Thursday, July 25, 2019

Security Onion Hybrid Hunter 1.1.0 ALPHA Available for Testing!

We recently announced Security Onion Hybrid Hunter:

We're excited to announce that Hybrid Hunter 1.1.0 is now available for testing and is considered our ALPHA release!

Major highlights of this ALPHA release:

  • Alpha is here!! Check out the Hybrid Hunter Quick Start Guide.
  • There is a new PCAP interface called Sensoroni. You can pivot directly from Kibana to Sensoroni via the _id field.
  • Bond interface setup now uses nmcli for better compatibility in the network based setup script.
  • Filebeat traffic for HH components now use a separate port (5644). This will allow you to send Beats to the default port (5044) and choose how you want to secure it. It is still recommended to use full SSL via Filebeat and if you already have this set up you will need to change to port 5044. We will continue to refine this in future versions.
  • Authentication is now enabled by default for all the web based components. There will be some major changes before we get to BETA with how authentication in general is handled due to Elastic "Features" and other components.
  • Add users to the web interface via so-user-add and follow the prompts.
  • so-allow now exists to make your life easier.
  • Bro 2.6.2.
  • All Docker images were updated to reflect Alpha status.
  • Disabled DEBUG logging on a lot of components to reduce space usage.
  • Added a rule update cron job so the master pulls new rules down every day at 7AM UTC.
  • You can now manually run a rule update using the so-rule-update command.

Thanks to the following for all of their work on this release!
Mike Reeves
Wes Lambert
Dustin Lee
Josh Brower
William Wernert

And special thanks to Jason Ertel for his work on Sensoroni!


Pivoting from Kibana to Sensoroni 
Sensoroni showing overview of pcap data

Sensoroni showing detail of pcap data

Sensoroni showing ASCII transcript of pcap data

No comments:

Search This Blog

Featured Post

Quick Malware Analysis: WORD MACRO --> SSLOAD --> COBALT STRIKE pcap from 2024-04-18

Thanks to Brad Duncan for sharing this pcap from 2024-04-18 on his malware traffic analysis site! Due to issues with Google flagging a warni...

Popular Posts

Blog Archive