Releases: hubblestack/hubble
Version 2.4.7
Version 2.4.6
Features
- Deprecate old cve scanners. vulners_scanner.py is the only officially supported cve scanner at this time.
- Masking support for nebula data. This way you can collect environment variables and similar, but use regex to mask known secret formats to prevent secrets from getting into splunk/logstash.
- New sphinx-built docs
- Support for docker-built windows packages
- Change the timestamp in hubble logs in splunk to epoch time
- Add hubble version to grains
- Refactor vulners scanner to use vulners library
- Add min_splay support to scheduler
- Add ability to modify console logger options
Fixes
- Fix regression in nova (hubble.py) imports that prevented audits from being run
- Stop hubble when package is uninstalled
- Dockerfile-based packaging fixes for Windows
- Removed hangtime wrapper from windows, as we can't use signals there.
- Fix
hubble --version
when the hubble daemon is running - Disable potentially-problematic queries in osquery containing
ATTACH
orCURL
- Write the pidfile once per minute for the running daemon in an attempt to prevent it from being lost (should improve restart success rate)
Version 2.4.5
Fixes
- Dockerfile-based packaging fixes for Windows
- Removed hangtime wrapper from windows, as we can't use signals there.
Version 2.4.4
Features
- Refactor cve scanner to use vulners library
- Add min_splay support to scheduler
- Add ability to modify console logger options
Fixes
- Stop hubble when package is uninstalled
Version 2.4.3
Features
- Change the timestamp in hubble logs in splunk to epoch time
- Add hubble version to grains
Fixes
- Fix regression in nova (hubble.py) imports that prevented audits from being run
Version 2.4.2
Major Features
- Masking support for nebula data. This way you can collect environment variables and similar, but use regex to mask known secret formats to prevent secrets from getting into splunk/logstash.
- New sphinx-built docs
- Support for docker-built windows packages
Version 2.4.1
Fixes since 2.4.0
- Fix an issue with merging the v2-style nebula queries using a
top.nebula
file
Version 2.4.x release notes
Major Features
New format for nebula queries
Allows for overriding on a per-query basis via topfiles. The new version of the nebula_osquery.py module now looks for nebula data in hubblestack_nebula_v2 in the fileserver. Please take note of this and migrate if you're not using our hubblestack_data repo.
Graylog GELF returners
Modeled after the logstash returners, but GELF-specific
Better error reporting and optional retries for splunk returners
Set returner_retry: True
on a scheduled job that uses the splunk returners to enable retries (by default, 3 retries with 15 seconds between each). Additionally, errors from splunk requests will be more informative (instead of the existing "marked as bad" errors).
Persist transiently-available grains
If a grain is available at some point and then stops being generated later, we keep it across grain refreshes. This is to prevent us from losing useful grain data due to metadata server outages or issues.
Major fixes
Move daemonization to pre-grains
Daemonize earlier, so that long custom grains don't result in an unhappy service system
Fixes for lack of s3 timeouts
In some cases, hubble could hang with open sockets to s3. There were no timeouts specified in the underlying salt util module, so we include it ourselves now and have timeouts.
Upper limit for osquery runs
In some cases, osquery can hang due to network issues. Now hubble will eventually kill osquery and continue operations.
Upper limit for grains refreshes
We were worried about the potential for grains refreshes causing some of the uncommon hangs we were seeing, so we now use signals and timers to interrupt grains if they are taking too long.
Remove default file_roots
setting
Some users were seeing issues due to conflicts with salt files on their system in /srv/salt
. We now scrub those default paths from file_roots
.
New osquery version
We've updated to a newer SHA of osquery for fixes and features there.
Version 2.4.0
Major Features
New format for nebula queries
Allows for overriding on a per-query basis via topfiles. The new version of the nebula_osquery.py module now looks for nebula data in hubblestack_nebula_v2 in the fileserver. Please take note of this and migrate if you're not using our hubblestack_data repo.
Graylog GELF returners
Modeled after the logstash returners, but GELF-specific
Better error reporting and optional retries for splunk returners
Set returner_retry: True
on a scheduled job that uses the splunk returners to enable retries (by default, 3 retries with 15 seconds between each). Additionally, errors from splunk requests will be more informative (instead of the existing "marked as bad" errors).
Persist transiently-available grains
If a grain is available at some point and then stops being generated later, we keep it across grain refreshes. This is to prevent us from losing useful grain data due to metadata server outages or issues.
Major fixes
Move daemonization to pre-grains
Daemonize earlier, so that long custom grains don't result in an unhappy service system
Fixes for lack of s3 timeouts
In some cases, hubble could hang with open sockets to s3. There were no timeouts specified in the underlying salt util module, so we include it ourselves now and have timeouts.
Upper limit for osquery runs
In some cases, osquery can hang due to network issues. Now hubble will eventually kill osquery and continue operations.
Upper limit for grains refreshes
We were worried about the potential for grains refreshes causing some of the uncommon hangs we were seeing, so we now use signals and timers to interrupt grains if they are taking too long.
Remove default file_roots
setting
Some users were seeing issues due to conflicts with salt files on their system in /srv/salt
. We now scrub those default paths from file_roots
.
New osquery version
We've updated to a newer SHA of osquery for fixes and features there.
Version 2.3.4-3
- Increment the timeout for cloud details grains
Version 2.3.4-2
- Fix reported hubble version
- Fix osquery checks so it will run on windows 10