Security-Onion-Solutions/securityonion 2.4.120-20250212

on GitHub

Download the ISO

https://github.com/Security-Onion-Solutions/securityonion/blob/69be367acf9e5e1fe717f53b0f16c4a58b47bfe2/DOWNLOAD_AND_VERIFY_ISO.md

What's Changed

• Update VERSION by @TOoSmOotH in #13780
• Add 2.4.120 for next release by @dougburks in #13783
• main to dev by @jertel in #13798
• Issue/13808 by @m0duspwnens in #13825
• Changes to allow reviews to start showing by @coreyogburn in #13826
• FEATURE: add support for trend micro integrations by @reyesj2 in #13834
• Issue/204 by @m0duspwnens in #13836
• Add support for cybereason integration by @reyesj2 in #13841
• prevent state from failing if versionlock plugin not installed by @m0duspwnens in #13842
• Revert "Add support for cybereason integration" by @reyesj2 in #13849
• fix HELD for debian families by @m0duspwnens in #13855
• install createrepo for airgap by @m0duspwnens in #13853
• call airgap_rules if airgap. log rsync and git commands by @m0duspwnens in #13859
• Issue/13851 by @m0duspwnens in #13863
• Cogburn/detection status hunt by @coreyogburn in #13800
• Tuning Notes by @coreyogburn in #13873
• Add process and file creation mappings by @defensivedepth in #13832
• Initial support for local lookup by @defensivedepth in #13877
• add so-ip-mappings index by @reyesj2 in #13882
• rm eaintegration state file by @defensivedepth in #13887
• 2.4/lookuprev2 by @defensivedepth in #13883
• timestamp fix by @defensivedepth in #13890
• setup use new salt repo by @m0duspwnens in #13900
• Cogburn/ignored sids by @coreyogburn in #13904
• fix crowdstrike integration by @reyesj2 in #13912
• Add local custom template by @defensivedepth in #13879
• Source Dates by @coreyogburn in #13915
• Fix permissions by @defensivedepth in #13920
• only enable repo sync cron if OEL by @m0duspwnens in #13921
• Connect API by @jertel in #13923
• upodate saltbootstrap by @m0duspwnens in #13927
• ensure roles file exists since no longer syncing clients to es by @jertel in #13930
• add ilm and update managed index settings by @reyesj2 in #13933
• correction to ilm policy name by @reyesj2 in #13935
• add http2 by @reyesj2 in #13943
• 2.4/dev by @reyesj2 in #13945
• update bootstrap-salt by @m0duspwnens in #13944
• Zeek 7 w/ http2 by @reyesj2 in #13946
• Connect API upgrades by @jertel in #13953
• additional integrations by @reyesj2 in #13951
• revert prev commit by @jertel in #13954
• soup corrections by @jertel in #13955
• ignore fp from hydra by @jertel in #13956
• Add Annotations to Existing Detections Options by @coreyogburn in #13961
• MFA issuer name shouldn't be an advanced setting by @jertel in #13966
• More flexibility for AutoEnable Sigma rules by @defensivedepth in #13958
• add missing ilm to latest integrations by @reyesj2 in #13981
• Generate MSI by @defensivedepth in #13989
• fix path by @defensivedepth in #13995
• file extract zeek v7 by @reyesj2 in #14004
• add openvpn & ipsec support to Zeek by @reyesj2 in #14001
• Fix port bind for managing external suricata ruleset by @TOoSmOotH in #14016
• Merge in 2.4.111 by @TOoSmOotH in #14036
• Update 2-4.yml by @TOoSmOotH in #14038
• Fix Discussions Dropdown by @TOoSmOotH in #14039
• add ti_opencti integration support by @reyesj2 in #14041
• cloud installs should use the local docker registry data by @jertel in #14043
• Update soup by @TOoSmOotH in #14046
• Refactor pipeline for hash changes by @defensivedepth in #14048
• zeek quic support by @reyesj2 in #14060
• invalidate user sessions when an admin changes the user's password by @jertel in #14077
• Refactor Navigator for Detections by @defensivedepth in #14013
• add zeek.quic mappings by @reyesj2 in #14089
• Refactor Navigator Airgap by @defensivedepth in #14091
• Fix folder perm by @defensivedepth in #14102
• Additional Zeek parsing & cloudflare_logpush integration by @reyesj2 in #14105
• update http query by @reyesj2 in #14111
• update global@custom by @reyesj2 in #14116
• Additional web security measures by @jertel in #14123
• keep imported data in logs-import-so index by @reyesj2 in #14124
• fix issue with first-time api client permission toggling by @jertel in #14140
• env discovery.type single-node change by @m0duspwnens in #14161
• Update so-functions by @TOoSmOotH in #14162
• Fix ip-mappings ILM by @defensivedepth in #14179
• New Limit on Bulk Creating Related Events by @coreyogburn in #14183
• Rework for MSI by @defensivedepth in #14189
• Refresh Agent installers by @defensivedepth in #14190
• ca download; ignore shard errors on startup; clarify oidc id by @jertel in #14191
• fix defining custom logstash pipelines when kafka is enabled by @reyesj2 in #14203
• zeek.software typo by @reyesj2 in #14206
• 2.4.120 by @TOoSmOotH in #14218
• Merge Conflict Fix by @TOoSmOotH in #14220
• 2.4.120 by @TOoSmOotH in #14219

Full Changelog: 2.4.111-20241217...2.4.120-20250212