Security Onion Blog

Monday, December 16, 2019

Security Onion Hybrid Hunter 1.1.3 - Alpha 3 Available for Testing!

In 2018, we started working on the next major version of Security Onion, code-named Hybrid Hunter:
https://blog.securityonion.net/2018/11/security-onion-hybrid-hunter-101-tech.html

We're excited to announce that Hybrid Hunter 1.1.3 is now available for testing and is considered our ALPHA 3 release!
https://github.com/Security-Onion-Solutions/securityonion-saltstack/blob/master/README.md

Major Highlights in this Release
  • Cortex integration with TheHive
  • Pre-loaded plays in Playbook from the Sigma community repo
  • OS patch scheduling
  • Python 3 for CentOS
Screenshots


TheHive Cortex Integration

TheHive Alerts - Playbook NIDS

TheHive - NIDS Alert

TheHive - Playbook Alert

Playbook - Bulk Activate

Playbook - Sigma Community Rules - Sysmon 
so-playbook-ruleupdate


Warnings and Disclaimers

  • This ALPHA release is BLEEDING EDGE and TOTALLY UNSUPPORTED!
  • If this breaks your system, you get to keep both pieces!
  • This is a work in progress and is in constant flux.
  • This is intended to build a quick prototype proof of concept so you can see what our new platform might look like. This configuration will change drastically over time leading up to the final release.
  • Do NOT run this on a system that you care about!
  • Do NOT run this on a system that has data that you care about!
  • This should only be run on a TEST box with TEST data!
  • Use of this ALPHA RELEASE may result in nausea, vomiting, or a burning sensation.

Ready to try it out?

If you want to try our new minimal ISO image, please follow the instructions here:
https://github.com/Security-Onion-Solutions/securityonion-saltstack/wiki/ISO

Otherwise, you can install Hybrid Hunter on Ubuntu 16.04 or CentOS 7 using the instructions here:
https://github.com/Security-Onion-Solutions/securityonion-saltstack

After you've installed, if you want to try out the new Playbook functionality, take a look at:
https://github.com/Security-Onion-Solutions/securityonion-saltstack/wiki/Playbook

Feedback
If you have questions, problems, or other feedback regarding Hybrid Hunter, please post to our subreddit and prefix the title with [Hybrid Hunter]:
https://www.reddit.com/r/securityonion/

at
Labels: , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Search This Blog

Featured Post

Registration Now Open for Augusta Cyber Week 2024!

Registration is now open for Augusta Cyber Week in beautiful Augusta GA from September 30, 2024 through October 5, 2024! This includes: 4-da...

Popular Posts

Blog Archive