Be notified of new releases
Create your free GitHub account today to subscribe to this repository for new releases and build software alongside 28 million developers.Sign up
- Cleans up inconsistencies with with_* handlers (namely fixes with elasticsearch)
- Adds broctl wrapper script to help with permission issues. If a user now tries sudo broctl it will execute /usr/bin/broctl which will run the actual broctl as the bro user
- Disables default CentOS repos when rock_online_install is False and will re-enable them if True
- Other formatting changes
- One user reported an issue trying to boot the image via USB thumbdrive on an EFI system. I haven't been able to reproduce this yet, so if this happens to you, please file an issue with details how to make it happen. As a workaround, booting from a DVD solved this problem.
Fixes an issue that would cause Ansible to fail during the deploy. We also cut a new ISO
We are proud to finally release ROCK 2.0! We've put a lot into this release, focusing on a more streamlined process.
Some highlights of changes are:
- Elastic stack 5.x
- Bro 2.5
- Suricata by default (Snort is available as alternate)
- Kafka 10
- ISO image installer (woot!)
- Ansible as deployment mechanism
From a usability perspective, we squashed lots of bugs and put a significant amount of effort into enabling better analysis. Kibana can be hard to use with Bro data to make the pivots. So we've re-worked that model to make it easier to find related log files.
For more detailed information, head on over to our documentation.
Marching on towards the ROCK 2.0 master release.
See Getting Started documentation on how to get going.
In this release, we've squashed a ton of bugs and added the File Scanning Framework by Emerson! This is a great feature, but for the time being we're disabling it by default.
Things not yet in this release:
- Sufficient documentation. This is coming along, but we know we need more (also need help!)
- We're working on better health monitoring, but it still needs a bit of polish to cover the important things
- FSF does not yet have a proper mapping in Elasticsearch which causes issues with Kibana rendering during certain samples
- Snort needs a little more love to be up to par as a Suricata alternative
- Lastly, need to create a proper package for our deployment scripts
Do you think something is missing from the above list? Please file an issue, or even better, a pull request!
On to the release!