Skip to content

LME v2.3.0

Latest
Latest

Choose a tag to compare

View all tags
@NVivero NVivero released this 15 May 15:38
v2.3.0
35fb497
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

[2.3.0] - Timberrrrr! - 2026-05-15

Summary

LME v2.3.0 expands LME’s deployment, analysis, and detection engineering capabilities by introducing support for multi-node Elasticsearch cluster deployments and adding an optional local AI/LLM-powered security analysis experience. This release also adds new detection engineering tooling, Ludus cyber range integration, and updates to support offline and air-gapped deployments with the new AI/LLM stack.

The existing single-node install path remains supported, while the new cluster installation path provides a scalable option for larger environments.

What's Changed

Added support for multi-node Elasticsearch cluster deployments

  • Added a new cluster installation flow using install.sh --cluster.
  • Added cluster inventory tooling and example inventory files.
  • Added an Elasticsearch-only Ansible playbook for adding and managing cluster nodes.
  • Added cluster-aware Elasticsearch, certificate, secret, and Podman setup.
  • Added support for converting an existing single-node LME install into a clustered deployment.
  • Updated backup, restore, snapshot, rollback, and password-change workflows to support clustered installs.
  • Added local Docker cluster test setups and Azure-based cluster installer tooling.
  • Added documentation for cluster installation, conversion, recovery, snapshots, password changes, and backup/restore.

Added optional AI/LLM security analysis and detection engineering tooling

  • Added the LME Security Dashboard for local AI-assisted alert analysis, LME documentation assistance, detection engineering management, model management, vulnerability overview, and CISA KEV cross-referencing.
  • Added the Log Analyzer for LLM-powered log querying and security alert analysis.
  • Added six new supporting containers: llama-cpp, embeddings, litellm, pgvector, dashboard, and log-analyzer.
  • Added local model management for downloading, switching, and deleting GGUF models.
  • Added support for Sigma rule conversion and upload workflows.
  • Added ElastAlert rule management and configurable ElastAlert2 email notifications.
  • Added support for viewing and managing Elastic prebuilt rules.
  • Added automated CISA Known Exploited Vulnerabilities sync and cross-referencing with Wazuh vulnerability data.
  • Added prepare_offline.sh --llm support for offline and air-gapped AI/LLM deployments.
  • Added an upgrade path from LME v2.2.0 to v2.3.0 using ansible-playbook upgrade_lme.yml.

Added Ludus cyber range integration

  • Added Ludus-compatible Ansible roles for deploying LME, Caldera, and Windows/Linux endpoints in cyber range environments.
  • Added a reference Ludus range configuration for LME, Caldera, and endpoint deployment.
  • Added detection engineering documentation, including architecture diagrams, agent configurations, and troubleshooting guidance.
  • Added a Galaxy release workflow for Ludus roles.

Known Limitations

The following deployment and recovery scenarios are not supported in this release:

  • Restoring a backup from a clustered LME deployment to a single-node LME deployment is not supported.
  • Upgrading an existing single-node LME deployment to a clustered deployment in an air-gapped environment is not supported.

--

Full Changelog: v2.2.0...v2.3.0

Assets 3
Loading