285 lines
6.7 KiB
Markdown
285 lines
6.7 KiB
Markdown
# Changelog
|
||
All notable changes to this project will be documented in this file.
|
||
|
||
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
||
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
||
|
||
## [1.1.6] - 2022-11-15
|
||
## Added
|
||
- Исправлены тесты
|
||
|
||
## [1.1.5] - 2022-10-21
|
||
## Added
|
||
- Изменено сообщение лога [MC-1308](https://jira.iwarma.ru/browse/MC-1308)
|
||
- Тест полей аггрегированных событий [MC-824](https://jira.iwarma.ru/browse/MC-824)
|
||
- Для правила типа syslog поле "proto" измнено на "protocol" [MC-1347](https://jira.iwarma.ru/browse/MC-1347)
|
||
- Для правила HTTP добавлен timeout [MC-1436](https://jira.iwarma.ru/browse/MC-1436)
|
||
|
||
## [1.1.4] - 2022-07-25
|
||
## Added
|
||
|
||
- Маппинг полей при создании индекса [MC-1061](https://jira.iwarma.ru/browse/MC-1061)
|
||
|
||
## Fixed
|
||
|
||
- Исправлены тесты для запуска всех тестов разом [MC-845](https://jira.iwarma.ru/browse/MC-845)
|
||
|
||
## [1.1.3] - -2022-07-20
|
||
|
||
## Fixed
|
||
|
||
- Добавление тэга в событие [MC-166](https://jira.iwarma.ru/browse/MC-166)
|
||
|
||
## [1.1.2]
|
||
|
||
### Fixed
|
||
|
||
- Длинна заголовка инцидента увеличена с 128 до 256 символов [MC-723](https://jira.iwarma.ru/browse/MC-723)
|
||
- Циклическое создание инцидентов [MC-166](https://jira.iwarma.ru/browse/MC-166)
|
||
|
||
|
||
## [1.1.1] -2022-05-31
|
||
|
||
### Fixed
|
||
|
||
- Исправлена отправка агрегированных событий в elastic [MC-819](https://jira.iwarma.ru/browse/MC-819)
|
||
|
||
## [1.1.0] - 2022-05-23
|
||
|
||
### Added
|
||
|
||
- Добавлено поле ``message`` для сообщений от suricata [MC-97](https://jira.iwarma.ru/browse/MC-97)
|
||
- Добавлен универсальный CEF приемник [MC-327](https://jira.iwarma.ru/browse/MC-327)
|
||
|
||
## [1.0.10] - 2022-05-12
|
||
|
||
### Changed
|
||
- Изменен цикл агрегации событий (добавлен лимит на выгрузку событий) [#23](https://gitlab.iwarma.ru/iwa/dev/console/correlator/-/issues/23)
|
||
- Переработана работа с предикатами [#18](https://gitlab.iwarma.ru/iwa/dev/console/correlator/-/issues/18)
|
||
|
||
## [1.0.9] - 2021-11-09
|
||
|
||
### Changed
|
||
- Disable function name in log messages
|
||
- Update bulk requests are now send inside rule execution loop
|
||
|
||
## [1.0.8] - 2021-10-30
|
||
|
||
### Changed
|
||
- Fix problem in CheckAndCreateIndex, when index already exist
|
||
|
||
## [1.0.7] - 2021-10-25
|
||
|
||
### Added
|
||
- Custom aggregation fields
|
||
- Create aggregated index if we don't have one
|
||
- YAML format for config file
|
||
|
||
### Changed
|
||
- File config_example.json. Update elasticsearch section
|
||
|
||
## [1.0.6] - 2021-09-01
|
||
|
||
### Fixed
|
||
- If we have an error in RunRulesSync's elastic call, we now throw error and
|
||
disable this rule
|
||
|
||
## [1.0.5] - 2021-08-11
|
||
|
||
### Added
|
||
- Query string predicate
|
||
|
||
## [1.0.4] - 2021-08-03
|
||
|
||
### Changed
|
||
- Now all ignore ssl error options are enabled by default
|
||
|
||
## [1.0.3] - 2021-07-15
|
||
|
||
### Changed
|
||
- Add ability to ignore SSL errors in elasticsearch client
|
||
- Add ability to ignore SSL errors in requests to Console
|
||
|
||
## [1.0.2] - 2021-06-23
|
||
|
||
### Fixed
|
||
- For http action, we not process content-type header correctly
|
||
- Fix problem with index creation in main.go
|
||
|
||
|
||
## [1.0.1] - 2021-06-08
|
||
|
||
### Changed
|
||
- Now, normalized events show it's index
|
||
|
||
## [1.0.0]
|
||
|
||
### Changed
|
||
- New elasticsearch connection package
|
||
- Aggregator algorithm
|
||
|
||
## [0.1.29] - 2021-04-14
|
||
|
||
### Changed
|
||
- Add option to select log formatter
|
||
- Add ability to encode query to elasticsearch
|
||
|
||
## [0.1.28] - 2021-03-19
|
||
|
||
### Added
|
||
- Ability to set logging level
|
||
- Logging to file
|
||
- Log rotation
|
||
|
||
### Changed
|
||
- Logging verbosity
|
||
|
||
## [0.1.27] - 2021-01-04
|
||
|
||
### Fixed
|
||
- Problem with FirewallRule. Sucscess response was parsed wrong
|
||
|
||
## [0.1.26] - 2020-11-11
|
||
|
||
### Added
|
||
- FirewallRule action will send apply request to firewall
|
||
after all rules created
|
||
- TestServer to simulate HTTP endpoints
|
||
|
||
### Changed
|
||
- Correlator bash test
|
||
|
||
## [0.1.25] - 2020-11-10
|
||
|
||
### Changed
|
||
- Fix firewall action template render
|
||
|
||
## [0.1.24] - 2020-11-10
|
||
|
||
### Changed
|
||
- For incident action, selet multi rule to add
|
||
all events to that incident
|
||
|
||
## [0.1.23] - 2020-11-06
|
||
|
||
### Changed
|
||
- Add sensor type to incident and asset actions
|
||
|
||
## [0.1.22] - 2020-11-02
|
||
|
||
### Changed
|
||
- Replace API handler functions with closure generators
|
||
- Replace API router with Gorilla
|
||
- Fix error messages in FirewallAction.ParseInterface func
|
||
|
||
## [0.1.21] - 2020-10-30
|
||
|
||
### Added
|
||
- Smart mapping
|
||
|
||
## [0.1.20] - 2020-10-28
|
||
|
||
### Added
|
||
- Add option CFG_A_CLEAR_NORMALIZED to clear normalized events
|
||
after correlatrion. This must prevent disk overflow.
|
||
|
||
## [0.1.19] - 2020-10-28
|
||
|
||
### Added
|
||
- GetNow function to get current time accordint to CFG_UTC_NOW setting
|
||
|
||
### Changed
|
||
- Functions, where aggregator and correlator create time range, now
|
||
use GetNow to sinc querys to global system time
|
||
|
||
## [0.1.18] - 2020-10-28
|
||
|
||
### Added
|
||
- Flags to disable aggregator and correlator
|
||
|
||
## [0.1.17] - 2020-10-27
|
||
|
||
### Changed
|
||
- Move aggregator to separate function
|
||
|
||
### Added
|
||
- Agg integration test for aggregator
|
||
|
||
## [0.1.16] - 2020-10-22
|
||
|
||
### Changed
|
||
- Add "Single" action rule. In such rule, action will be applyed
|
||
to every event that match rule predicat
|
||
|
||
## [0.1.14] - 2020-10-20
|
||
|
||
### Changed
|
||
- Change incident action title field. Now it limited by 127 symbols
|
||
- Change aggregated event hash function, now it's SHA 512/256
|
||
|
||
## [0.1.13] - 2020-10-05
|
||
|
||
### Changed
|
||
- Change ARMAIF response parsing code
|
||
|
||
## [0.1.12] - 2020-10-05
|
||
|
||
### Changed
|
||
- Move request\response dump code to separate function
|
||
|
||
## [0.1.11] - 2020-10-05
|
||
|
||
### Changed
|
||
- Fix FirewallAction interface argument, now it's a string not a list
|
||
|
||
## [0.1.10] - 2020-10-04
|
||
|
||
### Changed
|
||
- Fix FirewallAction dump requests
|
||
|
||
## [0.1.9] - 2020-10-04
|
||
|
||
### Changed
|
||
- Dump FirewallAction requests wil hawe a more informative content
|
||
- Dump FirewallAction requests will have a more human-readable file name
|
||
|
||
## [0.1.8] - 2020-10-04
|
||
|
||
### Added
|
||
- Dump FirewallAction requests
|
||
|
||
## [0.1.7] - 2020-10-04
|
||
|
||
### Changed
|
||
- Fix FirewallAction logging
|
||
- Fix FirewallAction ARMAIF response status check. There was 201 instead of 200.
|
||
|
||
## [0.1.6] - 2020-10-04
|
||
|
||
### Changed
|
||
- Fix FirewallAction interface list serialization
|
||
|
||
## [0.1.5] - 2020-10-04
|
||
|
||
### Changed
|
||
- Now, FirewallAction interface will send as list to ARMAIF
|
||
|
||
## [0.1.4] - 2020-10-04
|
||
|
||
### Changed
|
||
- Remove FirewallAcrion description size check. Now, it's up to Django, to validate it's length
|
||
|
||
## [0.1.3] - 2020-10-04
|
||
|
||
### Changed
|
||
- Remove description template from FirewallAction
|
||
|
||
## [0.1.2] - 2020-10-04
|
||
|
||
### Changed
|
||
- FirewallAction url
|
||
|
||
## [0.1.1] - 2020-10-04
|
||
|
||
### Added
|
||
- Add FirewallAction ability to send actual requests to ARMAIF
|