Hubble is a modular, open-source security compliance framework. The project provides on-demand profile-based auditing, real-time security event notifications, alerting, and reporting.
splunk_index
, splunk_token
and splunk_port
https_proxy
in config file to configure proxy for azurefs fileserver as well as for splunk APIshttp_proxy
is set in environment variablesplunkindex
grain to be automatic (no longer needs config to work)TAGGED_BUILD
osqueryd
Support (experimental)osqueryd
is osquery's daemon mode. It allows for additional data gathering from the audit interface to the kernel, as well as real time gathering of data like processes. Additionally, it can be used to report deltas in addition to periodic snapshots of data, which can drastically reduce the amount of data reported to splunk or other endpoints, especially for queries with mostly-static data.disk_queue: /var/cache/hubble/splunk_disk_queue
disk_queue_size: 104857600
disk_queue_compression: 9
cmd.run
jobs in the scheduler from hubblestack_data in a safe way: https://github.com/hubblestack/hubble/blob/develop/hubblestack/extmods/modules/safecommand.py
/proc
for other running Hubble processes in addition to the pidfile.StartLimit
directives from our systemd unit files for compatibility across systemd versions