Rocknsm Rock Versions Save

See below for the high-level changes for the RPM. Go see the detailed changes for the greater ISO release (including Elastic 6.6.1, Bro 2.6.1, and Suricata 4.1.2, plus much more!) over at the release blog post.

Download the release here: https://download.rocknsm.io/isos/stable/rocknsm-2.3.0-1902.iso

High-Level Changes

• New: Add ability to do multi-host deployment of sensor + data tiers (#339)
• New: Integrate Docket into Kibana by default
• New: Improvements and additional Kibana dashboards
• Fixes: issue with Bro failing when monitor interface is down (#343)
• Fixes: issue with services starting that shouldn’t (#346)
• Fixes: race condition on loading dashboards into Kibana (#356)
• Fixes: configuration for Docket allowing serving from non-root URI (#361)
• Change: bro log retention value to one week rather than forever (#345)
• Change: Greatly improve documentation (#338)
• Change: Reorganize README (#308)
• Change: Move ECS to rock-dashboards repo (#305)
• Change: Move RockNSM install paths to filesystem hierarchy standard locations (#344)

Tagging package [rock] version [rock-2.1.0-2] in directory [./].

Changes:

• Cleans up inconsistencies with with_* handlers (namely fixes with elasticsearch)
• Adds broctl wrapper script to help with permission issues. If a user now tries sudo broctl it will execute /usr/bin/broctl which will run the actual broctl as the bro user
• Disables default CentOS repos when rock_online_install is False and will re-enable them if True
• Other formatting changes

Notes:

• One user reported an issue trying to boot the image via USB thumbdrive on an EFI system. I haven't been able to reproduce this yet, so if this happens to you, please file an issue with details how to make it happen. As a workaround, booting from a DVD solved this problem.

ISO filename: rocknsm-2.0.5-1705.iso sha256: 4fcecfec5cd3bac414cb81c6ac7e7557b60406d457eee28fca94544e30753fd2

Fixes an issue that would cause Ansible to fail during the deploy. We also cut a new ISO

Filename: rocknsm-2.0.4-1705.iso SHA256: 244b18fa73b547fabb8f6938b37ea6fad52eebd9d56a1838d080f3dcac70079f

This fixes the name of the rock-scripts branch in the default vars file.

Fixes the following:

• Enables SMB analyzer by default (#126)
• Re-works how Stenographer is configured to make it easier to use (#125)
• Fixes some functionality with FSF and documentation
• Updates logo with correct wording
• Cleans up service management to make more idempotent with respect to config

We are proud to finally release ROCK 2.0! We've put a lot into this release, focusing on a more streamlined process.

Some highlights of changes are:

• Elastic stack 5.x
• Bro 2.5
• Suricata by default (Snort is available as alternate)
• Kafka 10
• ISO image installer (woot!)
• Ansible as deployment mechanism

From a usability perspective, we squashed lots of bugs and put a significant amount of effort into enabling better analysis. Kibana can be hard to use with Bro data to make the pivots. So we've re-worked that model to make it easier to find related log files.

For more detailed information, head on over to our documentation.

This is the closeout release/tag for 1.0, before we jump to the 2.0 release.

Marching on towards the ROCK 2.0 master release.

See Getting Started documentation on how to get going.

In this release, we've squashed a ton of bugs and added the File Scanning Framework by Emerson! This is a great feature, but for the time being we're disabling it by default.

Things not yet in this release:

• Sufficient documentation. This is coming along, but we know we need more (also need help!)
• We're working on better health monitoring, but it still needs a bit of polish to cover the important things
• FSF does not yet have a proper mapping in Elasticsearch which causes issues with Kibana rendering during certain samples
• Snort needs a little more love to be up to par as a Suricata alternative
• Lastly, need to create a proper package for our deployment scripts

Do you think something is missing from the above list? Please file an issue, or even better, a pull request!

On to the release!