https://blog.securityonion.net/2018/11/security-onion-hybrid-hunter-101-tech.html
We're excited to announce that Hybrid Hunter 1.1.3 is now available for testing and is considered our ALPHA 3 release!
https://github.com/Security-Onion-Solutions/securityonion-saltstack/blob/master/README.md
Major Highlights in this Release
- Cortex integration with TheHive
- Pre-loaded plays in Playbook from the Sigma community repo
- OS patch scheduling
- Python 3 for CentOS
TheHive Cortex Integration |
TheHive Alerts - Playbook NIDS |
TheHive - NIDS Alert |
TheHive - Playbook Alert |
Playbook - Bulk Activate |
Playbook - Sigma Community Rules - Sysmon |
so-playbook-ruleupdate |
Warnings and Disclaimers
- This ALPHA release is BLEEDING EDGE and TOTALLY UNSUPPORTED!
- If this breaks your system, you get to keep both pieces!
- This is a work in progress and is in constant flux.
- This is intended to build a quick prototype proof of concept so you can see what our new platform might look like. This configuration will change drastically over time leading up to the final release.
- Do NOT run this on a system that you care about!
- Do NOT run this on a system that has data that you care about!
- This should only be run on a TEST box with TEST data!
- Use of this ALPHA RELEASE may result in nausea, vomiting, or a burning sensation.
Ready to try it out?
If you want to try our new minimal ISO image, please follow the instructions here:
https://github.com/Security-Onion-Solutions/securityonion-saltstack/wiki/ISO
Otherwise, you can install Hybrid Hunter on Ubuntu 16.04 or CentOS 7 using the instructions here:
https://github.com/Security-Onion-Solutions/securityonion-saltstack
After you've installed, if you want to try out the new Playbook functionality, take a look at:
https://github.com/Security-Onion-Solutions/securityonion-saltstack/wiki/Playbook
Feedback
If you have questions, problems, or other feedback regarding Hybrid Hunter, please post to our subreddit and prefix the title with [Hybrid Hunter]:
https://www.reddit.com/r/securityonion/
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.