Hybrid Hunter Quick Start Guide
This is a quick start guide to getting your HH configured with all components once you complete the install.
After the install is complete:
Allow the analyst for your IP or range. This process can take up to a minute if a highstate on the master is already running. All firewall rules for the entire deployment are managed at the master level. Run the command below and select the analyst role:
Introduced in Alpha 1.1.0 is basic auth for the web interface. This is only temporary as we will be re-vamping authentication in beta. Some components have their own authentication so basic auth is disabled for those tools. (Hive, Grafana, etc) .
Add a user for auth to the web UI:
sudo so-user-add USERNAME
Make sure you have DNS for this. You can use IP but I would highly recommend DNS.
Allow the range of your endpoints:
Run the Osquery setup. This will create the packages needed for installing your agents as well as create the admin user for use with Fleet:
sudo sh /opt/so/conf/fleet/so-fleet-setup.sh <MASTER DNS NAME> firstname.lastname@example.org
It is recommended that you change this password inside the Fleet interface.
Log into TheHive and add a user or change the admin account https://MASTERSERVER/thehive: