AI-Hunter v3.7.0 Is in the Wild!


Version 3.7.0 of AI-Hunter has been released! We are very excited about this update because it includes some cool new features. We now have theme support, including an exciting new light theme. We also now allow searching by IP on a lot more modules!


New Features

  • Themes! We now have the color scheme you’re used to, as well as a higher contrast (da Vinci mode) light theme. Here’s a quick preview!
  • Theme selection is now available in Settings:
  • More search capabilities! Searching by IP address is now available on the following views:
    • Long Connections
    • Certificates
    • Client Signatures
    • Strobes
  • Ability to pivot IP address in Deep Dive. Clicking the [P] will change the currently investigated IP to the IP listed in CONN — <ip>
  • FQDNs displayed for internal IPs when available
  • Option to copy IP to clipboard in the investigation menus
  • Timestamp ranges are displayed on module tabs
  • Client signature scoring is now true or false
  • Updated RITA to v3.2.1 (includes JSON support)


Bug Fixes & Minor Changes

  • Web
    • Made database selection in Settings more readable
    • Added loading spinner to whitelist dialog
    • Prevented cosmetic error by redirecting browser to logout instead of using XHR
    • Sort arrow consistency on side feed
    • Whitelisting buttons get disabled
    • Database timestamp ranges no longer display in 12hr format
    • Properly update threshold values and badge counts on visiting another module
    • Threat Intel View 2 peer list no longer disappears during search
    • Corrected padding in some dialog boxes
    • Investigation menu no longer cuts off at the bottom of peer list in Threat Intel view 2
  • Installer
    • Fixed error traps to report the correct file in which install errors occur
    • Fixed a bug where passwords beginning with hyphens (-) were treated as command-line flags, and thus being leaked through the command line.
    • Let RITA handle calling gen-node-cfg; Prevents crashing if Bro config fails
    • Adjusted minimum space requirements for AI-Hunter:
      • $HOME/usr/opt: 5120MB
      • /tmp: 50MB
      • /var: 4096MB
      • /root: 10MB
      • If any of those directories don’t meet the corresponding amount of MB, the script calls the fail function. The user can still continue, but it isn’t recommended.
    • Start docker service even if already installed
    • Shorten JWT expiration time to 5 minutes after first successful login
    • Will warn the user if the available storage space is less than average for Bro storage
    • Check for lsb-release file
    • Install Bro from ACM repos
  • Backend
    • Created script that displays database and collection statistics
      • Usage:  ./hunt run –rm db_client <database>
    • Require executable temp volume when using docker-compose
    • Support arbitrary –localdir paths


Wrap Up

We hope you’ll be as excited as we are for these cool new features. We would love to hear your feedback on these changes and know how we can improve AI-Hunter for all users.

All current customers can access the new version via their Portal account. Please be sure to check the release notes for install instructions. If you have any problems, do not hesitate to reach out to our support team.

Not an AI-Hunter user yet? See a rundown of how AI-Hunter works, schedule a personal demo, or check out AI-Hunter purchase details here.



Interested in threat hunting tools? Check out AC-Hunter

Active Countermeasures is passionate about providing quality, educational content for the Infosec and Threat Hunting community. We appreciate your feedback so we can keep providing the type of content the community wants to see. Please feel free to Email Us with your ideas!

Share this:
AC-Hunter Datasheet
AC-Hunter Personal Demo
What We’re up To