Security Onion 2.4 includes lots of new features! SOC Cases now supports dynamic observable extraction! For example, we escalated this alert to a case:
Going to Cases and then the Events tab, we see the escalated alert:
Going to the Observables tab, we see that the IP addresses were automatically extracted as observables:
You can read more about Cases and Observables in our documentation:
https://docs.securityonion.net/en/2.4/cases.html
More Security Onion 2.4 Features
To see other Security Onion 2.4 features, please see our other Feature o' the Day blog posts:
https://blog.securityonion.net/search/label/feature%20o%27%20the%20day
You can also check out our Release Notes:
https://docs.securityonion.net/en/2.4/release-notes.html
Migrating from 2.3 to 2.4
from Security Onion https://bit.ly/3FseUcr
via IFTTT
No comments:
Post a Comment