CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
Mike Reeves
2019-12-16 09:31:52 -05:00
committed by GitHub
parent dc09f14379
commit b53c3362f2
1 changed files with 17 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
README.md
View File

@@ -1,32 +1,23 @@
## Hybrid Hunter Alpha 1.1.2 ## Hybrid Hunter Alpha 1.1.3
- Quick firewall fix to address latest docker version.
- Added the option to install playbook from the initial install.
- Fixed an issue with multiple monitor interfaces not working properly.
ISO Download: [HH 1.1.2-2](https://github.com/Security-Onion-Solutions/securityonion-hh-iso/releases/download/HH1.1.2/HH-1.1.2-2.iso)
MD5 (HH-1.1.2-2.iso) = abbbae7b40a50623546ed3d7f8cda0ec
## Hybrid Hunter Alpha 1.1.1
### Changes: ### Changes:
- Alpha 2 is here! - Overhaul of the setup script to support both ISO and network based setups.
- Suricata 4.1.5. - ISO will now boot properly from a USB stick.
- Bro/Zeek 2.6.4. - Python 3 is now default.
- TheHive 3.4.0 (Includes ES 6.8.3 for TheHive only). - Fix Filebeat from restarting every check in due to x509 refresh issue.
- Fixed Bro/Zeek packet loss calculation for Grafana. - Cortex installed and integrated with TheHive.
- Updated to latest Sensoroni which includes websockets support for job status updates without having to refresh the page. - Switched to using vanilla Kolide Fleet and upgraded to latest version (2.4) .
- NIDS and HIDS dashboard updates. - Playbook changes:
- Playbook and ATT&CK Navigator features are now included. - Now preloaded with Plays generated from Sysmon Sigma signatures in the [Sigma community repo](https://github.com/Neo23x0/sigma/tree/master/rules/windows/sysmon).
- Filebeat now logs to a file, instead of stdout. - New update script that updates / pulls in new Sigma signatures from the community repo .
- Elastalert has been updated to use Python 3 and allow for use of custom alerters. - Bulk enable / disable plays from the webui .
- Moved Bro/Zeek log parsing from Logstash to Elasticsearch Ingest for higher performance and lower memory usage! - Updated sigmac mapping template & configuration (backend is now `elastalert`) .
- Several changes to the setup script have been made to improve stability of the setup process: - Updated TheHive alerts formatting .
- Setup now modifies your hosts file so that the install works better in environments without DNS. - OS patch scheduling:
- You are now prompted for setting a password for the socore user. - During setup, choose between auto, manual, or scheduled OS patch interval
- The install now forces a reboot at the end of the install. This fixes an issue with some of the Docker containers being in the wrong state from a manual reboot. Manual reboots are fine after the initial reboot. - For scheduled, create a new or import an existing named schedule
### Warnings and Disclaimers ### Warnings and Disclaimers