t0xa/old_console
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
old_console/correlator/CHANGELOG.md
pro100ton ed782d491a Initial migration
2024-11-02 14:12:45 +03:00

6.7 KiB
Raw Permalink Blame History

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[1.1.6] - 2022-11-15

Added

  • Исправлены тесты

[1.1.5] - 2022-10-21

Added

  • Изменено сообщение лога MC-1308
  • Тест полей аггрегированных событий MC-824
  • Для правила типа syslog поле "proto" измнено на "protocol" MC-1347
  • Для правила HTTP добавлен timeout MC-1436

[1.1.4] - 2022-07-25

Added

  • Маппинг полей при создании индекса MC-1061

Fixed

  • Исправлены тесты для запуска всех тестов разом MC-845

[1.1.3] - -2022-07-20

Fixed

  • Добавление тэга в событие MC-166

[1.1.2]

Fixed

  • Длинна заголовка инцидента увеличена с 128 до 256 символов MC-723
  • Циклическое создание инцидентов MC-166

[1.1.1] -2022-05-31

Fixed

  • Исправлена отправка агрегированных событий в elastic MC-819

[1.1.0] - 2022-05-23

Added

  • Добавлено поле message для сообщений от suricata MC-97
  • Добавлен универсальный CEF приемник MC-327

[1.0.10] - 2022-05-12

Changed

  • Изменен цикл агрегации событий (добавлен лимит на выгрузку событий) #23
  • Переработана работа с предикатами #18

[1.0.9] - 2021-11-09

Changed

  • Disable function name in log messages
  • Update bulk requests are now send inside rule execution loop

[1.0.8] - 2021-10-30

Changed

  • Fix problem in CheckAndCreateIndex, when index already exist

[1.0.7] - 2021-10-25

Added

  • Custom aggregation fields
  • Create aggregated index if we don't have one
  • YAML format for config file

Changed

  • File config_example.json. Update elasticsearch section

[1.0.6] - 2021-09-01

Fixed

  • If we have an error in RunRulesSync's elastic call, we now throw error and disable this rule

[1.0.5] - 2021-08-11

Added

  • Query string predicate

[1.0.4] - 2021-08-03

Changed

  • Now all ignore ssl error options are enabled by default

[1.0.3] - 2021-07-15

Changed

  • Add ability to ignore SSL errors in elasticsearch client
  • Add ability to ignore SSL errors in requests to Console

[1.0.2] - 2021-06-23

Fixed

  • For http action, we not process content-type header correctly
  • Fix problem with index creation in main.go

[1.0.1] - 2021-06-08

Changed

  • Now, normalized events show it's index

[1.0.0]

Changed

  • New elasticsearch connection package
  • Aggregator algorithm

[0.1.29] - 2021-04-14

Changed

  • Add option to select log formatter
  • Add ability to encode query to elasticsearch

[0.1.28] - 2021-03-19

Added

  • Ability to set logging level
  • Logging to file
  • Log rotation

Changed

  • Logging verbosity

[0.1.27] - 2021-01-04

Fixed

  • Problem with FirewallRule. Sucscess response was parsed wrong

[0.1.26] - 2020-11-11

Added

  • FirewallRule action will send apply request to firewall after all rules created
  • TestServer to simulate HTTP endpoints

Changed

  • Correlator bash test

[0.1.25] - 2020-11-10

Changed

  • Fix firewall action template render

[0.1.24] - 2020-11-10

Changed

  • For incident action, selet multi rule to add all events to that incident

[0.1.23] - 2020-11-06

Changed

  • Add sensor type to incident and asset actions

[0.1.22] - 2020-11-02

Changed

  • Replace API handler functions with closure generators
  • Replace API router with Gorilla
  • Fix error messages in FirewallAction.ParseInterface func

[0.1.21] - 2020-10-30

Added

  • Smart mapping

[0.1.20] - 2020-10-28

Added

  • Add option CFG_A_CLEAR_NORMALIZED to clear normalized events after correlatrion. This must prevent disk overflow.

[0.1.19] - 2020-10-28

Added

  • GetNow function to get current time accordint to CFG_UTC_NOW setting

Changed

  • Functions, where aggregator and correlator create time range, now use GetNow to sinc querys to global system time

[0.1.18] - 2020-10-28

Added

  • Flags to disable aggregator and correlator

[0.1.17] - 2020-10-27

Changed

  • Move aggregator to separate function

Added

  • Agg integration test for aggregator

[0.1.16] - 2020-10-22

Changed

  • Add "Single" action rule. In such rule, action will be applyed to every event that match rule predicat

[0.1.14] - 2020-10-20

Changed

  • Change incident action title field. Now it limited by 127 symbols
  • Change aggregated event hash function, now it's SHA 512/256

[0.1.13] - 2020-10-05

Changed

  • Change ARMAIF response parsing code

[0.1.12] - 2020-10-05

Changed

  • Move request\response dump code to separate function

[0.1.11] - 2020-10-05

Changed

  • Fix FirewallAction interface argument, now it's a string not a list

[0.1.10] - 2020-10-04

Changed

  • Fix FirewallAction dump requests

[0.1.9] - 2020-10-04

Changed

  • Dump FirewallAction requests wil hawe a more informative content
  • Dump FirewallAction requests will have a more human-readable file name

[0.1.8] - 2020-10-04

Added

  • Dump FirewallAction requests

[0.1.7] - 2020-10-04

Changed

  • Fix FirewallAction logging
  • Fix FirewallAction ARMAIF response status check. There was 201 instead of 200.

[0.1.6] - 2020-10-04

Changed

  • Fix FirewallAction interface list serialization

[0.1.5] - 2020-10-04

Changed

  • Now, FirewallAction interface will send as list to ARMAIF

[0.1.4] - 2020-10-04

Changed

  • Remove FirewallAcrion description size check. Now, it's up to Django, to validate it's length

[0.1.3] - 2020-10-04

Changed

  • Remove description template from FirewallAction

[0.1.2] - 2020-10-04

Changed

  • FirewallAction url

[0.1.1] - 2020-10-04

Added

  • Add FirewallAction ability to send actual requests to ARMAIF