Skip to content

Hybrid Hunter Quick Start Guide

Mike Reeves edited this page Jul 25, 2019 · 10 revisions

This is a quick start guide to getting your HH configured with all components once you complete the install.

After the install is complete:

Allow the analyst for your IP or range. This process can take up to a minute if a highstate on the master is already running. All firewall rules for the entire deployment are managed at the master level. Run the command below and select the analyst role:

sudo so-allow

so_allow

Introduced in Alpha 1.1.0 is basic auth for the web interface. This is only temporary as we will be re-vamping authentication in beta. Some components have their own authentication so basic auth is disabled for those tools. (Hive, Grafana, etc) .

Add a user for auth to the web UI:
sudo so-user-add USERNAME

Configure Osquery Make sure you have DNS for this. You can use IP but I would highly recommend DNS. Allow the range of your endpoints:
sudo so-allow

Run the Osquery setup. This will create the packages needed for installing your agents as well as create the admin user for use with Fleet:

sudo sh /opt/so/conf/fleet/so-fleet-setup.sh <MASTER DNS NAME> admin@myorg.com

It is recommended that you change this password inside the Fleet interface.

Log into TheHive and add a user or change the admin account https://MASTERSERVER/thehive:

hiveadmin
hivechangeme

You can’t perform that action at this time.