HubbleStack: Security for DevOps

Welcome to the HubbleStack documentation!

Hubble is a modular, open-source security compliance framework built on top of SaltStack. The project provides on-demand profile-based auditing, real-time security event notifications, automated remediation, alerting and reporting.

Hubble can “dock” with any existing SaltStack installation, and requires very little work to get started. This document describes installation, configuration and general use.


Hubble is made up of four different components, each playing a role in the overall auditing of your systems. These components are described here:

  • Nova - Nova is Hubble’s profile-based auditing engine.
  • Pulsar - Pulsar is Hubble’s real-time event system.
  • Nebula- Nebula is Hubble’s security snapshot utility.
  • Quasar - Quasar is Hubble’s flexible reporting suite.

Each of these components are modular, flexible, and easy to drop into place for any size infrastructure.

While each of these components can be used standalone it is often required to combine each components with it’s corresponding Quasar module. Quasar modules are what connects Nova, Nebula and Pulsar to external endpoints such as Splunk, Slack, etc.

New to HubbleStack? Explore some of these topics:


Nova is the best place to get started with Hubble. Using pre-built security and compliance “profiles”, Nova will give you a complete picture of your security stance.

Check out the installation docs:

Have a look at the Nova module list, and learn how audit modules work.

... or read through some of the pre-built profiles:


Once you have Nova installed, check out Quasar next.


See also

Nebula has a hard dependency on osquery. See install requirements here

Nebula allows you to take snapshots of your systems by scheduling specific queries. These queries capture information such as:

  • running processes
  • established outbound connections
  • listening processes
  • suid binaries
  • crontab
  • installed packages
  • ...anything else you’d like to query

Check out the installation docs:

Have a look at the Nebula modules:


Once you have Nebula installed, checkout Quasar next.


See also

Pulsar has a dependency on the Python pyinotify library. See: Pulsar Required Packages

Pulsar watches for filesystem events as they happen and notify you in real-time regarding any changes.

You can also take a look at the Pulsar module list:


Next step? Check out the Quasar modules to collect Pulsar event data.


Quasar modules are integral in collecting and tracking your security data. In general you’ll want to combine each HubbleStack component (Nova, Pulsar, Nebula) with it’s corresponding Quasar module.

You can also take a look at the Pulsar module list: