Thursday, February 13, 2020

Security Onion Hybrid Hunter 1.1.4 - Alpha 4 Available for Testing!

In 2018, we started working on the next major version of Security Onion, code-named Hybrid Hunter:
https://blog.securityonion.net/2018/11/security-onion-hybrid-hunter-101-tech.html

We're excited to announce that Hybrid Hunter 1.1.4 is now available for testing and is considered our ALPHA 4 release!
https://github.com/Security-Onion-Solutions/securityonion-saltstack/blob/master/README.md

This is our last planned alpha release for Hybrid Hunter.  If all goes according to plan, our next Hybrid Hunter release should be Beta!

Major Highlights in this Release


  • Added new in-house auth method Security Onion Auth.
  • Web user creation is done via the browser now instead of so-user-add.
  • New Logstash pipeline setup. Now uses multiple pipelines.
  • New Master + Search node type and well as a Heavy Node type in the install.
  • Change all nodes to point to the docker registry on the Master. This cuts down on the calls to dockerhub.
  • Zeek 3.0.1
  • Elastic 6.8.6
  • New SO Start | Stop | Restart scripts for all components (eg. so-playbook-restart).
  • BPF support for Suricata (NIDS), Steno (PCAP) & Zeek (docs).
  • Updated Domain Stats & Frequency Server containers to Python3 & created new Salt states for them.
  • Added so-status script which gives an easy to read look at container status.
  • Manage threshold.conf for Suricata using the thresholding pillar (docs).
  • The ISO now includes all the docker containers for faster install speeds.
  • You now set the password for the onion account during the iso install. This account is temporary and will be removed after so-setup.
  • Updated Helix parsers for better compatibility.
  • Updated telegraf docker to include curl and jq.
  • CVE-2020-0601 Zeek Detection Script.
  • ISO Install now prompts you to create a password for the onion user during imaging. This account gets disabled during setup.
Thanks

Lots of love went into this release!

Special thanks to all our folks working so hard to make this release happen!


  • Mike Reeves
  • Wes Lambert
  • Josh Brower
  • Josh Patterson
  • William Wernert


Screenshots

so-status

Registering first user account

Logging in

Creating additional user

Warnings and Disclaimers


  • This ALPHA release is BLEEDING EDGE and TOTALLY UNSUPPORTED!
  • If this breaks your system, you get to keep both pieces!
  • This is a work in progress and is in constant flux.
  • This is intended to build a quick prototype proof of concept so you can see what our new platform might look like. This configuration will change drastically over time leading up to the final release.
  • Do NOT run this on a system that you care about!
  • Do NOT run this on a system that has data that you care about!
  • This should only be run on a TEST box with TEST data!
  • Use of this ALPHA RELEASE may result in nausea, vomiting, or a burning sensation.


Ready to try it out?

If you want to try our new ISO image, please follow the instructions here:
https://github.com/Security-Onion-Solutions/securityonion-saltstack/wiki/ISO

Otherwise, you can install Hybrid Hunter on Ubuntu 16.04 or CentOS 7 using the instructions here:
https://github.com/Security-Onion-Solutions/securityonion-saltstack

Feedback
If you have questions, problems, or other feedback regarding Hybrid Hunter, please post to our subreddit and prefix the title with [Hybrid Hunter]:
https://www.reddit.com/r/securityonion/

No comments:

Search This Blog

Featured Post

Security Onion 2.4.70 now available including our new Detections interface and much more!

Security Onion 2.4.70 is now available! It includes some new features for our fellow defenders including our new Detections interface to hel...

Popular Posts

Blog Archive