Security-Onion-Solutions/securityonion 3.0.0-20260331

on GitHub

Download the ISO

https://github.com/Security-Onion-Solutions/securityonion/blob/434a2e7866b7a6f7379b47b88749f6850baef581/DOWNLOAD_AND_VERIFY_ISO.md

What's Changed

• Update VERSION by @TOoSmOotH in #15320
• Un-Advanced Assistant ApiUrl by @coreyogburn in #15323
• expose login form lifespan in config scr by @jertel in #15347
• update kratos index template by @reyesj2 in #15353
• exempt kratos online check by @jertel in #15358
• suppress config diffs to avoid false positive errors by @jertel in #15359
• Assistant: Session Report Template by @mc-wright in #15355
• ES 9.0.8 by @reyesj2 in #15363
• Case Report Update for AI Session Attachments by @mc-wright in #15367
• Add version 2.4.201 to discussion template by @jertel in #15389
• Fixmerge201210 by @m0duspwnens in #15390
• 2.4.201 into dev by @TOoSmOotH in #15387
• follow symlinks for docker cp by @reyesj2 in #15391
• add additional retries within scripts before salt re-runs the entire … by @reyesj2 in #15393
• remove usage of deprecated 'logs' integration in favor of 'filestream' by @reyesj2 in #15394
• Fstes by @m0duspwnens in #15397
• break out ssl state by @m0duspwnens in #15400
• allow logstash.ssl for eval and import. fix soup create_ca_pillar by @m0duspwnens in #15402
• create dir if nonexistent by @m0duspwnens in #15405
• reinstall agent on grid nodes when service wasn't cleanly removed. eg… by @reyesj2 in #15404
• fix include by @m0duspwnens in #15406
• more better by @reyesj2 in #15407
• fix kafka state by @reyesj2 in #15408
• fix auto soup - check for compatible versions and fallback to a known… by @reyesj2 in #15410
• add retries to so-resources repo pull by @reyesj2 in #15411
• missing updates to variables by @reyesj2 in #15412
• ignore kratos file mapping error by @reyesj2 in #15414
• exclude known error by @reyesj2 in #15420
• update redis log file path by @reyesj2 in #15424
• update heavynode's elastic-agent standalone policy by @reyesj2 in #15418
• include all so-grid-nodes_* policies in automatic EA upgrades by @reyesj2 in #15435
• run fleet ssl state in fleet.config to ensure all required certs are … by @reyesj2 in #15436
• ensure exclude_files excludes log rotation pattern by @reyesj2 in #15438
• Change version from 2.4.201 to UNRELEASED by @TOoSmOotH in #15440
• initialize specific indices as needed by @reyesj2 in #15442
• use logstash merged values for logstash metric collection by @reyesj2 in #15447
• keep logsdb disabled by @reyesj2 in #15448
• Cogburn/gemini by @coreyogburn in #15443
• allow network installs to use ISO for faster soupin by @reyesj2 in #15465
• don't set is_airgap when using nonairgap_useiso: not a true airgap sy… by @reyesj2 in #15468
• default roles by @jertel in #15472
• Remove QWEN 235B model from defaults.yaml by @TOoSmOotH in #15473
• clarify url_base description by @jertel in #15482
• Config Tweaks for AI by @coreyogburn in #15481
• Upgrade Salt 3006.19 by @m0duspwnens in #15491
• fix sensor and heavynode first highstate failure by @m0duspwnens in #15494
• Revert "don't set is_airgap when using nonairgap_useiso: not a true airgap sy…" by @reyesj2 in #15496
• Revert "allow network installs to use ISO for faster soupin" by @reyesj2 in #15497
• Assistant: Investigated Query Toggle Filter by @mc-wright in #15492
• upgrade docker by @m0duspwnens in #15500
• Add OpenAI Protocols by @coreyogburn in #15501
• rework autosoup for intermediate upgrades by @reyesj2 in #15499
• upgrade docker by @m0duspwnens in #15506
• healthTimeoutSeconds should be an int by @coreyogburn in #15507
• upgrade docker by @m0duspwnens in #15509
• New so-yaml.py Functions for Gemini Cypress Test Support by @mc-wright in #15505
• upgrade docker by @m0duspwnens in #15510
• migrate managed_integrations pillar by @reyesj2 in #15503
• upgrade analyzer deps by @reyesj2 in #15511
• fix consecutive comments by @m0duspwnens in #15513
• fix soup failure if salt-relay isn't running by @m0duspwnens in #15519
• Add Support for upgrading to 3.0 by @TOoSmOotH in #15517
• Rename model ID from 'sonnet-4.5' to 'sonnet' by @TOoSmOotH in #15522
• fix field conflicts by @reyesj2 in #15524
• fix suricata filestream dataset by @reyesj2 in #15523
• fix agentstatus script by @reyesj2 in #15525
• do not allow auth redirection to login page or home page; that serves… by @jertel in #15526
• exclude transient ghcr.io network errors since it retries during setup by @jertel in #15532
• Cleanup idstools by @defensivedepth in #15531
• restart salt minion before failing if not ready by @m0duspwnens in #15534
• prevent caching of main doc to ensure logged out detection is processed by @jertel in #15535
• Move rm to post by @defensivedepth in #15536
• prepare for nextgen docs by @jertel in #15539
• 2.4.210 by @TOoSmOotH in #15541
• 2.4.210 by @TOoSmOotH in #15542
• 3/dev merge fix by @TOoSmOotH in #15544
• 3/dev by @TOoSmOotH in #15543
• Add version 3.0.0 to discussion template by @TOoSmOotH in #15545
• Support additional alt names in web cert by @m0duspwnens in #15555
• update repo readme by @jertel in #15554
• update 2.4 references to 3 by @jertel in #15556
• remove steno by @jertel in #15563
• pcapout still used for extracts by @jertel in #15566
• Update so-suricata-testrule for idstools removal by @defensivedepth in #15572
• Refactor upgrade functions and version checks by @TOoSmOotH in #15567
• cleanup steno. sensor run pcap.cleanup by @m0duspwnens in #15575
• set container ulimits to default by @m0duspwnens in #15594
• remove 10T virtual disk limit. URL_BASE to vm hosts file by @m0duspwnens in #15591
• Add version 2.4.211 to discussion template by @TOoSmOotH in #15599
• Remove version 3.0.0 from 2.4 discussion template by @dougburks in #15603
• Update version check to include 2.4.211 by @TOoSmOotH in #15595
• pcap cleanup state. enable/disable pcap for suricata in soc by @m0duspwnens in #15574
• Improve soup version checks and migrate pcap to suricata by @TOoSmOotH in #15608
• Moresoup by @TOoSmOotH in #15609
• API errors will no longer redirect by @jertel in #15612
• initialize pcap-log by @m0duspwnens in #15615
• forcedType bool by @m0duspwnens in #15618
• Remove support for non-Oracle Linux 9 operating systems by @TOoSmOotH in #15619
• Remove non-Oracle Linux 9 support from salt states by @TOoSmOotH in #15620
• Add -r flag to so-yaml get and migrate pcap pillar to suricata by @TOoSmOotH in #15610
• fix health check for new hydra version by @jertel in #15622
• Rebuild analyzer source-packages wheels for Python 3.14 by @TOoSmOotH in #15621
• fix hydra health check by @jertel in #15623
• Add SOC UI toggle for JA4+ fingerprinting by @TOoSmOotH in #15624
• old code cleanup. add ja4 toggle in soc. by @m0duspwnens in #15627
• Add salt states for custom Zeek package loading by @TOoSmOotH in #15628
• Add customizable ulimit settings for all Docker containers by @TOoSmOotH in #15629
• use elasticsearch recommended vm.max_map_count by @reyesj2 in #15630
• update helpLink references for new documentation by @dougburks in #15634
• Customulimit by @m0duspwnens in #15636
• remove .jinja from daemon.json by @m0duspwnens in #15638
• ignore redis restart warning in logstash log by @jertel in #15637
• fix global override settings affecting non-data stream indices by @reyesj2 in #15632
• ensure valid ulimit names by @m0duspwnens in #15640
• more doc updates by @jertel in #15642
• fix so-idh and so-redis datastream config by @reyesj2 in #15644
• fix casing to match annotation docs by @jertel in #15643
• Support docker ulimit customization by @m0duspwnens in #15641
• Hyperlink to JA4+ license by @TOoSmOotH in #15648
• Enabled / Disabled Buttons for SOC Grid Configuration by @m0duspwnens in #15652
• add yes/no to true/false conversion for suricata to soup postupgrade by @m0duspwnens in #15653
• Add support for websockets by @defensivedepth in #15656
• do not attempt to redirect to a source map after login by @jertel in #15658
• exclude oscap profile from gitleaks by @reyesj2 in #15662
• Remove hardcoded path by @defensivedepth in #15663
• allow negation in suricata address-group vars by @m0duspwnens in #15665
• update stig profile v1r3 by @reyesj2 in #15661
• Enable clean option for Zeek configuration by @TOoSmOotH in #15667
• Lowercase network transport by @defensivedepth in #15669
• update yara template by @defensivedepth in #15672
• Make AI adapter settings visible by @TOoSmOotH in #15676
• ensure bool sliders soc by @m0duspwnens in #15690
• revisit workflows by @jertel in #15691
• Remove hardcoded index by @defensivedepth in #15694
• 3.0.0 by @TOoSmOotH in #15695
• Merge 3/main into 3/dev by @TOoSmOotH in #15698
• 3.0.0 by @TOoSmOotH in #15696

Full Changelog: 2.4.201-20260114...3.0.0-20260331