Monday, December 16, 2019

Security Onion Hybrid Hunter 1.1.3 - Alpha 3 Available for Testing!

In 2018, we started working on the next major version of Security Onion, code-named Hybrid Hunter:

We're excited to announce that Hybrid Hunter 1.1.3 is now available for testing and is considered our ALPHA 3 release!

Major Highlights in this Release
  • Cortex integration with TheHive
  • Pre-loaded plays in Playbook from the Sigma community repo
  • OS patch scheduling
  • Python 3 for CentOS

TheHive Cortex Integration

TheHive Alerts - Playbook NIDS

TheHive - NIDS Alert

TheHive - Playbook Alert

Playbook - Bulk Activate

Playbook - Sigma Community Rules - Sysmon 

Warnings and Disclaimers

  • If this breaks your system, you get to keep both pieces!
  • This is a work in progress and is in constant flux.
  • This is intended to build a quick prototype proof of concept so you can see what our new platform might look like. This configuration will change drastically over time leading up to the final release.
  • Do NOT run this on a system that you care about!
  • Do NOT run this on a system that has data that you care about!
  • This should only be run on a TEST box with TEST data!
  • Use of this ALPHA RELEASE may result in nausea, vomiting, or a burning sensation.

Ready to try it out?

If you want to try our new minimal ISO image, please follow the instructions here:

Otherwise, you can install Hybrid Hunter on Ubuntu 16.04 or CentOS 7 using the instructions here:

After you've installed, if you want to try out the new Playbook functionality, take a look at:

If you have questions, problems, or other feedback regarding Hybrid Hunter, please post to our subreddit and prefix the title with [Hybrid Hunter]:

No comments:

Search This Blog

Featured Post

Security Onion 2.3 has reached End Of Life

On 10/6/2023, we announced a 6-month EOL notice for Security Onion 2.3:

Popular Posts

Blog Archive