Cyphon
Collect. Filter. Create.

Updates

Release Notes and News about Cyphon

Cyphon Release 1.5

We've just released Cyphon 1.5, featuring DataTaggers and Articles to help analysts quickly diagnose alerts.

alert-detail.png

DataTaggers

DataTaggers automatically tag alerts based on the content of the data that generated the alert. You can even configure them to automatically create new tags based on the content of particular fields. With autotagging, analysts can quickly understand the nature of an alert by looking at the tags associated with it. Read more about it in our docs.

Articles

Cyphon 1.5 also lays the groundwork for some upcoming features in our Cyclops UI. In Cyphon admin, you can associate a Tag with a new object called an Article. Articles are reference documents for particular subjects, such as port numbers or Snort signatures. They can provide information to help analysts quickly diagnose and remediate alerts. We plan to make Articles accessible through the UI in Cyclops 0.6 — stay tuned!

How to Upgrade

If you're running Cyphon 1.3 or earlier, follow instructions for upgrading your settings for Cyphon 1.4 before proceeding.

Update Installed Apps

Add ckeditor, ckeditor_uploader, and articles to the list of INSTALLED_APPS in your cyphon/settings/base.py file:

INSTALLED_APPS = [
    ...
    'django.contrib.staticfiles',
    'ckeditor',
    'ckeditor_uploader',
    ...
    'appusers',
    'articles',           
    ...
]

Add Settings for CKEditor

Add the following additional settings to the cyphon/settings/base.py file:

CKEDITOR_UPLOAD_PATH = 'uploads/'
CKEDITOR_ALLOW_NONIMAGE_FILES = False

Update Cyclops Settings

If your cyphon/settings/base.py settings contain the following lines, remove them:

if CYCLOPS['LOCAL_ASSETS_ENABLED']:
    STATICFILES_DIRS += [
        (CYCLOPS['LOCAL_FOLDER_NAME'], CYCLOPS['LOCAL_ASSETS_PATH']),
    ]

The settings for Cyclops can now be simplified to the following:

CYCLOPS = {
    'ENABLED': True,
    'MAPBOX_ACCESS_TOKEN': '',
    'DEVELOPMENT_ENABLED': False,
    'DEVELOPMENT_URL': 'http://localhost:8080/',
}

Be sure to replace your MAPBOX_ACCESS_TOKEN if you have one.

Update Middleware Settings

Rename the MIDDLEWARE_CLASSES setting to MIDDLEWARE in the cyphon/settings/base.py file, and delete corsheaders.middleware.CorsMiddleware from the list of middleware.

Update Software

If you've installed Cyphon manually, you can download the new release from GitHub. If you're running a Cyphondock-deployment (including our Virtual Machine), you can update Cyphon by recreating your Docker containers with the latest images. Run the following commands from your cyphondock working directory:

docker pull dunbar/cyphon:latest
docker-compose up -d --build
releasesControlScan MDRreleases