New
2.4.200-20251216
Download the ISO
https://github.com/Security-Onion-Solutions/securityonion/blob/ddd6935e50fc319f44926a58f1903d75a8b052e5/DOWNLOAD_AND_VERIFY_ISO.md
What's Changed
- managerhype by @m0duspwnens in https://github.com/Security-Onion-Solutions/securityonion/pull/14966
- Vlb2 by @m0duspwnens in https://github.com/Security-Onion-Solutions/securityonion/pull/14972
- merge with 2.4/dev by @m0duspwnens in https://github.com/Security-Onion-Solutions/securityonion/pull/14990
- pass pillar properly by @m0duspwnens in https://github.com/Security-Onion-Solutions/securityonion/pull/14994
- Vlb2 by @m0duspwnens in https://github.com/Security-Onion-Solutions/securityonion/pull/15015
- Vlb2 by @m0duspwnens in https://github.com/Security-Onion-Solutions/securityonion/pull/15056
- only update mine for managerhype during setup by @m0duspwnens in https://github.com/Security-Onion-Solutions/securityonion/pull/15061
- update service file, use salt.minion state to update mine_functions by @m0duspwnens in https://github.com/Security-Onion-Solutions/securityonion/pull/15065
- set interface for network.ip_addrs for hypervisors by @m0duspwnens in https://github.com/Security-Onion-Solutions/securityonion/pull/15066
- Vlb2 by @m0duspwnens in https://github.com/Security-Onion-Solutions/securityonion/pull/15067
- Vlb2 by @m0duspwnens in https://github.com/Security-Onion-Solutions/securityonion/pull/15076
- Byoh by @m0duspwnens in https://github.com/Security-Onion-Solutions/securityonion/pull/15098
- nsm virtual disk and new nsm_total grain by @m0duspwnens in https://github.com/Security-Onion-Solutions/securityonion/pull/15122
- bump version by @jertel in https://github.com/Security-Onion-Solutions/securityonion/pull/15169
- bump version by @jertel in https://github.com/Security-Onion-Solutions/securityonion/pull/15170
- estimate elasticsearch retention by @reyesj2 in https://github.com/Security-Onion-Solutions/securityonion/pull/15176
- create libvirt volumes directory by @m0duspwnens in https://github.com/Security-Onion-Solutions/securityonion/pull/15181
- add manager role to elasticsearch ingest time spent by @reyesj2 in https://github.com/Security-Onion-Solutions/securityonion/pull/15182
- Upgrade Salt 3006.16 by @m0duspwnens in https://github.com/Security-Onion-Solutions/securityonion/pull/15185
- Available Models by @coreyogburn in https://github.com/Security-Onion-Solutions/securityonion/pull/15188
- Salt 3006.16 by @m0duspwnens in https://github.com/Security-Onion-Solutions/securityonion/pull/15193
- move off of cmd.script with args \ by @reyesj2 in https://github.com/Security-Onion-Solutions/securityonion/pull/15194
- ensure previous setup outcomes are cleared by @jertel in https://github.com/Security-Onion-Solutions/securityonion/pull/15198
- strelka use single master image by @reyesj2 in https://github.com/Security-Onion-Solutions/securityonion/pull/15192
- update so-elasticsearch-retention-estimate by @reyesj2 in https://github.com/Security-Onion-Solutions/securityonion/pull/15201
- rename forward node -> sensor node by @reyesj2 in https://github.com/Security-Onion-Solutions/securityonion/pull/15207
- Update defaults.yaml by @TOoSmOotH in https://github.com/Security-Onion-Solutions/securityonion/pull/15209
- Suricata 8.0.2 by @m0duspwnens in https://github.com/Security-Onion-Solutions/securityonion/pull/15211
- reduce pcapMaxCount to fit better with max upload size by @jertel in https://github.com/Security-Onion-Solutions/securityonion/pull/15213
- add support to so-yaml for using yaml file content for values by @jertel in https://github.com/Security-Onion-Solutions/securityonion/pull/15219
- update so-elasticsearch-retention-estimate by @reyesj2 in https://github.com/Security-Onion-Solutions/securityonion/pull/15204
- configure salt, then install. update bootstrap-salt. reduce salt install fail timeout by @m0duspwnens in https://github.com/Security-Onion-Solutions/securityonion/pull/15223
- CompressContextPrompt by @coreyogburn in https://github.com/Security-Onion-Solutions/securityonion/pull/15221
- wait for 200 from registry before proceeding by @m0duspwnens in https://github.com/Security-Onion-Solutions/securityonion/pull/15228
- Add Enabled Flag to Models by @coreyogburn in https://github.com/Security-Onion-Solutions/securityonion/pull/15229
- pcap annotations by @jertel in https://github.com/Security-Onion-Solutions/securityonion/pull/15225
- suricata pipeline updates by @reyesj2 in https://github.com/Security-Onion-Solutions/securityonion/pull/15230
- fix so-setup error duplicate bond0 by @reyesj2 in https://github.com/Security-Onion-Solutions/securityonion/pull/15231
- rm salt keyring and repo file for deb by @m0duspwnens in https://github.com/Security-Onion-Solutions/securityonion/pull/15237
- update zeek pipelines by @reyesj2 in https://github.com/Security-Onion-Solutions/securityonion/pull/15234
- communicate to the viewer that OS patches may take some time by @jertel in https://github.com/Security-Onion-Solutions/securityonion/pull/15240
- suricata capture file by @reyesj2 in https://github.com/Security-Onion-Solutions/securityonion/pull/15244
- Notify user of hypervisor environment setup failures by @m0duspwnens in https://github.com/Security-Onion-Solutions/securityonion/pull/15247
- clarify hypervisor annotation by @m0duspwnens in https://github.com/Security-Onion-Solutions/securityonion/pull/15248
- use timestamp in volume path to prevent duplicates by @m0duspwnens in https://github.com/Security-Onion-Solutions/securityonion/pull/15251
- Add JA4D option to config.zeek.ja4 by @TOoSmOotH in https://github.com/Security-Onion-Solutions/securityonion/pull/15271
- add force & certs flag to update fleet certs as needed by @reyesj2 in https://github.com/Security-Onion-Solutions/securityonion/pull/15264
- add new so-yaml_test for removefromlist by @m0duspwnens in https://github.com/Security-Onion-Solutions/securityonion/pull/15275
- need additional line bw class by @m0duspwnens in https://github.com/Security-Onion-Solutions/securityonion/pull/15277
- reserve group ids by @m0duspwnens in https://github.com/Security-Onion-Solutions/securityonion/pull/15280
- skip continue prompt if user cannot actually continue by @jertel in https://github.com/Security-Onion-Solutions/securityonion/pull/15281
- FEATURE: Advanced ILM actions via SOC UI by @reyesj2 in https://github.com/Security-Onion-Solutions/securityonion/pull/15241
- Idstools refactor by @defensivedepth in https://github.com/Security-Onion-Solutions/securityonion/pull/15232
- Fixup Airgap by @defensivedepth in https://github.com/Security-Onion-Solutions/securityonion/pull/15283
- Make sure local salt dir is created by @defensivedepth in https://github.com/Security-Onion-Solutions/securityonion/pull/15284
- be more verbose by @defensivedepth in https://github.com/Security-Onion-Solutions/securityonion/pull/15286
- Rework ordering by @defensivedepth in https://github.com/Security-Onion-Solutions/securityonion/pull/15287
- match correct custom ruleset name by @defensivedepth in https://github.com/Security-Onion-Solutions/securityonion/pull/15290
- Fix custom name by @defensivedepth in https://github.com/Security-Onion-Solutions/securityonion/pull/15292
- Remove Claude Sonnet 4 model configuration by @TOoSmOotH in https://github.com/Security-Onion-Solutions/securityonion/pull/15293
- small fixes by @defensivedepth in https://github.com/Security-Onion-Solutions/securityonion/pull/15297
- Fixup logic by @defensivedepth in https://github.com/Security-Onion-Solutions/securityonion/pull/15298
- Update Assistant Models by @TOoSmOotH in https://github.com/Security-Onion-Solutions/securityonion/pull/15289
- Rework backup by @defensivedepth in https://github.com/Security-Onion-Solutions/securityonion/pull/15301
- Add Airgap check by @defensivedepth in https://github.com/Security-Onion-Solutions/securityonion/pull/15303
- fix cleaning repos on remote nodes if airgap by @m0duspwnens in https://github.com/Security-Onion-Solutions/securityonion/pull/15304
- Add trailing nl if it doesnt already exist by @defensivedepth in https://github.com/Security-Onion-Solutions/securityonion/pull/15308
- Update so-minion by @TOoSmOotH in https://github.com/Security-Onion-Solutions/securityonion/pull/15311
Full Changelog: https://github.com/Security-Onion-Solutions/securityonion/compare/2.4.190-20251024...2.4.200-20251216