AI-Hunter v3.6.1 Is in the Wild!
AI-Hunter 3.6.1 is out!
This release is focused on fixes and smaller features. We hope you’ll give it a try!
- When looking at databases in the database listing, we show the start and end date/time stamps for that database. When a sensor is misconfigured or can’t reach the AI-Hunter server for some reason and logs are no longer flowing, the timestamps will show you that the database has old data.
- We’ve extended the thresholds on the Long Connections and DNS tabs so you can set larger minimums to see just the longest connections or just the more common dns objects. Additionally, we’ve changed the default thresholds to decrease both page load times and the number of low-value results shown.
- Ubuntu Linux 18.04 is now a fully supported OS.
- When installing a new Bro sensor, the install script in 3.6.0 was unable to find the ja3 plugin needed to fingerprint TLS connections because of file reorganization at the file repository. This has been fixed in 3.6.1.
- There are a number of cosmetic fixes in the installer.
- On the beacons page, the metric bars now fit in the scorebar boundaries.
- Threat Intel exported CSVs now include fields that were missing.
- When clicking a dashboard score the filtered search results displayed will be an exact match to the original IP instead of a partial match that could show unrelated results.
As always, there are additional behind-the-scenes fixes.
** If you have done a new install of Bro since November 14th we strongly suggest you upgrade to 3.6.1 to install the missing TLS fingerprint plugin. If that’s not the case, you can upgrade AI-Hunter if you’d like one of the new features or are running into one of the bugs. **
Interested in threat hunting tools? Check out AC-Hunter
Active Countermeasures is passionate about providing quality, educational content for the Infosec and Threat Hunting community. We appreciate your feedback so we can keep providing the type of content the community wants to see. Please feel free to Email Us with your ideas!
Bill has authored numerous articles and tools for client use. He also serves as a content author and faculty member at the SANS Institute, teaching the Linux System Administration, Perimeter Protection, Securing Linux and Unix, and Intrusion Detection tracks. Bill’s background is in network and operating system security; he was the chief architect of one commercial and two open source firewalls and is an active contributor to multiple projects in the Linux development effort. Bill’s articles and tools can be found in online journals and at http://github.com/activecm/ and http://www.stearns.org.