- Most
dynamitecommands can now run as non-root users, provided that user is added to thedynamitegroup. setupcommand added to decouple environment preparation from individual service installation. Also provides the ability to fully uninstall NSM services.zeek reset,suricata reset, andfilebeat resetcommands allows users to revert various configurations back to a default states.suricata config- Zeek and Suricata now expose network interface settings to the
dynamitecommandline. dynamite-remoteis now included by default with thedynamite-nsmpackage.- Zeek Script and Suricata Ruleset ids are now generated via SHA1 content based hashing.
setcapnow runs before Zeek and Suricata processes are started, allowing them to capture traffic as non-root privileged users.dynamite_nsm.services.base.systemctlmodule now provides aFallbackCtlmode which currently allows agent processes to be managed inside a docker container.- Added several docker examples for Dynamite Agent
- BPF validation binary now included as part of the package.
- Added friendly aliases and descriptive information for several new EmergingThreat Open rule-sets
- Added the Log4Shell exploit detection script for Zeek by default.
- Improved exception handling across
dynamite_nsmpackage. - Updated to latest default configurations
- Installs Kibana
BaseViews0.4
dynamite remotecommand has been replaced withdynamite authto avoid confusion.dynamite agent optimizecommand no longer takes the parameter--inspection-interfaces- Removed Suricata installer's WireShark dependency
- Zeek service now checks that
python sourcesare available prior to install
- Elasticsearch and Logstash will no longer over-allocate Java heap.
- Hard coded binary paths have been removed from NSM installed
.servicefiles. - When installing NSM services on RHEL systems powertools and EPEL repos are first added.
- Addressed issued where Filebeat Kafka targets were pulling Redis host definitions
- Adds type-hints to all methods and functions.
- Greatly Simplified SDK
- Added additional base service classes.
- Simplified
*Managersetup methods. - Replaced the
componentsmodule withcmdmodule for building command-line utilities fromservicesclasses. - Removed tons of redundant code within
services
- Introduced initial version of task framework for running various background jobs against services on the stack.
- Added several new commands
- Added
agent optimizecommand to automatically adjust threading/pinning settings within Zeek/Suricata - Added
logscommand to agent services for presenting relevant performance logs for Zeek and Suricata. - Added non-interactive interfaces for service
configcommands - Added
remotecommand allowing a controller to remotely connect to this instance - Added
elasticsearch config userscommand for resetting the passwords of internal users. - Running
dynamitewith no arguments now returns a status menu of all installable services.
- Added
- Removed Python2 support; Python3.7+ only!
- Removed ElastiFlow & Synesis dependency.
- Logstash is now an optional dependency
- Removed configuration TUIs in favor of simplified commandline interfaces
- Dynamite
labanddaemonservices has been temporarily retired, and will be available in later a later release
- Addressed some issues with patch_modules command not running properly when either Zeek/Suricata had not been installed
- Addressed several permission issues when installing agent components
- Created several
logwrapper classes for Zeek, Suricata, and FIlebeat, providing easy access to several logs needed for troubleshooting.- Implements linecache module for more efficient readIO against large log files.
- Provides basic search functionality such as basic timeframe querying and return limits.
- Added
patch_modulesinstall method for Filebeat, allowing for ECS normalization of Zeek and Suricata logs.- Added corresponding enable/disable methods for toggling on and off
- Exposed Filebeat SSL/TLS options for all supported outputs.
- Adds a
LocalNetworkConfigManagerfor Zeek, which allows access to theetc/network.cfg, used to specify local networks to Zeek. suricata_log_output_filenow passed through to theSuricataConfigManager- Updated logic to handle parsing lists of dictionaries in addition to nested dictionaries.
- Moved suricata default logging directory to
/opt/dynamite/suricata/logs/which avoids the mess created when lower runlevel ops try to write to/var/before it is mounted. - move to jemalloc for Zeek/Suricata compiling
- Zeek 3.0.3 support
- Adds dynamited service and component
- Enhancements to service modules; base service modules introduced.
- Enhancements to default configurations.
- Enhancements to systemd integration
- stdout/stderr passthrough
- exit status
- running status
- Commandline statuses now pretty-print by default
- AF_PACKET replaces PF_RING for Zeek
- No reboot required on agent install
- Improved compile times
- Systemd replaces the builtin process manager for agent
- Community_ID supported across Zeek application logs
- Improved OS support
- Defaulted ES templates to 0 replicas 1 shard (most common installation)
- Brand new command-line
- nested help modules
- Community_id now added to both Zeek and Suricata (agent logs only for now)
- Breaks up service modules into submodules
- install - manage service installation/uninstallation/initial configuration
- config - manage service configuration
- process - manage service processes
- profile - monitor service processes
- Adds custom exception handling install/config functions no longer return booleans on failure, but rather raise exceptions
- Adds logger
- Improves Download/Process tracking interfaces
- Adds new Filebeat terminal UI
- Adds new agent config terminal UI
- ReadTheDocs documentation added
- Adds config module unit tests