Component version bumps:

* watchdog to v5.0.3
* logstash to v8.15.2
* beats to v8.15.2
* zeek to v7.0.2
* fluent bit to v3.1.9
* capa to v7.3.0

Dockerfiles/arkime.Dockerfile

@@ -149,7 +149,7 @@ RUN export DEBARCH=$(dpkg --print-architecture) && \
     mkdir -p "${ARKIME_DIR}"/plugins && \
       curl -fsSL -o "${ARKIME_DIR}/plugins/ja4plus.${DEBARCH}.so" "$(echo "${ARKIME_JA4_SO_URL}" | sed "s/XXX/${DEBARCH}/g")" && \
       chmod 755 "${ARKIME_DIR}/plugins/ja4plus.${DEBARCH}.so" && \
-    python3 -m pip install --break-system-packages --no-compile --no-cache-dir beautifulsoup4 pyzmq watchdog==5.0.2 && \
+    python3 -m pip install --break-system-packages --no-compile --no-cache-dir beautifulsoup4 pyzmq watchdog==5.0.3 && \
     ln -sfr $ARKIME_DIR/bin/npm /usr/local/bin/npm && \
       ln -sfr $ARKIME_DIR/bin/node /usr/local/bin/node && \
       ln -sfr $ARKIME_DIR/bin/npx /usr/local/bin/npx && \

Dockerfiles/file-monitor.Dockerfile

@@ -159,7 +159,7 @@ RUN export BINARCH=$(uname -m | sed 's/x86_64/amd64/' | sed 's/aarch64/arm64/')
       python-magic \
       stream-zip \
       supervisor \
-      watchdog==5.0.2 \
+      watchdog==5.0.3 \
       yara-python && \
     curl -fsSL -o /usr/local/bin/supercronic "${SUPERCRONIC_URL}${BINARCH}" && \
       chmod +x /usr/local/bin/supercronic && \

Dockerfiles/filebeat.Dockerfile

@@ -1,4 +1,4 @@
-FROM docker.elastic.co/beats/filebeat-oss:8.15.1
+FROM docker.elastic.co/beats/filebeat-oss:8.15.2
 
 # Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
 LABEL maintainer="malcolm@inl.gov"
@@ -108,7 +108,7 @@ RUN export EVTXARCH=$(uname -m | sed 's/arm64/aarch64/') && \
         unzip \
         xz-utils && \
     ln -s -f -r /usr/bin/python3.9 /usr/bin/python3 && \
-    python3.9 -m pip install --no-compile --no-cache-dir patool entrypoint2 pyunpack python-magic ordered-set supervisor watchdog==5.0.2 && \
+    python3.9 -m pip install --no-compile --no-cache-dir patool entrypoint2 pyunpack python-magic ordered-set supervisor watchdog==5.0.3 && \
     curl -fsSL -o /usr/local/bin/supercronic "${SUPERCRONIC_URL}${BINARCH}" && \
       chmod +x /usr/local/bin/supercronic && \
     curl -fsSL -o /usr/local/bin/yq "${YQ_URL}${BINARCH}" && \

Dockerfiles/logstash.Dockerfile

@@ -1,4 +1,4 @@
-FROM docker.elastic.co/logstash/logstash-oss:8.15.1
+FROM docker.elastic.co/logstash/logstash-oss:8.15.2
 
 LABEL maintainer="malcolm@inl.gov"
 LABEL org.opencontainers.image.authors='malcolm@inl.gov'

Dockerfiles/pcap-monitor.Dockerfile

@@ -67,7 +67,7 @@ RUN apt-get -q update && \
       python-magic \
       pyzmq \
       requests \
-      watchdog==5.0.2 && \
+      watchdog==5.0.3 && \
     groupadd --gid ${DEFAULT_GID} ${PGROUP} && \
       useradd -M --uid ${DEFAULT_UID} --gid ${DEFAULT_GID} ${PUSER}
 

Dockerfiles/suricata.Dockerfile

@@ -108,7 +108,7 @@ RUN export BINARCH=$(uname -m | sed 's/x86_64/amd64/' | sed 's/aarch64/arm64/')
     apt-get install -q -y --no-install-recommends -t bookworm-backports \
         suricata=${SURICATA_VERSION_PATTERN} \
         suricata-update && \
-    python3 -m pip install --break-system-packages --no-compile --no-cache-dir watchdog==5.0.2 && \
+    python3 -m pip install --break-system-packages --no-compile --no-cache-dir watchdog==5.0.3 && \
     curl -fsSL -o /usr/local/bin/supercronic "${SUPERCRONIC_URL}${BINARCH}" && \
       chmod +x /usr/local/bin/supercronic && \
     curl -fsSL -o /usr/bin/yq "${YQ_URL}${BINARCH}" && \

Dockerfiles/zeek.Dockerfile

@@ -33,7 +33,7 @@ USER root
 # see PUSER_CHOWN at the bottom of the file (after the other environment variables it references)
 
 # for download and install
-ARG ZEEK_VERSION=7.0.1-0
+ARG ZEEK_VERSION=7.0.2-0
 ENV ZEEK_VERSION $ZEEK_VERSION
 
 # put Zeek and Spicy in PATH

hedgehog-iso/build.sh

@@ -5,7 +5,7 @@ IMAGE_PUBLISHER=idaholab
 IMAGE_VERSION=1.0.0
 IMAGE_DISTRIBUTION=bookworm
 
-BEATS_VER="8.15.1"
+BEATS_VER="8.15.2"
 BEATS_OSS="-oss"
 
 ARKIME_VER="5.4.0"

hedgehog-iso/config/hooks/normal/0169-pip-installs.hook.chroot

@@ -20,4 +20,4 @@ pip3 install --break-system-packages --no-compile --no-cache-dir --force-reinsta
   stix2 \
   stream-zip \
   taxii2-client \
-  watchdog==5.0.2
+  watchdog==5.0.3

hedgehog-raspi/sensor_install.sh

@@ -34,7 +34,7 @@ SENSOR_DIR='/opt/sensor'
 
 ARKIME_VERSION="5.4.0"
 
-BEATS_VER="8.15.1"
+BEATS_VER="8.15.2"
 BEATS_OSS="-oss"
 
 # Option to build from sources if desired
@@ -212,7 +212,7 @@ build_zeek_src() {
     export PYTHONUNBUFFERED=1
 
     zeek_url=https://github.com/zeek/zeek.git
-    zeek_version=7.0.1
+    zeek_version=7.0.2
     zeek_release=1
     zeek_dir=/opt/zeek
     # Zeek's build eats a ton of resources; prevent OOM from the killing build process

scripts/third-party-logs/fluent-bit-setup.ps1

@@ -9,7 +9,7 @@
 ###############################################################################
 
 $fluent_bit_version = '3.1'
-$fluent_bit_full_version = '3.1.8'
+$fluent_bit_full_version = '3.1.9'
 
 ###############################################################################
 # select an item from a menu provided in an array

shared/bin/capa-build.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-export CAPA_VERSION="7.2.0"
+export CAPA_VERSION="7.3.0"
 export CAPA_SRC_URL="https://github.com/mandiant/capa/archive/refs/tags/v${CAPA_VERSION}.zip"
 export CAPA_RULES_URL="https://github.com/mandiant/capa-rules/archive/refs/tags/v${CAPA_VERSION}.zip"
 

shared/bin/zeek-deb-download.sh

@@ -6,7 +6,7 @@ unset VERBOSE
 command -v dpkg >/dev/null 2>&1 && ARCH="$(dpkg --print-architecture)" || ARCH=amd64
 DISTRO=Debian_12
 OUTPUT_DIR=/tmp
-ZEEK_VERSION=7.0.1-0
+ZEEK_VERSION=7.0.2-0
 
 while getopts a:d:o:vz: opts; do
    case ${opts} in