Monday, October 23, 2023

Security Onion 2.4 Feature o' the Day - Dynamic Observable Extraction in SOC Cases

Security Onion 2.4 includes lots of new features! SOC Cases now supports dynamic observable extraction! For example, we escalated this alert to a case:


Going to Cases and then the Events tab, we see the escalated alert:

Going to the Observables tab, we see that the IP addresses were automatically extracted as observables:


You can read more about Cases and Observables in our documentation:
https://docs.securityonion.net/en/2.4/cases.html

More Security Onion 2.4 Features

To see other Security Onion 2.4 features, please see our other Feature o' the Day blog posts:
https://blog.securityonion.net/search/label/feature%20o%27%20the%20day

You can also check out our Release Notes:
https://docs.securityonion.net/en/2.4/release-notes.html

Migrating from 2.3 to 2.4

If you're still running Security Onion 2.3, please note that it reaches End Of Life on April 6, 2024:

If you would like to migrate your data from 2.3 to 2.4, you can find an overview of the process at:



from Security Onion https://bit.ly/3FseUcr
via IFTTT

No comments:

Post a Comment