CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,404 Commits 24 Branches 119 Tags
76b5624e0324d53f870a7775ce995b5a4d61aeb7
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Mike Reeves 76b5624e03 Update README.md
2019-09-27 14:34:59 -04:00
files
Common Module - Add utils
2018-11-15 16:35:27 -05:00
pillar
Firewall Module - Add so-allow
2019-07-23 10:08:09 -04:00
salt
idstools module - Fix script name
2019-07-25 13:31:26 -04:00
.gitignore
Update Git Ignore
2018-05-16 17:21:34 -04:00
exclude-list.txt
Suricata Meta Data Option
2018-11-13 11:25:30 -05:00
README.md
Update README.md
2019-09-27 14:34:59 -04:00
so-setup-network.sh
Setup Script - Remove reboot since it messed with the hive
2019-07-25 10:50:43 -04:00
updatemaster.sh
Update Script Points to prod
2018-11-14 14:56:51 -05:00
VERSION
Version 1.0.6 Release
2019-01-25 11:02:14 -05:00

README.md

Hybrid Hunter Alpha 1.1.1

Changes:

  • Alpha 2 is here!! Check out the Hybrid Hunter Quick Start Guide.
  • Suricata 4.1.5
  • Bro/Zeek 2.6.4
  • Fixed an issue where the filbeat docker was logging to stdout instead of the actual log file causing the docker to get extremely large.
  • Now using elastic ingest for zeek logs and suricata alerts. This reduces the memory footprint of logstash dramatically!
  • Several changes to the setup script to improve installation success:
    • Setup now modifes your hosts file so that the install works better in environments without DNS.
    • You are now prompted for setting a password for the socore user.
    • The install now forces a reboot at the end of the install. This fixes an issue with some of the docker containers being in the wrong state from a manual reboot. Manual reboots are fine after the initial reboot.
  • Updated The Hive to 3.4.0 and the ES instance to 6.8.3.
  • NIDS and HIDS dashboard updates.
  • Added new Playbook and Navigator features.

Warnings and Disclaimers

  • This ALPHA release is BLEEDING EDGE and TOTALLY UNSUPPORTED!
  • If this breaks your system, you get to keep both pieces!
  • This script is a work in progress and is in constant flux.
  • This script is intended to build a quick prototype proof of concept so you can see what our new platform might look like. This configuration will change drastically over time leading up to the final release.
  • Do NOT run this on a system that you care about!
  • Do NOT run this on a system that has data that you care about!
  • This script should only be run on a TEST box with TEST data!
  • Use of this script may result in nausea, vomiting, or a burning sensation.

Requirements

Evaluation Mode:

  • Single VM running Ubuntu 16.04 or CentOS 7
  • Minimum 8GB of RAM
  • Minimum 4 CPU cores
  • Minimum 2 NICs

Distributed:

  • 3 VMs running Ubuntu 16.04 or CentOS 7 (You can mix and match)
  • Minimum 8GB of RAM per VM
  • Minimum 4 CPU cores per VM
  • Minimum 2 NICs for forward nodes

Prerequisites

If you are running CentOS 7 there are a couple of prerequisites:

sudo yum -y install git bind-utils
sudo hostnamectl set-hostname YOURHOSTNAME
sudo reboot

If you are running CentOS 7 or Ubuntu 16.04 and don't have name resolution ensure your /etc/hosts file looks like this:

127.0.0.1   YOURHOSTNAME YOURHOSTNAME.localdomain localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

It is imperative that YOURHOSTNAME.localdomain is included in this hosts entry for the install to complete properly.

Installation

Once you resolve those requirements or are using Ubuntu 16.04 do the following:

git clone https://github.com/Security-Onion-Solutions/securityonion-saltstack
cd securityonion-saltstack
sudo bash so-setup-network.sh

Follow the prompts and reboot if asked to do so.

Then proceed to the Hybrid Hunter Quick Start Guide.

FAQ

See the FAQ on the Hybrid Hunter wiki.

Feedback

If you have questions, problems, or other feedback regarding Hybrid Hunter, please post to our subreddit and prefix the title with [Hybrid Hunter]:
https://www.reddit.com/r/securityonion/

Reference in New Issue View Git Blame Copy Permalink
Description
Security Onion 2 - Linux distro for threat hunting, enterprise security monitoring, and log management
Readme 125 MiB
Languages
Shell 51%
Jinja 22.2%
SaltStack 12%
Python 8.7%
CSS 2%
Other 4%