CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update Readme. Welcome to Alpha

Browse Source
This commit is contained in:
Mike Reeves
2019-07-25 15:53:45 -04:00
parent a9370ea886
commit 1965e3f037
1 changed files with 13 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
README.md
View File

@@ -1,21 +1,18 @@
## Hybrid Hunter 1.0.8 ## Hybrid Hunter Alpha 1.1.0
### Changes: ### Changes:
- Alpha is here!! Check out the [[Hybrid Hunter Quick Start Guide|Hybrid-Hunter-Quick-Start-Guide]].
- Suricata 4.1.4 - There is a new PCAP interface called [Sensoroni](https://github.com/sensoroni/sensoroni). Pivoting is done via Kibana. See details [[here|Pulling-PCAP]].
- Eval and Master installs now ask which components you would like to install - Bond interface setup now uses `nmcli` for better compatibility in the network based setup script.
- Fleet (osquery) now has it's own additional setup script. [See the docs](https://github.com/Security-Onion-Solutions/securityonion-saltstack/wiki/Configuring-Osquery-with-Security-Onion) - Filebeat traffic for HH components now use a separate port (5644). This will allow you to send Beats to the default port (5044) and choose how you want to secure it. It is still recommended to use full SSL via Filebeat and if you already have this set up you will need to change to port 5044. We will continue to refine this in future versions.
- Fleet setup script now generates auto install packages for Windows, CentOS, and Ubuntu - Authentication is now enabled by default for all the web based components. There will be some major changes before we get to beta with how authentication in general is handled due to Elastic "Features" and other components.
- When Fleet setup is completed, all SO nodes will auto install the appropriate auto install package - Add users to the web interface via `so-user-add` and follow the prompts.
- We now have a progress bar during install! - `so-allow` now exists to make your life easier.
- The setup script will now tell you if it was successful - Bro 2.6.2.
- Added Grafana plugin Pie Chart - All Docker images were updated to reflect Alpha status.
- The Hive Docker moved to Centos 7 based container - Disabled DEBUG logging on a lot of components to reduce space usage.
- Added a rule update cron job so the master pulls new rules down every day at 7AM UTC.
### Notes: - You can now manually run a rule update using the `so-rule-update` command.
- Attempting to send a Bro event to The Hive that does not contain a source and destination IP (ex. Bro files, or X509) will result in an exception - a fix for this will be implemented in the next release.
- If attempting to pivot from Kibana, ensure that you can resolve the master via DNS -- otherwise, populate your local hosts file with an entry to point to the master.
### Warnings and Disclaimers ### Warnings and Disclaimers