Giters

weslambert / securityonion-saltstack

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Hybrid Hunter Alpha 1.1.3

ISO Download:

HH1.1.3-20.iso
MD5: 5A97980365A2A63EBFABB8C1DEB32BB6
SHA1: 2A780B41903D907CED91D944569FD24FC131281F
SHA256: 56FA65EB5957903B967C16E792B17386848101CD058E0289878373110446C4B2

Default Username: onion
Default Password: V@daL1aZ

Changes:

  • Overhaul of the setup script to support both ISO and network based setups.
  • ISO will now boot properly from a USB stick.
  • Python 3 is now default.
  • Fix Filebeat from restarting every check in due to x509 refresh issue.
  • Cortex installed and integrated with TheHive.
  • Switched to using vanilla Kolide Fleet and upgraded to latest version (2.4) .
  • Playbook changes:
    • Now preloaded with Plays generated from Sysmon Sigma signatures in the Sigma community repo.
    • New update script that updates / pulls in new Sigma signatures from the community repo .
    • Bulk enable / disable plays from the webui .
    • Updated sigmac mapping template & configuration (backend is now elastalert) .
    • Updated TheHive alerts formatting .
  • OS patch scheduling:
    • During setup, choose between auto, manual, or scheduled OS patch interval
    • For scheduled, create a new or import an existing named schedule

Warnings and Disclaimers

  • This ALPHA release is BLEEDING EDGE and TOTALLY UNSUPPORTED!
  • If this breaks your system, you get to keep both pieces!
  • This script is a work in progress and is in constant flux.
  • This script is intended to build a quick prototype proof of concept so you can see what our new platform might look like. This configuration will change drastically over time leading up to the final release.
  • Do NOT run this on a system that you care about!
  • Do NOT run this on a system that has data that you care about!
  • This script should only be run on a TEST box with TEST data!
  • Use of this script may result in nausea, vomiting, or a burning sensation.

Requirements

Evaluation Mode:

  • ISO or a Single VM running Ubuntu 16.04 or CentOS 7
  • Minimum 12GB of RAM
  • Minimum 4 CPU cores
  • Minimum 2 NICs

Distributed:

  • 3 VMs running the ISO or Ubuntu 16.04 or CentOS 7 (You can mix and match)
  • Minimum 8GB of RAM per VM
  • Minimum 4 CPU cores per VM
  • Minimum 2 NICs for forward nodes

Prerequisites for Network Based Install

Install git if using a Centos 7 Minimal install:

sudo yum -y install git

Installation

Once you resolve those requirements or are using Ubuntu 16.04 do the following:

git clone https://github.com/Security-Onion-Solutions/securityonion-saltstack
cd securityonion-saltstack
sudo bash so-setup-network.sh

Follow the prompts and reboot if asked to do so.

Then proceed to the Hybrid Hunter Quick Start Guide.

FAQ

See the FAQ on the Hybrid Hunter wiki.

Feedback

If you have questions, problems, or other feedback regarding Hybrid Hunter, please post to our subreddit and prefix the title with [Hybrid Hunter]:
https://www.reddit.com/r/securityonion/

About

Languages

Language:Shell 54.7%Language:SaltStack 39.1%Language:Zeek 2.6%Language:Python 1.8%Language:HTML 1.7%Language:Scheme 0.0%