Skip to content

2.4.201 #176

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
dougburks merged 2 commits into from
Jan 15, 2026
Merged

2.4.201 #176

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
fb0cf19
update for suricata 8
dougburks Jan 13, 2026
686910e
update rel notes
jertel Jan 14, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion bpf.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ BPF stands for Berkeley Packet Filter. From https://en.wikipedia.org/wiki/Berkel
Configuration
-------------

You can modify your BPF configuration by going to :ref:`administration` --> Configuration --> bpf. You can apply BPF configuration to :ref:`stenographer`, :ref:`suricata`, or :ref:`zeek`.
You can modify your BPF configuration by going to :ref:`administration` --> Configuration --> bpf. You can apply BPF configuration to the PCAP engine (either :ref:`stenographer` or :ref:`suricata`), :ref:`suricata`, or :ref:`zeek`. If you configure a BPF for the PCAP engine and your PCAP engine is :ref:`suricata`, then it will only apply to the PCAP and NOT alerts or metadata.

.. image:: images/config-item-bpf.png
:target: _images/config-item-bpf.png
Expand Down
8 changes: 8 additions & 0 deletions release-notes.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,14 @@ For all known issues, please see https://github.com/Security-Onion-Solutions/sec
Release History
~~~~~~~~~~~~~~~

2.4.201 [20260114] Changes
--------------------------

- FIX: Update OnionAI video `#15380 <https://github.com/Security-Onion-Solutions/securityonion/issues/15380>`_
- FIX: Validate Suricata Overrides `#15372 <https://github.com/Security-Onion-Solutions/securityonion/issues/15372>`_
- UPGRADE: Suricata to 8.0.3 `#15377 <https://github.com/Security-Onion-Solutions/securityonion/issues/15377>`_
- UPGRADE: Zeek to 8.0.5 `#15378 <https://github.com/Security-Onion-Solutions/securityonion/issues/15378>`_

2.4.200 [20251215] Changes
--------------------------

Expand Down
1 change: 0 additions & 1 deletion suricata.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,6 @@ Differences between Suricata and Stenographer for PCAP
- Suricata can optionally compress PCAP using lz4 compression.
- Suricata supports conditional PCAP if you only want to write PCAP when certain conditions are met.
- Suricata has the ability to stop capturing PCAP once a flow reaches a specific stream depth. Security Onion sets this stream depth to 1MB by default. This means that once the PCAP flow reaches 1MB, Suricata will stop recording packets for that flow.
- Currently, there is NO SUPPORT for a PCAP specific :ref:`bpf` for Suricata. If you apply a :ref:`bpf` to Suricata, it will apply to not only PCAP but also standard :ref:`nids` alerts and metadata if enabled.

Conditional PCAP
~~~~~~~~~~~~~~~~
Expand Down