Releases: google/timesketch
20241129
What's Changed
- Add document/page title for sketches by @itsmvd in #3210
- [Tagger Analyzer] AWS cloudtrail config by @raihalea in #3224
- Fix: Correctly handle dynamic tags without modifiers by @jkppr in #3211
- Frontend v3 Scaffold by @berggren in #3188
- Change icon for opening TI view. by @jkppr in #3213
- Provide actionable error message for complex search queries by @jkppr in #3233
- Update location of tsdev.sh in docs by @itsmvd in #3209
- Update getTimelineFields to return union of Timeline fields by @sydp in #3203
- Upgrade unfurl and aiplatform dependencies by @jkppr in #3215
- Fix broken unit test workflows by @jkppr in #3231
- Bump happy-dom from 12.10.3 to 15.10.1 in /timesketch/frontend-ng in the npm_and_yarn group by @dependabot in #3222
- Bump cryptography from 43.0.0 to 43.0.1 in the pip group by @dependabot in #3176
- Fix: Resolve pytype --strict-none-binding issue in the api client by @jkppr in #3214
- Added Sigma mapping for certificateservicesclient-lifecycle-system by @pyllyukko in #3223
- Add a warning snackbar by @jkppr in #3234
New Contributors
- @pyllyukko made their first contribution in #3223
Full Changelog: 2024100...2024112
20241009
⚠️ Note⚠️
Upgrading to this Timesketch version requires a database upgrade!
See https://timesketch.org/guides/admin/upgrade/ for more details.
What's Changed
- Add query string filtering to Visualizations by @sydp in #3182
- DFIQ Analyzer Implementation by @jkppr in #3178
- Add --skip-create-user option to enable non-interactive deployments by @raihalea in #3194
- Enable passing on auto-run analyzers parameter when using importer library by @YiChiCanCode in #3143
- Prevent opensearch from aggregating across all indices. by @jkppr in #3192
- [CLI] export archive and unarchive a sketch by @jaegeral in #3174
- Adding unittests for several csv import related timestamp / datetime edge cases by @jaegeral in #3177
- [tests] attempt to add more unit tests and e2e tests for import of vari… by @jaegeral in #3179
- Smaller refactoring, adding readmes to folders by @jaegeral in #3183
- move the tests_events folder to tests by @jaegeral in #3185
- [Tech dept] update contrib readme, update utils readme and move tsdev from contri… by @jaegeral in #3186
- Remove analyzer_run.py by @jaegeral in #3187
- 2024 09 spelling by @jaegeral in #3181
- Update the
sigma_events.csv
reference by @emmanuel-ferdman in #3196 - Fix analyzer parsing auth events by @dfjxs in #3190
New Contributors
- @YiChiCanCode made their first contribution in #3143
- @raihalea made their first contribution in #3194
- @emmanuel-ferdman made their first contribution in #3196
- @dfjxs made their first contribution in #3190
Full Changelog: 2024082...2024100
20240828
⚠️ Note⚠️
Upgrading to this Timesketch version requires a database upgrade!
See https://timesketch.org/guides/admin/upgrade/ for more details.
What's Changed
- DFIQ card redesign and AI query UI by @berggren in #3157
- Add visualizations to stories by @sydp in #3129
- Enable/Disable Scenarios via system settings by @jkppr in #3169
- Support for DFIQ v1.1 by @berggren in #3163
- Fix: Handle special characters in queries and filter chips by @jkppr in #3168
- API Client: Add investigative question handling. by @jkppr in #3144
- Bumping google-auth version from 1.7.0 to 2.32.0 by @yohandiaz in #3133
- Fix table row height in Firefox by @Annoraaq in #3139
- Bump the pip group across 1 directory with 4 updates by @dependabot in #3097
- Add timeline selection to visualization editor by @sydp in #3140
- Adding a dependabot.yml by @jkppr in #3142
- Add timeline rename functionality to timesketch cli tool by @jaegeral in #3156
- CLI client: timeline delete by @jaegeral in #3158
- CLI client: Change timeline color for a given timeline by @jaegeral in #3159
- tsctl - variable is referenced before assignment search_templates by @jaegeral in #3162
- API client: Update scenario handling for dfiq 1.1 schema by @jkppr in #3161
- API client: Adjust list/add scenarios & questions function for new dfiq 1.1 backend by @jkppr in #3165
- Error handling for DFIQ data import by @jkppr in #3170
New Contributors
- @yohandiaz made their first contribution in #3133
Full Changelog: 2024071...2024082
20240717
What's Changed
- ApexChart based visualizations by @sydp in #3040
- Create new NL2Q API. by @dianakramer in #3073
- Prompt V2 for NL2Q by @lrosique in #3122
- MISP analyzer update by @DavidCruciani in #3106
- Adding csv export to tsctl analyzer-stats by @jkppr in #3095
- Remove old style indexes (UI) by @Annoraaq in #3091
- Remove duplicative flush() call to address issue 2796. by @mari0d in #3115
- Correct timeline_name length error message by @itsmvd in #3099
- API Search Client max entries bug and standardize property usage by @jawilson0502 in #3101
- Add only tags created by an analyzer to the output by @jkppr in #3108
- Fix UI bug for archived sketches by @jkppr in #3110
- Merge multiple intelligence attributes if present by @tomchop in #3113
- yetiindicators.py: More precise queries when looking for SHA256 indicators by @tomchop in #3117
- Changes to the Yeti Indicators analyzer by @tomchop in #3118
- Improved error handling for closing index by @jkppr in #3123
- Update Opensearch to 2.15.0 by @jkppr in #3125
- Bump the npm_and_yarn group across 2 directories with 1 update by @dependabot in #3126
- UI build 20240717 by @jkppr in #3127
New Contributors
- @dianakramer made their first contribution in #3073
- @jawilson0502 made their first contribution in #3101
- @lrosique made their first contribution in #3122
- @mari0d made their first contribution in #3115
Full Changelog: 20240508.1...2024071
20240508.1
What's Changed
Full Changelog: 2024050...20240508.1
20240508
What's Changed
- Save searches without results by @jkppr in #3060
- Bump nginx version by @jkppr in #3077
- tsdev.sh update by @rocketeeer in #3081
- Support for observables in Yeti analyzers by @tomchop in #3061
- Added check to invalid API endpoints to close issue #3005 by @TedmanNguyen in #3058
- Updating the documentation by @jkppr in #3057
- Remove sigma_rule_status.csv from Installation Helper Scripts by @Aevyz in #3063
- Update api-upload-data.md by @berggren in #3068
- Fix tsctl on a prod deployment by @jkppr in #3088
- UI build 20240508 by @jkppr in #3089
New Contributors
- @Aevyz made their first contribution in #3063
- @rocketeeer made their first contribution in #3081
- @TedmanNguyen made their first contribution in #3058
Full Changelog: 2024032...2024050
20240328
Note
Upgrading to this Timesketch version requires a database upgrade!
See https://timesketch.org/guides/admin/upgrade/ for more details.
What's Changed
- DFIQ new UI and navigation by @berggren in #3041
- User profile and settings support by @berggren in #3048
- Enhancements to Yeti indicators by @tomchop in #3038
- More precise field selection when searching by @tomchop in #3044
- Use subqueryload to make loading events with comments faster by @tomchop in #3049
- Improvements to the sigma handling by @tomchop in #3050
- Update run_analyzers in the api client by @jkppr in #3037
- Fix a bug in the feature_extraction analyzer by @jkppr in #3047
Full Changelog: 2024020...2024032
20240207
What's Changed
- Collapsable left panel by @berggren in #3008
- Support for Large Language Model (LLM) services by @berggren in #3019
- Implement user management (create, list, get) via API by @lo-chr in #3024
- Setup frontend unit tests with vitest by @Annoraaq in #3013
- Fix failing Plaso uploads after 6 months by @jkppr in #3017
- Fix error handling in the API client by @jkppr in #3006
- Add optional TLS verification by @tomchop in #3016
- Yeti analyzer fix: use session object by @tomchop in #3020
- Adjust query for Yeti indicators by @tomchop in #3009
- Mark events with indicator's relevant_tags (Yeti) by @tomchop in #3022
- Bump cryptography from 41.0.4 to 41.0.6 by @dependabot in #2998
- SQLalchemy upgrade - step one by @berggren in #2979
- Fix: get and use access token for Yeti by @tomchop in #3010
- Adding form validation to prevent names > 255 char. by @jkppr in #3026
- Update black formatting by @jkppr in #3031
- Timesketch API client: Adding type check to prevent error. by @jkppr in #3030
- Fix double escaping in sigma_util causing yaml.parser.ParserError by @lo-chr in #3028
- Move "old UI" button by @jkppr in #3033
- UI build 20240207 by @jkppr in #3035
New Contributors
Full Changelog: 2023120...2024020
20231206
What's Changed
- Left panel timeline management by @Annoraaq in #2999
- Extract Windows event logs messages attributes by @roshanmaskey in #2910
- API client: Return all field for analysis sessions by @tomchop in #2504
- Highlight DFIQ context card by @berggren in #2996
- Introduce (large) CSV import in e2e tests by @jaegeral in #2912
- "Add to Threat Intelligence" via context links by @jkppr in #2980
- Graph bug and layout fix by @berggren in #2994
- Feature extraction config for BITS and Terminal Services by @roshanmaskey in #2974
- Adjust default example text for yeti endpoint by @tomchop in #2963
- Adding a copy action to filter chips by @JohannesLks in #2990
- Update to the windows deployment script by @coloradosarge in #3000
- Adding and updating tooltips for icons by @jkppr in #2983
- Fix hidden text by @jkppr in #2965
- bug-fix for context links by @jkppr in #2962
- Update for upgrade documentation by @jkppr in #2967
- Removing old feature extractor analyzer by @jkppr in #2969
- Update for the context_links documentation by @jkppr in #2970
- Updating the feature extraction analyzer documentation by @jkppr in #2973
- [tests] Add jsonl e2e tests by @jaegeral in #2976
- Fix vue dependency issues with "v-calendar" by @jkppr in #2989
- Mute noisy info logging in the feature extraction analyzer by @jkppr in #2993
- New empty-state and left panel bugfix by @berggren in #2991
- Update the analyzer timeline picker by @jkppr in #3001
- UI build 20231206 by @jkppr in #3002
New Contributors
- @JohannesLks made their first contribution in #2990
- @coloradosarge made their first contribution in #3000
Full Changelog: 2023102...2023120
20231025
Note
Upgrading to this Timesketch version requires a database upgrade!
See https://timesketch.org/guides/admin/upgrade/ for more details.
What's Changed
- filter chip fixes by @jkppr in #2893
- Adding multi analyzer result support by @jkppr in #2894
- Fix CSV upload without timestamp_desc by @jkppr in #2896
- Bump cryptography from 41.0.3 to 41.0.4 by @dependabot in #2904
- Deprecate Sigma status CSV usage from code by @jaegeral in #2913
- Add intelligence command to the CLI client by @jaegeral in #2864
- UI build 2023-10-05 by @jkppr in #2926
- Fix missing plaso_formatters by @jkppr in #2933
- Refactor base layout by @berggren in #2929
- ui build 20231010 by @jkppr in #2934
- Fix #2908 tagger bug by @jkppr in #2935
- Update yeti analyzer by @tomchop in #2930
- Adjusting regular expressions for features extraction by @tomchop in #2932
- [Documentation] timesketch_client.TimesketchApi in api client documentation by @jaegeral in #2938
- Improvements to the Yeti analyzer by @tomchop in #2942
- Truncate timeline names in analyzer results by @jkppr in #2945
- API client method to delete Sigma rule by @jaegeral in #2924
- Fix missing sketchId in Search.vue by @jkppr in #2955
- Unfurl integration by @jkppr in #2897
- Copy saved search ID by @jkppr in #2956
- Support emojis in new UI by @NightAcrobat777 in #2951
- SSL/TLS support and authentication for SMTP by @fazledyn-or in #2940
- Instantiate side panel only once by @berggren in #2949
- Unit test to ensure invalid timestamp conversions do not occur by @bwhelan212 in #2954
- Add DFIQ context to SearchHistory by @berggren in #2957
- Sanitise HTML from Unfurl by @berggren in #2959
- Context link backwards compatibility & sanitation by @jkppr in #2958
- UI build 2023-10-25 by @jkppr in #2960
New Contributors
- @NightAcrobat777 made their first contribution in #2951
- @fazledyn-or made their first contribution in #2940
- @bwhelan212 made their first contribution in #2954
Full Changelog: 2023091...2023102