Added badlist feature
v4.4.0.stable82
Configuration
- Use `DATASTORE_VERIFY_CERTS` env to configure certificate verification for datastore connections (optional)
Bugfixes
- Badlist tag searches: Use key space chunks to handle cases where we're looking for more than 10000 tags at a time
v4.4.0.stable80
**Hotfix**
- Fix processing chance display and calculation
v4.4.0.stable79
**New Badlist feature**
Assemblyline Elastic cluster now has a Badlist index coupled with a Badlist service which allow you to mark tags and hashes as bad so they are always detected as malicious. In a near future, NetRep's list of bad URLs will be dumped in the badlist.
**Improvements/Fixes**
- Allow facetting on multiple fields at the same time
- Hide results of turned off features
- Fix Datastore retries on stream search queries
- Fix crash in url service auto-selection for URL submissions
- Fix file frequency does not update when switching language
v4.4.0.stable78
Add the ability to auto-select service during URL submission. This, by default, will auto-select the URLDownloader service when a URL submission is done in the UI.
v4.4.0.stable77
Bugfix
- Ensure there is no filestore connection during service registration/update
_Note: This will be accompanied by a rebuild of all services to include this patch_
v4.4.0.stable76
- Fix submission with URL ending in "/"
v4.4.0.stable75
- Better expiry handling for empty results
- Adding role and option to delete a specific file without discarding the results
- Change the UI to create a URI file instead of fetching the payload directly
v4.4.0.stable74
- Improve expiry heartbeats
- Fix Bi-Directional control chars in the frontend file tree
v4.4.0.stable73
Update code and testing for Elasticsearch 8 compatibility
**NOTE**: This release is paired with complementary changes to the Helm chart which will update existing Elasticsearch instances to version `8.10.2`. Please review the [migration notes](https://cybercentrecanada.github.io/assemblyline4_docs/installation/configuration/kubernetes/upgrading_elastic/) before proceeding with your next `helm upgrade`. For Docker appliances, there should be minimal to no impact but we advise reviewing the changes [here](https://github.com/CybercentreCanada/assemblyline-docker-compose/commit/296e41dbb1b6e68ebfc1c3776a2a2e7cb34294af)
v4.4.0.stable71
Improvements
- Indentification tweaks: `code/ps1`, `code/javascript`, `code/python`, `code/java`
- Kubernetes-only: Add configuration to Scaler to enable/disable listing pods in other namespaces (`config.scaler.cluster_pod_list`)
- Kubernetes-only: Add configuration to helm chart to configure services accounts for core components and (un)privileged services (`coreServiceAccountName`, `privilegedServiceAccountName`, `unprivilegedServiceAccountName`)
- This deprecates usage of the `config.services.service_account` configuration
- Make Alerter and the operations it performs with regards to alerts more thread safe
Additions
- Model field deprecations to auto-generated documentation
- This is used to deprecate fields in a model and provide alternative guidance, if any.
- This will also generate warning logs to encourage migration away from deprecated field usage
- Identification: `pgp/(privkey|pubkey|encrypted)`, `pgp/symmetric`, `video/asf`, `uri/*`, `code/au3`
- [Post-analysis enrichment using external sources](https://cybercentrecanada.github.io/assemblyline4_docs/installation/configuration/plugins/)
- Display file's classification in "File Identification"
- URI tasking objects
- Similar to files, this is an object that can be tasked to a service for analysis
- This provides a more direct means of analyzing a URI