Security Onion 24.10 Released – What’s New

Security Onion 2.4.140 has been officially released, featuring significant upgrades to core components including Suricata 7.0.9, Zeek 7.0.6, and a host of improvements to the Security Operations Center (SOC) configuration interface. 

This release focuses on enhancing security, fixing bugs, and improving the overall user experience for security analysts and defenders.

The cornerstone of this release is the upgrade of two critical security monitoring engines. Suricata has been updated to version 7.0.9, which includes important security fixes as documented in their official release notes. 

This update addresses several vulnerabilities that could potentially impact detection capabilities.

Zeek has also been upgraded to version 7.0.6, bringing numerous bug fixes that improve stability and performance of network protocol analysis. 

These updates ensure that Security Onion continues to provide robust network visibility and threat detection capabilities.

Stop attacks before they start, powered by a 97% precise neural Network to Detect Cyber Attacks

SOC Configuration Enhancements

A notable improvement in this release is the enhanced SOC Config interface. Users can now more efficiently manage their configuration by moving certain entries up or down in priority lists. 

This functionality extends to SOC Dashboard queries, Hunt queries, and SOC Actions, allowing for a more intuitive organization of frequently used tools:

These improvements directly address feedback from security teams who need to customize their detection and investigation workflows efficiently.

For existing Security Onion 2.4 users, updating to this latest version is straightforward using the soup command:

When running this command, Security Onion will check for updates and guide you through the installation process.

The system may ask you to run soup again after it updates itself. It’s important to note that after running soup or rebooting a Security Onion node, services may take a few minutes to display an OK status as the initial on-boot highstate runs.

If services don’t appear fully operational within 15 minutes, you can troubleshoot using:

Before updating production environments, it’s highly recommended to test the upgrade process on a test deployment that closely matches your production setup. 

This precaution is particularly important for releases that update critical components like Salt and Elastic. Complete documentation for Security Onion 2.4 is available online at the official documentation site.

For users still running Security Onion 2.3, remember that it reached End Of Life (EOL) on April 6, 2024.  Upgrading to version 2.4 is now essential for continued security updates and support.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free