Security-Onion-Solutions/securityonion 3.1.0-20260521

on GitHub

Download the ISO

https://github.com/Security-Onion-Solutions/securityonion/blob/141a61f5b53d44e647350ac2c4b48be1708fd807/DOWNLOAD_AND_VERIFY_ISO.md

What's Changed

• Version Bump by @TOoSmOotH in #15699
• Update SOUP_BRANCH to use 3/main instead of 2.4/main by @TOoSmOotH in #15701
• soup fix by @TOoSmOotH in #15702
• pr/workflow changes by @jertel in #15704
• Merge pr/workflow changes back to dev by @jertel in #15705
• Fix JA4+ license link in soc_zeek.yaml by @TOoSmOotH in #15724
• License Link to dev by @TOoSmOotH in #15725
• ES 9.3.2 by @reyesj2 in #15727
• foxtrot version by @reyesj2 in #15728
• filestream integration policy updates by @reyesj2 in #15733
• ensure max-files is 1 at minimum by @m0duspwnens in #15741
• define options in annotation files by @m0duspwnens in #15745
• Assistant: charsPerTokenEstimate by @mc-wright in #15742
• rework elasticsearch index template generation by @reyesj2 in #15751
• initialize vars by @reyesj2 in #15754
• rework elasticsearch template load script -- for core templates by @reyesj2 in #15761
• only append "-mappings" to component template names as needed by @reyesj2 in #15762
• start loading addon integration index templates by @reyesj2 in #15763
• elasticsearch ilm policy load script by @reyesj2 in #15764
• 3/dev by @reyesj2 in #15765
• support minion node descriptions containing spaces by @jertel in #15766
• ES 9.3.3 by @reyesj2 in #15768
• enable elastic agent patch release for 9.3.3 by @reyesj2 in #15770
• Improve test scenario for node descriptions by @jertel in #15769
• soup to 3.1.0 by @reyesj2 in #15772
• check for addon-index templates dir before attempting to load addon i… by @reyesj2 in #15775
• ES 9.3.3 by @reyesj2 in #15776
• supress noisy warning from ES 9.3.3 by @reyesj2 in #15780
• add wait_for_so-elasticsearch state and split elasticsearch cluster c… by @reyesj2 in #15786
• fix template annotation by @jertel in #15797
• more error handling during image updates by @jertel in #15803
• urlencode elasticsearch version by @reyesj2 in #15807
• postgres follow-ups: fan manager cred + so-yaml.py replace fix by @TOoSmOotH in #15806
• monitor raid for vms by @m0duspwnens in #15800
• Fix soup by @TOoSmOotH in #15712
• split up Elastic Fleet state by @reyesj2 in #15813
• numeric test description by @jertel in #15822
• typo by @reyesj2 in #15823
• fix reinstall issue with salt by @m0duspwnens in #15824
• readonly soc and kratos enabled by @m0duspwnens in #15828
• heavynode should run es cluster state by @reyesj2 in #15826
• fix reinstall by @m0duspwnens in #15829
• exclude more transform job errors by @reyesj2 in #15833
• fix sominion_setup reactor by @m0duspwnens in #15835
• Add so-postgres Salt states and infrastructure by @TOoSmOotH in #15749
• check current fleet policy cert against cert on disk by @reyesj2 in #15837
• Fix/docker refresh multiarch pull by @TOoSmOotH in #15838
• drop postgres module from soc defaults injection by @TOoSmOotH in #15839
• Open postgres in DOCKER-USER firewall everywhere influxdb is open by @TOoSmOotH in #15840
• so-elastic-fleet-outputs-update now checks for cert drift. Remove run… by @reyesj2 in #15842
• update default elastic agent logging level to warning by @reyesj2 in #15844
• reauthorize unhealthy transform jobs using kibana 9.3.3 auth flow by @reyesj2 in #15851
• fleet package registry health check by @reyesj2 in #15857
• Fix unsafe PyYAML load in filecheck by @TOoSmOotH in #15858
• Ensure python3-pyyaml is installed before continuing setup by @TOoSmOotH in #15846
• update grok type conversion to convert processor by @reyesj2 in #15864
• Management bond1 by @TOoSmOotH in #15866
• sanitize minion ids for hypervisor reactors / orchestration by @m0duspwnens in #15867
• cleanup status code by @defensivedepth in #15872
• proc_creation per OS type by @defensivedepth in #15875
• New Sigma rules pipeline mapping for M365 and Fortigate by @marcopedrinazzi in #15579
• Initial commit by @defensivedepth in #15880
• add ingest latency metrics by @reyesj2 in #15878
• use temp files to prevent jq arg too long by @reyesj2 in #15883
• rename strelka ScanLNK - ScanLnk by @reyesj2 in #15884
• remove stig from hypervisor and managerhype by @m0duspwnens in #15887
• Change Telegraf output from BOTH to INFLUXDB by @TOoSmOotH in #15888
• add zeek.ja4d ingest pipeline by @reyesj2 in #15889
• update redis index template by @reyesj2 in #15877
• Fix module name by @defensivedepth in #15792
• Tweak for nginx upgrade by @defensivedepth in #15894
• Fix rename and password leaking into the log. by @TOoSmOotH in #15893
• Make so-postgres-backup fail-safe against silent corruption by @TOoSmOotH in #15896
• exclude fps by @jertel in #15898
• use -verify flag during grid agent install to ensure agent health by @reyesj2 in #15895
• Revert "use -verify flag during grid agent install to ensure agent health" by @reyesj2 in #15899
• sync elastic agent packages to fleet nodes by @reyesj2 in #15902
• Verify compatibility for all ES nodes in the cluster by @reyesj2 in #15907

New Contributors

• @marcopedrinazzi made their first contribution in #15579

Full Changelog: 3.0.0-20260331...3.1.0-20260521