1.4.0

README.md

@@ -1,3 +1,37 @@
+## Hybrid Hunter Beta 1.4.0 - Beta 3
+
+- Complete overhaul of the way we handle custom and default settings and data. You will now see a default and local directory under the saltstack directory. All customizations are stored in local.
+- The way firewall rules are handled has been completely revamped. This will allow the user to customize firewall rules much easier. 
+- Users can now change their own password in SOC.
+- Hunt now allows users to enable auto-hunt. This is a toggle which, when enabled, automatically submits a new hunt when filtering, grouping, etc.
+- Title bar now reflects current Hunt query. This will assist users in locating a previous query from their browser history.
+- Zeek 3.0.7
+- Elastic 7.7.1
+- Suricata can now be used for meta data generation.
+- Suricata eve.json has been moved to `/nsm` to align with storage of other data.
+- Suricata will now properly rotate its logs.
+- Grafana dashboards now work properly in standalone mode.
+- Kibana Dashboard updates including osquery, community_id.  
+- New Elasticsearch Ingest processor to generate community_id from any log that includes the required fields.  
+- Community_id generated for additional logs: Zeek HTTP/SMTP/ , Sysmon shipped with Osquery or Winlogbeat.  
+- Major streamlining of Fleet setup & configuration - no need to run a secondary setup script anymore. 
+- Fleet Standalone node now includes the ability to set a FQDN to point osquery endpoints to. 
+- Distributed installs now support ingesting Windows Eventlogs via Winlogbeat - includes full parsing support for Sysmon.
+- SOC Downloads section now includes a link to the supported version of Winlogbeat.     
+- Basic syslog ingestion capability now included.
+- Elasticsearch index name transition fixes for various components.
+- Updated URLs for pivot fields in Kibana.
+- Instances of `hive` renamed to `thehive`. 
+ 
+### Known Issues:
+
+- The Hunt feature is currently considered "Preview" and although very useful in its current state, not everything works. We wanted to get this out as soon as possible to get the feedback from you! Let us know what you want to see! Let us know what you think we should call it!
+- You cannot pivot to PCAP from Suricata alerts in Kibana or Hunt.
+- Navigator is currently not working when using hostname to access SOC. IP mode works correctly.
+- Due to the move to ECS, the current Playbook plays may not alert correctly at this time.
+- The osquery MacOS package does not install correctly.
+
+
 ## Hybrid Hunter Beta 1.3.0 - Beta 2
 
 ### Changes:

VERSION

@@ -1 +1 @@
-1.3.0
+1.4.0

salt/soc/files/soc/changes.json

@@ -1,32 +1,31 @@
 {
-  "title": "Introducing Hybrid Hunter 1.3.0 Beta 2",
+  "title": "Introducing Hybrid Hunter 1.4.0 Beta 3",
   "changes": [
-    { "summary": "New Feature: Codename: \"Onion Hunt\". Select Hunt from the menu and start hunting down your adversaries!" },
+    { "summary": "Complete overhaul of the way we handle custom and default settings and data. You will now see a default and local directory under the saltstack directory. All customizations are stored in local." },
-    { "summary": "Improved ECS support." },
+    { "summary": "The way firewall rules are handled has been completely revamped. This will allow the user to customize firewall rules much easier." }, 
-    { "summary": "Complete refactor of the setup to make it easier to follow." },
+    { "summary": "Users can now change their own password in SOC." },
-    { "summary": "Improved setup script logging to better assist on any issues." },
+    { "summary": "Hunt now allows users to enable auto-hunt. This is a toggle which, when enabled, automatically submits a new hunt when filtering, grouping, etc." },
-    { "summary": "Setup now checks for minimal requirements during install." },
+    { "summary": "Title bar now reflects current Hunt query. This will assist users in locating a previous query from their browser history." },
-    { "summary": "Updated Cyberchef to version 9.20.3." },
+    { "summary": "Zeek 3.0.7" },
-    { "summary": "Updated Elastalert to version 0.2.4 and switched to alpine to reduce container size." },
+    { "summary": "Elastic 7.7.1" },
-    { "summary": "Updated Redis to 5.0.9 and switched to alpine to reduce container size." },
+    { "summary": "Suricata can now be used for meta data generation." },
-    { "summary": "Updated Salt to 2019.2.5." },
+    { "summary": "Suricata eve.json has been moved to `/nsm` to align with storage of other data." },
-    { "summary": "Updated Grafana to 6.7.3." },
+    { "summary": "Suricata will now properly rotate its logs." },
-    { "summary": "Zeek 3.0.6." },
+    { "summary": "Grafana dashboards now work properly in standalone mode." },
-    { "summary": "Suricata 4.1.8." },
+    { "summary": "Kibana Dashboard updates including osquery, community_id." },  
-    { "summary": "Fixes so-status to now display correct containers and status." },
+    { "summary": "New Elasticsearch Ingest processor to generate community_id from any log that includes the required fields." },  
-    { "summary": "local.zeek is now controlled by a pillar instead of modifying the file directly." },
+    { "summary": "Community_id generated for additional logs: Zeek HTTP/SMTP/ , Sysmon shipped with Osquery or Winlogbeat." },  
-    { "summary": "Renamed so-core to so-nginx and switched to alpine to reduce container size." },
+    { "summary": "Major streamlining of Fleet setup & configuration - no need to run a secondary setup script anymore." }, 
-    { "summary": "Playbook now uses MySQL instead of SQLite." },
+    { "summary": "Fleet Standalone node now includes the ability to set a FQDN to point osquery endpoints to." },
-    { "summary": "Sigma rules have all been updated." },
+    { "summary": "Distributed installs now support ingesting Windows Eventlogs via Winlogbeat - includes full parsing support for Sysmon." },
-    { "summary": "Kibana dashboard improvements for ECS." },
+    { "summary": "SOC Downloads section now includes a link to the supported version of Winlogbeat." },     
-    { "summary": "Fixed an issue where geoip was not properly parsed." },
+    { "summary": "Basic syslog ingestion capability now included." },
-    { "summary": "ATT&CK Navigator is now it's own state." },
+    { "summary": "Elasticsearch index name transition fixes for various components." },
-    { "summary": "Standlone mode is now supported." },
+    { "summary": "Updated URLs for pivot fields in Kibana." },
-    { "summary": "Mastersearch previously used the same Grafana dashboard as a Search node. It now has its own dashboard that incorporates panels from the Master node and Search node dashboards." },
+    { "summary": "Instances of \"hive\" renamed to \"thehive\"." },
     { "summary": "KNOWN ISSUE: The Hunt feature is currently considered \"Preview\" and although very useful in its current state, not everything works. We wanted to get this out as soon as possible to get the feedback from you! Let us know what you want to see! Let us know what you think we should call it!" },
     { "summary": "KNOWN ISSUE: You cannot pivot to PCAP from Suricata alerts in Kibana or Hunt." },
     { "summary": "KNOWN ISSUE: Navigator is currently not working when using hostname to access SOC. IP mode works correctly." },
-    { "summary": "KNOWN ISSUE: Updating users via the SOC ui is known to fail. To change a user, delete the user and re-add them." },
     { "summary": "KNOWN ISSUE: Due to the move to ECS, the current Playbook plays may not alert correctly at this time." },
     { "summary": "KNOWN ISSUE: The osquery MacOS package does not install correctly." }
   ]