google/timesketch 20230518 on GitHub

Timesketch release 20230518

What's Changed

Added provider/context for uploads in the importer by @kiddinn in #1640
Added provider/context to the CLI importer tool. by @kiddinn in #1644
Added data source DB model by @berggren in #1642
[API] introduce text --> sigma rule by @jaegeral in #1511
Replace use of the csv library by pandas built-ins for data ingestion by @rayanht in #1534
Added a Timesketch CLI client by @berggren in #1414
Fixed couple of bugs in the sigma API and API Client by @jaegeral in #1646
Docker: e2e / dev Sigma directory was not created before by @jaegeral in #1650
Add the ability to use elasticsearch with SSL but without username/password authentication. by @alexgoedeke in #1645
Mention end2end tests in dev guide by @jaegeral in #1651
Another round of minor checks where unittests did not reflect the reality by @jaegeral in #1647
fixing some lint issues in the the e2e Docker readme file by @jaegeral in #1653
Bump sigmatools pypi version up by @jaegeral in #1633
Added search templates to API and API client by @kiddinn in #1643
Forgot to include the searchtemplate.py file in the last PR by @kiddinn in #1655
Prometheus metric collection by @berggren in #1611
Update 2021_timesketch_summit.md by @jaegeral in #1658
Add external talk to the agenda by @jaegeral in #1660
Fixed limitations in file size in the data source model. by @kiddinn in #1662
Cleaned up some of the API code. by @kiddinn in #1657
Made slight changes to the API client and REST API. by @kiddinn in #1664
Update marked library by @berggren in #1668
Remove reg form and update agenda by @jaegeral in #1672
Added several enhancements to the importer and importer tasks. by @kiddinn in #1667
Update 2021_timesketch_summit.md by @jaegeral in #1675
Fixed a bug in data ingestion by @kiddinn in #1674
Changed how we fill in NAN values while ingesting CSV files. by @kiddinn in #1676
Update installation/upgrading docs by @berggren in #1678
Added instructions on how to install a notebook container by @kiddinn in #1681
Minor bug fixes to the API client by @kiddinn in #1686
Added a new documentation site by @berggren in #1680
Added a PR template. by @kiddinn in #1688
Moved the PR template to a file instead of a folder. by @kiddinn in #1689
Fixed few bugs in the API and alpha sorted saved searches by @kiddinn in #1691
Fix broken links in README.md by @stevengoossensB in #1696
[Tiny fix] Updated link for Docker installation process by @toshiro92 in #1702
Update sigma.md by @jaegeral in #1705
Changed how import errors are presented as well as ability to change passwords for the current user. by @kiddinn in #1700
Changed how ES object is created to support auth without ssl, as well as minor bug fix in analyzer selection. by @kiddinn in #1710
Changed upload behavior when appending to an already existing timeline by @kiddinn in #1712
Use DataSource error message and UI cleanup by @berggren in #1713
UI: Quick typo fix, and change provider string from the importer library by @berggren in #1714
UI: Remove old error field by @berggren in #1719
Always uniq index lists by @berggren in #1718
Added upper memory limits to psort. by @kiddinn in #1722
Allow other OIDC providers for authentication by @asmirazali in #1717
Update developer-guide.md by @jaegeral in #1725
UI: Fixing a bug in the Interval time filters by @binglot in #1598
Moved the Notebook.md to learn/notebook.md to correspond to where the docs point to it. by @kiddinn in #1732
Removed index analyzers and changed API/import client. by @kiddinn in #1723
introduce tags in the sample rule and add tags from the rule to the s… by @jaegeral in #1735
Add Get Timesketch client object into dev/notebook snippet by @jaegeral in #1737
Set timeline ID in the GCS importer by @berggren in #1738
fix the bug by @jaegeral in #1741
Introduce os filsystem in sigma mapping by @jaegeral in #1734
Sigma api e2e by @jaegeral in #1730
Timeline name is not an optional field, changed text to avoid confusion by @itsmvd in #1747
Added the ability to ingest data ingested by other means than through Timesketch backend by @kiddinn in #1383
Prevent users from uploading unsupported file formats by @itsmvd in #1751
Added generic mappings for CSV/JSON ingestion by @lprat in #1753
Changed how duplicate attributes are displayed when adding manual eve… by @warrinot in #1758
Bugfix: Error messages not showing in the UI by @berggren in #1765
Search history by @berggren in #1757
Refactor frontend by @berggren in #1746
refactor and bugfix by @berggren in #1769
Add metrics to SearchHistory actions by @berggren in #1770
Bugfix: Navigation error by @berggren in #1771
Bugfix: Ensure correct root history node is fetched by @berggren in #1773
Change default search operator by @berggren in #1775
Bugfix: Navigation links by @berggren in #1778
Fixed some links pointing to non-existing docs by @warrinot in #1776
Bugfix: Not able to star events by @berggren in #1784
Changed how sketch attributes are stored and read from datastore. by @kiddinn in #1789
Broken link in getting started by @jordanrule in #1788
Fixed a minor issue in the attribute REST API. by @kiddinn in #1790
Changed how sketch attributes are handled. by @kiddinn in #1792
UI: Expose sketch attributes by @tomchop in #1793
Fix broken attribute count in navbar by @tomchop in #1795
UI: Use prettier formatter consistently by @berggren in #1798
UI: Expose sketch attributes through a dynamic table display component by @tomchop in #1796
Added regular expressions into the tagging analyzer to provide more flexibility. by @kiddinn in #1768
Add Youtube Channel and Twitter account to docs by @jaegeral in #1802
Fix typo: encourage by @nagytam in #1799
Updated Sigma tagging, few improvements by @jaegeral in #1766
Added a data analyzer by @kiddinn in #1791
Sigma verify tool improv by @jaegeral in #1804
Added a small logger statement in the importer client. by @kiddinn in #1806
Add additional regexes to extract IP addresses from sshd messages by @itsmvd in #1809
Update developer guide by @tomchop in #1808
Change default font by @berggren in #1823
Fix bug in tagger analyzer by @itsmvd in #1821
UI: Search autocomplete and dropdown by @berggren in #1838
UI: Interactive histogram by @berggren in #1836
Fix to Time Filter Removal behavior by @binglot in #1843
UI: New build by @berggren in #1844
Check for history node by @berggren in #1847
TsDynamicTable now has links pointing back to searches in sketch. by @tomchop in #1831
Add intel from explore by @tomchop in #1857
Extend SSH regex by @itsmvd in #1861
UX local dev doc updates by @jaegeral in #1862
Remove capitalize from event list by @jaegeral in #1864
Fix formatting error in documentation by @jaegeral in #1866
Copy to clipboard for EventListRow and EvetlistRowDetail by @jaegeral in #1845
Mention WTF_CSRF_TIME_LIMIT in timesketch.conf by @jaegeral in #1870
Add sysadmin guide to the documentation by @jaegeral in #1865
Update timesketch_importer.py by @jaegeral in #1873
Make access to intelligence attributes safer by @tomchop in #1882
Don't convert datetime string in output (datetime picker widget) by @berggren in #1889
Extended tsctl.py to add users to a sketch by @binglot in #1886
Bugfix for label filter by @hkhalifa in #1893
Asynchronous update when adding timeline ID to events in bulk by @gaelmuller in #1879
UI: Vertical 3-dots on Timeline Chips by @binglot in #1842
GeoIP Analyzer by @sydp in #1888
UI consistency by @berggren in #1896
Expose Sigma rules overview and detail pages by @jaegeral in #1851
Sigma: Rule detail inline with table rows by @berggren in #1897
Bugfix: Highlight text shown twice by @berggren in #1900
Geoip updates by @sydp in #1899
1895 bugfix copy buttons by @jaegeral in #1906
Introduce a Timesketch roadmap doc and Sigma by @jaegeral in #1903
ssh analyzer: Only create saved search if there are any sessions created by @berggren in #1909
Fix: Sigma analyzer creates saved search and story even with 0 results by @jaegeral in #1910
Remove mans from various docs by @jaegeral in #1912
Improve Sigma analyzer exception logging message by @jaegeral in #1904
Search history documentation by @jaegeral in #1917
Buttons for back/forward in search history by @berggren in #1914
New build by @berggren in #1918
fix intel count by @jaegeral in #1920
Bugfix: Tag background in light theme by @berggren in #1924
Add timeline context menu on overview page by @berggren in #1923
Corrected docstring in setup.py by @joachimmetz in #1926
Microseconds since epoch for JSONL input data by @berggren in #1939
Fixes for read_and_validate_csv by @sydp in #1905
Update plaso.mappings by @berggren in #1941
Bugfix for disappearing menubar by @tomchop in #1943
initiatl sizing doc by @jaegeral in #1947
Docs and docstring to list_sketches API by @jaegeral in #1945
add GCP to sigma config file / mapping by @jaegeral in #1956
Ability to modifiy elasticsearch client timeout value by @rushattac in #1849
Multi analyzer workers by @jaegeral in #1958
Multi analyzer - tagger and feature extractor by @berggren in #1960
introduce multi analyzer to docs by @jaegeral in #1961
New UI build by @berggren in #1965
Bugfix: Set counter by @berggren in #1966
Select multiple toggle start bug fix by @rushattac in #1964
Sigma tagger bugfix for empty tags in rule by @berggren in #1967
Added deploy_timesketch.ps1 by @JouniMi in #1953
Fix IP regex by @tomchop in #1969
Modify linux folder for sigma rules by @jaegeral in #1970
Documentation on how to update docs site by @berggren in #1971
Update review process for documentation by @berggren in #1972
fix mkdocs and introduce a documentation howto in docs/ by @jaegeral in #1973
Refactor documentation by @jaegeral in #1976
Update mkdocs.yml and add plugin by @berggren in #1977
Docs (timesketch.org) refactor by @berggren in #1980
Remove nav and toc from main page by @berggren in #1982
Refactor docs by @berggren in #1991
Notebook docs refactor by @berggren in #1992
Better UI dev by @tomchop in #1989
Fix Sigma backslash issue by @jaegeral in #1968
Sigma compose UI by @jaegeral in #1937
Streamline dev server by @berggren in #1994
New UI build by @berggren in #1995
add ParentImage to the sigma mapping by @jaegeral in #1996
Docs fixes by @berggren in #1993
add restarting services to the doc by @jaegeral in #2004
Expose new frontend development server (tcp:5001) by @berggren in #2005
Update timesketch.conf by @berggren in #2006
More API client examples in the dev documentation by @jaegeral in #2002
Issue 1887 timefilters bug by @binglot in #2008
fix csv of Sigma blocklist by @jaegeral in #2014
another missing column in sigma blocklist by @jaegeral in #2015
Fixed broken/outdated documentation URLs by @jleaniz in #2017
add date search examples to search query guide by @mark-hallman in #2013
s/zenmap/zmap by @jaegeral in #1997
Create Intelligence Documentation by @jaegeral in #1984
Unrecognized attributes get the "other" type by @tomchop in #2020
Add unit tests for frontend IOC guessing by @tomchop in #2021
More efficient IOC searching by @tomchop in #2026
Generate graph for a specific timeline by @berggren in #2027
UI build by @berggren in #2029
make it clear to which ID the timeline is uploaded by @jaegeral in #2030
Update sketch.py by @itsmvd in #2036
Troubleshooting doc by @jaegeral in #2042
how to scale ES by @jaegeral in #2040
mention celery job checking by @jaegeral in #2046
Delete and edit comments by @hkhalifa in #1885
UI: Change the behavior of the "Star Toggle" button by @binglot in #2049
Issue 1978: Fix limited list of Data Types by @binglot in #2055
Update import-from-json-csv.md by @jaegeral in #2063
Change how memory dedicated to ES's JVM is calculated by @rgayon in #2066
Expose Analyzer Logs in the Analyzers tab by @binglot in #2057
Add incompatible Sigma rules to the blocklist by @jaegeral in #2038
Add search examples to the documentation by @jaegeral in #2067
Typo by @tomchop in #2070
Migrate to OpenSearch for dev environment by @berggren in #2083
fix Timeksketch typo by @garanews in #2080
Switch to OpenSearch for e2e tests by @berggren in #2085
Switch to OpenSearch for release docker by @berggren in #2086
Remove Elasticsearch from release docker config by @berggren in #2089
Migrate to OpenSearch python client by @berggren in #2091
Better intelligence view by @tomchop in #2045
Introduce delete user to tsctl.py by @LeoAndTheTree in #2069
2033 sigma date unittest by @jaegeral in #2100
bugfix 2097 by @pydvlpr in #2099
Fix #2051 Sketch attributes deleted via the API cannot be re-added by an analyzer by @jonathan-greig in #2101
GCP Logging Analyzer by @jonathan-greig in #2079
Add intelligence page to user guide by @tomchop in #2106
Added permissions change to opensearch data directory by @ramo-j in #2110
Mention two blog post as reading recommendation by @jaegeral in #2107
New UI build by @berggren in #2114
Remove duplicates from sigma_config.yaml by @ZloeSabo in #2113
Mention Common Windows EventLog question in Docu by @jaegeral in #2108
Small typo in deployment script by @jaegeral in #2102
Update TsIOCMenu.vue by @itsmvd in #2118
Fix broken link to notebooks by @jaegeral in #2105
Minor changes to intelligence navigation by @tomchop in #2116
Issue#2097 2 by @pydvlpr in #2104
Dynamic tags in tagger analyzer by @tomchop in #2111
Whitespace in Sigma Keywords by @jaegeral in #2071
Fix for broken Pip package (upstream) by @berggren in #2133
Support more datetime formats for time filters by @sydp in #2075
Fix formating for nanosecond timestamps by @sydp in #2132
Next generation UI framework by @berggren in #2119
Add deprecated to sigma blocklist by @jaegeral in #2136
typos new attempt by @jaegeral in #2138
Better tag rendering in intelligence view by @tomchop in #2123
Add contrib directory for analyzers by @berggren in #2141
Serve Intelligence tag metadata via the API by @tomchop in #2140
Scenarios: Datamodel and API by @berggren in #1936
new UI build by @berggren in #2148
Support subpath for serving frontend by @berggren in #2149
Migrate to Flask 2.x by @berggren in #2154
Fix: typo for documents. by @digitalisx in #2156
Fix: typo for docs by @digitalisx in #2162
Add CLI client documentation by @berggren in #2163
Consistent formatting by @berggren in #2153
CLI client bugfixes by @berggren in #2164
Update install.md by @shannaniggans in #2160
Make session sticky for API clients by @berggren in #2167
Use of "Conditional Field Mappings" in Sigma by @binglot in #2169
[Documentation] update tsctl command create-user by @jaegeral in #2172
[Documentation] introduce debugging of test instructions by @jaegeral in #2174
Add pylint to the dev docs by @jaegeral in #2178
Sigma use in analyzer by @jaegeral in #2166
fix path to ts config in UI dev guide by @jaegeral in #2175
UI build by @berggren in #2179
Update sigma_config.yaml by @binglot in #2180
timesketch_cli_client.commands.search bug in timestamp handling by @jonathan-greig in #2186
Fixed marked library import by @anttitikkanen in #2190
adjust the Sigma documentation by @jaegeral in #2184
add mutex to Sigma mapping by @jaegeral in #2181
BigQuery Matcher Analyzer plugin by @anttitikkanen in #2131
deprecate the word blocklist in sigma context and use status instead by @jaegeral in #2198
Escape backslashes and spaces in generated OpenSearch queries by @tomchop in #2207
CSV with wrong extension stopped on UI side by @rishav-karanjit in #2147
Use all rules in the analyzer by @jaegeral in #2202
s/add-user/create-user by @jaegeral in #2212
Comment support in updated UI by @berggren in #2194
Preview search results directly from intelligence tab by @tomchop in #2205
[Sigma] Adding fs:bodyfile:entry to keep up with plaso output by @jaegeral in #2214
Documentation refactor by @berggren in #2216
Pinning the opensearch container to version 1.3.2. to fix #2195 by @jkppr in #2217
[Sigma] Adding Syslog to mapping by @jaegeral in #2215
Adjusted client.py to throw an error if no usable tty is found by @ramo-j in #2221
Update Spelling Across docs by @wcrum in #2226
[API client] Add get_event method to Sketch resource by @sydp in #2219
Allow OIDC API clients to consume OAuth tokens from several clients by @sa3eed3ed in #2209
add network/zeek/zeek_rdp_public_listener.yml to Sigma status csv by @jaegeral in #2227
New UI build by @berggren in #2230
Fixed a bug in the stories by @kiddinn in #2225
OIDC: Handle multiple client ids by @berggren in #2232
Add missing @login_required decorators by @jonathan-greig in #2236
Unit test test_invalid_algorithm_raises_jwt_validation_error failing in PPA tests by @jonathan-greig in #2239
Read "requester" from the correct location in plaso metadata by @anttitikkanen in #2243
Add a button in the intelligence view to to search for all IOCs by @tomchop in #2245
Update sigma.md by @jaegeral in #2249
Change link to upload timeline documentation in UI by @jaegeral in #2247
fix handling of PLASO_UPPER_MEMORY_LIMIT by @hur in #2244
UI 2255 by @marcobrotto in #2257
timesketch/api/v1/resources/timeline.py s/GET/POST typo by @jaegeral in #2258
Several bugfixes in intelligence view by @tomchop in #2254
Tag colorization improvements by @tomchop in #2240
Feature: Add new IOCs from the UI by @tomchop in #2256
Bring back disappearing codebase by @tomchop in #2260
Update dev README by @Nexidian in #2267
Minor upload form refactor to prevent upload of empty files by @Nexidian in #2269
fix missing mock in sigma_tagger_test.py by @rushattac in #2265
Add script options and flag for starting container during deployment by @harshalchaudhari35 in #2220
Fixes OpenSearch version reterival logic by @rushattac in #2189
Add feature to allow a user to map missing CSV headers by @marcobrotto in #2261
Fix broken e2e test - update psort args for Plaso 20220724 by @jonathan-greig in #2280
2276 feature extract doc by @jaegeral in #2277
UI: Sketch list, overview, new side panel layout, pagination by @berggren in #2282
improve Sigma documentation by @jaegeral in #2283
Pylint doc by @jaegeral in #2285
UI: Filter menu and save search dialog by @berggren in #2281
Update getting-started.md by @marcobrotto in #2287
Checkbox for multiple fields selection by @marcobrotto in #2278
Fix redirect for OIDC logins by @berggren in #2290
Build UI bundle by @berggren in #2291
Change default value of use rule in Sigma analyzer by @jaegeral in #2292
Enable UI v2 by @berggren in #2294
Add build files for UI v2 by @berggren in #2295
Allow complex tags in the Intelligence attribute by @tomchop in #2262
Tsdev.sh: a script for fast frontend/frontend-ng development by @marcobrotto in #2298
Sigma rule database model + tests by @jaegeral in #2296
Exists search guide by @jaegeral in #2308
s/sigma_blacklist.csv/sigma_rule_status.csv in contrib by @jaegeral in #2309
.gitignore - Ignore Python build artifacts for api and cli clients by @jonathan-greig in #2311
Proposed fix for Export Sketch feature which was not working. by @hkhalifa in #2316
Add manual event to timelines by @marcobrotto in #2304
hashR analyzer by @jkppr in #2266
Search history tree generation by @berggren in #2320
Add manual event by @marcobrotto in #2321
Upload json/jsonl/plaso/csv button in frontend-ng by @marcobrotto in #2313
Add Sigma Database to the API by @jaegeral in #2302
docs: Fix a few typos by @timgates42 in #2330
add vsvode and notebook checkpoints to .gitignore by @jaegeral in #2332
Update plaso args by @clowe-r7 in #2300
Wrap XML attributes in
```
 by @marcobrotto in #2327
```
Left panel layout by @berggren in #2324
UI: Selectable columns, star, tags by @berggren in #2286
Bump numpy from 1.19.0 to 1.21.0 by @dependabot in #2135
Upload UI with indexing progress information by @marcobrotto in #2326
Extend datasource model schema by @berggren in #2342
Updated Sigma support in the API client by @jaegeral in #2333
Python Notebook to debug the most common Timesketch API by @marcobrotto in #2348
DataSource error handling for Plaso files and upload bugfix with extension handling by @marcobrotto in #2343
Extend Search Templates model to support user defined parameters by @berggren in #2349
Remove doc_type from opensearch client code by @berggren in #2350
Changelog 2022-09 by @jaegeral in #2358
Modify Sigma analyzer / API Client / UX to use Database by @jaegeral in #2347
Search template UI by @berggren in #2355
UI: Scale to many timelines in the picker grid by @berggren in #2365
Sigma UI and import command with tsctl by @berggren in #2366
additions to tscl interacting with Sigma by @jaegeral in #2369
Update frontend-development.md by @jaegeral in #2367
Update docker images and CI tests to Ubuntu 22.04 by @berggren in #2372
Python code formatter GH action by @berggren in #2374
re-adding console.error(error.response.data) by @jaegeral in #2375
New UIv2 build by @berggren in #2380
Auto build: include all build files by @berggren in #2381
UI: Handle legacy datasources by @berggren in #2382
New build of old UI by @berggren in #2383
Add flush interval parameter by @Zawadidone in #2319
Refactor changelog by @berggren in #2385
Add investigative scenario to sketch by @berggren in #2386
Update tasks.py by @Zawadidone in #2391
Check if root_node in search history is none by @jaegeral in #2389
[API client] Add get_intelligence_attribute to sketch resource by @itsmvd in #2384
New UI build by @berggren in #2392
Optimize Yeti analyzer logic + some more changes by @tomchop in #2398
Adding maxmind attribution for the geoip analyzer by @jkppr in #2406
geoip attribution by @jkppr in #2407
Migrate OOB flow to localhost flow for OAuth2 auth by @jleaniz in #2379
Remove oob by @berggren in #2409
Support for adding event attributes via the API by @jonathan-greig in #2229
[Sigma] Update OriginalFileName mapping by @jaegeral in #2412
Snackbar by @berggren in #2405
use capitalize in currentUser in App.vue by @jaegeral in #2418
Update SearchTemplates.vue to check if no searchTemplates are on a system by @jaegeral in #2419
update Sigma doc to match the new Web UI by @jaegeral in #2427
Remove unused service by @berggren in #2433
Add e2e clarification for contributions by @tomchop in #2435
[Sigma] ship some basic but broad rules with Timesketch by @jaegeral in #2430
Scenarios and DFIQ functionality by @berggren in #2437
Fix typo in cli.py by @jaegeral in #2438
Ignore type errors running under Python 3.10 by @berggren in #2441
Context lookup API endpoint part 1 by @jkppr in #2440
Context lookup part 2 - front-end API client by @jkppr in #2445
Add sketch info to tsctl by @jaegeral in #2442
[tsctl] new command: tsctl info by @jaegeral in #2443
Add warning if plaso is not installed to tsctl by @jaegeral in #2446
refresh admin-cli documentation by @jaegeral in #2447
Context lookup part 3 - front-end UI by @jkppr in #2448
Context lookup part 4 - Documentation by @jkppr in #2450
[Sigma] try catch block if crypto.randomUUID is not supported by @jaegeral in #2456
Allow additional OIDC domains to access APIs when OAuth is used by @sa3eed3ed in #2421
Docs update - new landing page by @berggren in #2460
Scenarios conclusion by @berggren in #2451
UI: Tweaks for consistent colors by @berggren in #2464
Add proxy_read_timeout in gninx conf by @lprat in #2466
remove prettytable from tsctl to reduce dependencies by @jaegeral in #2461
Adding a trailing / to nginx.conf by @jaegeral in #2455
MISP and Hashlookup analyzers by @DavidCruciani in #2429
make black happy misp module by @jaegeral in #2470
Frontend dev doc update by @jaegeral in #2469
Update test plaso file by @berggren in #2473
Add colorpicker and rename timeline by @berggren in #2472
Add logout link by @berggren in #2496
Rename sketch by @berggren in #2495
Sigma add syslog:line to ssh data_types by @jaegeral in #2508
Fixed Issue #2505 - interface BaseAnalyzer class name by @roshanmaskey in #2506
Enable bulk edit by @berggren in #2497
Add share dialog by @berggren in #2471
Empty state by @berggren in #2501
Make the web console a bit less verbose by @rgayon in #2513
New UI build by @berggren in #2516
Add LinkedIn search queries by @tomchop in #2514
Indicator when sketch is loading by @berggren in #2517
Edit timefilter by @berggren in #2510
Removable chips by @berggren in #2519
New UI build by @berggren in #2520
SigmaStudio by @jaegeral in #2444
Updates to the timesketch.org docs by @jkppr in #2529
Frontend-ng a fixed id if crypto.randomUUID is not available by @jaegeral in #2537
black format fixing by @jaegeral in #2538
make Sigma util tests into dedicated test cases by @jaegeral in #2539
Deprecate File based Sigma rules by @jaegeral in #2509
[SigmaStudio]don't mutate the prop by @jaegeral in #2542
2023 02 08 new sigma doc and update Sigma notebook by @jaegeral in #2543
[Docs] update Sigma create rule gif by @jaegeral in #2544
2022 02 09 changelog jan by @jaegeral in #2547
sigma doc update, add screenshots by @jaegeral in #2548
[tsctl] add option column to tsctl list-sigma-rules by @jaegeral in #2549
Serve icons from local bundle by @berggren in #2546
UI consistency and API resource naming by @berggren in #2532
explorer view event action icon improvements by @jkppr in #2553
Copy field name/value icons for the EventDetail component by @jkppr in #2556
Add Context card for scenarios by @berggren in #2566
New UI build by @berggren in #2570
how to install dependencies for frontend-ng by @jaegeral in #2572
Threat intel in new UI by @berggren in #2545
Update features.yaml by @itsmvd in #2523
admin-cli analyzer-stats function by @jaegeral in #2502
Add retry logic to fetch_resource_data by @tomchop in #2552
Link back to explore session by @jkppr in #2582
UI update for the Left Panel by @jkppr in #2585
Reusable EventList component by @berggren in #2592
Port Graph to new UI by @berggren in #2587
Graph eventlist by @berggren in #2595
CLI: Add Tag to single event by @jaegeral in #2600
Update sigmastudio snackbars by @jkppr in #2603
Sigma rules to be deployed by default by @jaegeral in #2377
Stories by @berggren in #2610
Make tags reactive by @berggren in #2613
Bugfix: Stories not loading saved search by @berggren in #2615
Loading indicator for sigma rules by @berggren in #2616
Add Plaso staging e2e tests by @berggren in #2618
Bugfix: timeline url param support by @berggren in #2619
[CLI] add a show_internal_columns and json output to the explore method… by @jaegeral in #2607
[CLI] events group to add comments and tags to an event by @jaegeral in #2604
Making timestamp leading value when importing a csv by @jaegeral in #2586
Fix SSL verify behavior in API client by @FabFaeb in #2602
Consistent UI interactions by @berggren in #2621
Add docker configs to default paths of files and HTTP(S) ports by @lprat in #2011
Add default arg to PLASO_PPA_TRACK by @tomchop in #2625
Bugfix: Support new views, and don't edit on dblclick when in edit mode by @berggren in #2629
Add plaso version to version endpoint by @berggren in #2631
Sigma list speedup by @jaegeral in #2632
[Docs] CLI client dev guide + 2023-03 changelog by @jaegeral in #2637
Fix #2636 - expand the clickable area of EventList rows by @jkppr in #2639
Sigma UI refactor by @berggren in #2642
[Sigma API] remove enrich_sigma_rule_object from API and just use the util method by @jaegeral in #2634
Left menu UI polish by @berggren in #2645
Add Event Data Analytics/Aggregation Dialog by @sydp in #2622
Corrected grammatical error in the install.md file by @FazlOmar9 in #2647
[P17] Analyzer v2 UI by @jkppr in #2657
Empty state for Scenarios tab by @berggren in #2656
Make new UI the default by @berggren in #2662
Remove hover for story eventlist by @berggren in #2664
New UI build by @berggren in #2665
unittsts, new test csv and update to utils.py by @jaegeral in #2668
Handle CSV imports that's missing timestamp field by @berggren in #2669
Remove timestamp check by @berggren in #2671
Ignore invalid timelines by @Annoraaq in #2678
Filter analyzer results by display_name by @Annoraaq in #2679
Fix #2680 - tagging of events without a tag attribute by @jkppr in #2688
Fix for the pagination problems by @jkppr in #2691
new UI build by @jkppr in #2692
filter analyzers by timeline by @Annoraaq in #2699
Show active analyzers loading by @Annoraaq in #2700
make it easier to use the --sketch flag by @jaegeral in #2711
fixing failing tests by @jkppr in #2719
Delete timeline by @jkppr in #2696
Context Search by @berggren in #2715
Search with no timeline selected by @berggren in #2707
Fix alignment for left panel menu by @berggren in #2704
Exit early if there is no cytoscape instance by @berggren in #2708
[Analyzer] Sigma: NoneType error by @jaegeral in #2716
Enable sketch archiving by @berggren in #2701
Add context to timeline datasources by @berggren in #2702
Fix count error for failed timelines by @berggren in #2712
[CLI] adding event to a sketch by @jaegeral in #2599
Fix active analyzer status check bug by @jkppr in #2722
Untag event API resource by @jaegeral in #2724
Updated Tagging UI by @jkppr in #2694
Update to AnalyzerSessionActiveListResource API endpoint by @jkppr in #2725
Saved View left panel fixes by @berggren in #2713
API Client Typos and formatting by @jaegeral in #2731
add untag_event and untag_events to API client by @jaegeral in #2729
Update analyzer status sync UI by @jkppr in #2734
Add remove_tag to CLI client by @jaegeral in #2732
[Doc] add changelog for may, improve some other docs by @jaegeral in #2735
update markdown index by @jaegeral in #2736
[CLI] bugfix: respect --limit when using a saved_search by @jaegeral in #2737
New Cytoscape component (remove vue-cytoscape wrapper dependency) by @berggren in #2733
Don't use editable installs in github actions by @jaegeral in #2748
SSH feature extractions by @roshanmaskey in #2744
Windows login feature extraction by @roshanmaskey in #2745
[CLI] Add Sigma list / describe to timesketch cli by @jaegeral in #2620
Save SearchTemplates via YAML only by @berggren in #2750
add more details to the timelines CLI command by @jaegeral in #2751
Update troubleshooting.md by @jaegeral in #2756
AnalyzerOutput and supporting classes by @roshanmaskey in #2706
New ui build by @berggren in #2759
Docker build with release tag by @berggren in #2760

New Contributors

@alexgoedeke made their first contribution in #1645
@stevengoossensB made their first contribution in #1696
@toshiro92 made their first contribution in #1702
@asmirazali made their first contribution in #1717
@warrinot made their first contribution in #1758
@jordanrule made their first contribution in #1788
@nagytam made their first contribution in #1799
@hkhalifa made their first contribution in #1893
@rushattac made their first contribution in #1849
@JouniMi made their first contribution in #1953
@jleaniz made their first contribution in #2017
@mark-hallman made their first contribution in #2013
@LeoAndTheTree made their first contribution in #2069
@pydvlpr made their first contribution in #2099
@jonathan-greig made their first contribution in #2101
@ramo-j made their first contribution in #2110
@ZloeSabo made their first contribution in #2113
@digitalisx made their first contribution in #2156
@shannaniggans made their first contribution in #2160
@anttitikkanen made their first contribution in #2190
@rishav-karanjit made their first contribution in #2147
@wcrum made their first contribution in #2226
@sa3eed3ed made their first contribution in #2209
@hur made their first contribution in #2244
@marcobrotto made their first contribution in #2257
@Nexidian made their first contribution in #2267
@harshalchaudhari35 made their first contribution in #2220
@timgates42 made their first contribution in #2330
@clowe-r7 made their first contribution in #2300
@Zawadidone made their first contribution in #2319
@DavidCruciani made their first contribution in #2429
@FabFaeb made their first contribution in #2602
@FazlOmar9 made their first contribution in #2647

Full Changelog: 2021022...2023051