Update README.md

README.md

@@ -1,32 +1,34 @@
-## Hybrid Hunter Beta 1.2.1 - Beta 1
+## Hybrid Hunter Beta 1.3.0 - Beta 2
 
 ### Changes:
 
-- Full support for Ubuntu 18.04. 16.04 is no longer supported for Hybrid Hunter.
+- New Feature: Codename: "Onion Hunt". Select Hunt from the menu and start hunting down your adversaries! 
-- Introduction of the Security Onion Console. Once logged in you are directly taken to the SOC.
+- Improved ECS support.
-- New authentication using Kratos.
+- Complete refactor of the setup to make it easier to follow.
-- During install you must specify how you would like to access the SOC ui. This is for strict cookie security.
+- Improved setup script logging to better assist on any issues.
-- Ability to list and delete web users from the SOC ui.
+- Setup now checks for minimal requirements during install.
-- The soremote account is now used to add nodes to the grid vs using socore. 
+- Updated Cyberchef to version 9.20.3.
-- Community ID support for Zeek, osquery, and Suricata. You can now tie host events to connection logs!
+- Updated Elastalert to version 0.2.4 and switched to alpine to reduce container size.
-- Elastic 7.6.1 with ECS support.
+- Updated Redis to 5.0.9 and switched to alpine to reduce container size.
-- New set of Kibana dashboards that align with ECS.
+- Updated Salt to 2019.2.5
-- Eval mode no longer uses Logstash for parsing (Filebeat -> ES Ingest)
+- Updated Grafana to 6.7.3.
-- Ingest node parsing for osquery-shipped logs (osquery, WEL, Sysmon).
+- Zeek 3.0.6
-- Fleet standalone mode with improved Web UI & API access control.
+- Suricata 4.1.8
-- Improved Fleet integration support.
+- Fixes so-status to now display correct containers and status.
-- Playbook now has full Windows Sigma community ruleset builtin.
+- local.zeek is now controlled by a pillar instead of modifying the file directly.
-- Automatic Sigma community rule updates.
+- Renamed so-core to so-nginx and switched to alpine to reduce container size.
-- Playbook stability enhancements.
+- Playbook now uses MySQL instead of SQLite.
-- Zeek health check. Zeek will now auto restart if a worker crashes.
+- Sigma rules have all been updated.
-- zeekctl is now managed by salt.
+- Kibana dashboard improvements for ECS.
-- Grafana dashboard improvements and cleanup.
+- Fixed an issue where geoip was not properly parsed.
-- Moved logstash configs to pillars.
+- ATT&CK Navigator is now it's own state.
-- Salt logs moved to /opt/so/log/salt.
+- Standlone mode is now supported.
-- Strelka integrated for file-oriented detection/analysis at scale
+- Mastersearch previously used the same Grafana dashboard as a Search node. It now has its own dashboard that incorporates panels from the Master node and Search node dashboards.
-
+ 
-### Known issues:
+### Known Issues:
 
+- The Hunt feature is currently considered "Preview" and although very useful in its current state, not everything works. We wanted to get this out as soon as possible to get the feedback from you! Let us know what you want to see! Let us know what you think we should call it!
+- You cannot pivot to PCAP from Suricata alerts in Kibana or Hunt.
 - Updating users via the SOC ui is known to fail. To change a user, delete the user and re-add them. 
 - Due to the move to ECS, the current Playbook plays may not alert correctly at this time.
 - The osquery MacOS package does not install correctly.