mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-08 18:22:47 +01:00
Update README.md
This commit is contained in:
Mike Reeves
GitHub
49
README.md
49
README.md
@@ -1,36 +1,25 @@
|
|||||||
## Hybrid Hunter Alpha 1.1.3
|
## Hybrid Hunter Alpha 1.1.4 - Feature Parity Release
|
||||||
|
|
||||||
### ISO Download:
|
|
||||||
|
|
||||||
[HH1.1.3-21.iso](https://github.com/Security-Onion-Solutions/securityonion-hh-iso/releases/download/HH1.1.3/HH-1.1.3-21.iso)
|
|
||||||
MD5: 0FDACF6A2BB63B390C4D7FA46CCA3AA5
|
|
||||||
SHA1: 20506D5C535CF5D0E2F7440C8ACBE9D318049B7D
|
|
||||||
SHA256: EAEE7DC173F0E91BED43BDA13A84A20167975B5F7BD6598BE2D434AB29EAC51B
|
|
||||||
|
|
||||||
|
|
||||||
```
|
|
||||||
Default Username: onion
|
|
||||||
Default Password: V@daL1aZ
|
|
||||||
```
|
|
||||||
|
|
||||||
### Changes:
|
### Changes:
|
||||||
|
|
||||||
- Overhaul of the setup script to support both ISO and network based setups.
|
- Added new in-house auth method [Security Onion Auth](https://github.com/Security-Onion-Solutions/securityonion-auth).
|
||||||
- ISO will now boot properly from a USB stick.
|
- Web user creation is done via the browser now instead of so-user-add.
|
||||||
- Python 3 is now default.
|
- New Logstash pipeline setup. Now uses multiple pipelines.
|
||||||
- Fix Filebeat from restarting every check in due to x509 refresh issue.
|
- New Master + Search node type and well as a Heavy Node type in the install.
|
||||||
- Cortex installed and integrated with TheHive.
|
- Change all nodes to point to the docker registry on the Master. This cuts down on the calls to dockerhub.
|
||||||
- Switched to using vanilla Kolide Fleet and upgraded to latest version (2.4) .
|
- Zeek 3.0.1
|
||||||
- Playbook changes:
|
- Elastic 6.8.6
|
||||||
- Now preloaded with Plays generated from Sysmon Sigma signatures in the [Sigma community repo](https://github.com/Neo23x0/sigma/tree/master/rules/windows/sysmon).
|
- New SO Start | Stop | Restart scripts for all components (eg. `so-playbook-restart`).
|
||||||
- New update script that updates / pulls in new Sigma signatures from the community repo .
|
- BPF support for Suricata (NIDS), Steno (PCAP) & Zeek ([Docs](https://github.com/Security-Onion-Solutions/securityonion-saltstack/wiki/BPF)).
|
||||||
- Bulk enable / disable plays from the webui .
|
- Updated Domain Stats & Frequency Server containers to Python3 & created new Salt states for them.
|
||||||
- Updated sigmac mapping template & configuration (backend is now `elastalert`) .
|
- Added so-status script which gives an easy to read look at container status.
|
||||||
- Updated TheHive alerts formatting .
|
- Manage threshold.conf for Suricata using the thresholding pillar.
|
||||||
- OS patch scheduling:
|
- The ISO now includes all the docker containers for faster install speeds.
|
||||||
- During setup, choose between auto, manual, or scheduled OS patch interval
|
- You now set the password for the onion account during the iso install. This account is temporary and will be removed after so-setup.
|
||||||
- For scheduled, create a new or import an existing named schedule
|
- Updated Helix parsers for better compatibility.
|
||||||
|
- Updated telegraf docker to include curl and jq.
|
||||||
|
- CVE-2020-0601 Zeek Detection Script.
|
||||||
|
- ISO Install now prompts you to create a password for the onion user during imaging. This account gets disabled during setup.
|
||||||
|
|
||||||
|
|
||||||
### Warnings and Disclaimers
|
### Warnings and Disclaimers
|
||||||
|
|||||||
Reference in New Issue
Block a user