Releases: hubblestack/hubble-salt
Releases · hubblestack/hubble-salt
Version 2017.11.0
This is an unofficial release. More extensive release notes will come with the next full release, probably in early 2018.
Version 2017.9.2
v2017.9.2 Bugfix Release
- Fixed
__JSONIFY__
support in nebula (unicode bug)
v2017.9.1 Bugfix Release
- Fixed a potential unicode bug in Nova
- Small fix for cve_scan_v2 in Nova
v2017.9.0 Feature Release
Major Features/Improvements
top.nebula
supporttop.pulsar
support for windows only (it doesn't work as a beacon. Consider migrating to hubble for increased flexibility and features)- Many new nova
misc.py
checks used in hubblestack_data - New nova modules
mount.py
andsystemctl.py
- Fix an issue in nova's
hubble.top
that was causing it to sync the nova files twice each run. This will markedly improve the performance ofhubble.top
.
General
- Improved error handling in nova's
misc.py
- Fixed a few errors caused by using old-style splunk returner config
- Increased error visibility in splunk returners
- Improved logging around nova's topfile errors
- Improved handling around
JSONIFY
support in nebula
Version 2017.9.1
v2017.9.1 Bugfix Release
- Fixed a potential unicode bug in Nova
- Small fix for cve_scan_v2 in Nova
v2017.9.0 Feature Release
Major Features/Improvements
top.nebula
supporttop.pulsar
support for windows only (it doesn't work as a beacon. Consider migrating to hubble for increased flexibility and features)- Many new nova
misc.py
checks used in hubblestack_data - New nova modules
mount.py
andsystemctl.py
- Fix an issue in nova's
hubble.top
that was causing it to sync the nova files twice each run. This will markedly improve the performance ofhubble.top
.
General
- Improved error handling in nova's
misc.py
- Fixed a few errors caused by using old-style splunk returner config
- Increased error visibility in splunk returners
- Improved logging around nova's topfile errors
- Improved handling around
JSONIFY
support in nebula
Version 2017.9.0
Major Features/Improvements
top.nebula
supporttop.pulsar
support for windows only (it doesn't work as a beacon. Consider migrating to hubble for increased flexibility and features)- Many new nova
misc.py
checks used in hubblestack_data - New nova modules
mount.py
andsystemctl.py
- Fix an issue in nova's
hubble.top
that was causing it to sync the nova files twice each run. This will markedly improve the performance ofhubble.top
.
General
- Improved error handling in nova's
misc.py
- Fixed a few errors caused by using old-style splunk returner config
- Increased error visibility in splunk returners
- Improved logging around nova's topfile errors
- Improved handling around
JSONIFY
support in nebula
Version 2017.8.3
- Fixed an issue with the splunk returners for users of the old-style splunk returner config
- Removed hubblestack_data data from hubble-salt, added note to README
Version 2017.8.2
v2017.8.1
tl;dr (big changes)
- Fixes for Salt v2017.7.0
- Huge improvement to Windows pulsar performance for some users
nebula.fields
function for reporting custom data to splunk on a specific schedule- Support for
/etc/hubble/hubble.d/*.conf
for user config pulsar.canary
function for daily FIM event generation- Logstash returners!
- New and improved vulners CVE scanner to use their more performant API
Cross-Platform
- Fixes for Salt v2017.7.0
- Added
osqueryversion
andosquerybinpath
grains for reporting osquery information - Added code to nebula to prefer our bundled version of osqueryi
- Added option to extract fields at index time for splunk returners
- Added
nebula.fields
function for reporting custom data to splunk on a specific schedule - Added support for
**kwargs
passthrough to nova modules - Added support for
/etc/hubble/hubble.d/*.conf
for user config - Added
pulsar.canary
function for daily FIM event generation - Added azure details fetching to splunk returners (similar to aws details)
- Added support for
__JSONIFY__
prefacing for osquery results which are JSON instead of python data structures. This allows us to further process the data into python data structures which can then be parsed into columns by splunk. - Added logstash returners
- Added new vulners CVE scanner
- Added some
misc.py
functions in nova to support CoreOS and Amazon Linux CIS checks - Changed the splunk port to be configurable in the splunk returners
- New
Dockerfile
s for building pyinstaller packages - Added azurefs support
Windows
- Improved performance of win_pulsar. Some users will see a substantial reduction in CPU usage during pulsar.process on windows.
- Many logic improvements and fixes to audit modules in Nova for Windows
- Fixed upgrading via installer
v2017.8.2
- Fixed a bug introduced in the splunk returners (hubblestack/hubble#142)
- Add multiline matching to nova grep module's
match_output
by default (hubblestack/hubble#148)
Version 2017.8.1
tl;dr (big changes)
- Fixes for Salt v2017.7.0
- AzureFS support for pulling profile data from azure blob storage
- Huge improvement to Windows pulsar performance for some users
nebula.fields
function for reporting custom data to splunk on a specific schedule- Support for
/etc/hubble/hubble.d/*.conf
for user config pulsar.canary
function for daily FIM event generation- Logstash returners!
- New and improved vulners CVE scanner to use their more performant API
Cross-Platform
- Fixes for Salt v2017.7.0
- Added
osqueryversion
andosquerybinpath
grains for reporting osquery information - Added code to nebula to prefer our bundled version of osqueryi
- Added option to extract fields at index time for splunk returners
- Added
nebula.fields
function for reporting custom data to splunk on a specific schedule - Added support for
**kwargs
passthrough to nova modules - Added support for
/etc/hubble/hubble.d/*.conf
for user config - Added
pulsar.canary
function for daily FIM event generation - Added azure details fetching to splunk returners (similar to aws details)
- Added support for
__JSONIFY__
prefacing for osquery results which are JSON instead of python data structures. This allows us to further process the data into python data structures which can then be parsed into columns by splunk. - Added logstash returners
- Added new vulners CVE scanner
- Added some
misc.py
functions in nova to support CoreOS and Amazon Linux CIS checks - Changed the splunk port to be configurable in the splunk returners
- New
Dockerfile
s for building pyinstaller packages - Added azurefs support
Windows
- Improved performance of win_pulsar. Some users will see a substantial reduction in CPU usage during pulsar.process on windows.
- Many logic improvements and fixes to audit modules in Nova for Windows
- Fixed upgrading via installer
Version 2017.4.1
Pulsar
- Fix
__virtual__
function for pulsar so that it actually loads. (sorry!) - Add
win_pulsar
as a module in addition to the beacon, to prevent minion responsiveness issues for long running pulsar queries
Quasar
splunk_nebula_return
- Extract time from queries which contain it
Nebula
- Add a couple of new queries from hubblestack_data
Version 2017.3.2
Pulsar
- Always load linux version of pulsar, and then fail silently if python-inotify is not installed (keeps logging cleaner)
- Fix win_pulsar (it actually works now!)
- Add regex excludes to win_pulsar
- Update exceptions in default linux watch list
- Fix the sample pillar data for windows
Quasar
- Multi-endpoint support in splunk returners (try each in turn, mark those which are unreachable as such, use only good endpoints)
- Fix more errors that could happen on non-aws hosts attempting to fetch aws details
Misc
Documentation fixes
Version 2017.3.1
Nova
- Fix cve_scan_v2 for Debian systems which have an integer for os_version
- Misc profile fixes
- Move output formatting from nova modules to the central hubble.py
- Deprecate
show_profile
(alwaysTrue
now) - Remove cve scan from default top.nova
- Add provisional Ubuntu 16.04 CIS profile
Nebula
- Add uptime fallback query
- Misc query fixes
Quasar
Splunk Returners
- Consolidate pillar data (optional) and allow for multiple splunk endpoints
- Fix for blank hosts when fqdn doesn't return anything
- Turn off http event collector debug mode
- Handle empty returns from pulsar (more applicable on saltless hubble)
- Add aws_account_id to all events (if available)