Release 20201229
What's Changed
- Minor change to fix error reporting in the API client. by @kiddinn in #1188
- Adding a config and a crypto module to the API client. by @kiddinn in #1189
- Adding a helper function into the config assistant to fill in missing details by @kiddinn in #1192
- Changed the
get_clienthelper function inside the config library (API client) by @kiddinn in #1193 - Remove $ from the README.md by @jaegeral in #1196
- Splitting credentials out of crypto storage module in API client. by @kiddinn in #1194
- Refactor Docker for Development and e2e tests by @berggren in #1207
- add support for FireEye HX .mans files by @garanews in #1205
- Added missing tabulate dependency to dpkg files by @joachimmetz in #1212
- Updated installation instructions by @joachimmetz in #1209
- Adding HTML export to stories by @kiddinn in #1208
- Remove old UI code by @berggren in #1216
- Changed setup.py to not use pip internal-only API by @joachimmetz in #1224
- Additional changes to setup.py to support older versions of setuptools by @joachimmetz in #1225
- Added Ubuntu 20.04 Python 3.8 Travis CI tests by @joachimmetz in #1220
- Adding an analyzer result object to API client. by @kiddinn in #1215
- Updated dependencies and test scripts by @joachimmetz in #1222
- Deprecate old UI part 2 - cleanup views and templates by @berggren in #1230
- Disable mans import task by @berggren in #1227
- Update Docker-dev Readme by @jaegeral in #1228
- Added an import helper for reading configs. by @kiddinn in #1229
- Added CI test for building Dockerfile-prod by @joachimmetz in #1232
- Adding the ability to create a view through the API client. by @kiddinn in #1235
- Update docker dev README with right image by @garanews in #1236
- Added CI tests for Ubuntu 20.04 with GIFT PPA by @joachimmetz in #1237
- Minor bug fixes in the sketch API client library. by @kiddinn in #1240
- Updated Linux installation script by @joachimmetz in #1241
- Update Dockerfile-prod to install Timesketch from GIFT PPA by @joachimmetz in #1233
- Adding the ability to add tags to events. by @kiddinn in #1242
- Change the behavior of the Yeti analyzer by @tomchop in #1177
- Archive sketch functionality by @kiddinn in #1181
- Adding the ability to export sketches in the API client by @kiddinn in #1246
- Fix Docker Readme link (fixes #1247) by @jaegeral in #1249
- Refactor, adding version info and minor bug fixes by @kiddinn in #1248
- Splitting the Archive API calls to a separate file. by @kiddinn in #1250
- Hot patching the timesketch init file until a new plaso release comes out by @kiddinn in #1255
- UI: Enable archive and export by @berggren in #1256
- Refactor archive API as well as expanding export support by @kiddinn in #1251
- Fixing an issue in the event tagging API call. by @kiddinn in #1257
- Refactor API by @berggren in #1264
- Improving error messages in the API client. by @kiddinn in #1261
- Pinned pylint to version 2.4.x and addressed linter issues by @joachimmetz in #1252
- Added pylint support to tox configuration by @joachimmetz in #1258
- Updated pytlint configuration file to version 2.4.x by @joachimmetz in #1253
- Adding more granular ACL granting. by @kiddinn in #1265
- Changing the behavior of the API calls for event tagging by @kiddinn in #1267
- Various changes to tsctl and the API by @kiddinn in #1272
- Fix method docstring (copy paste error) by @jaegeral in #1276
- Document location of frontend code on docker by @jaegeral in #1275
- Changed how manual events are added to a sketch. by @kiddinn in #1277
- Replace term whitelist with allowlist by @jaegeral in #1245
- Add support for Sigma rules by @jaegeral in #1231
- Bugfix: Set status on added timelines by @berggren in #1279
- Bugfix: Correct doc count for indices with >1 shard by @berggren in #1281
- Bugfix: Hide controls if permission is missing by @berggren in #1282
- Bugfix: Bug in auth for OIDC and new user allow list by @berggren in #1285
- Update screenshots by @jaegeral in #1284
- Safe Browsing API url analyzer by @dov-csis in #1171
- Importer: moving version information to a separate file, adding an init file to fix packaging. by @kiddinn in #1288
- Changed logger configuration by @kiddinn in #1290
- [Docker-doc] How to run tests by @jaegeral in #1289
- Tag GCS events in Cloud logs by @Fryyyyy in #1291
- Moved pylint CI checks to run in tox by @joachimmetz in #1266
- Added update release script and updated versions by @joachimmetz in #1293
- Changing the test_tool mocks to reflect recent changes in the analyzer interface by @kiddinn in #1296
- Update update_release.sh by @berggren in #1297
- Sigma cleanup by @jaegeral in #1286
- Update dependencies.ini by @berggren in #1301
- Updated dpkg files by @joachimmetz in #1302
- Minor changes to test tools by @kiddinn in #1304
- Fix an issue with unicode chars in sigma rules by @jaegeral in #1308
- Adding analyzer_run.py documentation by @jaegeral in #1306
- Added scrolling support into export API call by @kiddinn in #1316
- Sketch overview More Dialog Documentation by @jaegeral in #1315
- Mention 8 GB as recommended RAM by @jaegeral in #1325
- Initial stab at API client documentation by @kiddinn in #1318
- Adding the
adminfunction to the User model by @kiddinn in #1298 - Added the ability to export events (not yet in the UI) by @kiddinn in #1317
- remove heatmap and manual events from userdoc by @jaegeral in #1329
- Fix a missing space by @jaegeral in #1333
- Added an EVTX Gap analyzer and fixed logging (filter out ES logs) by @kiddinn in #1321
- Add tabbed view of sketch list by @berggren in #1330
- Minor change to the EVTX Gap analyzer by @kiddinn in #1337
- UI: Display Data Sources per Timeline & Make them Clickable by @binglot in #1331
- Pagination bugfix by @berggren in #1340
- Changing exports to export all events and include all columns by @kiddinn in #1342
- UI: Add export button for search results by @berggren in #1343
- Fixing an issue with the export functionality. by @kiddinn in #1344
- Only aggregate stats if sketch have timelines by @berggren in #1345
- Refactor Documentation / Introduce admin guide by @jaegeral in #1336
- Display datetime based on timestamp by @berggren in #1347
- Optimize UI for quicker archive by @berggren in #1349
- Filter for events that have comments by @berggren in #1350
- Various Changes With Analyzers by @kiddinn in #1348
- Fix width on main screenshot by @obsidianforensics in #1356
- Small update to the 'Show data types' button by @binglot in #1357
- Minor changes to the way date is parsed when a custom event is added by @kiddinn in #1358
- Bump marked from 0.6.3 to 1.1.1 in /timesketch/frontend by @dependabot in #1360
- Adding
set_data_typeinto the importer. by @kiddinn in #1361 - New end-to-end testing framework by @berggren in #1359
- Unarchive a sketch: User does not have sufficient access rights to delete a sketch. by @jaegeral in #1364
- Adding the ability to define return fields in the search_by_label function. by @kiddinn in #1363
- Several fixes: workflow changed, size in query_filter is honored in API client, special types are stripped in uploads and bulk insert errors are surfaced by @kiddinn in #1366
- Analyzer run description by @jaegeral in #1355
- UI build by @berggren in #1369
- Developer docs update by @ash0x0 in #1367
- Add button to remove story by @Henkan in #1372
- UI: Updating time filters by @binglot in #1365
- Dark Mode by @berggren in #1374
- Minor bug fixes by @kiddinn in #1375
- Update api doc by @jaegeral in #1378
- Adding the ability to add labels to sketches. by @kiddinn in #1381
- fix typo by @garanews in #1380
- Allow users to toggle time filters. by @binglot in #1384
- New Saved Search UI by @berggren in #1379
- new build by @berggren in #1385
- Handle missing chips in filter by @berggren in #1387
- Use supported opacity format by @berggren in #1388
- Adding the ability to check your own permission to a sketch. by @kiddinn in #1389
- Bugfix: Display chip as active by @berggren in #1390
- Bugfix: Set active chip by @berggren in #1391
- fixed URL for Google Python Style Guide by @garanews in #1394
- Adding in a manual vega spec aggregator by @kiddinn in #1396
- Update test for sketch model by @berggren in #1400
- Added support for optional keyword rdomain by @itsmvd in #1403
- Requirement.txt changed and added httmock==1.3.0 to test_requirements.txt by @Surya6032 in #1401
- Manually add/filter labels by @berggren in #1404
- Minor bug fixes here and there. by @kiddinn in #1405
- Bugfix for label aggregation by @berggren in #1407
- Add example to API client usage doc by @jaegeral in #1409
- API client: Adding a check for scroll ID in the explore function by @kiddinn in #1413
- Updating the colab notebook for the demo server. by @kiddinn in #1416
- Verify Sigma Rules test tool by @jaegeral in #1307
- Fixes to the API and API client by @kiddinn in #1426
- Added sketch attributes. by @kiddinn in #1429
- Adding the ability for analyzers to add sketch attributes by @kiddinn in #1430
- Fix a bug in the API client by @kiddinn in #1431
- Stripping pagination from saved views. by @kiddinn in #1433
- Fix api docstring typo by @jaegeral in #1437
- Adding notebooks for solving the case of the stolen Szechuan sauce by @kiddinn in #1425
- Improve error handling in the get_client function of the config API client module by @kiddinn in #1436
- Fixed notebook badges by @kiddinn in #1440
- Notebook update by @jaegeral in #1443
- APIClient doc link to Colab notebooks by @jaegeral in #1445
- Remove sudo from the docker dev guide by @jaegeral in #1446
- Single event notebook by @jaegeral in #1444
- Few updates to the MUS2019 CTF Colab notebook by @kiddinn in #1447
- Bump cryptography from 2.3 to 3.2 by @dependabot in #1432
- Updating the notebook for Szechuan sauce to use picatrix magics (and a minor bug fix in the API client) by @kiddinn in #1455
- Minor updates to the szechuan sauce analysis notebook by @kiddinn in #1457
- Docker refactor by @berggren in #1458
- Update issue templates by @kiddinn in #1459
- Update deploy_timesketch.sh by @lxndrblz in #1460
- Graph support v2 by @berggren in #1451
- Don't use scrolling for nested queries by @berggren in #1461
- Graph fixes by @berggren in #1462
- fix #1450 by @jaegeral in #1464
- Analyzer feature extract by @lprat in #1452
- API client changes: click removed from cli_input and adding aggregation into stories fixed. by @kiddinn in #1463
- Providing a long description to the API client package. by @kiddinn in #1466
- Update docker images to use Ubuntu 20.04 by @berggren in #1467
- Fix a bug in the save function of the aggregation API object by @kiddinn in #1469
- Fix issue 1465 by removing hacky string replace .keyword by @jaegeral in #1468
- Save and cache graphs by @berggren in #1471
- Removed typing from story.py, which does not work on py3.6 by @kiddinn in #1474
- Bug fix for winservices graph plugin by @berggren in #1475
- Adding a GH workflow for unit tests by @kiddinn in #1476
- Remove Travis in favour of GH actions by @berggren in #1478
- Graph: Use ID from attributes by @berggren in #1480
- Improve the UX of Time Filters by @binglot in #1454
- Update GH actions by @berggren in #1483
- Cleanup old travis related files by @berggren in #1484
- New UI build by @berggren in #1485
- Updated dpkg configuration files by @joachimmetz in #1487
- Adding a linter GH workflow and adding a bit more resiliency into the error logging in the ES datastore by @kiddinn in #1488
- Fix saved views in stories by @berggren in #1493
- Pagination fixes by @berggren in #1492
- Graph: Choose layout type and edge style by @berggren in #1494
- Responsive graph and link support by @berggren in #1495
- Adding the ability to define multiple TS instances in the RC file. by @kiddinn in #1497
- Added API client search object by @kiddinn in #1490
- Minor changes to the search API object. by @kiddinn in #1498
- Sigma API / api_client by @jaegeral in #1456
- Making minor changes to the search API client. by @kiddinn in #1500
- Making changes to example notebooks after an API update by @kiddinn in #1501
- Modification to enable connection to production Elastic instance by @joshfrogers in #1503
- Sigma Rule maintain improvement by @jaegeral in #1502
- Adding picatrix docker container to the development docker config by @kiddinn in #1504
- Added support for config sections in importer and updated snippets in dev docker. by @kiddinn in #1505
- Added a new snippet to display a button and a form to create a search query for TS. by @kiddinn in #1506
- Use docker network for picatrix notebook by @berggren in #1507
- Small fix for a bug in the search API client by @kiddinn in #1510
- Added missing credentials to documentation by @abitrolly in #1508
- Moving the run_analyzer from the sketch API Client to the timeline object. by @kiddinn in #1513
- Tiny change to the API client by @kiddinn in #1516
- introcude troubleshooting guide by @jaegeral in #1499
- [docs] How to run a single test file by @jaegeral in #1517
- Customizing the notebook container by @kiddinn in #1519
- Home overview and graph fixes by @berggren in #1520
- Return full NX generated CY graph by @berggren in #1521
- Require view name by @berggren in #1523
- Format graph elements suitable for networkx python lib by @berggren in #1524
- Adding API client support for graphs. by @kiddinn in #1522
- [Sigma] improve evtx mapping by @jaegeral in #1529
- Update Developers-Guide.md by @kiddinn in #1528
- Sort dates correctly in the analyzer history view by @rayanht in #1525
- Sketch list pagination support for the API client by @berggren in #1531
- Bugfix: Set default per_page for pagination by @berggren in #1536
- Added last_activity of a sketch to the sketch meta section and into the API client by @kiddinn in #1538
- Bugfix: Dropdown hidden by @berggren in #1540
- Bugfix: Wrong count number in timeline list by @berggren in #1539
- Added details to the current_user call in the API client and improving e2e tests by @kiddinn in #1541
- Changes to dpkg configuration for Ubuntu 20.04 by @joachimmetz in #1545
New Contributors
- @Fryyyyy made their first contribution in #1291
- @ash0x0 made their first contribution in #1367
- @Surya6032 made their first contribution in #1401
- @lxndrblz made their first contribution in #1460
- @joshfrogers made their first contribution in #1503
- @abitrolly made their first contribution in #1508
Full Changelog: 2020050...2020122