20200319

Release 20200319

What's Changed

• Adding a check to see whether index has completed before running an analyzer by @kiddinn in #1130
• Minor change to cache, caching client by @kiddinn in #1131
• Create stories from analyzers by @berggren in #1132
• Opening test files with codecs instead of default open. by @kiddinn in #1133
• Sketch Analyzer for Windows artefacts of application crashes by @binglot in #1111
• Fix for a flaky test with the win crash analyzer. by @kiddinn in #1135
• Adding support for working with stories from the API client, as well as adding aggregation support in the backend by @kiddinn in #1134
• Upgrading the fake analyzer interface with latest interface changes. by @kiddinn in #1136
• bump requests version to 2.22.0 by @jaegeral in #1137
• Adding the ability to add users or groups to the sketch ACL. by @kiddinn in #1138
• Always show share button and collaborator list by @berggren in #1140
• New analyzer that adds tag/emojis to events based on config. by @berggren in #1141
• Adding the ability to export stories. by @kiddinn in #1142
• Add an analyzer status check into the sketch API client. by @kiddinn in #1143

Full Changelog: 2020031...2020031

20200310

Release 20200310

What's Changed

• Fix start of Elasticsearch by @wincentbalin in #1118
• Group share UI and spacing in timeline picker by @berggren in #1120
• Minor bug fix in the importer code and a change in the way return fields are handled in the API by @kiddinn in #1121
• Adding a logger to sketch.explore as well as a cleanup of "filter" in sketch API by @kiddinn in #1123
• Changed how message string is constructed by @kiddinn in #1124
• Replaces PASSWORD with PASSWORD_FILE (fixes #1126) by @einfallstoll in #1127
• Stats on indices by @berggren in #1129

New Contributors

• @wincentbalin made their first contribution in #1118
• @einfallstoll made their first contribution in #1127

Full Changelog: 2020022...2020031

20200227

Release 20200227

What's Changed

• Autocomplete filter array by @berggren in #1116
• Minor changes to importer and api by @kiddinn in #1117

Full Changelog: 2020022...2020022

20200226

Release 20200226

What's Changed

• Psexec sessionizer by @nnyx7 in #981
• Replace get event in tests by @nnyx7 in #980
• Fixing a minor issue if context is empty and some linter fixes by @kiddinn in #1096
• Evtx sessionizer by @katemacleod in #976
• SSH bruteforce session analyzer by @katemacleod in #972
• Bug fixes for tsctl by @kiddinn in #1097
• Google Cloud Storage importer by @berggren in #1098
• Possibility to specify index when uploading data for the timesketch_api_client by @benua74 in #1095
• Changes to use pybuild debhelper by @joachimmetz in #1101
• Changed setup.py to support bdist by @joachimmetz in #1103
• Updated l2tdevtools configuration and dpkg files by @joachimmetz in #1104
• Provide example commands docker mac shares by @jaegeral in #1068
• Elasticsearch 7.x support by @berggren in #1108
• Changed the upload API to support chunks and direct entries, added functionality into the importer by @kiddinn in #1099
• Added an importer tool as well as changing how jsonl files are imported using the importer by @kiddinn in #1105
• Bugfix: Pagination and event count by @berggren in #1114
• Fix an issue with the importer by @kiddinn in #1113
• Better error UI by @berggren in #1115

New Contributors

• @benua74 made their first contribution in #1095

Full Changelog: 2020013...2020022

20200131

Release 20200131

What's Changed

• Bug fix: Trailing slash in API urls by @berggren in #1064
• New build for release 201912120-2 by @berggren in #1065
• New favicon by @berggren in #1066
• Docker install: run from /tmp directory by @gaelmuller in #1067
• Mention the correct slack channel by @jaegeral in #1069
• Small update to dev docker readme by @jaegeral in #1070
• Round favicon by @berggren in #1073
• Fix context query bug by @berggren in #1074
• Cleanup dependencies and tests by @berggren in #1075
• Remove Python2 support by @berggren in #1080
• Initial Sigma support by @Onager in #1028
• Bump cryptography from 2.1.4 to 2.3 by @dependabot in #1078
• Adding a tool to run analyzers without requiring TS to be installed (for dev/testing purposes) by @kiddinn in #1085
• Use new frontend and remove Neo4j by @berggren in #1090
• Add pagination controls at the end of the page by @berggren in #1091
• Upload and Analyzer UI fixes by @berggren in #1092

Full Changelog: 2019122...2020013

20191220

New UI, more analyzers and an updated API client

What's Changed

• Analyzer update by @kiddinn in #828
• Multiple changes for code flagged by pylint 2.1.1 by @joachimmetz in #833
• Remove u' from docker scripts by @berggren in #835
• Fixes for python3 compatibility by @kiddinn in #829
• Support RE flags by @berggren in #837
• Check if user exist by @berggren in #838
• New aggregation framework by @berggren in #842
• Allow comma separated list of usernames to share to by @berggren in #844
• Linkedin account extraction by @kovakina in #839
• New frontend by @berggren in #848
• Update Installation.md by @joachimmetz in #853
• Moved pylint to stand-alone CI test target by @joachimmetz in #831
• Updated CI test to use pylint 2.2.2 by @joachimmetz in #852
• Added Bionic Docker-based tests that use dependencies from GIFT PPA by @joachimmetz in #832
• Changed domain analyzer, removing human readable manipulation, issue #847 by @kiddinn in #858
• Update dockerfile to copy config recursively by @Onager in #859
• Updated .pylintrc and changes for linter #855 by @joachimmetz in #856
• Added l2tdevtools configuration files and generated dependency files by @joachimmetz in #790
• Adding a term aggregator. by @kiddinn in #857
• Added API calls for aggregations as well as enabling client access to aggregations (step 1) by @kiddinn in #860
• Markdown stories by @berggren in #866
• Delete sketch functionality by @berggren in #868
• MUS2019-CTF Colab by @obsidianforensics in #872
• Update CreateTimelineFromJSONorCSV.md by @obsidianforensics in #877
• Timeline management by @berggren in #875
• Aggregation SQL model by @berggren in #876
• Removed elasticsearch5-py as a dependency by @joachimmetz in #879
• Update dependencies by @berggren in #878
• Update dependencies by @joachimmetz in #881
• Fixed problem that the celery does not start automatically. by @piwikjapan in #807
• Changed phishy domain analyzer to return early if no results. by @kiddinn in #893
• Minor bug fixes in CSV file import for python3 compatability by @kiddinn in #894
• Updated Dockerfile to use Python 3 timesketch by @joachimmetz in #887
• Add example nginx and systemd config files by @berggren in #895
• Commit Sketch object to DB before setting ACL by @berggren in #897
• Exit early if there are no domains to analyze by @berggren in #898
• Use legacy aggregators in old UI by @berggren in #899
• Adding more aggregation APIs and upgrading API client to make use of them. by @kiddinn in #889
• Docker refactor by @berggren in #903
• Adding starred event lookups to colab example by @kiddinn in #907
• Added Debian packaging files by @joachimmetz in #882
• New timeline picker component by @berggren in #911
• Fixing wrong file locations in docker configs by @kiddinn in #915
• Logo Files by @althealabre in #917
• Fix a Python3 error by encoding before hashing by @taishi8117 in #914
• Yeti indicator analyzer by @tomchop in #900
• Editable sketch summary by @berggren in #910
• Dynamic analyzers by @berggren in #909
• Time bubbles by @berggren in #919
• GCP servicekey analyzer for stackdriver logs by @pstirparo in #918
• Fix for issue #927 by @jadams in #928
• Fixed typo in Users-guide.md. by @katemacleod in #929
• Remove file no longer used by @nnyx7 in #931
• Added tsctl import command to Users-Guide.md by @katemacleod in #932
• Add missing line in the docker-compose files by @nnyx7 in #936
• Add missing code quotes by @Liamdoult in #940
• Added basic sessionizer plugin. by @nnyx7 in #939
• Format error as string by @tomchop in #944
• Fix #934 by @tomchop in #949
• Move dependency install to Dockerfile by @berggren in #958
• Better explanation of the purge command by @jaegeral in #959
• Mention SearchQueryGuide and SketchOverview in the userguide by @jaegeral in #947
• Fix for error when adding a view with query_dsl by @katemacleod in #948
• Fixing an issue with domain analyzer. by @kiddinn in #961
• New UI: Time filters by @berggren in #925
• Remove Xenial from Travis tests by @berggren in #963
• Dynamic aggregators by @berggren in #920
• Delete view by @berggren in #962
• New login page by @berggren in #966
• New logo header by @berggren in #968
• Expert sessionizer by @katemacleod in #941
• Fix MockDataStore storing events by @nnyx7 in #970
• Add sequence sessionizer. by @nnyx7 in #960
• SSH sessionizing sketch analyser by @nnyx7 in #973
• New UI build by @berggren in #978
• Remove Vagrant by @berggren in #979
• Doc fixes for sessionizers by @katemacleod in #975
• Session chart by @katemacleod in #974
• Session resource by @katemacleod in #971
• Remove multiple inheritance in test classes by @nnyx7 in #977
• Fixing aggregations in the API client by @kiddinn in #982
• Making changes to how aggregations are done in API client by @kiddinn in #983
• Minor bug in client. by @kiddinn in #984
• Adding aggregation into the jupyter notebook demo by @kiddinn in #985
• Empty states by @berggren in #986
• Only run linter on changed files by @berggren in #987
• Add tags to event list by @berggren in #988
• Update docker-compose to correct elasticsearch volume by @exFill in #990
• Minor client changes by @kiddinn in #992
• Adding the OSDFCon demo notebook to our sample notebooks. by @kiddinn in #993
• New filter system by @berggren in #991
• Add Buefy UI framework by @berggren in #995
• Fixed the TypeError: delimiter must be string, not unicode error. by @wajihyassine in #999
• Improving error handling in the API by @kiddinn in #1001
• Adding list sketches to the tsctl command by @kiddinn in #1002
• Refactor UI by @berggren in #1003
• Adding the ability to manually run an analyzer in the API by @kiddinn in #998
• New UI: Star events by @berggren in #1005
• New UI: Result limit and sort order by @berggren in #1006
• New UI: Comment support by @berggren in https://github.com/google/timesketch/pu...

20190207

New release with updated analyzers, py3 support and bugfixes.

What's Changed

• Graph refactor by @berggren in #714
• The former wiki link no longer exists by @jaegeral in #703
• minor fixes for docker files by @aguilajesus in #698
• Update dependencies by @berggren in #715
• Bug fixes for the analyzers by @berggren in #717
• Development environment with Docker by @berggren in #718
• Update README.md by @kovakina in #719
• Human readable in the UI by @berggren in #721
• Enable debug and analyzers for development by @berggren in #722
• Update Vagrant script by @Onager in #726
• Overwrite size value for exported events. by @aguilajesus in #723
• Add Event_to_sketch in api by @jaegeral in #692
• Add emoji support in the UI and in analyzers by @berggren in #729
• Move emojis to the left by @berggren in #730
• Don't remove session when engine is created by @berggren in #731
• Set human readable strings by @berggren in #732
• Added a browser search sketch analyzer by @kiddinn in #733
• Add definitions for emojis by @berggren in #742
• Changed set_human_readable so that it does not overwrite previous data by @kiddinn in #744
• Moving parts of the similarity scorer to a separate library. by @kiddinn in #746
• Sketch analyzers chained and human_readable set to a list. by @kiddinn in #749
• Update Installation.md by @weichea in #759
• Only create saved view if there are hits by @berggren in #756
• Upgrade urllib3 due to security fix by @berggren in #752
• Run index analyzers in a chain by @berggren in #751
• Verbose View with new human_readable UI by @kiddinn in #754
• New DB engine per celery worker by @berggren in #755
• Added a phishy domain analyzer by @kiddinn in #761
• Changed the emoji library to include helper text by @kiddinn in #762
• Emoji tooltips by @berggren in #764
• Only create one view by @berggren in #765
• Added dependencies into analyzers to affect ordering they are run in. by @kiddinn in #767
• Simple domain analyzer by @berggren in #766
• UI polish for the new year by @berggren in #768
• Fix links in user guide by @obsidianforensics in #769
• New importer in tsctl by @berggren in #770
• Adding the ability to request return fields in the API. by @kiddinn in #771
• Small refactor of tsctl by @berggren in #772
• Email notification for imports by @berggren in #773
• Email send bugfix by @berggren in #775
• Do not require SERVER_NAME to be set for URL construction by @berggren in #776
• Updating search filter limit to match new ES filters. by @kiddinn in #777
• ES py client 6x support and pyyaml update by @berggren in #778
• Added few more domains into known whitelist and added another view in phishy domains by @kiddinn in #779
• Fixed a bug in the jsonl importer. by @kiddinn in #780
• Tag known CDN domains by @berggren in #781
• Adding a login analyzer. by @kiddinn in #783
• Added a feature extraction analyzer by @kiddinn in #785
• Added pandas support into the API and analyzers interface. by @kiddinn in #787
• Added scrolling support to API calls by @kiddinn in #791
• New API client release by @berggren in #792
• Changed the login analyzer's logon event parsing. by @kiddinn in #794
• Minor bugs in the client library as well as adding timeline name + proper datetime by @kiddinn in #796
• Removing BeautifulSoup as a dependency in favor of bs4 by @kiddinn in #799
• Added a colab notebook that demos TS/colab connections, also added a badge to the README by @kiddinn in #793
• Added a jupyter demo notebook. by @kiddinn in #797
• Upgrading colab notebook to python3 by @kiddinn in #800
• Removed BeautifulSoup from requirements by @kiddinn in #801
• Added mybinder config to TS, making it possible to run jupyterlab notebooks. by @kiddinn in #802
• Analyzer index performance fix by @berggren in #803
• Fix missing volume for docker-compose by @berggren in #804
• Minor change in import. by @kiddinn in #808
• Pagination bug fix by @berggren in #810
• Fix for docker-compose bug by @berggren in #809
• Extract Usernames or Account Email Addresses (#745) by @obsidianforensics in #795
• Added a browser timeframe analyzer plugin by @kiddinn in #811
• Bug fixes by @kiddinn in #812
• Add pandas to setup.py by @tomchop in #815
• Update docker-entrypoint.sh by @Tango43 in #817
• Changes for Python 3 compatibility by @Onager in #813
• Remove unused dep (pycypher) and small bugfix for heatmap by @berggren in #824
• tests(travis): remove deprecated option by @RDIL in #784
• Cleanup the last remaining u'' by @berggren in #827
• Update to Ubuntu 18.04 for both Docker and Vagrant by @berggren in #825
• New release version - 20190207 by @berggren in #826

New Contributors

• @weichea made their first contribution in #759
• @Tango43 made their first contribution in #817
• @RDIL made their first contribution in #784

Full Changelog: 2018111...2019020

20181116

Timesketch release 20181116

What's Changed

• Introduce add events manually in documentation by @jaegeral in #634
• Redline Import in tsctl by @jaegeral in #603
• Mention how to change a users password by @jaegeral in #639
• Make fields reqiured in add event form by @berggren in #636
• Add pyyaml dependency by @ecapuano in #650
• Google OpenID Connect authentication support by @berggren in #629
• Add PyYAML dependency by @berggren in #656
• Elasticsearch 6.x support by @berggren in #659
• Update bundle by @berggren in #660
• normalize datetime and timestamp from csv file import. by @aguilajesus in #661
• Close DB session by @berggren in #667
• docs(readme): update readme.md by @bhavya9107 in #680
• Fix: Overflow bug in the list of timelines UI by @berggren in #681
• Graph cleanup - preparation for new UI and auto analysis by @berggren in #689
• Automatic analysis tasks by @berggren in #663
• Max CSV field size by @berggren in #679
• add microseconds if present in datetime field by @aguilajesus in #670
• export all fields on export #657 by @aguilajesus in #678
• add _index to csv export by @aguilajesus in #699
• Adding search query guide and screenshots by @kovakina in #651
• Make sure sketch analyzers are run after indexing. by @berggren in #704
• Enable similarity UI element by @berggren in #709
• Restore ability to specify other delimiter character in csv imports. by @jaegeral in #708
• New release 20181116 by @berggren in #712

New Contributors

• @ecapuano made their first contribution in #650
• @bhavya9107 made their first contribution in #680

Full Changelog: 2018061...2018111

20180613

Timesketch release 20180613

Full Changelog: 2018061...2018061

20180612

Version 20180612 of Timesketch

What's Changed

• Update Docker README and move from wiki to repo by @witoff in #375
• SearchIndex in API client by @berggren in #376
• Make vagrant bootstrap script more idempotent. by @franekp in #378
• Move docs to repo. by @franekp in #379
• Custom error message for HTTP bad (400) requests by @berggren in #381
• Format Python code with yapf by @berggren in #387
• Collapse apt-get and pip invocations in bootstrap.sh by @franekp in #389
• Add frontend build pipeline by @franekp in #390
• Create search indices and timelines by @berggren in #380
• Fix IndexError in ResourceMixin.to_json by @franekp in #404
• Add support for HTTP basic authentication to the API client by @csash in #403
• Pin python dependencies by @franekp in #406
• Deduplicate information about contributing. by @franekp in #407
• Clean up misplaced executable permissions. by @franekp in #408
• Workaround a bug that sometimes causes pip-sync to delete pkg_resources. by @franekp in #411
• fix Upload docs by @pettai in #412
• Rewrite test script to python. Invoke it from .travis.yml. Add some docs. by @franekp in #413
• Refactor + align project structure with Angular 2 conventions. by @franekp in #415
• Add simple navigation component in Angular 2 by @franekp in #416
• Add TSLint by @franekp in #417
• Use more Angular 2 style guide. by @franekp in #422
• Fix non-determinism in SketchListResourceTest. by @franekp in #424
• Add frontend unit tests with Karma and PhantomJS. by @franekp in #423
• Just decode strings by @berggren in #418
• Add angular-specific linter. by @franekp in #426
• Fix navigation bar broken in #422 by @franekp in #429
• Add info about running tests to developers guide. by @franekp in #430
• Fix Angular bootstrap broken in #423 by @franekp in #439
• align navigation menu by @berggren in #440
• Wrap text when too long by @berggren in #443
• Remove container block by @berggren in #445
• Support new Plaso (20170930 aka Heimdall) by @berggren in #449
• Graph entities and registry by @berggren in #453
• Nested aggregations by @berggren in #447
• Graph visualization - initial code by @franekp in #451
• Graph generation - initial version without celery job. by @franekp in #463
• Adjust graph metadata. by @franekp in #464
• Few unrelated small fixes. by @franekp in #466
• Add ES queries and ES index to all edges by @berggren in #465
• Graphs: use label templates in frontend. by @franekp in #467
• Update unit tests after graph labels change. by @franekp in #469
• Change default zoom levels by @berggren in #473
• UI for graph creation. by @franekp in #474
• Add timestamps to edges by @berggren in #471
• Fix memory leak - destroy Cytoscape instances when not used. by @franekp in #477
• Minor ui changes by @berggren in #478
• Predefined queries by @berggren in #479
• Move hard-coded values from graph-view.component to graph-view.data by @franekp in #480
• Move predefined queries from cypher-query.component to cypher-query.data by @franekp in #481
• [WIP] Add sidebar. by @franekp in #482
• Show event list next to graph. by @franekp in #483
• Graph styling by @berggren in #485
• Closest neighbours by @berggren in #486
• Fix stale data being rendered in Cytoscape. by @franekp in #488
• Change sidebar background. by @franekp in #489
• Transpile cypher queries. by @franekp in #487
• Load jquery before angular by @berggren in #492
• Include graph .cql script by @berggren in #493
• less whitespace by @berggren in #494
• e2e test script by @berggren in #495
• Add plaso test by @berggren in #496
• Similarity experiment by @berggren in #500
• Update install instructions for ES 5.x by @csash in #501
• Add direct link to specific event (#414) by @csash in #503
• Ingestion progress indication by @berggren in #504
• Update link to Daemonizing Celery workers by @adamjnichols in #506
• Update Installation.md by @adamjnichols in #509
• Typo on #85 by @kant in #510
• Addition of JSONL upload capability by @adamjnichols in #511
• Vagrant tweaks by @adamjnichols in #515
• Add Python API functions for annotating events and searching a timeline by annotation 🤘🏻 by @tomchop in #517
• Apply config file host+port by @adamjnichols in #519
• Vagrant permission fixes by @adamjnichols in #523
• New color theme by @berggren in #524
• Fix navigation bug by @berggren in #525
• Use UgliFyJS to minimize bundle by @berggren in #526
• Add SVG logo by @berggren in #527
• Mention the disksize plugin by @jaegeral in #529
• Surface celery task errors by @berggren in #530
• Docker overhaul/update by @adamjnichols in #520
• Upgrade to jquery 3.0.0 by @berggren in #532
• Don't delete index on error by @berggren in #533
• CSV jsonl error handling - git bananza by @berggren in #535
• Show labels for labeled events by @tomchop in #538
• Changed test file format to sqlite; included derivative csv file by @adamjnichols in #537
• Add support for CSV files using non-standard delimiters by @adamjnichols in #539
• Ignore node_modules via .pylintrc by @Androbin in #540
• Event pagination by @adamjnichols in #541
• Refactor models views by @berggren in #542
• Refactor api routes by @berggren in #543
• Fix for CSV issue #548 by @adamjnichols in #549
• set task arguments based on file extension #555 by @aguilajesus in #556
• e2e tests fix by @berggren in #553
• Update momentjs by @berggren in #561
• Strip domain from username if present by @berggren in #551
• Pagination UI fix by @berggren in #562
• Show labels for labeled events by @tomchop in #572
• Don't build pager when there are no results by @berggren in #573
• Remove unused abstraction base class by @berggren in #574
• Enable file import/export support for search templates. by @aguilajesus in #576
• add label support to search templates by @aguilajesus in https://github.com/googl...