Security Onion 2.4: Free, open platform for defenders gets huge update
– Help Net Security
New features in Security Onion 2.4 Over the past year of developing Security Onion 2.4, the developers added new features to give you a better experience and make you more efficient: Security Onion Console (SOC) has many new features to make you more efficient as a defender: – SOC now allows you to add a value directly from a record in Hunt, Dashboards, or Alerts as an observable to an existing or new case – SOC includes a new DNS lookup capability – SOC includes pivots for relational operators on numbers – SOC Cases support dynamic observable extraction – SOC can import PCAP and EVTX files SOC has many new administration features, so you can spend less time managing your deployment and more time hunting adversaries.- You can manage users via SOCâs Administration section – SOCâs Administration section also includes a new Grid Members Interface to manage adding and removing nodes – You can configure most aspects of your deployment via the Configuration interface – SOCâs Grid interface has been improved to show more status information about your nodes – The installer has been simplified and configuring new members of the grid will take place in the Grid Members interface – SOC authentication has been upgraded to include additional authentication protections, such as rate-limiting login requests.
Link: https://www.helpnetsecurity.com/2023/08/23/security-onion-2-4-10-free-open-platform/