at this time. This is due to a 3rd party dependency but will be supported in RC1.
- Ubuntu 20.04 support is not available until RC1. This has to do with a 3rd party dependency.
- ATT&CK Navigator doesn’t work correctly yet.
- so-import-evtx imports logs but they don't get parsed correctly.
- The following installation modes are NOT supported at this time:
- Heavy Node
- Receiver Node
- Analyst Workstation
Transition from 2.3 to 2.4
When we release the final version of Security Onion 2.4, we will announce an End Of Life (EOL) date for Security Onion 2.3. Security Onion 2.3 will continue to receive security patches and priority bug fixes until it reaches EOL.
Documentation
You can find 2.4 documentation at:
https://docs.securityonion.net/en/2.4/
Documentation is always a work in progress. If you find documentation that needs to be updated, please let us know as described in the Feedback section below.
Warnings and Disclaimers
- This is Beta software. It is not a finished product.
- Beta software is not officially supported for production usage.
- Ask your doctor if Beta software is right for you.
- Using Beta software can cause a disruption in the space time continuum.
- If it breaks, you get to keep both pieces!
Enough warnings and disclaimers? Let’s go!
Installation
Our Security Onion 2.4 ISO image is not quite ready yet so for now you'll need to download Rocky Linux 9 Minimal:
https://download.rockylinux.org/pub/rocky/9/isos/x86_64/Rocky-9.1-x86_64-minimal.iso
Then check the checksum:
https://download.rockylinux.org/pub/rocky/9/isos/x86_64/CHECKSUM
Next, install Rocky Linux 9 and start our Security Onion installation as shown here:
https://docs.securityonion.net/en/2.4/installation.html#installation-on-rocky-linux-or-ubuntu
Once you've installed Rocky Linux 9 Minimal and started our Setup wizard, we highly recommend that you start with a simple IMPORT installation as shown here:
https://docs.securityonion.net/en/2.4/first-time-users.html
Once you have verified proper IMPORT installation, you can then try EVAL, STANDALONE, and DISTRIBUTED deployments as described here:
https://docs.securityonion.net/en/2.4/configuration.html
Questions, Problems, and Feedback
If you have any questions or problems relating to Security Onion 2.4, please use the new 2.4 category at our Discussions site:
https://github.com/Security-Onion-Solutions/securityonion/discussions/categories/2-4
We welcome your detailed feedback!
Screenshot Tour
