Sneak Peek: New Detections Feature coming in Security Onion 2.4.70!
Рет қаралды 2,843
Күн бұрын
@cyberlabz 8 ай бұрын
I've watched the new video at least four times. Super excited about the Detections module release. Great job!!!!
@security-onion 8 ай бұрын
Thanks, glad you like it!
@izid00d 8 ай бұрын
awesome, just as i imagined it in my head! i will look forward to the update, sheesh this will shorten the tuning process by a lot. Thanks to the SO Team!!!
@security-onion 8 ай бұрын
Thanks, glad you like it!
@michaelporter8242 8 ай бұрын
Wow, this is a great improvement for tuning. Can't wait to give it a try!
@security-onion 8 ай бұрын
Thanks, glad you like it!
@frzen 8 ай бұрын
Huge quality of life upgrade thank you I'm really looking forward to updating
@security-onion 8 ай бұрын
Thanks, glad you like it!
@TheLakeBodom 8 ай бұрын
Wow, nice works Security Onion Team!! This will be a much better work flow
@security-onion 8 ай бұрын
Thanks, glad you like it!
@capitalreg318 7 ай бұрын
Oh this will be very useful. Cool feature indeed, thank you!! Two things: 1. Any possibility of adding an optional Elastic Defend/Predefined Rules integration to that Detections menu? Currently it is buried in Kibana and requires some additional digging to add the Predefined Rule integration, then unhide the Security tab Kibana Spaces? 2. Any chance of upgrading the OSquery Manager to the Velociraptor platform to integrate that amazing tool's DFIR capabilities with the SOC/Elastic Agent?
@security-onion 7 ай бұрын
If you have questions or problems, please start a new discussion at securityonion.net/discuss
@yannickzelt9246 8 ай бұрын
This really is a great new feature. Can't wait to try it out.
@security-onion 8 ай бұрын
Thanks, glad you like it!
@johnmosqueda1029 8 ай бұрын
Is there an in place upgrade option available?
@security-onion 8 ай бұрын
There will be an in-place upgrade option once 2.4.70 is released. If you have further questions or problems, please start a new discussion at securityonion.com/discuss
@Roman-m3u4h 8 ай бұрын
Is it possible to revert changes through history? Is there a rule validator in the Signarutre field? Will the syntax color highlighting appear?
@security-onion 8 ай бұрын
If you have questions, please start a new discussion at securityonion.com/discuss
@juanmartinmerlo3682 8 ай бұрын
I can't wait to upgrade! Is there an estimated release date? Great job team!
@security-onion 8 ай бұрын
2.4.70 is scheduled to release in the next few weeks. Stay tuned! If you have further questions or problems, please start a new discussion at securityonion.com/discuss
@flyingbyalexeiroudnev9750 7 ай бұрын
I do not see a way to change severity by one click, or to suppress alert temporarily, or to automatically get IP etc from alert. So it looks as a good step but it is ONLY a FIRST STEP. For example,. we reclassify events in Zabbix all the time, we set up timed reclassifications often, we may need to update a GROUP of Detection rules at once. Idea is great but it looks as very first implementation yet. (Of course I can clone the rule, then change severity in the cloned rule and disable original rule. but why to do it so complicated? or we want to suppress all alerts 'traffic with ... group' whch we do by re: expression today - it's not implemented yet (looks this way) and there are 50+ IP groups and about 10 alerts per group... so what disable can do by single re: rule, detection will require 100 updates (looks like this).
@security-onion 7 ай бұрын
Yes, we have lots of improvements coming. If you have further comments or questions, please start a new discussion at securityonion.com/discuss.
@ankuryogi3298 8 ай бұрын
Love it
@security-onion 8 ай бұрын
Thanks!
Security Onion
Рет қаралды 10 М.
Security Onion
Рет қаралды 3,6 М.