Service Base
- Fix ontology output:
- Strip nulls from headers
- Only render output if there's tagging or typed-ontologies
v4.2.0.stable40
Service Base
- Fix ontology output:
- Strip nulls from headers
- Only render output if there's tagging or typed-ontologies
v4.2.0.stable4
Service Base
- Adding close(), kill and timeout to IcapClient
v4.2.0.stable39
Service Base
- Force all output ontology filenames to be lowercased
v4.2.0.stable38
Service Base
- Ontology fixes
v4.2.0.stable37
Base
- Change replay configuration ODM
Core
- Use state changes in the alert/submission metadata to track replay status
- Use a time window in replay to check for new alerts and submissions but reset it to loopback time when nothing is found
UI - API Server
- Added APIs to modify the replay status
v4.2.0.stable36
Base
- Result Ontology ODM modeling added
Service Base
- Bugfix: Catch TypeErrors raised by OCR library
- Updater: `import_update()` will use the set of validated files as defined by `is_valid()`
- API/Class function available for adding ontological results to service results
v4.2.0.stable35
Core
- Scaler: add periodic health checks to services
Service Base
- Add a common library that performs OCR detection
- Add a script to perform service health checks
v4.2.0.stable34
Base
- Added support for AppID authentication in Azure's FileStore
- Added support for base directory in Azure's FileStore
v4.2.0.stable33
Base
- Use filestore path in replay's creator default config
Core
- Have replay's creator use a filestore object
v4.2.0.stable32
Base
- Add support for alert bundles
- Add tests for bundling
- Add ODM model for the replay configuration
- Added a field in Alert odm to tell if all workflows have ran for an alert
Core
- Added replay support (Start scan on a system and finish then on another keeping the same IDs)
- Set workflow completed alert flag as the last workflow step
- Reset workflow completed flag on alert update
- Use workflow completed flag in replay as a filter query
UI - API Server
- Add support for alert bundles
- Add support to rescan service when importing bundles
- Simplify boolean args in API calls so just setting the args without no values sets it to true
v4.2.0.stable31
Service Base
- Bug fix for service base when extracting sandbox artifacts
v4.2.0.stable30
Base
- Hotfix: Fix typing which can interfere with tests
- Allow dotdump() to handle string input
v4.2.0.stable3
Core
- Make updater threaded so it doesn't get killed when updating a lot of services at once
v4.2.0.stable29
Base
- Optimized database call for highly duplicated files
v4.2.0.stable28
Base
- Make sure supplementary files are included in bundles
- Change database code from a generic class to a Elastic specific class since we are already very locked into Elastic
- Remove dead database code
Service Base
- Make sure services always get a version
v4.2.0.stable27
Service Base
- Changed regex for HollowsHunter uploads
- Added bug fix for dynamic service helper if GUID was empty string
v4.2.0.stable26
Core
- Updater: Run services updates in Docker appliances as privileged
v4.2.0.stable25
Base
- Make the fix_shards function safer and with logging to prevent issues
UI - Frontend
- Stop trying to render sections with empty bodies
v4.2.0.stable24
Base
- Change encoding type to json for FlattenedObjects so we can get back their original value
UI - Frontend
- Hide safe heuristics when the submission score is not safe
v4.2.0.stable23
Core
- Better log output when skipping temporary submission data
v4.2.0.stable22
Base
- Added support for Mutli-typed result sections
- Added support for Ordered Key Value result sections
- Implant name and actor reported by Att&ck Matix should always be uppercased
- Sort heuristics and dedup them when generating summary
- Return result section where heuristics where found
- Added set operation to metrics factory
- Added save_queue length in dispatcher messages
- Add configurable maximum temporary data value size
Core
- Change in scaler logging about crashing containers
- Split out dispatcher results and submission save threads
- Export dispatcher save_queue length
- Add a way to stop the metrics from aggregating specific counters
- Enforce maximum temporary data value size in dispatcher and tasking client
Service Base
- Added support for Mutli-typed result sections
- Added support for Ordered Key Value result sections
- Added new type result section classes with their own methods to facilitate service development
- Protect heuristics and results internal variables by using properties
- Add a set_tags method to ResultSection class
- Fix Tag reducer compatibility to new more restrictive ResultSection class
- Fix dynamic service helper compatibility to new more restrictive ResultSection class
- Added .name and .description properties to heuristics
- Force KV and OrderedKV keys to string
- Add new result section types and classes to ResultSample service
UI - API Server
- Added support for Mutli-typed result sections
- Added support for Ordered Key Value result sections
- Make sure all JSON based result sections are load before returned from the API
- Return sections where heuristics are present when generating submission summary and report
UI - Frontend
- Display sections that have heuristics in the report
- Display sections that have heuristics in the submission detail
- Display sections that have heuristics at the top of the file detail view
- Hide heuristics, attack and tags in result section to make them more readable view toggle button to view them
- Add Context Menu to the result section to copy the section body to the clipboard or toggle heuristics, attack and tags
- Change favicon once a submission is completed
- Added support for Mutli-typed result sections
- Added support for Ordered Key Value result sections
- Added support for dispatcher save queue
v4.2.0.stable21
Core
- Scaler: Hotfix - allow privileged services access to the core network (Docker-Compose appliance)
v4.2.0.stable20
Core
- Hotfix: Fix bug related to running privileged services in Docker-Compose appliance
v4.2.0.stable2
Core
- Small fix on how dispatcher handles timeouts
- Change how dispatcher handles shutdown so we have the ability to let it finish it's tasks
Service Base
- Properly fix threadpool error during shutdown for privileged services
v4.2.0.stable19
Core
- Updater: update default SERVICE_API_HOST to reflect changes made to the Docker-Compose appliance
v4.2.0.stable18
Service Base
- Hotfix: use os.makedirs() instead of os.mkdir() when creating the 'latest_updates' directory nested under UPDATER_DIR
v4.2.0.stable17
Core
- Scaler: Fix to allow PVCs to be assigned to service and dependency deployments
Service Base
- Updater: Allow directories to be viable candidates for match patterns
- Updater: Setup ability for downloading updates and storing offline and maintain persistence without using datastore
v4.2.0.stable16
UI / API
- add_service: Change conditions in API to allow assigning global configurations if manifest data doesn't contain "$SERVICE_TAG" for dynamic image assignment
v4.2.0.stable15
Service Base
- Hotfix: fix ignore_ssl_error for Git clones
v4.2.0.stable14
Frontend
- Small last minute tweaks to latest alert perspective changes
v4.2.0.stable13
UI
- Fix alternate result picking
v4.2.0.stable12
Base
- Added UI configuration to set which metadata fields names will be used to find urls and subject in the alert view
- Added UI configuration to set which metadata fields are important when displaying alerts
- Stop decoding cart files that have al.type metadata set
Core
- Share Redis connection pool to limit the amount of connections to Redis
Service Server
- Share Redis connection pool to limit the amount of connections to Redis
Service Base
- Share Redis connection pool to limit the amount of connections to Redis
UI - API server
- Return UI alert's metadata configuration block in the whoami API
Frontend
- Fix issues in the alerting perspective
- Add extended scan status to the alert list items
- Added Tooltip for domain, ip, av in the alert list items
- Added ingestion type to the alert list items
- Show the email subject or source url in the alert list items
- Make alert detail view more compact
- Hide un-important metadata form the alert detail view
v4.2.0.stable11
Core
- Scaler: Log warnings if containers begin to restart more than once, may be indicative of issues that can be corrected (ie. OOMKilled)
- Scaler: Add configurable environment variable to control container restart threshold before warning
v4.2.0.stable10
Core
- Updater: Pre-filter for compatible tags before looking for latest candidate
v4.2.0.stable1
Base
- Catch ConnectionResetError exceptions to Redis and try to re-establish a connection
- Added a function to return a predictable list of tuples recursively from a dictionary
- Added a function to return a predictable hash for a dictionary
Core
- Use predictable list of tuple function to determine if service configuration changed
Service Base
- Trap threadpool error during shutdown for privileged services