Releases: Security-Onion-Solutions/securityonion-soc
Releases · Security-Onion-Solutions/securityonion-soc
2.4.111-20241217
Merge pull request #696 from Security-Onion-Solutions/patch/2.4.111 2.4.111
2.4.110-20241004
What's Changed
- force use of birthdate rather than change date by @jertel in #631
- skip test due to incompatibility to base docker build image by @jertel in #632
- add more grid state logging by @jertel in #633
- Jinja escaping by @jertel in #634
- forgot to git add the new files by @jertel in #635
- Use Server Context for ConfigStore Sync Actions by @coreyogburn in #636
- resolve minion override issue in config screen by @jertel in #637
- track tta/tte by @jertel in #638
- add CA certs since they aren't included by default in 24.10 by @jertel in #639
- Airgap Check for AI Summaries by @coreyogburn in #640
- lowercase email addresses before authing to ES by @jertel in #641
- Update Config Defaults by @coreyogburn in #642
- lower log level to debug for expected missing hosts that don't run ES by @jertel in #643
- Fix Summaries on Airgap by @coreyogburn in #644
- upgrade Kratos from 1.2.0 to 1.3.0 by @jertel in #645
Full Changelog: 2.4.100...2.4.110-20241004
2.4.100-20240829
What's Changed
- SOC image size by @reyesj2 in #596
- Force OTP, Config Breadcrumbs, Extended Settings by @jertel in #597
- Additional extended props and breadcrumb tweaks by @jertel in #598
- remove extended setting toggle by @jertel in #600
- add close setting button to top right by @jertel in #601
- Overrides Added to Detection History by @coreyogburn in #599
- FEATURE: Add SOC Config Quick Link to allow Security Onion Desktop installations through firewall Security-Onion-Solutions/securityonion#13412 by @dougburks in #602
- Tuning YARA Detections by @coreyogburn in #603
- Added Rule Validator Regex by @coreyogburn in #604
- Rewording error messages by @defensivedepth in #605
- Cogburn/ai descriptions by @coreyogburn in #606
- Fixed Err Management around UpdateRepos by @coreyogburn in #607
- Remove RefreshAiSummaries by @coreyogburn in #608
- Validate Detection ID by @coreyogburn in #609
- Fix bad merge by @coreyogburn in #610
- Cogburn/refactor changed by user by @coreyogburn in #611
- Updated Defaults to match 1st install Config, Tests by @coreyogburn in #612
- Only Test Ai Summaries in TestRefreshAiSummaries by @coreyogburn in #613
- upgrade kratos 1.2 by @jertel in #614
- update v2 models by @jertel in #615
- upgrade python; upgrade SOC deps; refactor package install; more by @jertel in #616
- Fix TestRefreshAiSummaries Intermittent Failures by @coreyogburn in #617
- update gofast images; tiered notifications by @jertel in #618
- remove debug log by @jertel in #619
- Sync Local Rules by @coreyogburn in #620
- support notification only Sigma Detections by @jertel in #621
- notification only adjustments by @jertel in #622
- avoid license error during unit test runs by @jertel in #623
- custom notify sets by @jertel in #624
- use Sigma tags, not detection tags by @jertel in #625
- handle single line and multline values by @jertel in #627
- move custom alerters to subgroup by @jertel in #628
- Fixes for running multiple tests by @coreyogburn in #626
- more user interface improvements for duplicated settings by @jertel in #629
- 2.4.100 by @jertel in #630
New Contributors
Full Changelog: 2.4.90...2.4.100
2.4.90
What's Changed
- Updated Existing And Added Missing License Comments by @coreyogburn in #568
- Integrity Check Tests by @coreyogburn in #567
- Add Suricata Tests by @coreyogburn in #570
- Update References After Merge by @coreyogburn in #573
- Added feature to visualize difference of history edits by @mc-wright in #571
- Unified Template Checking by @coreyogburn in #572
- Unified IO Manager by @coreyogburn in #574
- A Few Detections Jest Tests by @coreyogburn in #575
- Updated history highlight to accurately detect changes in suricata rule severity without implicitly highlighting the content field. by @mc-wright in #576
- Add maximize button on configuration screen by @jertel in #577
- Unify Sync by @coreyogburn in #578
- FEATURE: Add new action to SOC Actions list to allow users to more ea… by @dougburks in #580
- Cogburn/bulk indexer by @coreyogburn in #579
- Cogburn/suricata sync dupe fix by @coreyogburn in #581
- Add Indexes as a parameter to scrolling by @coreyogburn in #582
- Cogburn/suricata regex support by @coreyogburn in #583
- Remove Sigma Rule When Deleting Unreferenced by @coreyogburn in #584
- Fix for Strelka Rule Duplication by @coreyogburn in #585
- No More Overshadowing Error by @coreyogburn in #586
- v2 images by @jertel in #587
- Refactor/Test Scrolling by @coreyogburn in #588
- Revert a Change, Use Correct Model by @coreyogburn in #589
- Respond to IndexNotFound Exception by @coreyogburn in #590
- Remove Allow/Deny Regex from Strelka and ElastAlert by @coreyogburn in #591
- Cogburn/scrolling index by @coreyogburn in #592
- Jertel/noccs by @jertel in #593
- MarkChangedByUser in Migration by @coreyogburn in #595
- 2.4.90 by @TOoSmOotH in #594
Full Changelog: 2.4.80...2.4.90
2.4.80
What's Changed
- Detection Templates by @coreyogburn in #530
- GetAll now uses Options for it's Options by @coreyogburn in #528
- Updated go-git by @coreyogburn in #532
- dateAwareSort for v-data-tables by @coreyogburn in #529
- gmd work by @jertel in #533
- Bulk Delete + Confirmation Dialog by @coreyogburn in #534
- Only disallow bulk action w/community rules on Delete by @coreyogburn in #535
- Use proxy for Repo and Zip network operations by @coreyogburn in #536
- AdditionalCA and InsecureSkipVerify by @coreyogburn in #537
- Use the all.rules for integrity check by @defensivedepth in #538
- Cogburn/syntax highlighting by @coreyogburn in #539
- Extract ElastAlert Description by @coreyogburn in #540
- Show tip when Bulk Action starts by @coreyogburn in #541
- Deduplication of Detections by Public Id by @coreyogburn in #542
- Slimmed down Detections Configs by @coreyogburn in #543
- toggle full query view by @jertel in #545
- FEATURE: Add SOC Config Quick Links for Cold and Warm ILM Phases Security-Onion-Solutions/securityonion#13203 by @dougburks in #546
- IP/Var + Suricata Fixes by @coreyogburn in #544
- Edited i18n for detections by @mc-wright in #547
- Fixed bug where bulk action banner showed incorrect number of rules changed by @mc-wright in #548
- FEATURE: Add new Process actions Security-Onion-Solutions/securityonion#13226 by @dougburks in #550
- Fixed bulk actions to get count from server for the tip by @mc-wright in #549
- Fixed visual bug - dupe operational notes when updating custom rule by @mc-wright in #551
- Suricata Custom Rulesets by @coreyogburn in #552
- Added license dropdown table in detection creation screen by @mc-wright in #553
- Update i18n.js to make process.entity_id references consistent by @dougburks in #554
- remove unintended apostrophe from data-aid attr by @jertel in #555
- Fix Go Test by @coreyogburn in #556
- Account for customRulesets: null by @coreyogburn in #557
- When duplicating a suricata rule, ensure the msg value is quoted by @coreyogburn in #558
- Improved Suricata Syntax Highlighting by @coreyogburn in #559
- provide notice if license is expiring by @jertel in #560
- New Query Param for Advanced Config by @coreyogburn in #561
- Suricata Rules can only be 1 Line by @coreyogburn in #562
- Suricata 1 Line Tests by @coreyogburn in #563
- Update URL for Override Edits by @coreyogburn in #564
- Allow for shorter PublicIDs by @coreyogburn in #565
- Suricata Integrity Check, Include Custom by @coreyogburn in #566
- 2.4.80 by @TOoSmOotH in #569
New Contributors
- @mc-wright made their first contribution in #547
Full Changelog: 2.4.70...2.4.80
2.4.70
What's Changed
- Deleting Detection Comments and Test Anchors by @coreyogburn in #389
- fix license log field uniqueness by @jertel in #392
- ElastAlert Repo Community Rule Support by @coreyogburn in #391
- Fix quotes around yara meta values. by @coreyogburn in #393
- Cogburn/detections tweaks by @coreyogburn in #394
- Better Error When Detection PublicId Collisions Happen by @coreyogburn in #395
- Sigma and Suricata Rules Now Require Public Id by @coreyogburn in #396
- ClickToEdit and Docs Link in Sigma Overrides by @coreyogburn in #397
- add grouping attribute by @jertel in #398
- Better Behavior around Ctrl+C by @coreyogburn in #399
- Manually Sync Detections From UI by @coreyogburn in #400
- Added data-aid attr to new elements by @coreyogburn in #401
- Cogburn/correct casing by @coreyogburn in #402
- Prepare Detection After Save by @coreyogburn in #403
- Remove Suricata links by @defensivedepth in #405
- Initial cut for auto enable sigma rules by @defensivedepth in #406
- Details Tweaks by @coreyogburn in #404
- Timer State by @coreyogburn in #407
- Remove AutoRefresh and TimeZone from Detection's Advanced Options by @coreyogburn in #408
- Sigma Descriptions Added by @coreyogburn in #409
- Enable QuickActions in Detections by @coreyogburn in #410
- Visual Glitch Fixed by @coreyogburn in #411
- Sync Without Engine Selection Fixed by @coreyogburn in #412
- clarify test popup description by @jertel in #413
- Yara Author Fix by @coreyogburn in #414
- Cogburn/duplicate fix by @coreyogburn in #415
- use consistent delete icon similar to case comments/events; open new … by @jertel in #416
- Cleanup for Cypress Tests by @coreyogburn in #417
- Sigma Overrides by @coreyogburn in #418
- Overrides Enabled by @coreyogburn in #419
- New Enabled Toggle for Detections by @coreyogburn in #420
- Misc Fixes To Overrides by @coreyogburn in #421
- Custom Filter Usability by @coreyogburn in #422
- Duplication Fixes, Improvements by @coreyogburn in #423
- Fix fingerprint paths by @defensivedepth in #424
- Refactored Git Work by @coreyogburn in #425
- Simplify Sigma by @coreyogburn in #426
- Fix for Multiple Rows Opening in Detection Overrides by @coreyogburn in #427
- Cogburn/suricata community fixes by @coreyogburn in #429
- Validate YAML in Detection Validation by @coreyogburn in #430
- Extract additional fields by @defensivedepth in #432
- bump x/net per #14 by @jertel in #433
- additional logging; auto-enable yara rules by @defensivedepth in #428
- Truncate logs by @defensivedepth in #435
- enable license checks by @jertel in #436
- Refactored UpdateDetection by @coreyogburn in #434
- Use Better Unquote Function For Suricata Titles by @coreyogburn in #437
- Cogburn/advanced suricata by @coreyogburn in #438
- FEATURE: Add SOC Quick Link for Elasticsearch ILM Deletion Security-Onion-Solutions/securityonion#12854 by @dougburks in #439
- Smarter YARA Imports by @coreyogburn in #440
- Sanitize Strings by @coreyogburn in #441
- rbac by @jertel in #442
- Modified Detections Permission Checks by @coreyogburn in #443
- fix type conflict due to mistyped log field name by @jertel in #444
- Update YARA Parser by @coreyogburn in #445
- Respect User Input by @coreyogburn in #446
- Small Tweaks for a Better Experience by @coreyogburn in #447
- Add lastImport status by @defensivedepth in #448
- Sigma pivot fix by @defensivedepth in #449
- Custom Ruleset by @coreyogburn in #450
- Config Repos - Community by @coreyogburn in #451
- Fix Tests by @coreyogburn in #453
- support duplicate settings by @jertel in #455
- support new readOnlyUi annotations by @jertel in #456
- Cogburn/public id on duplicate by @coreyogburn in #457
- Update Go Version by @coreyogburn in #459
- Specify Correct Image by @coreyogburn in #460
- Additional human readable fieldnames by @defensivedepth in #461
- Moved defaults to constants by @defensivedepth in #462
- Update help links for new override, suricata override, and elastalert override by @dougburks in #463
- Hide the advanced interface toggle in Detections by @dougburks in #464
- config ui improvements by @jertel in #465
- SOC Detections - Airgap support by @defensivedepth in #466
- Error Tracking and Retry Timing by @coreyogburn in #467
- Use diff airgap var by @defensivedepth in #468
- Updated Broadcast Permissions by @coreyogburn in #469
- config reset confirmation by @jertel in #470
- Control When Allow/Deny Regexes Are Applied by @coreyogburn in #471
- Regenerate elastalert rules if Sigma pipelines change by @defensivedepth in #472
- Fix for Whitespace by @coreyogburn in #473
- Populate User Details in Detections History by @coreyogburn in https:/...
2.4.60
What's Changed
- Cogburn/detections playbooks by @coreyogburn in #333
- Removed Hardcoded Config Values by @coreyogburn in #334
- Detection History by @coreyogburn in #335
- Reworked UI by @coreyogburn in #338
- Updated Tests to Include License Checks by @coreyogburn in #341
- Cogburn/detections playbooks by @defensivedepth in #348
- Query parameter can select ActiveTab by @coreyogburn in #350
- Tweak Wording by @defensivedepth in #351
- Initial Support - Detections Module by @defensivedepth in #353
- Text change by @defensivedepth in #354
- New Detection Creation Logic by @coreyogburn in #355
- fix broken sigma test by @jertel in #356
- disable community rule auto updates by default by @jertel in #357
- FEATURE: Add new SOC action for Process Info Security-Onion-Solutions/securityonion#12421 by @dougburks in #358
- New Alert Quick Action: Tune Detection by @coreyogburn in #359
- Disable QuickAction Item Until Ready by @coreyogburn in #360
- upgrade kratos by @jertel in #362
- Jertel/krup by @jertel in #363
- Change default test index by @defensivedepth in #364
- Change event.module to sigma by @defensivedepth in #366
- Fix tests by @defensivedepth in #367
- No More DetectionStore Crossover by @coreyogburn in #365
- Include Comments in Detection History by @coreyogburn in #369
- add feature toggle for detections by @jertel in #371
- Add toggle to exclude Detections data by @defensivedepth in #370
- suri pcap improvements by @jertel in #372
- error logging improvements by @jertel in #373
- Indicate Clickable Detection Fields by @coreyogburn in #374
- "Tune Detections" Only in Alerts by @coreyogburn in #376
- Strelka Rule License Fallback by @coreyogburn in #377
- pcap improvements by @jertel in #375
- Allow For Zero Strelka Rules Repos by @coreyogburn in #378
- improve reboot indicators by @jertel in #379
- allow sensoroni modules to succeed if at least one provided data by @jertel in #380
- Cogburn/detection tests by @coreyogburn in #381
- Fix for jsyaml reference in tests by @coreyogburn in #382
- Better Defaults in Detection Engines by @coreyogburn in #383
- Add NIDS Tuning Links back in by @defensivedepth in #384
- check bidirectional pcap by @jertel in #385
- add more logging by @jertel in #386
- Improve Suri PCAP parsing performance by @jertel in #387
- Add Version Number to External JS Filenames by @coreyogburn in #388
- 2.4.60 by @TOoSmOotH in #390
Full Changelog: 2.4.50...2.4.60
2.3.300-20240401
Merge pull request #361 from Security-Onion-Solutions/dev 2.3.290
2.3.290
2.4.50
What's Changed
- grid page refinements by @jertel in #320
- grid page improvements by @jertel in #321
- grid page improvements by @jertel in #322
- FIX: Change field groupby button to new groupby Security-Onion-Solutions/securityonion#12228 by @dougburks in #323
- standardize feature names by @jertel in #326
- add suri support by @jertel in #327
- Create suricata specific pcap directories by @TOoSmOotH in #328
- Several SOC fixes/improvements by @jertel in #329
- fix missing error translations by @jertel in #330
- fix missing pkg by @jertel in #331
- create suri query by @jertel in #332
- redo the suri module with native pcap extraction; improve local dev by @jertel in #336
- added unit test resources by @jertel in #337
- eliminate log line for nested dirs by @jertel in #339
- pcap improvements by @jertel in #340
- fix test by @jertel in #342
- switch key field to prevent exceptions by @jertel in #343
- fix tests by @jertel in #344
- reduce packet color intensity by @jertel in #346
- FEATURE: Add new SOC action to show process ancestry Security-Onion-Solutions/securityonion#12345 by @dougburks in #345
- Add new SOC Quick Link for enabling reverse DNS lookups by @dougburks in #347
Full Changelog: 2.4.40...2.4.50