Releases: hubblestack/hubble
Releases · hubblestack/hubble
Version 2.2.8
v2.2.8 Bugfix Release
- Fixed a bug with cache invalidation in AzureFS
v2.2.7 Bugfix Release
- Fixed
__JSONIFY__
support in nebula (unicode bug) - Fixed cloud_details import in returners
v2.2.6 Bugfix Release
- Fixed a potential unicode bug in Nova
- Small fix for cve_scan_v2 in Nova
v2.2.5 Feature Release
Major Features/Improvements
- New splunk log handler for sending error logs to splunk
top.pulsar
andtop.nebula
support- New configurable custom grains based on config data (for putting splunk index into grains, for example)
- Many new nova
misc.py
checks used in hubblestack_data - New nova modules
mount.py
andsystemctl.py
- Fix an issue in nova's
hubble.top
that was causing it to sync the nova files twice each run. This will markedly improve the performance ofhubble.top
.
General
- Improved error handling in nova's
misc.py
- Fixed a few errors caused by using old-style splunk returner config
- Increased error visibility in splunk returners
- Improved logging around nova's topfile errors
- Improved handling around
JSONIFY
support in nebula - Updated bundled version of osquery to 2.7.0
Version 2.2.7
v2.2.7 Bugfix Release
- Fixed
__JSONIFY__
support in nebula (unicode bug) - Fixed cloud_details import in returners
v2.2.6 Bugfix Release
- Fixed a potential unicode bug in Nova
- Small fix for cve_scan_v2 in Nova
v2.2.5 Feature Release
Major Features/Improvements
- New splunk log handler for sending error logs to splunk
top.pulsar
andtop.nebula
support- New configurable custom grains based on config data (for putting splunk index into grains, for example)
- Many new nova
misc.py
checks used in hubblestack_data - New nova modules
mount.py
andsystemctl.py
- Fix an issue in nova's
hubble.top
that was causing it to sync the nova files twice each run. This will markedly improve the performance ofhubble.top
.
General
- Improved error handling in nova's
misc.py
- Fixed a few errors caused by using old-style splunk returner config
- Increased error visibility in splunk returners
- Improved logging around nova's topfile errors
- Improved handling around
JSONIFY
support in nebula - Updated bundled version of osquery to 2.7.0
Version 2.2.6
v2.2.6 Bugfix Release
- Fixed a potential unicode bug in Nova
- Small fix for cve_scan_v2 in Nova
v2.2.5 Feature Release
Major Features/Improvements
- New splunk log handler for sending error logs to splunk
top.pulsar
andtop.nebula
support- New configurable custom grains based on config data (for putting splunk index into grains, for example)
- Many new nova
misc.py
checks used in hubblestack_data - New nova modules
mount.py
andsystemctl.py
- Fix an issue in nova's
hubble.top
that was causing it to sync the nova files twice each run. This will markedly improve the performance ofhubble.top
.
General
- Improved error handling in nova's
misc.py
- Fixed a few errors caused by using old-style splunk returner config
- Increased error visibility in splunk returners
- Improved logging around nova's topfile errors
- Improved handling around
JSONIFY
support in nebula - Updated bundled version of osquery to 2.7.0
Version 2.2.5
Major Features/Improvements
- New splunk log handler for sending error logs to splunk
top.pulsar
andtop.nebula
support- New configurable custom grains based on config data (for putting splunk index into grains, for example)
- Many new nova
misc.py
checks used in hubblestack_data - New nova modules
mount.py
andsystemctl.py
- Fix an issue in nova's
hubble.top
that was causing it to sync the nova files twice each run. This will markedly improve the performance ofhubble.top
.
General
- Improved error handling in nova's
misc.py
- Fixed a few errors caused by using old-style splunk returner config
- Increased error visibility in splunk returners
- Improved logging around nova's topfile errors
- Improved handling around
JSONIFY
support in nebula - Updated bundled version of osquery to 2.7.0
Version 2.2.4
This is an unofficial release, and we're only releasing the cent6 and cent7 packages for this release.
Please use 2.2.1 until 2.2.5 is out.
Thanks!
Version 2.2.3
This is an unofficial release, and we're only releasing the coreOS package for this release.
Please use 2.2.1 until 2.2.5 is out.
Thanks!
Version 2.2.2
This is an unofficial release, and we're only releasing the coreOS package for this release.
Please use 2.2.1 until 2.2.5 is out.
Thanks!
Version 2.2.1
2.2.0
tl;dr (big changes)
- AzureFS support for pulling profile data from azure blob storage
- Huge improvement to Windows pulsar performance for some users
nebula.fields
function for reporting custom data to splunk on a specific schedule- Support for
/etc/hubble/hubble.d/*.conf
for user config pulsar.canary
function for daily FIM event generation- Logstash returners!
- New and improved vulners CVE scanner to use their more performant API
Cross-Platform
- Added
osqueryversion
andosquerybinpath
grains for reporting osquery information - Added code to nebula to prefer our bundled version of osqueryi
- Added option to extract fields at index time for splunk returners
- Added
nebula.fields
function for reporting custom data to splunk on a specific schedule - Added support for
**kwargs
passthrough to nova modules - Added support for
/etc/hubble/hubble.d/*.conf
for user config - Added
pulsar.canary
function for daily FIM event generation - Added azure details fetching to splunk returners (similar to aws details)
- Added support for
__JSONIFY__
prefacing for osquery results which are JSON instead of python data structures. This allows us to further process the data into python data structures which can then be parsed into columns by splunk. - Added logstash returners
- Added new vulners CVE scanner
- Added some
misc.py
functions in nova to support CoreOS and Amazon Linux CIS checks - Changed the splunk port to be configurable in the splunk returners
- New
Dockerfile
s for building pyinstaller packages - Added azurefs support
Windows
- Improved performance of win_pulsar. Some users will see a substantial reduction in CPU usage during pulsar.process on windows.
- Many logic improvements and fixes to audit modules in Nova for Windows
- Fixed upgrading via installer
2.2.1
Version 2.2.0
tl;dr (big changes)
- AzureFS support for pulling profile data from azure blob storage
- Huge improvement to Windows pulsar performance for some users
nebula.fields
function for reporting custom data to splunk on a specific schedule- Support for
/etc/hubble/hubble.d/*.conf
for user config pulsar.canary
function for daily FIM event generation- Logstash returners!
- New and improved vulners CVE scanner to use their more performant API
Cross-Platform
- Added
osqueryversion
andosquerybinpath
grains for reporting osquery information - Added code to nebula to prefer our bundled version of osqueryi
- Added option to extract fields at index time for splunk returners
- Added
nebula.fields
function for reporting custom data to splunk on a specific schedule - Added support for
**kwargs
passthrough to nova modules - Added support for
/etc/hubble/hubble.d/*.conf
for user config - Added
pulsar.canary
function for daily FIM event generation - Added azure details fetching to splunk returners (similar to aws details)
- Added support for
__JSONIFY__
prefacing for osquery results which are JSON instead of python data structures. This allows us to further process the data into python data structures which can then be parsed into columns by splunk. - Added logstash returners
- Added new vulners CVE scanner
- Added some
misc.py
functions in nova to support CoreOS and Amazon Linux CIS checks - Changed the splunk port to be configurable in the splunk returners
- New
Dockerfile
s for building pyinstaller packages - Added azurefs support
Windows
- Improved performance of win_pulsar. Some users will see a substantial reduction in CPU usage during pulsar.process on windows.
- Many logic improvements and fixes to audit modules in Nova for Windows
- Fixed upgrading via installer
Version 2.1.7
General
- Force configfile and logfile to 600 permissions (to protect the splunk token)
Splunk Returners (Quasar)
- More robust searching for
dest_ip
-- it will do its best to find an IP address without a127.
prefix. This was really only an issue on hosts with misconfigured FQDNs
Packaging
- Peg to requests version 2.13.0
- Peg to osquery version 2.3.2
- Fixes to sysvinit script:
- No sudo required
- Proper LSB init info
- Fix Debian 7 build
- Fix
python setup.py install
installation method. (note: this breaks the bdist_rpm builds, but we're not really using those anymore) - Change the default config to put
roots
beforegit
in fileserver backends, so local files can override.