Synapse

=====================

Automatic Migrations
--------------------
- Update any extended model elements which used the ``taxonomy`` interface
to now use the ``meta:taxonomy`` interface.
(`3334 <https://github.com/vertexproject/synapse/pull/3334>`_)
- See :ref:`datamigration` for more information about automatic migrations.

Features and Enhancements
-------------------------
- Add support for lifting, pivoting, and filtering using wildcards, lists,
variables, and interfaces as form and property names.
(`3334 <https://github.com/vertexproject/synapse/pull/3334>`_)
- Migrate the name of the ``taxonomy`` interface to ``meta:taxonomy``.
(`3334 <https://github.com/vertexproject/synapse/pull/3334>`_)
- Update the pinned version of the ``lark`` library to ``1.1.9`` for
compatibility with Python 3.11.7.
(`3488 <https://github.com/vertexproject/synapse/pull/3488>`_)

Bugfixes
--------
- Prevent re-adding extended model elements in Nexus handlers.
(`3486 <https://github.com/vertexproject/synapse/pull/3486>`_)
- Add missing permissions checks on the ``$lib.axon.urlfile()`` API. This now
requires the ``node.add.file:bytes`` and ``node.add.inet:urlfile``
permissions.
(`3490 <https://github.com/vertexproject/synapse/pull/3490>`_)
- Fix the permission checking for Vaults to check the Storm runtime ``asroot``
status.
(`3492 <https://github.com/vertexproject/synapse/pull/3492>`_)
- Fix an issue with ``$lib.stix.import.ingest()`` not converting ``bundle``
to a dictionary.
(`3495 <https://github.com/vertexproject/synapse/pull/3495>`_)

Improved Documentation
----------------------
- Add documentation for the ``reverse`` keyword.
(`3487 <https://github.com/vertexproject/synapse/pull/3487>`_)
- Clarify the use of the "try" operator ( ``+?`` ) in edit operations.
(`3482 <https://github.com/vertexproject/synapse/pull/3482>`_)
(`3487 <https://github.com/vertexproject/synapse/pull/3487>`_)
- Update Storm lift documentation to add additional examples and clarify
existing documentation.
(`3487 <https://github.com/vertexproject/synapse/pull/3487>`_)
- Update Storm data modification documentation to add additional examples and
clarify existing documentation.
(`3482 <https://github.com/vertexproject/synapse/pull/3482>`_)

=====================

Features and Enhancements
-------------------------
- Update the allowed versions of the``fastjsonschema``, ``idna``, ``pygments``,
and ``aiosmtplib`` libraries.
(`3478 <https://github.com/vertexproject/synapse/pull/3478>`_)

Bugfixes
--------
- Fix a bug where the ``role:add`` and ``user:add`` Nexus handlers could raise
an exception when being called by a service mirror.
(`3483 <https://github.com/vertexproject/synapse/pull/3483>`_)

Improved Documentation
----------------------
- Update the Storm command reference guide.
(`3481 <https://github.com/vertexproject/synapse/pull/3481>`_)
- Update the Synapse glossary.
(`3481 <https://github.com/vertexproject/synapse/pull/3481>`_)

=====================

Features and Enhancements
-------------------------
- Added vaults feature for storing and sharing secret values (such as API
keys) and associated configuration settings. Vaults can be shared with and
used by another user without them being able to see the enclosed secret
values.
(`3319 <https://github.com/vertexproject/synapse/pull/3319>`_)
(`3461 <https://github.com/vertexproject/synapse/pull/3461>`_)
- Added Storm commands to interact with vaults: ``vaults.*``.
(`3319 <https://github.com/vertexproject/synapse/pull/3319>`_)
- Added Storm library to interact with vaults: ``$lib.vaults.*``.
(`3319 <https://github.com/vertexproject/synapse/pull/3319>`_)
- Add merge request voting and history tracking for full View merges.
(`3466 <https://github.com/vertexproject/synapse/pull/3466>`_)
(`3473 <https://github.com/vertexproject/synapse/pull/3473>`_)
(`3475 <https://github.com/vertexproject/synapse/pull/3475>`_)
- Add service pooling support to AHA. This allows for dynamic service
topologies and distributed Telepath API calls.
(`3353 <https://github.com/vertexproject/synapse/pull/3353>`_)
(`3477 <https://github.com/vertexproject/synapse/pull/3477>`_)
- Add user managed API keys that can be used to access HTTP API endpoints.
(`3470 <https://github.com/vertexproject/synapse/pull/3470>`_)
- Added an ``--optsfile`` option to the Storm CLI tool. This can be used to
specify opts to the CLI tool via YAML. See :ref:`dev_storm_opts` for
details about available options.
(`3468 <https://github.com/vertexproject/synapse/pull/3468>`_)
- Cron status changes are now persisted through the Nexus.
(`3460 <https://github.com/vertexproject/synapse/pull/3460>`_)
- Add a ``show:storage`` option to the Storm runtime opts to include the
storage node data in the ``node`` message.
(`3471 <https://github.com/vertexproject/synapse/pull/3471>`_)

Bugfixes
--------
- Log a warning message when calling the Python ``User.pack(packroles=True)``
method when a user role is missing from the Auth subsystem. A missing
role previously caused an ``AttributeError`` exception.
(`3469 <https://github.com/vertexproject/synapse/pull/3469>`_)
- Ensure the Nexus ``view:detach`` event is idempotent.
(`3474 <https://github.com/vertexproject/synapse/pull/3474>`_)
- Fix an issue where Storm subqueries containing non-runtsafe values could
potentially not execute.
(`3443 <https://github.com/vertexproject/synapse/pull/3443>`_)

=====================

Model Changes
-------------
- Updates to the ``infotech``, ``ou``, and ``risk`` models.
(`3436 <https://github.com/vertexproject/synapse/pull/3436>`_)
(`3438 <https://github.com/vertexproject/synapse/pull/3438>`_)
(`3446 <https://github.com/vertexproject/synapse/pull/3447>`_)
(`3447 <https://github.com/vertexproject/synapse/pull/3447>`_)

**New Properties**

``it:av:scan:result``
The form had the following properties added to it:

``target:ipv4``
The IPv4 address that was scanned to produce the result.

``target:ipv6``
The IPv6 address that was scanned to produce the result.

``ou:campaign``
The form had the following property added to it:

``mitre:attack:campaign``
A mapping to a Mitre ATT&CK campaign if applicable.

``risk:vuln``
The form had the following property added to it:

``id``
An identifier for the vulnerability.

**New Forms**

``it:mitre:attack:campaign``
A Mitre ATT&CK Campaign ID.

``risk:technique:masquerade``
Represents the assessment that a node is designed to resemble another
in order to mislead.

**Updated Types**

``it:os:windows:sid``
The regular expression used to validate the SID has been updated
to allow modeling well-known SID values.

Features and Enhancements
-------------------------
- Add an ``empty`` keyword to Storm to conditionally execute queries when
there are no nodes in the pipeline.
(`3434 <https://github.com/vertexproject/synapse/pull/3434>`_)
- Add Storm APIs for getting property counts for a given ``layer`` or
``view.``. These APIs are ``getPropCount()``, ``getPropArrayCount()``,
``getTagPropCount()``.
(`3435 <https://github.com/vertexproject/synapse/pull/3435>`_)
- Add a new permission, ``view.fork``, which can be used to control access
for forking a view. This permission defaults to being allowed.
(`3437 <https://github.com/vertexproject/synapse/pull/3437>`_)
- Add Storm operators to allow pivoting and joining across light edges. The
following examples show pivoting across ``refs`` edges and joining the
destination nodes with the inbound nodes: ``-(refs)+>`` and ``<+(refs)-``.
(`3441 <https://github.com/vertexproject/synapse/pull/3441>`_)
- Add Storm operators to do pivot out and join ( ``--+>`` ) and pivot in
and join ( ``<+--``) operations across light edges.
(`3441 <https://github.com/vertexproject/synapse/pull/3441>`_)
(`3442 <https://github.com/vertexproject/synapse/pull/3442>`_)
- Storm subqueries used to assign a value now always run.
(`3445 <https://github.com/vertexproject/synapse/pull/3445>`_)
- Non-runtsafe ``try...catch`` blocks in Storm now run when there are no
inbound nodes.
(`3445 <https://github.com/vertexproject/synapse/pull/3445>`_)
- The Storm API ``$lib.storm.eval()`` now logs its ``text`` argument to the
``synapse.storm`` logger.
(`3448 <https://github.com/vertexproject/synapse/pull/3448>`_)
- Add a ``--by-name`` argument to the Storm ``stats.countby`` command. This
can be used to sort the results by name instead of count.
(`3450 <https://github.com/vertexproject/synapse/pull/3450>`_)
- Add a new Storm API ``$lib.gis.bbox()`` to allow computing geospatial
bounding boxes.
(`3455 <https://github.com/vertexproject/synapse/pull/3455>`_)

Bugfixes
--------
- Prevent recursion errors in ``inet:fqdn`` onset handlers.
(`3433 <https://github.com/vertexproject/synapse/pull/3433>`_)
- When dereferencing a list or dictionary object off of a Node in Storm, the
returned value is now a copy of the value. This avoids the situation where
modifying the deferenced value appeared to alter the node but did not
actually result in any edits to the underlying data.
(`3439 <https://github.com/vertexproject/synapse/pull/3439>`_)
- Add a missing sub-query example to Storm ``for`` loop documentation.
(`3451 <https://github.com/vertexproject/synapse/pull/3451>`_)
- Fix an issue where attempting to norm an IPv4 with an invalid netmask
would raise a Python error.
(`3459 <https://github.com/vertexproject/synapse/pull/3459>`_)

Deprecations
------------
- Deprecated Cortex and splice related APIs which were marked for removal
after 2023-10-01 have been removed. The list of these APIs can be found
at :ref:`changelog-depr-20231001`. These additional splice related changes
have also been made:

The HTTP API ``/api/v1/storm`` now sets the default ``editformat`` opt
value to ``nodeedits``. Previously this API produced splice changes by
default.

The ``synapse.tools.cmdr`` ``storm`` command no longer displays splices.

The ``synapse.tools.cmdr`` ``log`` command no longer records splices.

The ``synapse.tools.csvtool`` tool no longer records or displays splices.

The ``synapse.tools.feed`` tool no longer supports splices or nodeedits as
input and the splice documentation example has been removed.

(`3449 <https://github.com/vertexproject/synapse/pull/3449>`_)
- The deprecated function ``synapse.common.aclosing()`` has been removed.
(`3449 <https://github.com/vertexproject/synapse/pull/3449>`_)
- Provisioning a Synapse service with AHA now always updates the local CA
certificate and generates new host and user certificates for the service.
Previously these would not be regenerated if the CA or service names did
not change.
(`3457 <https://github.com/vertexproject/synapse/pull/3457>`_)

=====================

Model Changes
-------------
- Updates to the ``infotech``, ``proj``, and ``risk`` models.
(`3422 <https://github.com/vertexproject/synapse/pull/3422>`_)

**New Properties**

``proj:ticket``
The form had the following property added to it:

``ext:assignee``
Ticket assignee contact information from an external system.

``risk:alert``
The form had the following property added to it:

``severity``
A severity rank for the alert.

``it:exec:query``
The form had the following property added to it:

``offset``
The offset of the last record consumed from the query.

**New Forms**

``it:av:scan:result``
The result of running an antivirus scanner.

**Updated Properties**

``risk:alert``
The form had the following properties updated on it:

``priority``
The type of this property has been changed from an ``int`` to
``meta:priority``.

``risk:attack``
The form had the following properties updated on it:

``severity``
The type of this property has been changed from an ``int`` to
``meta:severity``.

``risk:compromise``
The form had the following properties updated on it:

``severity``
The type of this property has been changed from an ``int`` to
``meta:severity``.

**Deprecated Forms**

The following forms have been marked as deprecated:

``it:av:sig``
Please use ``it:av:scan:result``.

``it:av:filehit``
Please use ``it:av:scan:result``.

``it:av:prochit``
Please use ``it:av:scan:result``.

Features and Enhancements
-------------------------
- Add a ``detach()`` method to the Storm ``view`` object. This will detach a
forked View from its parent.
(`3423 <https://github.com/vertexproject/synapse/pull/3423>`_)
- Change the method used to generate the ``took`` value in the Storm ``fini``
message to use a monotonic clock.
(`3425 <https://github.com/vertexproject/synapse/pull/3425>`_)
- Performing an invalid "pivot in" operation with a form target
(``<- some:form``) now raises a ``StormRuntimeError`` instead of silently
doing nothing.
(`3426 <https://github.com/vertexproject/synapse/pull/3426>`_)
- Allow relative properties on the right hand side of a filter operation
when using Storm expression syntax.
(`3424 <https://github.com/vertexproject/synapse/pull/3424>`_)
- Add an ``/api/v1/logout`` method on the Cell to allow HTTPS users to logout
of their sessions.
(`3430 <https://github.com/vertexproject/synapse/pull/3430>`_)
- Allow taxonomy prefix lift and filter operations to work with taxon parts.
(`3429 <https://github.com/vertexproject/synapse/pull/3429>`_)
- Update the allowed versions of the ``cbor2``, ``pycryptodome``,
``pygments``, ``vcrpy``, and ``xxhash`` libraries. Update the pinned version
of the ``lark`` library.
(`3418 <https://github.com/vertexproject/synapse/pull/3418>`_)

Bugfixes
--------
- Fix a performance regression in graph projection for computing large graphs
in Storm.
(`3375 <https://github.com/vertexproject/synapse/pull/3375>`_)
- Fix a conflict between Storm ``$lib.inet.http`` functions and ``vcrpy``
where ``json`` and ``data`` args shouldn't be passed together.
(`3428 <https://github.com/vertexproject/synapse/pull/3428>`_)

Improved Documentation
----------------------
- Fix an error in the Cortex mirror deployment guide. The example
``docker-compose.yaml`` was missing the environment variables for
``SYN_CORTEX_AXON`` and ``SYN_CORTEX_JSONSTOR``.
(`3430 <https://github.com/vertexproject/synapse/pull/3430>`_)

=====================

This release is for updating the version of the ``cryptography`` package in
Synapse containers to ``41.0.5``.