Skip to content

Releases: hubblestack/hubble

Version 2.4.7

24 Oct 20:48
v2.4.7
9ce0860
Compare
Choose a tag to compare

Fixes

  • Only write the pidfile if the daemonize option is used (#476)
  • Small refactor and better error handling in nebula secret masking (#475)

Version 2.4.6

27 Sep 18:50
v2.4.6
832fa0a
Compare
Choose a tag to compare

Features

  • Deprecate old cve scanners. vulners_scanner.py is the only officially supported cve scanner at this time.
  • Masking support for nebula data. This way you can collect environment variables and similar, but use regex to mask known secret formats to prevent secrets from getting into splunk/logstash.
  • New sphinx-built docs
  • Support for docker-built windows packages
  • Change the timestamp in hubble logs in splunk to epoch time
  • Add hubble version to grains
  • Refactor vulners scanner to use vulners library
  • Add min_splay support to scheduler
  • Add ability to modify console logger options

Fixes

  • Fix regression in nova (hubble.py) imports that prevented audits from being run
  • Stop hubble when package is uninstalled
  • Dockerfile-based packaging fixes for Windows
  • Removed hangtime wrapper from windows, as we can't use signals there.
  • Fix hubble --version when the hubble daemon is running
  • Disable potentially-problematic queries in osquery containing ATTACH or CURL
  • Write the pidfile once per minute for the running daemon in an attempt to prevent it from being lost (should improve restart success rate)

Version 2.4.5

21 Sep 17:18
v2.4.5
85594a8
Compare
Choose a tag to compare
Version 2.4.5 Pre-release
Pre-release

Fixes

  • Dockerfile-based packaging fixes for Windows
  • Removed hangtime wrapper from windows, as we can't use signals there.

Version 2.4.4

18 Sep 17:03
v2.4.4
13e4237
Compare
Choose a tag to compare
Version 2.4.4 Pre-release
Pre-release

Features

  • Refactor cve scanner to use vulners library
  • Add min_splay support to scheduler
  • Add ability to modify console logger options

Fixes

  • Stop hubble when package is uninstalled

Version 2.4.3

27 Aug 22:09
v2.4.3
1af9b42
Compare
Choose a tag to compare
Version 2.4.3 Pre-release
Pre-release

Features

  • Change the timestamp in hubble logs in splunk to epoch time
  • Add hubble version to grains

Fixes

  • Fix regression in nova (hubble.py) imports that prevented audits from being run

Version 2.4.2

21 Aug 22:22
v2.4.2
053bb2c
Compare
Choose a tag to compare
Version 2.4.2 Pre-release
Pre-release

Major Features

  • Masking support for nebula data. This way you can collect environment variables and similar, but use regex to mask known secret formats to prevent secrets from getting into splunk/logstash.
  • New sphinx-built docs
  • Support for docker-built windows packages

Version 2.4.1

02 Aug 22:51
v2.4.1
8f962f9
Compare
Choose a tag to compare

Fixes since 2.4.0

  • Fix an issue with merging the v2-style nebula queries using a top.nebula file

Version 2.4.x release notes

Major Features

New format for nebula queries

Allows for overriding on a per-query basis via topfiles. The new version of the nebula_osquery.py module now looks for nebula data in hubblestack_nebula_v2 in the fileserver. Please take note of this and migrate if you're not using our hubblestack_data repo.

Graylog GELF returners

Modeled after the logstash returners, but GELF-specific

Better error reporting and optional retries for splunk returners

Set returner_retry: True on a scheduled job that uses the splunk returners to enable retries (by default, 3 retries with 15 seconds between each). Additionally, errors from splunk requests will be more informative (instead of the existing "marked as bad" errors).

Persist transiently-available grains

If a grain is available at some point and then stops being generated later, we keep it across grain refreshes. This is to prevent us from losing useful grain data due to metadata server outages or issues.

Major fixes

Move daemonization to pre-grains

Daemonize earlier, so that long custom grains don't result in an unhappy service system

Fixes for lack of s3 timeouts

In some cases, hubble could hang with open sockets to s3. There were no timeouts specified in the underlying salt util module, so we include it ourselves now and have timeouts.

Upper limit for osquery runs

In some cases, osquery can hang due to network issues. Now hubble will eventually kill osquery and continue operations.

Upper limit for grains refreshes

We were worried about the potential for grains refreshes causing some of the uncommon hangs we were seeing, so we now use signals and timers to interrupt grains if they are taking too long.

Remove default file_roots setting

Some users were seeing issues due to conflicts with salt files on their system in /srv/salt. We now scrub those default paths from file_roots.

New osquery version

We've updated to a newer SHA of osquery for fixes and features there.

Version 2.4.0

31 Jul 17:55
v2.4.0
4486e0f
Compare
Choose a tag to compare

Major Features

New format for nebula queries

Allows for overriding on a per-query basis via topfiles. The new version of the nebula_osquery.py module now looks for nebula data in hubblestack_nebula_v2 in the fileserver. Please take note of this and migrate if you're not using our hubblestack_data repo.

Graylog GELF returners

Modeled after the logstash returners, but GELF-specific

Better error reporting and optional retries for splunk returners

Set returner_retry: True on a scheduled job that uses the splunk returners to enable retries (by default, 3 retries with 15 seconds between each). Additionally, errors from splunk requests will be more informative (instead of the existing "marked as bad" errors).

Persist transiently-available grains

If a grain is available at some point and then stops being generated later, we keep it across grain refreshes. This is to prevent us from losing useful grain data due to metadata server outages or issues.

Major fixes

Move daemonization to pre-grains

Daemonize earlier, so that long custom grains don't result in an unhappy service system

Fixes for lack of s3 timeouts

In some cases, hubble could hang with open sockets to s3. There were no timeouts specified in the underlying salt util module, so we include it ourselves now and have timeouts.

Upper limit for osquery runs

In some cases, osquery can hang due to network issues. Now hubble will eventually kill osquery and continue operations.

Upper limit for grains refreshes

We were worried about the potential for grains refreshes causing some of the uncommon hangs we were seeing, so we now use signals and timers to interrupt grains if they are taking too long.

Remove default file_roots setting

Some users were seeing issues due to conflicts with salt files on their system in /srv/salt. We now scrub those default paths from file_roots.

New osquery version

We've updated to a newer SHA of osquery for fixes and features there.

Version 2.3.4-3

29 May 21:44
v2.3.4-3
920abef
Compare
Choose a tag to compare
  • Increment the timeout for cloud details grains

Version 2.3.4-2

18 May 15:53
v2.3.4-2
1bac0b5
Compare
Choose a tag to compare
  • Fix reported hubble version
  • Fix osquery checks so it will run on windows 10