Threat Hunting
What's New in Threat Hunting v1.1.1
Threat Hunting version 1.1.1 introduces significant improvements to the installation and deployment process, making it easier than ever to get your threat detection capabilities up and running.
This release focuses on streamlining the setup experience while maintaining the powerful anomaly detection and threat hunting capabilities you depend on.
Automated Installation Workflow
The headline feature of this release is the introduction of a comprehensive automated installation service that simplifies the deployment of the Threat Hunting module.
Key Benefits:
- Simplified Configuration: Single configuration file (
installer_vars.yaml) manages all deployment parameters - Reduced Manual Steps: Automated scripts handle complex installation tasks
- Faster Deployment: Streamlined process reduces installation time and potential errors
- Consistent Results: Automated approach ensures reproducible deployments across environments
What's Included:
The automated installation handles the complete deployment of:
- ML model training infrastructure
- ClickHouse analytical database with optimized configurations
- PostgreSQL database for metadata and user management
- Superset dashboard interface with pre-configured visualizations
- Kafka consumer services for real-time event processing
- Kubernetes deployment configurations for scalability
If Threat Hunting is enabled and the Machine Learning module is installed, configure the Machine Learning module IP address on the ECA master node by editing /opt/superna/eca/eca-env-common.conf and add:
##
## ML_MODULE_IP: Fill in the ip address of the Threat Hunting Machine Learning module if it is installed
##
#export ML_MODULE_IP=
Uncomment the last line and set the IP address when Threat Hunting is enabled and the module is in use.
Updated Version Requirements
This release updates the system to version 1.1.1 across all components, ensuring consistency and compatibility throughout the threat hunting infrastructure.
Enhanced Documentation
Comprehensive documentation has been added to guide you through:
- System requirements and prerequisites
- Configuration file structure and parameters
- Step-by-step installation procedures
- Post-installation verification steps
- Troubleshooting guidance for common scenarios
Getting Started with v1.1.1
Ready to deploy Threat Hunting with the new automated installation workflow? Start here:
Before You Begin
Review prerequisites, system requirements, and gather the necessary configuration details before starting installation.
Automated Installation
Follow the streamlined automated installation process to deploy Threat Hunting v1.1.1 with simplified configuration.
Learn More
Understanding Threat Hunting
If you're new to Threat Hunting or want to learn more about its capabilities:
Managing Threat Hunting
After installation, learn how to configure and operate your Threat Hunting deployment:
Configuration Guide
Configure threat detection settings, access controls, and integration parameters.
Operations Guide
Monitor threats, investigate anomalies, and respond to detected security events.
Need Help?
Encountering issues during installation or operation? Our troubleshooting guide can help:
Upgrading from Previous Versions
If you have an existing Threat Hunting installation and want to upgrade to v1.1.1, please contact Superna Support for upgrade guidance and procedures specific to your deployment.