OwlH CHANGELOG
- Monitor - Alert if monitored log file is not changing, is too big.
- Monitor - Key actions are registered with deeper detail
- Monitor - Internal status alerts, email notification and approved
- API - Curl samples repository
- User - LDAP User authentication
- Suricata - manage individual configurations file
- Open Rules - Suricata Rule syntax validation
- Open Rules - Create a custom ruleset from a folder including all .rules files
- Master - Receive security events from nodes for a central extra analysis and correlation
- API and UI - User authentication based on user local passwd.
- User - User Management - basic user manager funcionality for admin user.
- User - default user admin with pass admin
- API - JWT requests validation
- Suricata service options - Manage and Expert modes.
- Zeek service options - Zeek cluster and standalone configuration improvement.
- Event Enritchment - add tags, pre analysis and post analysis filters.
- Network IDS - Zeek cluster configuration from UI/API
- Network IDS - Interface Params configuration from UI/API
- Monitor - event output file is too big, truncate or rotate
- Monitor - Internal status alerts, email notification and approved
- API - Initial Swagger based API documentation
- Visualization - Rules Visualization and dashboards on Kibana -> master-kibana-master (t-sec or event)
- Nodes - Sort && filter
- Nodes - Groups - create, add nodes
- Nodes - Groups - ruleset assignament to group, sync to group members and merge when a member belongs to more than one group.
- Nodes - API - Bulk Add
- I - Network IDS - Zeek cluster configuration from UI/API
- I - Monitor - Key actions are registered
- I - API - Initial Swagger based API documentation
- I - Visualization - Rules Visualization and dashboards on Kibana -> master-kibana-master (t-sec or event)
- Open Rules - Rule detail and rule modification from UI/API
- Open Rules - Search suricata rules by SID or MSG
- Node Services - Wazuh Agent - Manage logs files to be monitored by from UI/API
- Node Services - Wazuh Agent - see size and read last 10, 50, 100 lines from any monitored log file
- Node Services - Analyzer - see size and read last 10, 50, 100 lines from analyzer output file
- Monitor - Monitor log file for Suricata, Zeek and others. size and last 10, 50, 100 lines
- OS Support - CentOS, Debian/Ubuntu, Raspbidian
- Multiple bugs or small improvements to previous functionalities
- Improved Suricata Service management and configuration from UI.
- Improved Zeek Service management and configuration from UI.
- Traffic sent to local Socket from remote system and replayed to a local Network Interface
- Traffic sent to local Socket from remote system and stored in PCAP file
- Traffic read from local Network interface and send it to a remote system by socket
- Traffic from PCAP file to a local Network Interface
- Traffic sent to local Socket from remote system and replayed to a local Network interface
- Traffic sent to local Socket from remote system and stored in PCAP file
- Dispatch traffic between different OwlH Nodes using NFS resources
- Traffic forensic with Moloch by listening network interface or reading PCAP files
- Sync all local rulesets to the right nodes
- Add notes to rules
- OwlH Installer software
- OwlH Client software for linux - software tap control