Download the ISO
https://download.securityonion.net/file/securityonion/securityonion-2.4.60-20240320.iso
What's Changed
- Cogburn/detection playbooks by @defensivedepth in #12296
- 2.4/dev by @defensivedepth in #12357
- Update VERSION by @TOoSmOotH in #12385
- replace correlate icon to avoid confusion with searcheng.in by @jertel in #12386
- Update soup by @TOoSmOotH in #12348
- add lock threads by @jertel in #12396
- add missing template by @jertel in #12408
- Initial Support for Detections Module by @defensivedepth in #12412
- nest under policy by @m0duspwnens in #12411
- Fix Loss Calculation for Stenographer by @TOoSmOotH in #12416
- convert x to . for soc ui to config by @m0duspwnens in #12423
- Feature/sigma pipeline by @defensivedepth in #12430
- Add Detection AutoUpdate config by @defensivedepth in #12431
- Update pattern for endpoint diagnostic template by @weslambert in #12432
- Add multiple endpoint features by @dougburks in #12434
- Airgap Support - Detections module by @defensivedepth in #12437
- Issue/12391 by @m0duspwnens in #12449
- Roll Suricata logs daily to prevent alerts from being deleted when not meeting size threshold by @weslambert in #12450
- Feature/detections airgap by @defensivedepth in #12456
- Manage the repo files by @TOoSmOotH in #12405
- FIX: EA installers not downloadable from SOC & fix logging by @reyesj2 in #12469
- 2.4/sigma pipeline by @defensivedepth in #12482
- Fix FIM by @defensivedepth in #12487
- Suricata PCAP by @TOoSmOotH in #12271
- fix sensoroni for non sensor by @m0duspwnens in #12497
- Update so-minion by @TOoSmOotH in #12502
- Additional Integrations #5 by @weslambert in #12500
- fix oinkcodes with leading zeros by @jertel in #12507
- fix pcapspace function by @m0duspwnens in #12508
- PCAP annotations by @jertel in #12511
- Add Exclusion toggle by @defensivedepth in #12510
- detections annotations by @jertel in #12514
- Change Factoring for so-minion pcap disk space by @TOoSmOotH in #12513
- Add error.message mapping for system.syslog by @weslambert in #12519
- gracefully handle status check failure on ubuntu by @jertel in #12521
- unswap files by @jertel in #12526
- allow managersearch to receiver redis and 5644 by @m0duspwnens in #12537
- FIX: Update SOC annotations for Stenographer PCAP #12539 by @dougburks in #12540
- Fix Space Free for Steno by @TOoSmOotH in #12527
- Updated RulesRepo for New Strelka Structure by @coreyogburn in #12542
- Update soc_pcap.yaml by @dougburks in #12545
- Run scan against default scap security guide so that resulting score is accurate by @reyesj2 in #12553
- Create local salt directory by @reyesj2 in #12555
- pcap improvements by @jertel in #12544
- auto-convert email addresses to lowercase during setup by @jertel in #12560
- transitional pcap by @m0duspwnens in #12561
- Add yara update back by @defensivedepth in #12563
- 2.4/detections defaults by @defensivedepth in #12565
- Update soc_suricata.yaml by @TOoSmOotH in #12564
- Update so-saltstack-update to use 2.4/main by @TOoSmOotH in #12567
- Gen packages post-SOUP by @defensivedepth in #12576
- remove modules if detections disabled by @m0duspwnens in #12577
- Update init.sls by @m0duspwnens in #12579
- removed unused property by @jertel in #12581
- handle airgap when detections not enabled by @jertel in #12584
- Update soc_suricata.yaml by @TOoSmOotH in #12587
Full Changelog: 2.4.50-20240220...2.4.60-20240320