Cyphon Release 1.5
We've just released Cyphon 1.5, featuring DataTaggers and Articles to help analysts quickly diagnose alerts.

DataTaggers
DataTaggers automatically tag alerts based on the content of the data that generated the alert. You can even configure them to automatically create new tags based on the content of particular fields. With autotagging, analysts can quickly understand the nature of an alert by looking at the tags associated with it. Read more about it in our docs.
Articles
Cyphon 1.5 also lays the groundwork for some upcoming features in our Cyclops UI. In Cyphon admin, you can associate a Tag with a new object called an Article. Articles are reference documents for particular subjects, such as port numbers or Snort signatures. They can provide information to help analysts quickly diagnose and remediate alerts. We plan to make Articles accessible through the UI in Cyclops 0.6 — stay tuned!
How to Upgrade
If you're running Cyphon 1.3 or earlier, follow instructions for upgrading your settings for Cyphon 1.4 before proceeding.
Update Installed Apps
Add ckeditor
, ckeditor_uploader
, and articles
to the list of INSTALLED_APPS
in your cyphon/settings/base.py
file:
INSTALLED_APPS = [
...
'django.contrib.staticfiles',
'ckeditor',
'ckeditor_uploader',
...
'appusers',
'articles',
...
]
Add Settings for CKEditor
Add the following additional settings to the cyphon/settings/base.py
file:
CKEDITOR_UPLOAD_PATH = 'uploads/'
CKEDITOR_ALLOW_NONIMAGE_FILES = False
Update Cyclops Settings
If your cyphon/settings/base.py
settings contain the following lines, remove them:
if CYCLOPS['LOCAL_ASSETS_ENABLED']:
STATICFILES_DIRS += [
(CYCLOPS['LOCAL_FOLDER_NAME'], CYCLOPS['LOCAL_ASSETS_PATH']),
]
The settings for Cyclops can now be simplified to the following:
CYCLOPS = {
'ENABLED': True,
'MAPBOX_ACCESS_TOKEN': '',
'DEVELOPMENT_ENABLED': False,
'DEVELOPMENT_URL': 'http://localhost:8080/',
}
Be sure to replace your MAPBOX_ACCESS_TOKEN
if you have one.
Update Middleware Settings
Rename the MIDDLEWARE_CLASSES
setting to MIDDLEWARE
in the cyphon/settings/base.py
file, and delete corsheaders.middleware.CorsMiddleware
from the list of middleware.
Update Software
If you've installed Cyphon manually, you can download the new release from GitHub.
If you're running a Cyphondock-deployment (including our Virtual Machine), you can update Cyphon by recreating your Docker containers with the latest images. Run the following commands from your cyphondock
working directory:
docker pull dunbar/cyphon:latest
docker-compose up -d --build