- links to Black Hat 2022 website, recording, and demo/lab - Kestrel logo in PNG - link to the Kestrel binder service blog post
Fixed -----
- consistent stix-shifter and connector versions
Changed -------
- lowercase grammar strings
1.4.1
==================
Added -----
- multi-user cache folder support in debug mode 236 - ppid used in process identification (post-prefetch) 238 - process identification upgraded to a two-step approach - fine-grained process identification time offsets - per entity type prefetch config support 241 - support for automatically converting input files to STIX in stixbundle interface
Fixed -----
- prefetch when parent_ref not in process table - false positives in generic relation resolution - second execution of a failed query should raise exception - master runtime directory test case fix - ``~`` support in config file path (env var)
1.4.0
==================
Fixed -----
- Fix NameError: name 'DataSourceError' is not defined - Pass stix-shifter profile options into translation 230
Added -----
- Relative timespans instead of START/STOP 181 - e.g. ``LAST 5 MINUTES`` - Group by "binned" (or "bucketed") attributes - e.g. GROUP foo BY BIN(first_observed, 5m)
Changed -------
- bump min Python version to 3.7 - update OCA slack invitation link
1.3.4
==================
Fixed -----
- broken /tmp/kestrel symbol link will crash a new session - double close (double release resources) with context manager and aexit - AttributeError with timestamped grouped variable 224 - subsequent GET would return no results 228
Added -----
- documentation on macOS debug folder path - interface figure updated with new planned interfaces - dynamically load stix-shifter YAML profiles 227 - new exception: MissingEntityAttribute - unit test: disp timestamped group by
Changed -------
- codecov GitHub App enabled instead of codecov-bot - stixshifter interface module ``connector`` split from ``interface``.
1.3.3
==================
Fixed -----
- Jupyter kernel crashing upon restart
1.3.2
==================
Added -----
- runtime warning generation for invalid entity type 200 - auto-complete relation in FIND - auto-complete BY and variable in FIND - add logo to readthedocs - upgrade auto-complete keywords to be case sensitive 213 - add testing coverage into github workflows - add codecov badge to README - 31 unit tests for auto-completion - the first unit test for JOIN - two unit tests for ASSIGN - five unit tests for EXPRESSION - use tmp dir for generated testing data - auto-deref with mixed ipv4/ipv6 in network-traffic
Fixed -----
- missing ``_refs`` handling for 2 cases out of 4 205 - incorrectly derefering attributes after GROUP BY - incorrectly yielding variable when auto-completing relation in FIND - pylint errors about undefined-variables
Changed -------
- update grammar to separate commands yielding (or not) a variable - change FUNCNAME from a terminal to an inlined rule - differentiate the terminal "by"i between FIND and SORT/GROUP