New
2.4.170-20250812
Download the ISO
https://github.com/Security-Onion-Solutions/securityonion/blob/ae0ffc4977eb560685022328d30564fc83320257/DOWNLOAD_AND_VERIFY_ISO.md
What's Changed
- 2.4/dev by @m0duspwnens in https://github.com/Security-Onion-Solutions/securityonion/pull/14200
- Get ready for .160 by @TOoSmOotH in https://github.com/Security-Onion-Solutions/securityonion/pull/14614
- improve consistency by @jertel in https://github.com/Security-Onion-Solutions/securityonion/pull/14619
- Update soup by @TOoSmOotH in https://github.com/Security-Onion-Solutions/securityonion/pull/14621
- Cogburn/playbooks by @coreyogburn in https://github.com/Security-Onion-Solutions/securityonion/pull/14623
- logstash isn't running on receivers or manager when kafka is the glob… by @reyesj2 in https://github.com/Security-Onion-Solutions/securityonion/pull/14629
- Add RulesetName to Rule Repos by @coreyogburn in https://github.com/Security-Onion-Solutions/securityonion/pull/14639
- Add parsing for Playbook by @defensivedepth in https://github.com/Security-Onion-Solutions/securityonion/pull/14638
- Tighten parsing by @defensivedepth in https://github.com/Security-Onion-Solutions/securityonion/pull/14643
- Backport Hotfix to dev by @jertel in https://github.com/Security-Onion-Solutions/securityonion/pull/14651
- use zeek network.community_id when available by @reyesj2 in https://github.com/Security-Onion-Solutions/securityonion/pull/14668
- FIX: Improve annotation for Elasticsearch index deletion #14682 by @dougburks in https://github.com/Security-Onion-Solutions/securityonion/pull/14683
- FIX: so-suricata-testrule should disable pcap logging #14685 by @dougburks in https://github.com/Security-Onion-Solutions/securityonion/pull/14687
- FIX: so-elasticsearch-ilm-start needs shebang #14688 by @dougburks in https://github.com/Security-Onion-Solutions/securityonion/pull/14689
- add echo to end of so-elasticsearch-ilm-start and so-elasticsearch-ilm-stop by @dougburks in https://github.com/Security-Onion-Solutions/securityonion/pull/14691
- Use Stable branch by @defensivedepth in https://github.com/Security-Onion-Solutions/securityonion/pull/14697
- add so-elasticsearch-index-growth by @reyesj2 in https://github.com/Security-Onion-Solutions/securityonion/pull/14698
- fix system integration time overwrite and delete unused ingest pipeline by @reyesj2 in https://github.com/Security-Onion-Solutions/securityonion/pull/14676
- Updated Playbook Repo Config by @coreyogburn in https://github.com/Security-Onion-Solutions/securityonion/pull/14700
- upgrade registry to 3.0.0 by @jertel in https://github.com/Security-Onion-Solutions/securityonion/pull/14701
- update to new config location by @jertel in https://github.com/Security-Onion-Solutions/securityonion/pull/14711
- enable STS for browser redirects by @jertel in https://github.com/Security-Onion-Solutions/securityonion/pull/14714
- Add support for Airgap for Playbooks by @defensivedepth in https://github.com/Security-Onion-Solutions/securityonion/pull/14718
- Airgap tweaks by @defensivedepth in https://github.com/Security-Onion-Solutions/securityonion/pull/14719
- Supress alerts by @defensivedepth in https://github.com/Security-Onion-Solutions/securityonion/pull/14721
- Add nsm bind by @defensivedepth in https://github.com/Security-Onion-Solutions/securityonion/pull/14722
- Create dir if needed by @defensivedepth in https://github.com/Security-Onion-Solutions/securityonion/pull/14723
- Add support for dns.resolved_ip by @defensivedepth in https://github.com/Security-Onion-Solutions/securityonion/pull/14759
- refactor airgap playbook to eliminate dupe code and shrink ISO by @jertel in https://github.com/Security-Onion-Solutions/securityonion/pull/14764
- fix logging by @jertel in https://github.com/Security-Onion-Solutions/securityonion/pull/14765
- change salt upgrade process by @m0duspwnens in https://github.com/Security-Onion-Solutions/securityonion/pull/14770
- Revert "change salt upgrade process" by @m0duspwnens in https://github.com/Security-Onion-Solutions/securityonion/pull/14771
- 2.4.160 by @TOoSmOotH in https://github.com/Security-Onion-Solutions/securityonion/pull/14772
- 2.4.160 by @TOoSmOotH in https://github.com/Security-Onion-Solutions/securityonion/pull/14773
- Update VERSION by @TOoSmOotH in https://github.com/Security-Onion-Solutions/securityonion/pull/14775
- soup 2.4.170 by @reyesj2 in https://github.com/Security-Onion-Solutions/securityonion/pull/14776
- hardware virtualization by @m0duspwnens in https://github.com/Security-Onion-Solutions/securityonion/pull/14784
- allow standalone and managersearch to run salt.cloud state by @m0duspwnens in https://github.com/Security-Onion-Solutions/securityonion/pull/14791
- allow libvirt states by @m0duspwnens in https://github.com/Security-Onion-Solutions/securityonion/pull/14792
- Refactors playbook repo configuration by @coreyogburn in https://github.com/Security-Onion-Solutions/securityonion/pull/14793
- only run storage state if box has nvme by @m0duspwnens in https://github.com/Security-Onion-Solutions/securityonion/pull/14800
- ensure hypervisor is remove from salt cloud profiles when key is deleted by @m0duspwnens in https://github.com/Security-Onion-Solutions/securityonion/pull/14803
- es 8.18.3 by @reyesj2 in https://github.com/Security-Onion-Solutions/securityonion/pull/14813
- Add user.name to kratos query by @defensivedepth in https://github.com/Security-Onion-Solutions/securityonion/pull/14816
- es 8.18.3 by @reyesj2 in https://github.com/Security-Onion-Solutions/securityonion/pull/14824
- ES 8.18.3 by @reyesj2 in https://github.com/Security-Onion-Solutions/securityonion/pull/14825
- check required files exist before loading map file by @reyesj2 in https://github.com/Security-Onion-Solutions/securityonion/pull/14827
- exclude component updates indexes with error in the name by @jertel in https://github.com/Security-Onion-Solutions/securityonion/pull/14828
- split up bulk install of integrations by @reyesj2 in https://github.com/Security-Onion-Solutions/securityonion/pull/14830
- fix typo by @jertel in https://github.com/Security-Onion-Solutions/securityonion/pull/14832
- templates with error in name by @reyesj2 in https://github.com/Security-Onion-Solutions/securityonion/pull/14833
- kibana listingLimit by @reyesj2 in https://github.com/Security-Onion-Solutions/securityonion/pull/14840
- Issues #14836 #14837 #14838 by @dougburks in https://github.com/Security-Onion-Solutions/securityonion/pull/14842
- Simplify UniFi dashboards #14838 by @dougburks in https://github.com/Security-Onion-Solutions/securityonion/pull/14845
- hosted image. sos hw support by @m0duspwnens in https://github.com/Security-Onion-Solutions/securityonion/pull/14848
- ja4 by @reyesj2 in https://github.com/Security-Onion-Solutions/securityonion/pull/14850
- ja4 ignore empty strings by @reyesj2 in https://github.com/Security-Onion-Solutions/securityonion/pull/14854
- elasticsearch troubleshoot script by @reyesj2 in https://github.com/Security-Onion-Solutions/securityonion/pull/14856
- fix incorrect file ownership by @reyesj2 in https://github.com/Security-Onion-Solutions/securityonion/pull/14858
- Add JA4 support by @TOoSmOotH in https://github.com/Security-Onion-Solutions/securityonion/pull/14860
- don't allow bootstrap-salt to start daemons. splay non manager highstates 120 seconds by @m0duspwnens in https://github.com/Security-Onion-Solutions/securityonion/pull/14865
- UPGRADE: Zeek Ethercat plugin #14783 by @dougburks in https://github.com/Security-Onion-Solutions/securityonion/pull/14867
- add some retry to so-elastic-fleet-integration-upgrade by @reyesj2 in https://github.com/Security-Onion-Solutions/securityonion/pull/14868
- add pack only holding package if installed. remove redundant hold on salt-master package by @m0duspwnens in https://github.com/Security-Onion-Solutions/securityonion/pull/14869
- 8.18.4 by @reyesj2 in https://github.com/Security-Onion-Solutions/securityonion/pull/14870
- FIX: opencanary startup logs cause ingest error by @reyesj2 in https://github.com/Security-Onion-Solutions/securityonion/pull/14871
- update ASN organization name field by @reyesj2 in https://github.com/Security-Onion-Solutions/securityonion/pull/14880
- increase so-elasticsearch-roles-load timeout by @reyesj2 in https://github.com/Security-Onion-Solutions/securityonion/pull/14883
- only show data nodes in disk usage output by @reyesj2 in https://github.com/Security-Onion-Solutions/securityonion/pull/14889
- exclude so_agent_installer dir from config backups by @reyesj2 in https://github.com/Security-Onion-Solutions/securityonion/pull/14890
- match user soqemussh, allow user additions to persist, for ssh config. by @m0duspwnens in https://github.com/Security-Onion-Solutions/securityonion/pull/14892
- fix hyper bridge setup. simplify cpu/mem regex by @m0duspwnens in https://github.com/Security-Onion-Solutions/securityonion/pull/14896
- handle - in hypervisor hostname by @m0duspwnens in https://github.com/Security-Onion-Solutions/securityonion/pull/14899
- Vlb2 by @m0duspwnens in https://github.com/Security-Onion-Solutions/securityonion/pull/14909
- remove managerhype from whiptail by @m0duspwnens in https://github.com/Security-Onion-Solutions/securityonion/pull/14910
- 2.4.170 by @TOoSmOotH in https://github.com/Security-Onion-Solutions/securityonion/pull/14916
- 2.4.170 by @TOoSmOotH in https://github.com/Security-Onion-Solutions/securityonion/pull/14918
- 2.4.170 by @TOoSmOotH in https://github.com/Security-Onion-Solutions/securityonion/pull/14919
- 2.4.170 by @TOoSmOotH in https://github.com/Security-Onion-Solutions/securityonion/pull/14917
Full Changelog: https://github.com/Security-Onion-Solutions/securityonion/compare/2.4.150-20250522...2.4.170-20250812