hubble 3.0.4 releases: a modular, open-source security compliance framework
HubbleStack (Hubble for short) is a modular, open-source, security & compliance auditing framework which is built in python, using SaltStack as a library. It provides on-demand profile-based auditing, real-time security event notifications, alerting and reporting. It also reports security information to Splunk, Logstash, or other endpoints. HubbleStack is a free and open source project made possible by Adobe.
Hubble supports success/fail auditing via a number of included modules. The codename for the audit piece of Hubble is “Nova.” Hubble can gather incredible amounts of raw data from your hosts for later analysis. The codename for the insights piece of Hubble is Nebula. It primarily uses osquery which allows you to query your system as if it were a database. Pulsar is designed to monitor for file system events, acting as a real-time File Integrity Monitoring (FIM) agent. Pulsar uses python-inotify to watch for these events and report them to your destination of choice.
- Restored previous behavior of splunk returners dynamically loading new splunk config from hubble.d/*.conf files via grains
- Pulled in a fix (from upstream salt) for generating the fqdn grain in spite of DNS outage
- Fixed issue where cloud_details grain was being emitted to syslog twice
- Fixed the generation of the
splunkindexgrain to be automatic (no longer needs config to work)
- Added secrets filtering for grains_report to splunk
Copyright (C) 2014