I've watched the new video at least four times. Super excited about the Detections module release. Great job!!!!
@security-onion5 ай бұрын
Thanks, glad you like it!
@izid00d5 ай бұрын
awesome, just as i imagined it in my head! i will look forward to the update, sheesh this will shorten the tuning process by a lot. Thanks to the SO Team!!!
@security-onion5 ай бұрын
Thanks, glad you like it!
@frzen5 ай бұрын
Huge quality of life upgrade thank you I'm really looking forward to updating
@security-onion5 ай бұрын
Thanks, glad you like it!
@michaelporter82425 ай бұрын
Wow, this is a great improvement for tuning. Can't wait to give it a try!
@security-onion5 ай бұрын
Thanks, glad you like it!
@TheLakeBodom5 ай бұрын
Wow, nice works Security Onion Team!! This will be a much better work flow
@security-onion5 ай бұрын
Thanks, glad you like it!
@yannickzelt92465 ай бұрын
This really is a great new feature. Can't wait to try it out.
@security-onion5 ай бұрын
Thanks, glad you like it!
@capitalreg3184 ай бұрын
Oh this will be very useful. Cool feature indeed, thank you!! Two things: 1. Any possibility of adding an optional Elastic Defend/Predefined Rules integration to that Detections menu? Currently it is buried in Kibana and requires some additional digging to add the Predefined Rule integration, then unhide the Security tab Kibana Spaces? 2. Any chance of upgrading the OSquery Manager to the Velociraptor platform to integrate that amazing tool's DFIR capabilities with the SOC/Elastic Agent?
@security-onion4 ай бұрын
If you have questions or problems, please start a new discussion at securityonion.net/discuss
@ankuryogi32985 ай бұрын
Love it
@security-onion5 ай бұрын
Thanks!
@Roman-m3u4h5 ай бұрын
Is it possible to revert changes through history? Is there a rule validator in the Signarutre field? Will the syntax color highlighting appear?
@security-onion5 ай бұрын
If you have questions, please start a new discussion at securityonion.com/discuss
@juanmartinmerlo36825 ай бұрын
I can't wait to upgrade! Is there an estimated release date? Great job team!
@security-onion5 ай бұрын
2.4.70 is scheduled to release in the next few weeks. Stay tuned! If you have further questions or problems, please start a new discussion at securityonion.com/discuss
@johnmosqueda10295 ай бұрын
Is there an in place upgrade option available?
@security-onion4 ай бұрын
There will be an in-place upgrade option once 2.4.70 is released. If you have further questions or problems, please start a new discussion at securityonion.com/discuss
@flyingbyalexeiroudnev97503 ай бұрын
I do not see a way to change severity by one click, or to suppress alert temporarily, or to automatically get IP etc from alert. So it looks as a good step but it is ONLY a FIRST STEP. For example,. we reclassify events in Zabbix all the time, we set up timed reclassifications often, we may need to update a GROUP of Detection rules at once. Idea is great but it looks as very first implementation yet. (Of course I can clone the rule, then change severity in the cloned rule and disable original rule. but why to do it so complicated? or we want to suppress all alerts 'traffic with ... group' whch we do by re: expression today - it's not implemented yet (looks this way) and there are 50+ IP groups and about 10 alerts per group... so what disable can do by single re: rule, detection will require 100 updates (looks like this).
@security-onion3 ай бұрын
Yes, we have lots of improvements coming. If you have further comments or questions, please start a new discussion at securityonion.com/discuss.