Skip to content

Releases: hubblestack/hubble

Version 2.2.8

04 Oct 16:31
Compare
Choose a tag to compare

v2.2.8 Bugfix Release

  • Fixed a bug with cache invalidation in AzureFS

v2.2.7 Bugfix Release

  • Fixed __JSONIFY__ support in nebula (unicode bug)
  • Fixed cloud_details import in returners

v2.2.6 Bugfix Release

  • Fixed a potential unicode bug in Nova
  • Small fix for cve_scan_v2 in Nova

v2.2.5 Feature Release

Major Features/Improvements

  • New splunk log handler for sending error logs to splunk
  • top.pulsar and top.nebula support
  • New configurable custom grains based on config data (for putting splunk index into grains, for example)
  • Many new nova misc.py checks used in hubblestack_data
  • New nova modules mount.py and systemctl.py
  • Fix an issue in nova's hubble.top that was causing it to sync the nova files twice each run. This will markedly improve the performance of hubble.top.

General

  • Improved error handling in nova's misc.py
  • Fixed a few errors caused by using old-style splunk returner config
  • Increased error visibility in splunk returners
  • Improved logging around nova's topfile errors
  • Improved handling around JSONIFY support in nebula
  • Updated bundled version of osquery to 2.7.0

Version 2.2.7

28 Sep 21:27
Compare
Choose a tag to compare

v2.2.7 Bugfix Release

  • Fixed __JSONIFY__ support in nebula (unicode bug)
  • Fixed cloud_details import in returners

v2.2.6 Bugfix Release

  • Fixed a potential unicode bug in Nova
  • Small fix for cve_scan_v2 in Nova

v2.2.5 Feature Release

Major Features/Improvements

  • New splunk log handler for sending error logs to splunk
  • top.pulsar and top.nebula support
  • New configurable custom grains based on config data (for putting splunk index into grains, for example)
  • Many new nova misc.py checks used in hubblestack_data
  • New nova modules mount.py and systemctl.py
  • Fix an issue in nova's hubble.top that was causing it to sync the nova files twice each run. This will markedly improve the performance of hubble.top.

General

  • Improved error handling in nova's misc.py
  • Fixed a few errors caused by using old-style splunk returner config
  • Increased error visibility in splunk returners
  • Improved logging around nova's topfile errors
  • Improved handling around JSONIFY support in nebula
  • Updated bundled version of osquery to 2.7.0

Version 2.2.6

28 Sep 17:21
Compare
Choose a tag to compare

v2.2.6 Bugfix Release

  • Fixed a potential unicode bug in Nova
  • Small fix for cve_scan_v2 in Nova

v2.2.5 Feature Release

Major Features/Improvements

  • New splunk log handler for sending error logs to splunk
  • top.pulsar and top.nebula support
  • New configurable custom grains based on config data (for putting splunk index into grains, for example)
  • Many new nova misc.py checks used in hubblestack_data
  • New nova modules mount.py and systemctl.py
  • Fix an issue in nova's hubble.top that was causing it to sync the nova files twice each run. This will markedly improve the performance of hubble.top.

General

  • Improved error handling in nova's misc.py
  • Fixed a few errors caused by using old-style splunk returner config
  • Increased error visibility in splunk returners
  • Improved logging around nova's topfile errors
  • Improved handling around JSONIFY support in nebula
  • Updated bundled version of osquery to 2.7.0

Version 2.2.5

26 Sep 20:31
Compare
Choose a tag to compare

Major Features/Improvements

  • New splunk log handler for sending error logs to splunk
  • top.pulsar and top.nebula support
  • New configurable custom grains based on config data (for putting splunk index into grains, for example)
  • Many new nova misc.py checks used in hubblestack_data
  • New nova modules mount.py and systemctl.py
  • Fix an issue in nova's hubble.top that was causing it to sync the nova files twice each run. This will markedly improve the performance of hubble.top.

General

  • Improved error handling in nova's misc.py
  • Fixed a few errors caused by using old-style splunk returner config
  • Increased error visibility in splunk returners
  • Improved logging around nova's topfile errors
  • Improved handling around JSONIFY support in nebula
  • Updated bundled version of osquery to 2.7.0

Version 2.2.4

15 Sep 18:22
Compare
Choose a tag to compare
Version 2.2.4 Pre-release
Pre-release

This is an unofficial release, and we're only releasing the cent6 and cent7 packages for this release.

Please use 2.2.1 until 2.2.5 is out.

Thanks!

Version 2.2.3

30 Aug 17:02
Compare
Choose a tag to compare
Version 2.2.3 Pre-release
Pre-release

This is an unofficial release, and we're only releasing the coreOS package for this release.

Please use 2.2.1 until 2.2.5 is out.

Thanks!

Version 2.2.2

23 Aug 22:34
Compare
Choose a tag to compare
Version 2.2.2 Pre-release
Pre-release

This is an unofficial release, and we're only releasing the coreOS package for this release.

Please use 2.2.1 until 2.2.5 is out.

Thanks!

Version 2.2.1

08 Aug 22:45
Compare
Choose a tag to compare

2.2.0

tl;dr (big changes)

  • AzureFS support for pulling profile data from azure blob storage
  • Huge improvement to Windows pulsar performance for some users
  • nebula.fields function for reporting custom data to splunk on a specific schedule
  • Support for /etc/hubble/hubble.d/*.conf for user config
  • pulsar.canary function for daily FIM event generation
  • Logstash returners!
  • New and improved vulners CVE scanner to use their more performant API

Cross-Platform

  • Added osqueryversion and osquerybinpath grains for reporting osquery information
  • Added code to nebula to prefer our bundled version of osqueryi
  • Added option to extract fields at index time for splunk returners
  • Added nebula.fields function for reporting custom data to splunk on a specific schedule
  • Added support for **kwargs passthrough to nova modules
  • Added support for /etc/hubble/hubble.d/*.conf for user config
  • Added pulsar.canary function for daily FIM event generation
  • Added azure details fetching to splunk returners (similar to aws details)
  • Added support for __JSONIFY__ prefacing for osquery results which are JSON instead of python data structures. This allows us to further process the data into python data structures which can then be parsed into columns by splunk.
  • Added logstash returners
  • Added new vulners CVE scanner
  • Added some misc.py functions in nova to support CoreOS and Amazon Linux CIS checks
  • Changed the splunk port to be configurable in the splunk returners
  • New Dockerfiles for building pyinstaller packages
  • Added azurefs support

Windows

  • Improved performance of win_pulsar. Some users will see a substantial reduction in CPU usage during pulsar.process on windows.
  • Many logic improvements and fixes to audit modules in Nova for Windows
  • Fixed upgrading via installer

2.2.1

  • Fixed a bug introduced in the splunk returners (#142)
  • Add multiline matching to nova grep module's match_output by default (#148)
  • Packaging fixes

Version 2.2.0

07 Aug 20:06
Compare
Choose a tag to compare

tl;dr (big changes)

  • AzureFS support for pulling profile data from azure blob storage
  • Huge improvement to Windows pulsar performance for some users
  • nebula.fields function for reporting custom data to splunk on a specific schedule
  • Support for /etc/hubble/hubble.d/*.conf for user config
  • pulsar.canary function for daily FIM event generation
  • Logstash returners!
  • New and improved vulners CVE scanner to use their more performant API

Cross-Platform

  • Added osqueryversion and osquerybinpath grains for reporting osquery information
  • Added code to nebula to prefer our bundled version of osqueryi
  • Added option to extract fields at index time for splunk returners
  • Added nebula.fields function for reporting custom data to splunk on a specific schedule
  • Added support for **kwargs passthrough to nova modules
  • Added support for /etc/hubble/hubble.d/*.conf for user config
  • Added pulsar.canary function for daily FIM event generation
  • Added azure details fetching to splunk returners (similar to aws details)
  • Added support for __JSONIFY__ prefacing for osquery results which are JSON instead of python data structures. This allows us to further process the data into python data structures which can then be parsed into columns by splunk.
  • Added logstash returners
  • Added new vulners CVE scanner
  • Added some misc.py functions in nova to support CoreOS and Amazon Linux CIS checks
  • Changed the splunk port to be configurable in the splunk returners
  • New Dockerfiles for building pyinstaller packages
  • Added azurefs support

Windows

  • Improved performance of win_pulsar. Some users will see a substantial reduction in CPU usage during pulsar.process on windows.
  • Many logic improvements and fixes to audit modules in Nova for Windows
  • Fixed upgrading via installer

Version 2.1.7

07 Apr 17:20
Compare
Choose a tag to compare

General

  • Force configfile and logfile to 600 permissions (to protect the splunk token)

Splunk Returners (Quasar)

  • More robust searching for dest_ip -- it will do its best to find an IP address without a 127. prefix. This was really only an issue on hosts with misconfigured FQDNs

Packaging

  • Peg to requests version 2.13.0
  • Peg to osquery version 2.3.2
  • Fixes to sysvinit script:
    • No sudo required
    • Proper LSB init info
  • Fix Debian 7 build
  • Fix python setup.py install installation method. (note: this breaks the bdist_rpm builds, but we're not really using those anymore)
  • Change the default config to put roots before git in fileserver backends, so local files can override.