Releases: DynamiteAI/dynamite-nsm
Releases · DynamiteAI/dynamite-nsm
1.1
New Features
- Most
dynamite
commands can now run as non-root users, provided that user is added to thedynamite
group. setup
command added to decouple environment preparation from individual service installation. Also provides the ability to fully uninstall NSM services.zeek reset
,suricata reset
, andfilebeat reset
commands allows users to revert various configurations back to a default states.suricata config
- Zeek and Suricata now expose network interface settings to the
dynamite
commandline. dynamite-remote
is now included by default with thedynamite-nsm
package.- Zeek Script and Suricata Ruleset ids are now generated via SHA1 content based hashing.
setcap
now runs before Zeek and Suricata processes are started, allowing them to capture traffic as non-root privileged users.dynamite_nsm.services.base.systemctl
module now provides aFallbackCtl
mode which currently allows agent processes to be managed inside a docker container.- Added several docker examples for Dynamite Agent
- BPF validation binary now included as part of the package.
- Added friendly aliases and descriptive information for several new EmergingThreat Open rule-sets
- Added the Log4Shell exploit detection script for Zeek by default.
- Improved exception handling across
dynamite_nsm
package. - Updated to latest default configurations
- Installs Kibana
BaseViews
0.4
Removed Features
dynamite remote
command has been replaced withdynamite auth
to avoid confusion.dynamite agent optimize
command no longer takes the parameter--inspection-interfaces
- Removed Suricata installer's WireShark dependency
- Zeek service now checks that
python sources
are available prior to install
Bugs
- Elasticsearch and Logstash will no longer over-allocate Java heap.
- Hard coded binary paths have been removed from NSM installed
.service
files. - When installing NSM services on RHEL systems powertools and EPEL repos are first added.
- Addressed issued where Filebeat Kafka targets were pulling Redis host definitions
1.0 Release
New Features
- Adds type-hints to all methods and functions.
- Greatly Simplified SDK
- Added additional base service classes.
- Simplified
*Manager
setup methods. - Replaced the
components
module withcmd
module for building command-line utilities fromservices
classes. - Removed tons of redundant code within
services
- Introduced initial version of task framework for running various background jobs against services on the stack.
- Added several new commands
- Added
agent optimize
command to automatically adjust threading/pinning settings within Zeek/Suricata - Added
logs
command to agent services for presenting relevant performance logs for Zeek and Suricata. - Added non-interactive interfaces for service
config
commands - Added
remote
command allowing a controller to remotely connect to this instance - Added
elasticsearch config users
command for resetting the passwords of internal users. - Running
dynamite
with no arguments now returns a status menu of all installable services.
- Added
Removed Features
- Removed Python2 support; Python3.7+ only!
- Removed ElastiFlow & Synesis dependency.
- Logstash is now an optional dependency
- Removed configuration TUIs in favor of simplified commandline interfaces
- Dynamite
lab
anddaemon
services has been temporarily retired, and will be available in later a later release
0.8.0 - API Patches
0.8 Release
- Created several
log
wrapper classes for Zeek, Suricata, and FIlebeat, providing easy access to several logs needed for troubleshooting.- Implements linecache module for more efficient readIO against large log files.
- Provides basic search functionality such as basic timeframe querying and return limits.
- Added
patch_modules
install method for Filebeat, allowing for ECS normalization of Zeek and Suricata logs.- Added corresponding enable/disable methods for toggling on and off
- Exposed Filebeat SSL/TLS options for all supported outputs.
- Adds a
LocalNetworkConfigManager
for Zeek, which allows access to theetc/network.cfg
, used to specify local networks to Zeek. suricata_log_output_file
now passed through to theSuricataConfigManager
- Updated logic to handle parsing lists of dictionaries in addition to nested dictionaries.
- Moved suricata default logging directory to
/opt/dynamite/suricata/logs/
which avoids the mess created when lower runlevel ops try to write to/var/
before it is mounted. - move to jemalloc for Zeek/Suricata compiling
0.7.2
- Zeek 3.0.3 support
- Adds dynamited service and component
- Enhancements to service modules; base service modules introduced.
- Enhancements to systemd integration
- 0.7.2 Config Enhancements
- stdout/stderr passthrough
- exit status
- running status
- Commandline statuses now pretty-print by default
0.7.1 - AF_PACKET & Systemd
- AF_PACKET replaces PF_RING for Zeek
- No reboot required on agent install
- Improved compile times
- Systemd replaces the builtin process manager for agent
- Community_ID supported across Zeek application logs
- Improved OS support
- Defaulted ES templates to 0 replicas 1 shard (most common installation)
0.7.0 - Major Refactor + Component Architecture
- Brand new command-line
- nested help modules
- Community_id now added to both Zeek and Suricata (agent logs only for now)
- Breaks up service modules into submodules
- install - manage service installation/uninstallation/initial configuration
- config - manage service configuration
- process - manage service processes
- profile - monitor service processes
- Adds custom exception handling install/config functions no longer return booleans on failure, but rather raise exceptions
- Adds logger
- Improves Download/Process tracking interfaces
- Adds new Filebeat terminal UI
- Adds new agent config terminal UI
- ReadTheDocs documentation added
- Adds config module unit tests
Alert Dashboard Improvements/Bug Fixes
Dashboard Updates
- Adds tabular view in Suricata Alert Dashboards
Bug Fixes
- const.py now properly references BIN_PATH ->
/opt/dynamite/
- agent preparation functions now reference const.BIN_PATH rather than hard-coded values
- Kibana notification (with dashboard links) now pops up properly.
File Module/Dashboard Improvements/Bug Fixes
Dashboard Updates
- Adds SSL dashboard
- Adds files module
- Overview Dashboard
- Message Dashboard
- Refactor application dashboards with input controllers
Bug Fixes
- Issues with setting monitor/logstash standalone passwords have been resolved.
- Updater now properly deletes old default-config archives
Elastic/Logstash/Kibana Configurator Improvements
- Addressed issue with filebeats parser backing up
suricata.yaml.backup
config instead of properly namedfilebeats.yml.backup
config elastic.ElasticConfigurator
now implements nativeyaml
library for parsing configskibana.KibanaConfigurator
now implements nativeyaml
library for parsing configslogstash.LogstashConfigurator
now implements nativeyaml
library for parsing configs- Updated logstash install messages
Kibana/Filebeat Installation Bug Fixes
- Addresses multiple issues related to the installation of Kibana and Filebeat
- Adds support for the
0.6.3
configs