# Changelog All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## [1.1.6] - 2022-11-15 ## Added - Исправлены тесты ## [1.1.5] - 2022-10-21 ## Added - Изменено сообщение лога [MC-1308](https://jira.iwarma.ru/browse/MC-1308) - Тест полей аггрегированных событий [MC-824](https://jira.iwarma.ru/browse/MC-824) - Для правила типа syslog поле "proto" измнено на "protocol" [MC-1347](https://jira.iwarma.ru/browse/MC-1347) - Для правила HTTP добавлен timeout [MC-1436](https://jira.iwarma.ru/browse/MC-1436) ## [1.1.4] - 2022-07-25 ## Added - Маппинг полей при создании индекса [MC-1061](https://jira.iwarma.ru/browse/MC-1061) ## Fixed - Исправлены тесты для запуска всех тестов разом [MC-845](https://jira.iwarma.ru/browse/MC-845) ## [1.1.3] - -2022-07-20 ## Fixed - Добавление тэга в событие [MC-166](https://jira.iwarma.ru/browse/MC-166) ## [1.1.2] ### Fixed - Длинна заголовка инцидента увеличена с 128 до 256 символов [MC-723](https://jira.iwarma.ru/browse/MC-723) - Циклическое создание инцидентов [MC-166](https://jira.iwarma.ru/browse/MC-166) ## [1.1.1] -2022-05-31 ### Fixed - Исправлена отправка агрегированных событий в elastic [MC-819](https://jira.iwarma.ru/browse/MC-819) ## [1.1.0] - 2022-05-23 ### Added - Добавлено поле ``message`` для сообщений от suricata [MC-97](https://jira.iwarma.ru/browse/MC-97) - Добавлен универсальный CEF приемник [MC-327](https://jira.iwarma.ru/browse/MC-327) ## [1.0.10] - 2022-05-12 ### Changed - Изменен цикл агрегации событий (добавлен лимит на выгрузку событий) [#23](https://gitlab.iwarma.ru/iwa/dev/console/correlator/-/issues/23) - Переработана работа с предикатами [#18](https://gitlab.iwarma.ru/iwa/dev/console/correlator/-/issues/18) ## [1.0.9] - 2021-11-09 ### Changed - Disable function name in log messages - Update bulk requests are now send inside rule execution loop ## [1.0.8] - 2021-10-30 ### Changed - Fix problem in CheckAndCreateIndex, when index already exist ## [1.0.7] - 2021-10-25 ### Added - Custom aggregation fields - Create aggregated index if we don't have one - YAML format for config file ### Changed - File config_example.json. Update elasticsearch section ## [1.0.6] - 2021-09-01 ### Fixed - If we have an error in RunRulesSync's elastic call, we now throw error and disable this rule ## [1.0.5] - 2021-08-11 ### Added - Query string predicate ## [1.0.4] - 2021-08-03 ### Changed - Now all ignore ssl error options are enabled by default ## [1.0.3] - 2021-07-15 ### Changed - Add ability to ignore SSL errors in elasticsearch client - Add ability to ignore SSL errors in requests to Console ## [1.0.2] - 2021-06-23 ### Fixed - For http action, we not process content-type header correctly - Fix problem with index creation in main.go ## [1.0.1] - 2021-06-08 ### Changed - Now, normalized events show it's index ## [1.0.0] ### Changed - New elasticsearch connection package - Aggregator algorithm ## [0.1.29] - 2021-04-14 ### Changed - Add option to select log formatter - Add ability to encode query to elasticsearch ## [0.1.28] - 2021-03-19 ### Added - Ability to set logging level - Logging to file - Log rotation ### Changed - Logging verbosity ## [0.1.27] - 2021-01-04 ### Fixed - Problem with FirewallRule. Sucscess response was parsed wrong ## [0.1.26] - 2020-11-11 ### Added - FirewallRule action will send apply request to firewall after all rules created - TestServer to simulate HTTP endpoints ### Changed - Correlator bash test ## [0.1.25] - 2020-11-10 ### Changed - Fix firewall action template render ## [0.1.24] - 2020-11-10 ### Changed - For incident action, selet multi rule to add all events to that incident ## [0.1.23] - 2020-11-06 ### Changed - Add sensor type to incident and asset actions ## [0.1.22] - 2020-11-02 ### Changed - Replace API handler functions with closure generators - Replace API router with Gorilla - Fix error messages in FirewallAction.ParseInterface func ## [0.1.21] - 2020-10-30 ### Added - Smart mapping ## [0.1.20] - 2020-10-28 ### Added - Add option CFG_A_CLEAR_NORMALIZED to clear normalized events after correlatrion. This must prevent disk overflow. ## [0.1.19] - 2020-10-28 ### Added - GetNow function to get current time accordint to CFG_UTC_NOW setting ### Changed - Functions, where aggregator and correlator create time range, now use GetNow to sinc querys to global system time ## [0.1.18] - 2020-10-28 ### Added - Flags to disable aggregator and correlator ## [0.1.17] - 2020-10-27 ### Changed - Move aggregator to separate function ### Added - Agg integration test for aggregator ## [0.1.16] - 2020-10-22 ### Changed - Add "Single" action rule. In such rule, action will be applyed to every event that match rule predicat ## [0.1.14] - 2020-10-20 ### Changed - Change incident action title field. Now it limited by 127 symbols - Change aggregated event hash function, now it's SHA 512/256 ## [0.1.13] - 2020-10-05 ### Changed - Change ARMAIF response parsing code ## [0.1.12] - 2020-10-05 ### Changed - Move request\response dump code to separate function ## [0.1.11] - 2020-10-05 ### Changed - Fix FirewallAction interface argument, now it's a string not a list ## [0.1.10] - 2020-10-04 ### Changed - Fix FirewallAction dump requests ## [0.1.9] - 2020-10-04 ### Changed - Dump FirewallAction requests wil hawe a more informative content - Dump FirewallAction requests will have a more human-readable file name ## [0.1.8] - 2020-10-04 ### Added - Dump FirewallAction requests ## [0.1.7] - 2020-10-04 ### Changed - Fix FirewallAction logging - Fix FirewallAction ARMAIF response status check. There was 201 instead of 200. ## [0.1.6] - 2020-10-04 ### Changed - Fix FirewallAction interface list serialization ## [0.1.5] - 2020-10-04 ### Changed - Now, FirewallAction interface will send as list to ARMAIF ## [0.1.4] - 2020-10-04 ### Changed - Remove FirewallAcrion description size check. Now, it's up to Django, to validate it's length ## [0.1.3] - 2020-10-04 ### Changed - Remove description template from FirewallAction ## [0.1.2] - 2020-10-04 ### Changed - FirewallAction url ## [0.1.1] - 2020-10-04 ### Added - Add FirewallAction ability to send actual requests to ARMAIF