Releases: google/timesketch
Releases · google/timesketch
20230913
What's Changed
- [Analyzers] Spelling errors by @jaegeral in #2860
- correct paramters in cli attributes method by @jaegeral in #2863
- Update troubleshooting.md by @jaegeral in #2866
- adding timeline info to the tsctl by @jaegeral in #2870
- Feature extraction for TI data in "Windows-Bits-Client" events by @jkppr in #2873
- Update Date chip to support milliseconds by @sydp in #2867
- Allow API port to listen on localhost by @tomchop in #2875
- Loading indicator active analyzers by @Annoraaq in #2855
- OpenSearch 2.x support by @berggren in #2876
- ui build 20230831 by @jkppr in #2878
- Bump cryptography from 41.0.2 to 41.0.3 by @dependabot in #2858
- Add TTY check for providing missing config values by @ramo-j in #2850
- Don't exit with error if user chooses not to start timesketch by @pemontto in #2857
- Export query result to CSV by @berggren in #2882
- Run analyzers only once per timeline by @jkppr in #2883
- Support overriding/extending Plaso formatter definitions by @berggren in #2881
- New UI build (automated) by @berggren in #2884
- Tag list refactor & bug fixes by @jkppr in #2886
- Event attribute include / exclude filters by @jkppr in #2888
- refactor verbose analyzer output by @jkppr in #2885
- Analyzer Output UI update by @jkppr in #2887
- Adding tag filter chips to sigma rules by @jkppr in #2890
- Search History graph cleanup by @berggren in #2891
- UI build 20230913 by @jkppr in #2892
Full Changelog: 2023072...2023091
Contributors
berggren, jaegeral, and 7 other contributors
Assets 2
20230721
What's Changed
- fixes #2809 UI bug by @jkppr in #2810
- Timeline and Scenarios fixes + small UI fixes by @berggren in #2808
- Show selected event in context view by @berggren in #2811
- Consitent forms and cleaned up XML viewer by @berggren in #2812
- Remove ports from e2e-tests by @berggren in #2816
- Update Account Finder Analyzer by @jkppr in #2803
- Delete sketch and list archived sketches by @berggren in #2817
- Add json and tab output to CLI client by @jaegeral in #2818
- [CLI] Add
output-formatas cli wide argument by @jaegeral in #2819 - Update hashR analyzer by @jkppr in #2820
- [CLI] refactor to use central output-format by @jaegeral in #2821
- Support OpenSearch queries in DFIQ by @berggren in #2822
- Add Windows Lateral Movement DFIQ scenario by @berggren in #2823
- Adding hashR user documentation by @jkppr in #2824
- New UI build by @berggren in #2828
- Update tsdev.sh to add creation of api client and cli client by @jaegeral in #2830
- fix mkdocs warnings by @jkppr in #2832
- fix docs formatting by @jkppr in #2833
- Add a test case for conditions with multiple words in a Sigma rule by @jaegeral in #2835
- Always set active timelines by @berggren in #2838
- Preserve user defined filters by @berggren in #2840
- Support event list sorting (asc/desc) by @berggren in #2843
- Rework comments by @jkppr in #2845
- Upgrade to PyYAML 6.0.1 and NodeJS 18 by @berggren in #2853
- Bump cryptography from 41.0.0 to 41.0.2 by @dependabot in #2844
- Documentation updates for analyzers by @jkppr in #2851
- Add timesketch analyze results to the CLI client by @jaegeral in #2846
- Manage sketch attributes in the CLI client by @jaegeral in #2841
- New UI build and update version numbers by @berggren in #2854
Full Changelog: 2023062...2023072
Contributors
berggren, jaegeral, and 2 other contributors
Assets 2
20230628
What's Changed
- Update changelog by @berggren in #2768
- Scenarios model refactor by @berggren in #2672
- Ssh bruteforce analyzer by @roshanmaskey in #2769
- Add missing dependency for e2e container by @berggren in #2783
- 🐛 Handle None response from ip2geo by @pemontto in #2770
- Fix #2784 - pandas.read_csv arguments by @jkppr in #2785
- Add tzdata to all container builds by @berggren in #2788
- Fix for #2738 - Analyzer not in AnalyzerList by @jkppr in #2786
- Fixing #2393 - analysis of broken timelines by @jkppr in #2787
- Helm k8s by @wajihyassine in #2661
- Enable settings from environment (needs Flask 2.1+) by @bpereto in #2417
- Add 🐀 emoji for remote access tools by @pemontto in #2779
- Switch to Compose V2 by @koromodako in #2654
- Return user defined aggregation name when using the API client by @sydp in #2507
- Bump cryptography from 39.0.1 to 41.0.0 by @dependabot in #2778
- Bump pyjwt from 1.7.1 to 2.4.0 by @dependabot in #2192
- Update Helm README to refer to OSDFIR Infrastructure by @wajihyassine in #2790
- DFIQ support by @berggren in #2782
- Fix for importing small JSONL files by @berggren in #2793
- Restyle timeline chips by @Annoraaq in #2777
- Windows bruteforce analyzer by @roshanmaskey in #2792
- Automate verbose analyzer output metadata collection by @jkppr in #2798
- Update the event tags UI by @jkppr in #2805
- UI support for verbose analyzer output by @jkppr in #2797
- New UI build (automated) by @berggren in #2806
New Contributors
- @bpereto made their first contribution in #2417
- @koromodako made their first contribution in #2654
Full Changelog: 2023052...2023062
Contributors
berggren, pemontto, and 8 other contributors
Assets 2
20230526
Version 20230526
What's Changed
- Minor fixes/updates for AggregateDialog by @sydp in #2726
- Implicit String Fix by @LX5321 in #2650
- 🐛 Fix invalid sigma YAML by @pemontto in #2757
- Ensure that upload path is valid by @berggren in #2763
- Update to Flask 2.3.x and dependencies by @berggren in #2764
- New UI build (auto generated) by @berggren in #2767
New Contributors
Full Changelog: 2023051...2023052
Contributors
berggren, pemontto, and 2 other contributors
Assets 2
20230518
Timesketch release 20230518
What's Changed
- Added provider/context for uploads in the importer by @kiddinn in #1640
- Added provider/context to the CLI importer tool. by @kiddinn in #1644
- Added data source DB model by @berggren in #1642
- [API] introduce text --> sigma rule by @jaegeral in #1511
- Replace use of the csv library by pandas built-ins for data ingestion by @rayanht in #1534
- Added a Timesketch CLI client by @berggren in #1414
- Fixed couple of bugs in the sigma API and API Client by @jaegeral in #1646
- Docker: e2e / dev Sigma directory was not created before by @jaegeral in #1650
- Add the ability to use elasticsearch with SSL but without username/password authentication. by @alexgoedeke in #1645
- Mention end2end tests in dev guide by @jaegeral in #1651
- Another round of minor checks where unittests did not reflect the reality by @jaegeral in #1647
- fixing some lint issues in the the e2e Docker readme file by @jaegeral in #1653
- Bump sigmatools pypi version up by @jaegeral in #1633
- Added search templates to API and API client by @kiddinn in #1643
- Forgot to include the
searchtemplate.pyfile in the last PR by @kiddinn in #1655 - Prometheus metric collection by @berggren in #1611
- Update 2021_timesketch_summit.md by @jaegeral in #1658
- Add external talk to the agenda by @jaegeral in #1660
- Fixed limitations in file size in the data source model. by @kiddinn in #1662
- Cleaned up some of the API code. by @kiddinn in #1657
- Made slight changes to the API client and REST API. by @kiddinn in #1664
- Update marked library by @berggren in #1668
- Remove reg form and update agenda by @jaegeral in #1672
- Added several enhancements to the importer and importer tasks. by @kiddinn in #1667
- Update 2021_timesketch_summit.md by @jaegeral in #1675
- Fixed a bug in data ingestion by @kiddinn in #1674
- Changed how we fill in NAN values while ingesting CSV files. by @kiddinn in #1676
- Update installation/upgrading docs by @berggren in #1678
- Added instructions on how to install a notebook container by @kiddinn in #1681
- Minor bug fixes to the API client by @kiddinn in #1686
- Added a new documentation site by @berggren in #1680
- Added a PR template. by @kiddinn in #1688
- Moved the PR template to a file instead of a folder. by @kiddinn in #1689
- Fixed few bugs in the API and alpha sorted saved searches by @kiddinn in #1691
- Fix broken links in README.md by @stevengoossensB in #1696
- [Tiny fix] Updated link for Docker installation process by @toshiro92 in #1702
- Update sigma.md by @jaegeral in #1705
- Changed how import errors are presented as well as ability to change passwords for the current user. by @kiddinn in #1700
- Changed how ES object is created to support auth without ssl, as well as minor bug fix in analyzer selection. by @kiddinn in #1710
- Changed upload behavior when appending to an already existing timeline by @kiddinn in #1712
- Use DataSource error message and UI cleanup by @berggren in #1713
- UI: Quick typo fix, and change provider string from the importer library by @berggren in #1714
- UI: Remove old error field by @berggren in #1719
- Always uniq index lists by @berggren in #1718
- Added upper memory limits to psort. by @kiddinn in #1722
- Allow other OIDC providers for authentication by @asmirazali in #1717
- Update developer-guide.md by @jaegeral in #1725
- UI: Fixing a bug in the Interval time filters by @binglot in #1598
- Moved the Notebook.md to learn/notebook.md to correspond to where the docs point to it. by @kiddinn in #1732
- Removed index analyzers and changed API/import client. by @kiddinn in #1723
- introduce tags in the sample rule and add tags from the rule to the s… by @jaegeral in #1735
- Add Get Timesketch client object into dev/notebook snippet by @jaegeral in #1737
- Set timeline ID in the GCS importer by @berggren in #1738
- fix the bug by @jaegeral in #1741
- Introduce os filsystem in sigma mapping by @jaegeral in #1734
- Sigma api e2e by @jaegeral in #1730
- Timeline name is not an optional field, changed text to avoid confusion by @itsmvd in #1747
- Added the ability to ingest data ingested by other means than through Timesketch backend by @kiddinn in #1383
- Prevent users from uploading unsupported file formats by @itsmvd in #1751
- Added generic mappings for CSV/JSON ingestion by @lprat in #1753
- Changed how duplicate attributes are displayed when adding manual eve… by @warrinot in #1758
- Bugfix: Error messages not showing in the UI by @berggren in #1765
- Search history by @berggren in #1757
- Refactor frontend by @berggren in #1746
- refactor and bugfix by @berggren in #1769
- Add metrics to SearchHistory actions by @berggren in #1770
- Bugfix: Navigation error by @berggren in #1771
- Bugfix: Ensure correct root history node is fetched by @berggren in #1773
- Change default search operator by @berggren in #1775
- Bugfix: Navigation links by @berggren in #1778
- Fixed some links pointing to non-existing docs by @warrinot in #1776
- Bugfix: Not able to star events by @berggren in #1784
- Changed how sketch attributes are stored and read from datastore. by @kiddinn in #1789
- Broken link in getting started by @jordanrule in #1788
- Fixed a minor issue in the attribute REST API. by @kiddinn in #1790
- Changed how sketch attributes are handled. by @kiddinn in #1792
- UI: Expose sketch attributes by @tomchop in #1793
- Fix broken attribute count in navbar by @tomchop in #1795
- UI: Use prettier formatter consistently by @berggren in #1798
- UI: Expose sketch attributes through a dynamic table display component by @tomchop in #1796
- Added regular expressions into the tagging analyzer to provide more flexibility. by @kiddinn in #1768
- Add Youtube Channel and Twitter account to docs by @jaegeral in #1802
- Fix typo: encourage by @nagytam in #1799
- Updated Sigma tagging, few improvements by @jaegeral in #1766
- Added a data analyzer by @kiddinn in #1791
- Sigma verify tool improv by @jaegeral in #1804
- Added a small logger statement in the importer client. by @kiddinn in #1806
- Add additional regexes to extract IP addresses from sshd messages by @itsmvd in #1809
- Update developer guide by @tomchop in #1808
- Change default font by @berggren in https://github.com...
Contributors
gaelmuller, hkhalifa, and 48 other contributors
Assets 2
20210224
Release 20210224
What's Changed
- Various updates to the API Client by @kiddinn in #1542
- Update SearchQueryGuide views by @jaegeral in #1550
- Fix remove_timeline_label() permission check by @rgayon in #1544
- Changes to dpkg configuration for release by @joachimmetz in #1546
- Adding additional sleep to e2e tests. by @kiddinn in #1551
- Move stories to metadata by @berggren in #1552
- Bugfix: Handle system generated stories by @berggren in #1553
- Update Axios package by @berggren in #1554
- Misc UI fixes by @berggren in #1555
- Timesketch summit 2021 by @jaegeral in #1557
- Changes to API and API client by @kiddinn in #1562
- Added new IP address related feature extractors by @itsmvd in #1563
- Minor API client changes by @kiddinn in #1566
- First phase of new way of storing data in TS. by @kiddinn in #1565
- corrects README doc link to Sigma by @ghchinoy in #1571
- hyphen error in readme by @neilgoyal in #1572
- New storage - UI fix [phase one] by @berggren in #1573
- Adding datetime limits on the aggregation bucket. by @kiddinn in #1568
- Changing __timeline_id to __ts_timeline_id and fixing build_query by @kiddinn in #1574
- Adding the ability to check whether a given index has __timeline_id in it. by @kiddinn in #1569
- New build and DSL bugfix by @berggren in #1575
- New storage - UI fix for counting documents by @berggren in #1576
- UI: Dedicated analysis tab by @berggren in #1577
- Simplified regex for IPv4 features by @itsmvd in #1581
- Small bugfix in SSH features regex by @itsmvd in #1582
- UI: Timeline tab and removing ability to add old indices to sketches by @berggren in #1583
- UI: Move aggregations to its own tab by @berggren in #1584
- Bugfix: Wrong query count for new style timelines by @berggren in #1585
- Index Change: Changed plaso file ingestion, added query_dsl support and analyzer support by @kiddinn in #1578
- UI: Set status on timeline by @berggren in #1587
- UI: Add loading spinner while searching by @berggren in #1589
- Adding timeline supports into aggregations. by @kiddinn in #1588
- Updated e2e tests after plaso change and the run_plaso task to match and added timeline_id support to graphs by @kiddinn in #1590
- UI: Support index and time range filters in aggregations by @berggren in #1592
- Moved docker configs to the dev GIFT PPA by @kiddinn in #1595
- Deprecated the option to import timelines in tsctl. by @kiddinn in #1594
- Fixed a minor issue with Docker files by @kiddinn in #1599
- UI: Shifted filter buttons & added button titles by @binglot in #1597
- Fixed #1600 by adding mappings to deployment script. by @kiddinn in #1601
- Bump cryptography from 3.3.1 to 3.3.2 by @dependabot in #1604
- Extract IP address from RdpCoreTS event logs by @itsmvd in #1605
- Upgraded the importer version by @kiddinn in #1606
- Add .venv to .gitignore by @jaegeral in #1608
- Set correct timeline for analysis pipeline by @berggren in #1613
- UI: Fix missing timeline color by @berggren in #1612
- UI: Cleanup formatting by @berggren in #1614
- Fixed few issues: large text file imports, aggregations failing and upgrading PPA in docker files by @kiddinn in #1610
- Add ESLint GH action by @berggren in #1616
- Fixed issues with running analyzers in API client. by @kiddinn in #1623
- Minor bug fixes. by @kiddinn in #1625
- UI: Fix wrong timeline id in aggregations by @berggren in #1624
- Issue when removing timeline with a shared index by @kiddinn in #1626
- Added more error handling into the API, as well as retry to flushing events queue. by @kiddinn in #1627
- adding concepts and API dev guide by @jaegeral in #1618
- Increased timeout value for bulk inserts by default, also made it configurable. by @kiddinn in #1628
- Update docker-compose.yml by @berggren in #1631
- Update ES version for release docker by @berggren in #1632
- Update pylint by @berggren in #1635
- Pinned pylint version by @kiddinn in #1636
- Pinned astroid to version 2.4.0 in linter action by @kiddinn in #1637
- Spelling in some files comments by @jaegeral in #1634
- Release 20210224 by @berggren in #1638
New Contributors
- @ghchinoy made their first contribution in #1571
- @neilgoyal made their first contribution in #1572
Full Changelog: 2020122...2021022
Contributors
berggren, ghchinoy, and 8 other contributors
Assets 2
20201229
Release 20201229
What's Changed
- Minor change to fix error reporting in the API client. by @kiddinn in #1188
- Adding a config and a crypto module to the API client. by @kiddinn in #1189
- Adding a helper function into the config assistant to fill in missing details by @kiddinn in #1192
- Changed the
get_clienthelper function inside the config library (API client) by @kiddinn in #1193 - Remove $ from the README.md by @jaegeral in #1196
- Splitting credentials out of crypto storage module in API client. by @kiddinn in #1194
- Refactor Docker for Development and e2e tests by @berggren in #1207
- add support for FireEye HX .mans files by @garanews in #1205
- Added missing tabulate dependency to dpkg files by @joachimmetz in #1212
- Updated installation instructions by @joachimmetz in #1209
- Adding HTML export to stories by @kiddinn in #1208
- Remove old UI code by @berggren in #1216
- Changed setup.py to not use pip internal-only API by @joachimmetz in #1224
- Additional changes to setup.py to support older versions of setuptools by @joachimmetz in #1225
- Added Ubuntu 20.04 Python 3.8 Travis CI tests by @joachimmetz in #1220
- Adding an analyzer result object to API client. by @kiddinn in #1215
- Updated dependencies and test scripts by @joachimmetz in #1222
- Deprecate old UI part 2 - cleanup views and templates by @berggren in #1230
- Disable mans import task by @berggren in #1227
- Update Docker-dev Readme by @jaegeral in #1228
- Added an import helper for reading configs. by @kiddinn in #1229
- Added CI test for building Dockerfile-prod by @joachimmetz in #1232
- Adding the ability to create a view through the API client. by @kiddinn in #1235
- Update docker dev README with right image by @garanews in #1236
- Added CI tests for Ubuntu 20.04 with GIFT PPA by @joachimmetz in #1237
- Minor bug fixes in the sketch API client library. by @kiddinn in #1240
- Updated Linux installation script by @joachimmetz in #1241
- Update Dockerfile-prod to install Timesketch from GIFT PPA by @joachimmetz in #1233
- Adding the ability to add tags to events. by @kiddinn in #1242
- Change the behavior of the Yeti analyzer by @tomchop in #1177
- Archive sketch functionality by @kiddinn in #1181
- Adding the ability to export sketches in the API client by @kiddinn in #1246
- Fix Docker Readme link (fixes #1247) by @jaegeral in #1249
- Refactor, adding version info and minor bug fixes by @kiddinn in #1248
- Splitting the Archive API calls to a separate file. by @kiddinn in #1250
- Hot patching the timesketch init file until a new plaso release comes out by @kiddinn in #1255
- UI: Enable archive and export by @berggren in #1256
- Refactor archive API as well as expanding export support by @kiddinn in #1251
- Fixing an issue in the event tagging API call. by @kiddinn in #1257
- Refactor API by @berggren in #1264
- Improving error messages in the API client. by @kiddinn in #1261
- Pinned pylint to version 2.4.x and addressed linter issues by @joachimmetz in #1252
- Added pylint support to tox configuration by @joachimmetz in #1258
- Updated pytlint configuration file to version 2.4.x by @joachimmetz in #1253
- Adding more granular ACL granting. by @kiddinn in #1265
- Changing the behavior of the API calls for event tagging by @kiddinn in #1267
- Various changes to tsctl and the API by @kiddinn in #1272
- Fix method docstring (copy paste error) by @jaegeral in #1276
- Document location of frontend code on docker by @jaegeral in #1275
- Changed how manual events are added to a sketch. by @kiddinn in #1277
- Replace term whitelist with allowlist by @jaegeral in #1245
- Add support for Sigma rules by @jaegeral in #1231
- Bugfix: Set status on added timelines by @berggren in #1279
- Bugfix: Correct doc count for indices with >1 shard by @berggren in #1281
- Bugfix: Hide controls if permission is missing by @berggren in #1282
- Bugfix: Bug in auth for OIDC and new user allow list by @berggren in #1285
- Update screenshots by @jaegeral in #1284
- Safe Browsing API url analyzer by @dov-csis in #1171
- Importer: moving version information to a separate file, adding an init file to fix packaging. by @kiddinn in #1288
- Changed logger configuration by @kiddinn in #1290
- [Docker-doc] How to run tests by @jaegeral in #1289
- Tag GCS events in Cloud logs by @Fryyyyy in #1291
- Moved pylint CI checks to run in tox by @joachimmetz in #1266
- Added update release script and updated versions by @joachimmetz in #1293
- Changing the test_tool mocks to reflect recent changes in the analyzer interface by @kiddinn in #1296
- Update update_release.sh by @berggren in #1297
- Sigma cleanup by @jaegeral in #1286
- Update dependencies.ini by @berggren in #1301
- Updated dpkg files by @joachimmetz in #1302
- Minor changes to test tools by @kiddinn in #1304
- Fix an issue with unicode chars in sigma rules by @jaegeral in #1308
- Adding analyzer_run.py documentation by @jaegeral in #1306
- Added scrolling support into export API call by @kiddinn in #1316
- Sketch overview More Dialog Documentation by @jaegeral in #1315
- Mention 8 GB as recommended RAM by @jaegeral in #1325
- Initial stab at API client documentation by @kiddinn in #1318
- Adding the
adminfunction to the User model by @kiddinn in #1298 - Added the ability to export events (not yet in the UI) by @kiddinn in #1317
- remove heatmap and manual events from userdoc by @jaegeral in #1329
- Fix a missing space by @jaegeral in #1333
- Added an EVTX Gap analyzer and fixed logging (filter out ES logs) by @kiddinn in #1321
- Add tabbed view of sketch list by @berggren in #1330
- Minor change to the EVTX Gap analyzer by @kiddinn in #1337
- UI: Display Data Sources per Timeline & Make them Clickable by @binglot in #1331
- Pagination bugfix by @berggren in #1340
- Changing exports to export all events and include all columns by @kiddinn in #1342
- UI: Add export button for search results by @berggren in #1343
- Fixing an issue with the export functionality. by @kiddinn in #1344
- Only aggregate stats if sketch have timelines by @berggren in #1345
- Refactor Documentation / Introduce admin guide by @jaegeral in #1336
- Display datetime based on timestamp by @berggren in https://github....
Contributors
berggren, joshfrogers, and 18 other contributors
Assets 2
20201120
Release 20201120
What's Changed
- Minor change to fix error reporting in the API client. by @kiddinn in #1188
- Adding a config and a crypto module to the API client. by @kiddinn in #1189
- Adding a helper function into the config assistant to fill in missing details by @kiddinn in #1192
- Changed the
get_clienthelper function inside the config library (API client) by @kiddinn in #1193 - Remove $ from the README.md by @jaegeral in #1196
- Splitting credentials out of crypto storage module in API client. by @kiddinn in #1194
- Refactor Docker for Development and e2e tests by @berggren in #1207
- add support for FireEye HX .mans files by @garanews in #1205
- Added missing tabulate dependency to dpkg files by @joachimmetz in #1212
- Updated installation instructions by @joachimmetz in #1209
- Adding HTML export to stories by @kiddinn in #1208
- Remove old UI code by @berggren in #1216
- Changed setup.py to not use pip internal-only API by @joachimmetz in #1224
- Additional changes to setup.py to support older versions of setuptools by @joachimmetz in #1225
- Added Ubuntu 20.04 Python 3.8 Travis CI tests by @joachimmetz in #1220
- Adding an analyzer result object to API client. by @kiddinn in #1215
- Updated dependencies and test scripts by @joachimmetz in #1222
- Deprecate old UI part 2 - cleanup views and templates by @berggren in #1230
- Disable mans import task by @berggren in #1227
- Update Docker-dev Readme by @jaegeral in #1228
- Added an import helper for reading configs. by @kiddinn in #1229
- Added CI test for building Dockerfile-prod by @joachimmetz in #1232
- Adding the ability to create a view through the API client. by @kiddinn in #1235
- Update docker dev README with right image by @garanews in #1236
- Added CI tests for Ubuntu 20.04 with GIFT PPA by @joachimmetz in #1237
- Minor bug fixes in the sketch API client library. by @kiddinn in #1240
- Updated Linux installation script by @joachimmetz in #1241
- Update Dockerfile-prod to install Timesketch from GIFT PPA by @joachimmetz in #1233
- Adding the ability to add tags to events. by @kiddinn in #1242
- Change the behavior of the Yeti analyzer by @tomchop in #1177
- Archive sketch functionality by @kiddinn in #1181
- Adding the ability to export sketches in the API client by @kiddinn in #1246
- Fix Docker Readme link (fixes #1247) by @jaegeral in #1249
- Refactor, adding version info and minor bug fixes by @kiddinn in #1248
- Splitting the Archive API calls to a separate file. by @kiddinn in #1250
- Hot patching the timesketch init file until a new plaso release comes out by @kiddinn in #1255
- UI: Enable archive and export by @berggren in #1256
- Refactor archive API as well as expanding export support by @kiddinn in #1251
- Fixing an issue in the event tagging API call. by @kiddinn in #1257
- Refactor API by @berggren in #1264
- Improving error messages in the API client. by @kiddinn in #1261
- Pinned pylint to version 2.4.x and addressed linter issues by @joachimmetz in #1252
- Added pylint support to tox configuration by @joachimmetz in #1258
- Updated pytlint configuration file to version 2.4.x by @joachimmetz in #1253
- Adding more granular ACL granting. by @kiddinn in #1265
- Changing the behavior of the API calls for event tagging by @kiddinn in #1267
- Various changes to tsctl and the API by @kiddinn in #1272
- Fix method docstring (copy paste error) by @jaegeral in #1276
- Document location of frontend code on docker by @jaegeral in #1275
- Changed how manual events are added to a sketch. by @kiddinn in #1277
- Replace term whitelist with allowlist by @jaegeral in #1245
- Add support for Sigma rules by @jaegeral in #1231
- Bugfix: Set status on added timelines by @berggren in #1279
- Bugfix: Correct doc count for indices with >1 shard by @berggren in #1281
- Bugfix: Hide controls if permission is missing by @berggren in #1282
- Bugfix: Bug in auth for OIDC and new user allow list by @berggren in #1285
- Update screenshots by @jaegeral in #1284
- Safe Browsing API url analyzer by @dov-csis in #1171
- Importer: moving version information to a separate file, adding an init file to fix packaging. by @kiddinn in #1288
- Changed logger configuration by @kiddinn in #1290
- [Docker-doc] How to run tests by @jaegeral in #1289
- Tag GCS events in Cloud logs by @Fryyyyy in #1291
- Moved pylint CI checks to run in tox by @joachimmetz in #1266
- Added update release script and updated versions by @joachimmetz in #1293
- Changing the test_tool mocks to reflect recent changes in the analyzer interface by @kiddinn in #1296
- Update update_release.sh by @berggren in #1297
- Sigma cleanup by @jaegeral in #1286
- Update dependencies.ini by @berggren in #1301
- Updated dpkg files by @joachimmetz in #1302
- Minor changes to test tools by @kiddinn in #1304
- Fix an issue with unicode chars in sigma rules by @jaegeral in #1308
- Adding analyzer_run.py documentation by @jaegeral in #1306
- Added scrolling support into export API call by @kiddinn in #1316
- Sketch overview More Dialog Documentation by @jaegeral in #1315
- Mention 8 GB as recommended RAM by @jaegeral in #1325
- Initial stab at API client documentation by @kiddinn in #1318
- Adding the
adminfunction to the User model by @kiddinn in #1298 - Added the ability to export events (not yet in the UI) by @kiddinn in #1317
- remove heatmap and manual events from userdoc by @jaegeral in #1329
- Fix a missing space by @jaegeral in #1333
- Added an EVTX Gap analyzer and fixed logging (filter out ES logs) by @kiddinn in #1321
- Add tabbed view of sketch list by @berggren in #1330
- Minor change to the EVTX Gap analyzer by @kiddinn in #1337
- UI: Display Data Sources per Timeline & Make them Clickable by @binglot in #1331
- Pagination bugfix by @berggren in #1340
- Changing exports to export all events and include all columns by @kiddinn in #1342
- UI: Add export button for search results by @berggren in #1343
- Fixing an issue with the export functionality. by @kiddinn in #1344
- Only aggregate stats if sketch have timelines by @berggren in #1345
- Refactor Documentation / Introduce admin guide by @jaegeral in #1336
- Display datetime based on timestamp by @berggren in https://github....
Contributors
berggren, jaegeral, and 15 other contributors
Assets 2
20200507
Release 20200507
What's Changed
- Adding labels to aggregations, adding ability to filter based on labels. by @kiddinn in #1176
- Bugfix: Collaborator list and failed timelines by @berggren in #1178
- Moving the importer into a separate directory and a library. by @kiddinn in #1182
- Bugfix: Reset on new search when pagination by @berggren in #1187
- Changed the importer, adding support for config files, etc by @kiddinn in #1183
Full Changelog: 2020042...2020050
Contributors
berggren and kiddinn
Assets 2
20200422
Release 20200422
What's Changed
- Fix a bug if there are no stories in a sketch and add properties to View by @kiddinn in #1144
- Save aggregations and add to Stories by @berggren in #1145
- Support non-text fields in aggregations by @berggren in #1147
- Add ability to render table from an aggregation by @berggren in #1148
- Sort analyzer list and add button to overview page by @berggren in #1149
- Fix docker installation documentation link. by @hacktobeer in #1158
- Several changes in the API, API client and analyzer for further story support by @kiddinn in #1146
- More Chart support - added linechart and href by @kiddinn in #1160
- Add listing of groups and users by @berggren in #1167
- Update installation and plaso documentation by @Henkan in #1169
- Fixing typo Installation re. libffi by @dov-csis in #1168
- debian package manager tweaks by @Rajpratik71 in #1122
- UI: New sketch list by @berggren in #1170
- Adding aggregation groups by @kiddinn in #1166
- UI: Support group aggregations in stories by @berggren in #1173
- Added ability to modify aggregations and aggregation groups by @kiddinn in #1172
New Contributors
- @hacktobeer made their first contribution in #1158
- @Rajpratik71 made their first contribution in #1122
Full Changelog: 2020031...2020042
Contributors
berggren, dov-csis, and 4 other contributors