AI-Hunter v3.5.0 Has Been Released!
We’ve provided a new release of AI-Hunter, which is in your Customer Portal account. Version 3.5.0 includes the following:
- “Blacklisted” is now renamed “Threat Intel” to match the intent of the feature.
- The log transport mechanism now handles Bro logs in non-default directories.
- Rita has been updated to version 3.0.6 .
- “rita import” can now import individual files (in addition to directories that it could import in previous versions).
- Additional cosmetic fixes, cleanups, and error checking related to syslog alerting, configuration defaults, the installer, database copies, and the aih_status script.
If you’re installing AI-Hunter for the first time, we encourage you to use this new version. If you’re on version 3.4.0 (*) we encourage you to upgrade to 3.5.0 as soon as convenient as this will resolve some fairly important bugs in 3.4.0. If you’re running version 3.4.1, 3.4.1 includes these fixes as well so this is not a critical upgrade, but we do encourage you to upgrade when time allows.
We do have one known issue with 3.4.1 and 3.5.0. In the Blacklist/Threat Intel tab, the box displaying additional information about IP addresses is not showing the correct details. As a temporary workaround, we encourage you to use an external web site to see additional details. Click on the IP address in question and you’ll see a drop-down menu; click on apility.io and you’ll be taken to a page with these details.
* To see your version, log in to AI-Hunter, select the Dashboard, click on the Gear icon in the upper right, and click on “About”.
You can download this new version of AI-Hunter (3.5.0) at https://portal.activecountermeasures.com/my-account under Downloads.
For details on how to install it, please see the Install Guide included in the tarball.
As always, if you have any questions or need assistance, please contact us.
Thank you for being an AI-Hunter user and happy threat hunting!
– The Active Countermeasures Team
Bill has authored numerous articles and tools for client use. He also serves as a content author and faculty member at the SANS Institute, teaching the Linux System Administration, Perimeter Protection, Securing Linux and Unix, and Intrusion Detection tracks. Bill’s background is in network and operating system security; he was the chief architect of one commercial and two open source firewalls and is an active contributor to multiple projects in the Linux development effort. Bill’s articles and tools can be found in online journals and at http://github.com/activecm/ and http://www.stearns.org.