Friday, October 4, 2019

Security Onion Hybrid Hunter 1.1.1 - Alpha 2 Available for Testing!

In 2018, we started working on the next major version of Security Onion, code-named Hybrid Hunter:
https://blog.securityonion.net/2018/11/security-onion-hybrid-hunter-101-tech.html

We're excited to announce that Hybrid Hunter 1.1.1 is now available for testing and is considered our ALPHA 2 release!
https://github.com/Security-Onion-Solutions/securityonion-saltstack/blob/master/README.md


Changes:

  • Alpha 2 is here!
  • Hybrid Hunter minimal ISO image now available!
  • Suricata 4.1.5.
  • Bro/Zeek 2.6.4.
  • TheHive 3.4.0 (Includes ES 6.8.3 for TheHive only).
  • Fixed Bro/Zeek packet loss calculation for Grafana.
  • Updated to latest Sensoroni which includes websockets support for job status updates without having to refresh the page.
  • NIDS and HIDS dashboard updates.
  • Playbook and ATT&CK Navigator features are now included.
  • Filebeat now logs to a file, instead of stdout.
  • Elastalert has been updated to use Python 3 and allow for use of custom alerters.
  • Moved Bro/Zeek log parsing from Logstash to Elasticsearch Ingest for higher performance and lower memory usage!
  • Several changes to the setup script have been made to improve stability of the setup process:
    • Setup now modifies your hosts file so that the install works better in environments without DNS.
    • You are now prompted for setting a password for the socore user.
    • The install now forces a reboot at the end of the install. This fixes an issue with some of the Docker containers being in the wrong state from a manual reboot. Manual reboots are fine after the initial reboot.
Warnings and Disclaimers

  • This ALPHA release is BLEEDING EDGE and TOTALLY UNSUPPORTED!
  • If this breaks your system, you get to keep both pieces!
  • This is a work in progress and is in constant flux.
  • This is intended to build a quick prototype proof of concept so you can see what our new platform might look like. This configuration will change drastically over time leading up to the final release.
  • Do NOT run this on a system that you care about!
  • Do NOT run this on a system that has data that you care about!
  • This should only be run on a TEST box with TEST data!
  • Use of this script may result in nausea, vomiting, or a burning sensation.

Ready to try it out?

If you want to try our new minimal ISO image, please follow the instructions here:
https://github.com/Security-Onion-Solutions/securityonion-saltstack/wiki/ISO

Otherwise, you can install Hybrid Hunter on Ubuntu 16.04 or CentOS 7 using the instructions here:
https://github.com/Security-Onion-Solutions/securityonion-saltstack

After you've installed, if you want to try out the new Playbook functionality, take a look at:
https://github.com/Security-Onion-Solutions/securityonion-saltstack/wiki/Playbook

Feedback
If you have questions, problems, or other feedback regarding Hybrid Hunter, please post to our subreddit and prefix the title with [Hybrid Hunter]:
https://www.reddit.com/r/securityonion/

No comments: