Releases: Security-Onion-Solutions/securityonion
Releases · Security-Onion-Solutions/securityonion
2.4.130-20250311
Download the ISO
What's Changed
- update version to foxtrot by @reyesj2 in #14073
- merge dev by @reyesj2 in #14075
- run elasticsearch state to sync templates by @reyesj2 in #14078
- update fleet-optional-integrations-load by @reyesj2 in #14113
- merge dev by @reyesj2 in #14126
- 2.4/dev by @reyesj2 in #14133
- remove individual @Custom mappings. Moved over to so-fle… by @reyesj2 in #14134
- add back missing component for http_endpoint_x_generic & winlog_x_win… by @reyesj2 in #14138
- fixes merging local pillar /global overrides for generated index temp… by @reyesj2 in #14139
- Reyesj2/es integ tmp by @reyesj2 in #14153
- add additional weird_integration by @reyesj2 in #14155
- ES 8.17.2 by @reyesj2 in #14214
- Update VERSION by @TOoSmOotH in #14221
- Update 2-4.yml by @TOoSmOotH in #14222
- Revert ES 8.17.2 upgrade -> 8.17.1 by @reyesj2 in #14224
- update pfsense pipeline version. Remove unused component templates by @reyesj2 in #14225
- force es pipeline sync by @reyesj2 in #14229
- FIX: Add TLSv1.3 to nginx config #14252 by @dougburks in #14253
- use consistent ciphers across listeners by @jertel in #14254
- ES 8.17.1 by @reyesj2 in #14255
- make sure optional integrations components list is non-empty by @reyesj2 in #14259
- Update Elastic Defend JSON by @defensivedepth in #14265
- Create LICENSE by @dougburks in #14268
- set metrics indices to 0 replicas by @reyesj2 in #14267
- Configure issue template chooser by @dougburks in #14269
- add back settings previously defined when overwritting logs-elastic_a… by @reyesj2 in #14271
- ES 8.17.2 pipeline version updates by @reyesj2 in #14272
- Ignore more acceptable test error logs by @jertel in #14274
- Dont upgrade integrations during pre-phase by @defensivedepth in #14275
- move removal of eaintegrations.txt to up_to_2.4.130 by @reyesj2 in #14277
- ensure override for nmcli exists in /etc by @jertel in #14279
- Remove old defend json by @defensivedepth in #14281
- elasticsearch templates load by @reyesj2 in #14287
- missing metadata field by @reyesj2 in #14288
- allow installing integrations that require an elastic license by @reyesj2 in #14290
- annotation/config updates by @jertel in #14296
- default capinfos to use start/end time arg by @reyesj2 in #14300
- more false positives by @jertel in #14302
- managed int multiline input by @reyesj2 in #14307
- FIX: SOC Actions for process.entity_id value must be quoted #14311 by @dougburks in #14312
- zeek traceroute & ntp by @reyesj2 in #14320
- FIX: Elastic Agent Security Events dashboard should reference user.effective.name #14325 by @dougburks in #14327
- install bc package by @reyesj2 in #14328
- reduce stdout verbosity by @jertel in #14329
- osquery v1.15.0 index templates updates by @reyesj2 in #14331
- ES 8.17.3 by @reyesj2 in #14336
- FEATURE: Add sankey chart to Elastic Agent API dashboard to show relationship between process.name and process.Ext.api.name #14339 by @dougburks in #14340
- Add Client Parameter by @coreyogburn in #14343
- osquery templates by @reyesj2 in #14345
- bump version by @reyesj2 in #14346
- Update annotations for new features by @TOoSmOotH in #14301
- Update soc_elasticsearch.yaml to include note about ILM rollover by @dougburks in #14354
- Update soc_soc.yaml by @TOoSmOotH in #14357
- Update soc_soc.yaml to fix previous change by @dougburks in #14358
- Improve label by @jertel in #14359
- fix osquery action_data mapping conflict by @reyesj2 in #14362
- 2.4.130 by @TOoSmOotH in #14372
- 2.4.130 by @TOoSmOotH in #14373
Full Changelog: 2.4.120-20250212...2.4.130-20250311
Contributors
Custom, defensivedepth, and 5 other contributors
Assets 2
2.4.120-20250212
Download the ISO
What's Changed
- Update VERSION by @TOoSmOotH in #13780
- Add 2.4.120 for next release by @dougburks in #13783
- main to dev by @jertel in #13798
- Issue/13808 by @m0duspwnens in #13825
- Changes to allow reviews to start showing by @coreyogburn in #13826
- FEATURE: add support for trend micro integrations by @reyesj2 in #13834
- Issue/204 by @m0duspwnens in #13836
- Add support for cybereason integration by @reyesj2 in #13841
- prevent state from failing if versionlock plugin not installed by @m0duspwnens in #13842
- Revert "Add support for cybereason integration" by @reyesj2 in #13849
- fix HELD for debian families by @m0duspwnens in #13855
- install createrepo for airgap by @m0duspwnens in #13853
- call airgap_rules if airgap. log rsync and git commands by @m0duspwnens in #13859
- Issue/13851 by @m0duspwnens in #13863
- Cogburn/detection status hunt by @coreyogburn in #13800
- Tuning Notes by @coreyogburn in #13873
- Add process and file creation mappings by @defensivedepth in #13832
- Initial support for local lookup by @defensivedepth in #13877
- add so-ip-mappings index by @reyesj2 in #13882
- rm eaintegration state file by @defensivedepth in #13887
- 2.4/lookuprev2 by @defensivedepth in #13883
- timestamp fix by @defensivedepth in #13890
- setup use new salt repo by @m0duspwnens in #13900
- Cogburn/ignored sids by @coreyogburn in #13904
- fix crowdstrike integration by @reyesj2 in #13912
- Add local custom template by @defensivedepth in #13879
- Source Dates by @coreyogburn in #13915
- Fix permissions by @defensivedepth in #13920
- only enable repo sync cron if OEL by @m0duspwnens in #13921
- Connect API by @jertel in #13923
- upodate saltbootstrap by @m0duspwnens in #13927
- ensure roles file exists since no longer syncing clients to es by @jertel in #13930
- add ilm and update managed index settings by @reyesj2 in #13933
- correction to ilm policy name by @reyesj2 in #13935
- add http2 by @reyesj2 in #13943
- 2.4/dev by @reyesj2 in #13945
- update bootstrap-salt by @m0duspwnens in #13944
- Zeek 7 w/ http2 by @reyesj2 in #13946
- Connect API upgrades by @jertel in #13953
- additional integrations by @reyesj2 in #13951
- revert prev commit by @jertel in #13954
- soup corrections by @jertel in #13955
- ignore fp from hydra by @jertel in #13956
- Add Annotations to Existing Detections Options by @coreyogburn in #13961
- MFA issuer name shouldn't be an advanced setting by @jertel in #13966
- More flexibility for AutoEnable Sigma rules by @defensivedepth in #13958
- add missing ilm to latest integrations by @reyesj2 in #13981
- Generate MSI by @defensivedepth in #13989
- fix path by @defensivedepth in #13995
- file extract zeek v7 by @reyesj2 in #14004
- add openvpn & ipsec support to Zeek by @reyesj2 in #14001
- Fix port bind for managing external suricata ruleset by @TOoSmOotH in #14016
- Merge in 2.4.111 by @TOoSmOotH in #14036
- Update 2-4.yml by @TOoSmOotH in #14038
- Fix Discussions Dropdown by @TOoSmOotH in #14039
- add ti_opencti integration support by @reyesj2 in #14041
- cloud installs should use the local docker registry data by @jertel in #14043
- Update soup by @TOoSmOotH in #14046
- Refactor pipeline for hash changes by @defensivedepth in #14048
- zeek quic support by @reyesj2 in #14060
- invalidate user sessions when an admin changes the user's password by @jertel in #14077
- Refactor Navigator for Detections by @defensivedepth in #14013
- add zeek.quic mappings by @reyesj2 in #14089
- Refactor Navigator Airgap by @defensivedepth in #14091
- Fix folder perm by @defensivedepth in #14102
- Additional Zeek parsing & cloudflare_logpush integration by @reyesj2 in #14105
- update http query by @reyesj2 in #14111
- update global@custom by @reyesj2 in #14116
- Additional web security measures by @jertel in #14123
- keep imported data in logs-import-so index by @reyesj2 in #14124
- fix issue with first-time api client permission toggling by @jertel in #14140
- env discovery.type single-node change by @m0duspwnens in #14161
- Update so-functions by @TOoSmOotH in #14162
- Fix ip-mappings ILM by @defensivedepth in #14179
- New Limit on Bulk Creating Related Events by @coreyogburn in #14183
- Rework for MSI by @defensivedepth in #14189
- Refresh Agent installers by @defensivedepth in #14190
- ca download; ignore shard errors on startup; clarify oidc id by @jertel in #14191
- fix defining custom logstash pipelines when kafka is enabled by @reyesj2 in #14203
- zeek.software typo by @reyesj2 in #14206
- 2.4.120 by @TOoSmOotH in #14218
- Merge Conflict Fix by @TOoSmOotH in #14220
- 2.4.120 by @TOoSmOotH in #14219
**F...
Contributors
defensivedepth, dougburks, and 5 other contributors
Assets 2
2.4.111-20241217
Download the ISO
What's Changed
- Delete uneeded files by @defensivedepth in #14033
Full Changelog: 2.4.110-20241010...2.4.111-20241217
Contributors
defensivedepth
Assets 2
2.4.110-20241010
Download the ISO
What's Changed
- Use ID instead of name for getting integrations from agent policies by @weslambert in #13791
- Update soup by @TOoSmOotH in #13792
Full Changelog: 2.4.110-20241004...2.4.110-20241010
Contributors
TOoSmOotH and weslambert
Assets 2
2.4.110-20241004
Download the ISO
What's Changed
- Update VERSION by @TOoSmOotH in #13577
- Update Github Discussion template by @dougburks in #13583
- Reload Suricata vs restart by @TOoSmOotH in #13574
- Reload both types of rules by @TOoSmOotH in #13590
- Hotfix-2.4.100.20240903 by @defensivedepth in #13598
- remove hotfix from dev branch by @jertel in #13608
- use Elasticsearch version for some containers by @m0duspwnens in #13607
- use correct sig based on es image or not by @m0duspwnens in #13610
- resolve issues with es version pinning by @m0duspwnens in #13615
- ref es version by @m0duspwnens in #13616
- es version shift by @jertel in #13620
- fix es agent update for soup by @m0duspwnens in #13624
- remove -it by @m0duspwnens in #13625
- Upgrade Docker to 27.2.0 by @m0duspwnens in #13635
- add so-suricata container req for rule reload by @m0duspwnens in #13638
- Add destination IP for so-system by @weslambert in #13639
- only elasticsearch image uses es version by @m0duspwnens in #13640
- Make Standalone installs use Suricata for PCAP by @TOoSmOotH in #13648
- es sig pulled from es dir by @jertel in #13652
- Add barracuda and imperva integrations by @weslambert in #13657
- Add annotations for barracuda and imperva by @weslambert in #13658
- Fix annotations typo by @weslambert in #13660
- External Support for Detections by @TOoSmOotH in #13647
- mark specific settings as allowed to include Jinja by @jertel in #13663
- Allow custom IDH skins by @weslambert in #13661
- exit 1 if unable to connect to kibana by @m0duspwnens in #13666
- Upgrade Elastic integrations when new versions are available by @weslambert in #13651
- Clarify enabled settings by @jertel in #13673
- remove colon to avoid yaml parsing problems by @jertel in #13676
- resolve 13247 by @m0duspwnens in #13675
- Fix suricata alerts for opnsense and pfsense by @weslambert in #13686
- enable stig for so desktop by @reyesj2 in #13695
- add missing annotation file by @jertel in #13694
- Initial Support for managing Elastic Defend Filters by @defensivedepth in #13709
- Fix core integration field mappings by @weslambert in #13724
- Disable by default & Airgap by @defensivedepth in #13727
- Use temp summaries branch by @defensivedepth in #13729
- Check if running during soup by @weslambert in #13732
- Add so repo back in by @defensivedepth in #13733
- lowercase email when looking up ID; allow uppercase emails when modif… by @jertel in #13734
- Retry after 1 second by @weslambert in #13736
- Change summaries branch by @defensivedepth in #13737
- Fix location for airgap by @defensivedepth in #13740
- Fix path by @defensivedepth in #13743
- Move Airgap later in setup by @defensivedepth in #13745
- adjustments for support of PKCE OIDC by @jertel in #13757
- Safedir by @m0duspwnens in #13764
Full Changelog: 2.4.100-20240903...2.4.110-20241004
Contributors
defensivedepth, dougburks, and 5 other contributors
Assets 2
2.4.100-20240903
Download the ISO
What's Changed
- Add so-system-mappings by @weslambert in #13586
- Update HOTFIX by @weslambert in #13587
- 2.4.100 hotfix by @TOoSmOotH in #13595
- Hotfix 2.4.100 by @TOoSmOotH in #13596
Full Changelog: 2.4.100-20240829...2.4.100-20240903
Contributors
TOoSmOotH and weslambert
Assets 2
2.4.100-20240829
Download the ISO
What's Changed
- Elastic 8.14.3 by @weslambert in #13347
- Update VERSION by @TOoSmOotH in #13401
- Turn off console messages by @TOoSmOotH in #13381
- Update so-rule-update by @TOoSmOotH in #13373
- Elastic 8.14.3 by @weslambert in #13402
- Provide new setting to require OTP by @jertel in #13406
- Add removed changes by @weslambert in #13407
- Fix fleet setup by @weslambert in #13408
- Fix defender winlog name change by @weslambert in #13409
- Change agent pipeline version by @weslambert in #13410
- Fix system mapping by @weslambert in #13414
- Change name for system component by @weslambert in #13418
- Salt3006.9 by @m0duspwnens in #13425
- retry up to 5 times if reposync fails by @jertel in #13429
- retry up to 5 times if reposync fails by @jertel in #13430
- Issue/13438 by @m0duspwnens in #13441
- correct firewall annotation for kafka by @reyesj2 in #13443
- Cogburn/ai summaries by @coreyogburn in #13453
- fix repo path by @jertel in #13457
- FEATURE: Add warning to soup about ssh #13466 by @dougburks in #13467
- fix issue with reset pw and mfa by @jertel in #13470
- Update SECURITY.md by @dougburks in #13473
- handle suricata network and port vars as string or list by @m0duspwnens in #13478
- Update so-elasticsearch-cluster-space-used for changes in _cat/alloca… by @dougburks in #13481
- Update column number because of changes to API by @weslambert in #13482
- Update registry version by @TOoSmOotH in #13483
- Add influxdb known error by @defensivedepth in #13487
- Ignore older SOC logs before licenseStatus field by @weslambert in #13511
- Add Tenable IO by @weslambert in #13526
- Check for endpoint package by @weslambert in #13531
- Add support for new appliance raid controllers by @TOoSmOotH in #13530
- Create detections.alerts ILM policy with corresponding name by @weslambert in #13528
- notification updates by @jertel in #13535
- FIX: Check Elasticsearch for endpoint component template before loading templates by @weslambert in #13537
- exclude all logstash errors related to license manager init log line by @jertel in #13540
- set kafka.id in common ingest pipeline by @reyesj2 in #13546
- Elastic Fleet refactoring by @defensivedepth in #13547
- Use global@custom from common pipeline by @weslambert in #13548
- FIX: Add so-soc-logs by @weslambert in #13554
- Fix policy load by @defensivedepth in #13556
- annotation updates by @jertel in #13561
- Update pipeline version for EVTX by @weslambert in #13562
- move custom alerters to subgroup; avoid false positives on log check by @jertel in #13565
- Exclude logstash startup errors by @defensivedepth in #13570
Full Changelog: 2.4.90-20240729...2.4.100-20240829
Contributors
defensivedepth, dougburks, and 6 other contributors
Assets 2
2.4.90-20240729
Download the ISO
What's Changed
- Update VERSION by @TOoSmOotH in #13260
- start soup 2.4.90 by @m0duspwnens in #13270
- Elastic 8.14.1 by @weslambert in #13271
- Revert back to 8.10.4 by @weslambert in #13275
- Issue/13073 - disable Logstash on heavynodes by @m0duspwnens in #13278
- FIX: so-rule-update airgap check by @reyesj2 in #13282
- Changes for Elastic 8.14.1 by @weslambert in #13290
- Change name to winlog.winlogs by @weslambert in #13295
- Change name for ILM by @weslambert in #13296
- Delete old user commands by @TOoSmOotH in #13299
- Elastic 8.14.2 by @weslambert in #13314
- FIX: Update MOTD #13317 by @dougburks in #13318
- FIX: Update SOC MOTD #13320 by @dougburks in #13321
- Elastic 8.14.2 by @weslambert in #13316
- Change pipeline version for agent by @weslambert in #13323
- FIX: Kafka configuration updates by @reyesj2 in #13335
- force var to be list of string by @m0duspwnens in #13340
- Revert "Elastic 8.14.2" by @weslambert in #13342
- Revert "Change pipeline version for agent" by @weslambert in #13341
- FEATURE: Add new action to SOC Actions list to allow users to more easily add their own actions #13346 by @dougburks in #13348
- New Config Values for Detections Bulk Indexer by @coreyogburn in #13349
- fix custom indices by @m0duspwnens in #13353
- Kafka influxdb metrics & pillar update by @reyesj2 in #13350
- Exclude policy phases if not defined in defaults by @m0duspwnens in #13355
- kafka soup pillar by @reyesj2 in #13363
- Cogburn/suricata regex support by @coreyogburn in #13365
- fix kafka-logstash cert for searchnodes by @reyesj2 in #13368
- remove unused test parameters from setup by @jertel in #13374
- 2.4.90 by @TOoSmOotH in #13390
- so-detection refresh_interval => 1s by @coreyogburn in #13392
Full Changelog: 2.4.80-20240624...2.4.90-20240729
Contributors
dougburks, TOoSmOotH, and 5 other contributors
Assets 2
2.4.80-20240624
Download the ISO
What's Changed
- Remove references to kafkanode by @reyesj2 in #12792
- Update VERSION by @TOoSmOotH in #13093
- Separate Suricata alerts into a specific data stream by @weslambert in #13101
- Salt3006.8 by @m0duspwnens in #13103
- Added TemplateDetections To Detection ClientParams by @coreyogburn in #13107
- Add templates for .items and .lists indices by @weslambert in #13117
- salt 3006.6 by @m0duspwnens in #13129
- so-tcpreplay now runs if manager is offline by @m0duspwnens in #13134
- move so-tcpreplay from common state to sensor state by @m0duspwnens in #13141
- add ability to retrieve yaml values via so-yaml.py; improve so-minion id matching by @jertel in #13150
- Update soc_suricata.yaml by @TOoSmOotH in #13156
- SOC Proxy Setting by @coreyogburn in #13154
- AdditionalCA and InsecureSkipVerify by @coreyogburn in #13164
- Update defaults.yaml by @TOoSmOotH in #13165
- fix elastic templates not loading due to global_override phases by @m0duspwnens in #13162
- gracefully handle missing parent key by @jertel in #13170
- correct placement of error check override by @jertel in #13171
- upgrade docker by @m0duspwnens in #13182
- Add new bind - suricata all.rules by @defensivedepth in #13179
- remove this \n by @m0duspwnens in #13189
- Fix unnecessary escaping by @coreyogburn in #13183
- Update DOWNLOAD_AND_VERIFY_ISO.md by @dougburks in #13197
- Initial Kafka support by @reyesj2 in #13190
- Fixes for Kafka nodeid assignment and ssl cert generation by @reyesj2 in #13200
- Only comment out so-kafka from so-status when it exists & only run en… by @reyesj2 in #13204
- Initial support for custom suricata urls and local rulesets by @defensivedepth in #13205
- Update rule templates by @defensivedepth in #13208
- Standalone logstash error by @reyesj2 in #13207
- Fix errors on new installs by @reyesj2 in #13209
- FEATURE: Add more links and descriptions to SOC MOTD #13216 by @dougburks in #13217
- suppress fleet policy update in soup by @reyesj2 in #13221
- Update defaults by @defensivedepth in #13223
- update profile by @reyesj2 in #13222
- FEATURE: Add new Process actions #13226 by @dougburks in #13227
- update kafka output policy only on eligible grid types by @reyesj2 in #13231
- fix ca mine_function by @m0duspwnens in #13233
- update receiver node allowed states by @reyesj2 in #13234
- Added license presets to defaults.yaml file by @mc-wright in #13236
- Update defaults.yaml to put Process actions in logical order by @dougburks in #13239
- update kafka annotations by @reyesj2 in #13242
- Update soc_manager.yaml by @TOoSmOotH in #13244
- Add option for detections without a license by @weslambert in #13246
- Fix soup for proxy servers by @TOoSmOotH in #13245
- FIX: update firewall defaults by @reyesj2 in #13251
- Remove unused sbin_jinja for kafka by @reyesj2 in #13253
- 2.4.80 by @TOoSmOotH in #13254
- Fix git by @TOoSmOotH in #13256
- Update .gitleaks.toml by @TOoSmOotH in #13259
- 2.4.80 by @TOoSmOotH in #13255
New Contributors
- @mc-wright made their first contribution in #13236
Full Changelog: 2.4.70-20240529...2.4.80-20240625
Contributors
defensivedepth, dougburks, and 7 other contributors
Assets 2
2.4.70-20240529
Download the ISO
https://download.securityonion.net/file/securityonion/securityonion-2.4.70-20240529.iso
What's Changed
- Update VERSION by @TOoSmOotH in #12619
- reschedule close/lock jobs by @jertel in #12601
- FIX: Annotations for BPF and Suricata PCAP #12626 by @dougburks in #12627
- Change Detections defaults by @defensivedepth in #12611
- Remove temp YARA by @weslambert in #12632
- FEATURE: Add Events column layout for event.module system #12628 by @dougburks in #12634
- disregard benign telegraf error by @jertel in #12638
- FEATURE: Add event.dataset to all Events column layouts #12641 by @dougburks in #12642
- FIX: Specify that static IP address is recommended #12643 by @dougburks in #12644
- Update ElastAlert Config with Default Repos by @coreyogburn in #12640
- FIX: http.response.status_code by @weslambert in #12650
- Enable Detections by @defensivedepth in #12639
- Allow for additional af-packet tuning options for Suricata by @m0duspwnens in #12651
- FEATURE: pfSense Suricata logs by @weslambert in #12652
- Initial cut to remove Playbook and deps by @defensivedepth in #12658
- Remove Playbook ref by @defensivedepth in #12659
- FEATURE: Include additional groupby fields in Dashboards relating to sankey diagrams #12657 by @dougburks in #12663
- Initial cut to remove Playbook and deps by @defensivedepth in #12660
- Add bindings for sigma repos by @defensivedepth in #12656
- FEATURE: Add Events table columns for event.module elastic_agent #12666 by @dougburks in #12667
- Fix Input Validation to allow for IPv6 by @TOoSmOotH in #12674
- disregard errors in removed applications that occurred before th… by @jertel in #12683
- FEATURE: Add process.command_line to Process Info and Process Ancestry dashboards #12694 by @dougburks in #12695
- New Settings for Manual Sync in Detections by @coreyogburn in #12696
- FEATURE: Add Events table columns for zeek ssl and suricata ssl #12697 by @dougburks in #12698
- FEATURE: Add individual dashboards for Zeek SSL and Suricata SSL logs… by @dougburks in #12700
- Correct YAML by @coreyogburn in #12702
- Add default columns by @defensivedepth in #12720
- FEATURE: Add Events table columns for event.module strelka #12716 by @dougburks in #12722
- FEATURE: Add Events table columns for event.module playbook #12703 by @dougburks in #12723
- FEATURE: Add Events table columns for event.module strelka #12716 by @dougburks in #12724
- FEATURE: Add Events table columns for event.module strelka #12716 by @dougburks in #12725
- Feature - auto-enabled Sigma rules by @defensivedepth in #12732
- Add cef by @weslambert in #12735
- Add Elastic Agent Status Metrics by @TOoSmOotH in #12734
- FEATURE: Add dashboard for SOC Login Failures #12738 by @dougburks in #12739
- FEATURE: Add Events table columns for event.module kratos #12740 by @dougburks in #12742
- Change code to allow for non root by @TOoSmOotH in #12741
- SOC Telemetry by @jertel in #12731
- Update SOC Config with State File Paths by @coreyogburn in #12744
- do not prompt about telemetry on airgap installs by @jertel in #12747
- Exclude Elastalert EQL errors by @defensivedepth in #12748
- Clarify annotation description re: Airgap by @jertel in #12749
- FEATURE: Add Events table columns for event.module sigma #12743 by @dougburks in #12751
- Allow 2.3 to update by @TOoSmOotH in #12752
- FEATURE: Add dashboards specific to Elastic Agent #12746 by @dougburks in #12753
- skip telemetry summary in airgap mode by @jertel in #12754
- 2.4/soup playbook by @defensivedepth in #12682
- 2.4/detections defaults by @defensivedepth in #12755
- Use list not string by @defensivedepth in #12756
- Update so-log-check by @TOoSmOotH in #12759
- Detection Author as a Keyword instead of Text by @coreyogburn in #12760
- Ship Defender logs + more by @defensivedepth in #12766
- Enable Detections Adv by default by @defensivedepth in #12780
- Update analyst.json by @TOoSmOotH in #12769
- Fix fingerprint paths by @defensivedepth in #12791
- Add docs for ruleset change by @defensivedepth in #12793
- Update limited-analyst.json by @TOoSmOotH in #12810
- FEATURE: Add queue=True to so-checkin so that it will wait for any ru… by @dougburks in #12817
- FIX: Elastic retention setting not being honored when manager hostname is a subset of search node hostname #12819 by @dougburks in #12820
- Strelka fixes and more by @defensivedepth in #12805
- Kismet integration for WiFi devices by @reyesj2 in #12773
- Temp exclude yara runtime status log by @defensivedepth in #12841
- Fix warm description by @weslambert in #12844
- Fix description, regex, and type for cold, warm, and hot by @weslambert in #12848
- Remove hot max_age by @weslambert in #12852
- Issue/12637 by @m0duspwnens in #12859
- Add runtime status logs by @defensivedepth in #12861
- Change index sorting to account for older so-prefixed indices by @weslambert in #12858
- allow for enabled/disable of so-elasticsearch-indices-delete cronjob by @m0duspwnens in #12860
- Exclude suricata from disk space-based index deletion by @weslambert in #12864
- only apply ulimits to suricata container if user enable mmap-locked by @m0duspwnens in #12865
- check status before stopping service by @petiepooo in #12846
- restrict workflows to so by @jertel in #12875
- Sigma pivot fix and cleanup by @defensivedepth in https://github.com/Security-O...
Contributors
defensivedepth, dougburks, and 7 other contributors