Skip to content

Latest commit

 

History

History
546 lines (407 loc) · 38.1 KB

CHANGELOG.md

File metadata and controls

546 lines (407 loc) · 38.1 KB

CHANGELOG

We have started this changelogs from version 4.0.0. So, changes on previously released versions can be found in tag branches. Please follow the below format to update add changelogs for new tag version.

<Tag_Version> (Date)

Breaking changes:

List the breaking changes in this section. Breaking changes is anything that either changes the input or output of stix-shifter, or a change that breaks the compatibility between a connector and the core stix-shifter functions.

Deprecations:

List the Deprecated functions, input and output.

Changes:

List the newly added functions, input and output.

Fixes:

List the bug fixes.

Dependency update:

List the dependecy upgrade or downgrade.


6.0.3 (2023-07-27)

Fixes:

  • Fix stix_bundle connector results translation #1545

6.0.2 (2023-07-26)

Fixes:

  • map_validator: make sure 'object' name is a str #1540

Dependency update:

  • update stix2-validator library to 3.1.4 #1542

6.0.1 (2023-07-24)

Changes:

  • To-STIX mapping keyword documentation #1529

Fixes:

  • Setup fix for installing libraries from commit hash #1539

6.0.0 (2023-07-21)

Breaking changes:

  • Adding to stix dialect feature #1231

Deprecations:

  • Removed various unfinished and abandoned connectors #1537

Changes:

  • AWS GuardDuty UDI Connector #1525
  • Framework Changes for Handling Nested List of Dictionaries #1516
  • Move results processing to transmission results #1519
  • to-STIX dialects documentation added #1515
  • Splunk UDI Connector -Upgrade #1479
  • Azure log analytics mapping improvements #1496
  • Update CLA link in CONTRIBUTING.md #1517
  • Reaqta name change #1514

Fixes:

  • ibm_security_verify: fixes #1522
  • LIKE operator only added for events queries #1521

Dependency update:

  • Attrs dependency fix and connector cleanup #1537
  • fix #1533 with type import update #1534
  • Remove ancient 'uuid==1.30' from requirements.txt #1524

5.3.1 (2023-06-15)

Deprecations:

  • remove SNI from authentication options #1498

Changes:

  • Error messaging update #1503

  • Remove cybox checks from map validator #1504

  • remove cybox false flag for observed-data properties #1502

  • Async support in Datadog connector #1492

  • ReaQta Use TTP Custom Object #1473

  • default translator support #1491

  • Add description to stix-bundle connector README #1497

  • minor code cleanup #1494

  • Better error reporting for bad certificate #1490

  • timeout max -> 1 hour; result limit -> 10 million #1487

Fixes:

  • Patch elastic mappings #1501
  • elastic_ecs: fix email-addr:value mappings in 'from' maps #1508
  • x-oca-event.code switch from int to str #1499
  • fix mapping references in elastic-ecs connector #1471

5.3.0 (2023-05-15)

Changes:

  • SDO connector cleanup and table of mappings #1484
  • error_test 2queries #1483
  • DShield connector #1443
  • RecordedFuture connector #1462
  • Cisco Secure Malware Analytics (formerly Threat Grid) Connector #1460
  • Virus total connector #1458
  • ThreatQ connector #1461
  • Add Intezer connector #1457
  • to_stix_map validator #1469
  • Alienvault OpenThreatExchange connector #1442
  • Adding new graph alert resource support in Graph security module #1439 opencybersecurityalliance/pull/1448)
  • Add AbuseIPDB Connector #1441

Fixes:

  • set alert options default value to false #1481
  • Updated Config changes for GCP Chronicle for develop branch #1476
  • QRadar - Remove Zero Values from IP and Mac Results #1468
  • Update stix2.1 mapping files in azure sentinel module #1472
  • Elastic-ecs: update dialect attributes with .keyword #1474
  • fix error_test transform_query #1470
  • mapping fixes for Microsoft Graph Security #1420
  • Added timeout for API client calls #1459
  • Elastic-ecs mapping: consolidate x-ecs-container attributes into the x-oca-asset object [#1448](https://github.com/
  • Elastic-ecs: Patch observer mapping to x-oca-asset object #1464
  • enable observer data in transmit #1453
  • Fix proxy create_results_connection method #1463
  • Elastic-ecs: consolidate asset identifier #1477

Dependency update:

  • Added urllib3 1.26.15 to connector requirements #1482
  • Bump flask from 2.3.1 to 2.3.2 in /stix_shifter #1454

5.2.1 (2023-05-01)

Dependency update:

  • set urllib3 library requirement #1449

5.2.0 (2023-04-28)

Breaking changes:

  • Change QRadar domain name mapping #1342

Changes:

  • update table of mappings for MS Graph, Elastic ECS, Microsoft Defender #1445
  • Elastic-ecs mapping improvements for network traffic attributes #1410
  • Update Reversinglabs connector #1436
  • Documentation updates #1435
  • Correct network-traffic mappings for elastic_ecs #1430
  • Msatp with alerts refactor #1404
  • MSATP async token, removed ADAL lib #1428
  • Cleaning up from requests lib #1429
  • IBM Verify Privilege Vault api path changes #1424
  • Added async to Azure sentinal #1419
  • Change config labels to sentence case #1417
  • Update README for IBM Verify Privilege Vault (Secret Server) connector #1402
  • hard coded base uri in microsoft graph security connector #1406
  • Add metadata CLI and documenations #1396
  • Pagination handled for azure_log_analytics #1398
  • Elastic ecs module readme #1400

Fixes:

  • fix url value property in azure mapping #1444
  • Okta Error Code Mapping Changes for develop Branch #1434
  • Fix: Graph API fails if used without lamda operators on collection type properties #1421
  • Fix for Athena error handling, error log printing in tranlsation #1415
  • Fixed error handling for darktrace on raw html response #1416

Dependency update:

  • Bump flask from 2.2.3 to 2.3.1 in /stix_shifter #1440
  • Bump json-fix from 0.5.1 to 0.5.2 in /stix_shifter #1426
  • Bump aioboto3 from 11.0.1 to 11.1.0 in /stix_shifter #1411
  • Bump pyopenssl from 23.1.0 to 23.1.1 in /stix_shifter #1405
  • Bump pyopenssl from 23.0.0 to 23.1.0 in /stix_shifter #1401

5.1.1 (2023-03-21)

Changes:

  • Added process:x_unique_id property to Splunk #1389
  • get configs #1392
  • GitHub action update #1385

Fixes:

  • Added metadata changes for GCP Chronicle #1393
  • Splunk: Fix MAC address to display in proper STIX format #1386
  • Updated custom properties mapping in Okta with 'x_' prefix #1387
  • Await async fixes #1391
  • fix json loads of data arg in stix-shifter CLI #1394

Dependency update:

  • Bump aiohttp-retry from 2.4.0 to 2.8.3 in /stix_shifter #1374
  • Consolidate network-traffic, user-account, file objects in the elastic_ecs connector mapping #1378
  • Fix #1375, optimize get_pagesize() function call, and add testcases #1384
  • Async changes for Okta UDI connector #1383

5.1.0 (2023-03-08)

Breaking changes:

  • Support for asynchronous API calls in transmission modules #1038

Deprecations:

  • Removed boto3 dependency in favor of aioboto3

Changes:

  • Add Okta table of mappings and update elastic ECS #1372
  • Okta connector #1323
  • support large query with elastic search_after pagination #1299
  • cybereason quick ping #1350
  • aiogoogle module used for async changes in gcp_chronicle #1331
  • base release5.0.x - Cookies are handled for cybereason asynchronous c… #1313
  • Paloalto - changes done to map process.x_unique_id with data source field actor_process_instance_id #1318
  • Added cookie support #1310
  • Removed language common fields #984
  • Updated RHACS connector to support self signed certificate authentication #1174

Fixes:

  • QRadarEpochToTimestamp for exponential notation #1352
  • Remove the x-ecs-process and x-ecs-file entities from elastic_ecs mapping #1335
  • azure_log_analytics: fix translation of IN operator #1355
  • Build warnings fix #1347
  • Updating file hash mapping for Athena OCSF support #1345
  • upddate mapping for Reaqta #1326
  • update mapping tables to show both comparision and observation AND OR operators #1348
  • Update OCSF network traffic mappings #1332
  • fix mapping error #1320
  • Fix Reqata SITX 2.1 mappings for image_ref #1291
  • elastic_ecs: remove unneeded ValueToList transformer from event.category mapping #1305
  • elastic_ecs: fix STIX 2.1 results translation #1306
  • Added aiohttp ssl certificate proper handling #1308
  • Auth header serialize fix, response wraper fixes #1298

Dependency update:

  • Bump aioboto3 from 10.4.0 to 11.0.1 in /stix_shifter #1368
  • Bump aiomysql from 0.0.21 to 0.1.1 in /stix_shifter #1369
  • Bump boto3 from 1.26.78 to 1.26.84 in /stix_shifter #1363
  • Bump boto3 from 1.26.74 to 1.26.78 in /stix_shifter #1344
  • Bump boto3 from 1.26.64 to 1.26.74 in /stix_shifter #1337
  • Bump boto3 from 1.26.55 to 1.26.64 in /stix_shifter #1317

4.6.0 (2023-01-24)

Changes:

  • Instructions for the usage of custom mappings #1274
  • Add log analytics API support to azure sentinel connector #1214
  • Update OCSF schema in Athena mappings #1245
  • splunk: allow multiple, comma-separated index names in the index option #1271
  • Rename azure sentinel to Microsoft Graph Security Connector #1212
  • elastic_ecs: add beats dialect #1208
  • update script to create sql database #1228
  • Test for START STOP timestamp format #1218
  • Updated RHACS connector to support self signed certificate authentication #1174

Fixes:

  • Mapping updates for Guardium STIX 2.1 #1102
  • Add default time range to STIX Bundle connector #1288
  • Updated code to handle maximum query length limitation in darktrace. #1259
  • Use raw strings for regex #1276
  • Updated changes for the issue #1270 #1272
  • change all two lettered property names #1251
  • mapping fixes for splunk #1239
  • splunk: use like, cidrmatch SPL functions for LIKE, ISSUBSET operators #1244
  • Fix supported property exporter to handle from-STIX fields not wrapped in a list #1236
  • fix domain_ioc mapping (removal of network_traffic ref) #1226
  • Updated cybereason code to fix the issue #1215 #1224
  • Darktrace timeout exception handled #1210
  • Aws athena ocsf fixes #1182
  • elastic_ecs: more fixes for LIKE and MATCHES #1195

Dependency update:

  • Bump boto3 from 1.26.41 to 1.26.55 in /stix_shifter #1293
  • Bump json-fix from 0.5.0 to 0.5.1 in /stix_shifter #1196
  • Bump pyopenssl from 22.1.0 to 23.0.0 in /stix_shifter #1264
  • Bump boto3 from 1.26.10 to 1.26.41 in /stix_shifter #1263

4.5.2 (2022-11-21)

Changes:

  • AWS Athena, added external id support #1187
  • Update aws athena supported attribute #1184
  • Update AWS Athena for OCSF schema support #1178
  • Upgrade pytests version for dev environment #1170
  • ocsf schema support in aws Athena #1134
  • Add RHACS and Google Chronicle group params #1150
  • return proxy translation error #1130
  • Updated the readme mappings for GCP Chronicle #1146

Fixes:

  • Updated to support query without milliseconds in darktrace connector #1199
  • fix formatting of commit list generated by changelog script #1200
  • fixed timestamp issue for start and end filter and mapping correction #1142
  • Fixed pagination and meta files delete for aws athena #1176
  • gcp chronicle: removed an invalid unittest #1166
  • Remove optional word from indices label #1157
  • Fixed deployment script with --platform linux/amd64 #1154
  • Updated connector.py file for the bug fix #1103 #1104

Dependency update:

  • Bump flask from 2.0.3 to 2.2.2 in /stix_shifter #1072
  • Bump requests-toolbelt from 0.9.1 to 0.10.1 in /stix_shifter #1180
  • Bump jsonmerge from 1.8.0 to 1.9.0 in /stix_shifter #1194
  • Bump boto3 from 1.26.5 to 1.26.10 in /stix_shifter #1193
  • Bump boto3 from 1.21.21 to 1.26.1 in /stix_shifter #1175
  • Bump pyopenssl from 21.0.0 to 22.1.0 in /stix_shifter #1144

4.4.0 (2022-10-06)

Changes:

  • Add optional group parameter to connector configs #1094
  • Adding GCP Chronicle UDI Connector #1075
  • Update Secretserver mappings #1092
  • Connector template for lab #1117

Fixes:

  • Get rid of StixObjectIdEncoder #1124
  • Fixed IBM Security Verify config file #1125
  • edits to coding lab #1120
  • Update epoch time to 10 digits for demo data #1119
  • update coding lab #1114
  • Lab fixes #1116

Dependency update:

  • Bump colorlog from 6.6.0 to 6.7.0 in /stix_shifter #1095

4.3.0 (2022-09-09)

Changes:

  • CLI and coding tutorials #1105
  • Adding RHACS(StackRox) UDI connector #1055
  • Added Utility for normalization of connectors #1078
  • CrowdStrike: Added User-Agent string to API Client for tracking #1064
  • Process unique ID #1051
  • Added matcher lib support for 2.1 #960
  • In query Enhancement #1022
  • Infoblox add docstrings for module #719
  • Release/3.3.x json to stix #598

Fixes:

  • Id contributing properties from json to py #1093
  • splunk: fix STIX timestamp processing #1084
  • Fixing absolute path for id_contributing_properties.json #1079
  • Fix mapping and added hex to int transformer #1068
  • Downgrade boto3 version to 1.21.21 #1036
  • Fix the length of the results of Qradar connector #1034
  • Revert "Change certificate parameter type for consistency" #1031
  • reaqta: enable certification authentication #1028
  • fix configuration in proofpoint and sumologic #745
  • Validator review code change for Proofpoint #739

4.2.0 (2022-06-29)

Changes:

  • Added reaqta from_stix generate script #977
  • Change certificate parameter type #1000
  • splunk: add index to options #993
  • Best practices document for connector development #986
  • Update supported attributes and overview readme #976
  • Guardium rel 1.10 #958
  • Updated the readme mappings for darktrace. #942
  • Added Darktrace UDI connector. #896
  • Update table of mappings for ReaQta and IN operator support #937
  • Updated the Readme mapping files #932
  • Adding SentinelOne UDI connector #888
  • Reaqta connector #879

Fixes:

  • Fixed unique_cybox_objects storing #1005
  • fallback to random UUID if STIX object contains no defined id contributing properties #990
  • error_test timeouts on translate and status #987
  • fix two deprecation warnings #940
  • splunk: fix mapping of process command line [#918] #971
  • splunk: fix incorrect dst_ref.value mapping [#919] #970
  • splunk: fix translation of IN, LIKE, and MATCHES [#789] #969
  • fix eventType mapping for reaqta connector #967
  • Reaqta: Fix network traffic for inbound and mapping update #952
  • Remove deprecated SourceImage field from aql search #950
  • Reaqta: implemented grater/less fields translation, fixed from_stix fields sorting, fixed unittests #938
  • Reaqta Connector:Update mapping and unittest #964
  • Fixed stix parsing with setvalue types #907

Dependency update:

  • Bump boto3 from 1.21.5 to 1.22.10 #935
  • Bump xmltodict from 0.12.0 to 0.13.0 #934
  • Bump stix2-matcher from 2.0.1 to 2.0.2 #915

4.1.0 (2022-04-12)

Changes:

  • Updated mappings for PaloAlto readme #890
  • Added Palo Alto Cortext XDR UDI Connector #858
  • package utils/normalization #882
  • add sample transformer to template modules #870
  • Added IN operator for Vision One UDI connector #861
  • Update arcsight custom attributes #865
  • results metadata support #813
  • Template projects rename #854
  • doc update for operators and custom transformers #846
  • Adding BaseNormalization Class #820
  • Add IN operator for sumologic connector #845
  • Adding IN operator support to CB connector #835
  • Stix validator update #838
  • CrowdStrike: Adding IN operator support #842
  • Adding changelog #833
  • New UDI connector module for IBM Security Verify #802
  • Adding connector name in the error responses #824

Fixes:

  • use simple setup for mysql endpoints #885
  • Mysql tablename fix #868
  • RestApiClient in stix-shifter using https mount call #864
  • Fixed StixObjectId conversion to string #863
  • Fixed stix-validator 3.0.2 usage in translator #851
  • remove process_user field mapping from windows-registry-key stix object #850
  • Secret server 1.9 #836
  • Fixed calculating and updating deterministic IDs and the… #826

4.0.1 (2022-03-01)

Changes:

  • CrowdStrike connector mapping update #823

Dependency update:

  • Downgrade pyopenssl from 22.0.0 to 21.0.0

4.0.0 (2022-02-23)

Breaking changes:

  • Handling unmapped operators in stix pattern
  • Optimization of results translation

Changes:

  • Added New connector: Cybereason
  • Added Stix 2.1 ids and mapping update in #731 #721
  • Added stix-shifter CLI parameters to configure max returned results and saving to a file in #730
  • Azure Sentinel Mapping update in 710
  • Handling unmapped operators in stix pattern in #744
  • Placeholder for datadog certificate in #782
  • Proofpoint: Update labels in configuration in 792
  • Added Operator list in adapter guide in #804
  • Splunk mapping update in #797
  • Keep both helper description and the link description in 818
  • Optimization of results translation in #718
  • QRadar mapping update in #751

Fixes

  • Datadog ssl cert fix.#758
  • cbcloud: fix ipv4 stix pattern translation #761
  • fix configuration in proofpoint and sumologic #745
  • Crowdstrike unittest fix #775
  • Fix error reponse of ms defender connector #747
  • fix: handling zero and non-zero values for the transformers #774
  • Fix Proofpoint: avoid mapping error for standard STIX Pattern translation #786
  • Proofpoint results connection fix #739
  • Fix local build and install #779
  • fix collections.abc warning #793
  • fix instances of reserved STIX 2.1 id property #819
  • Fix category in ecs to be list type #734
  • fix debug cli param #735
  • fix azure sentinel: Incorrect string conversion of datasource values #771

Dependency update

  • Bump stix2-patterns from 1.3.0 to 1.3.2
  • Bump flatten-json from 0.1.7 to 0.1.13
  • Bump flask from 1.1.2 to 2.0.3
  • Bump python-dateutil from 2.8.1 to 2.8.2
  • Bump jsonmerge from 1.7.0 to 1.8.0
  • Bump colorlog from 4.1.0 to 6.6.0
  • Bump adal from 1.2.2 to 1.2.7
  • Bump pyopenssl from 20.0.1 to 22.0.0
  • Bump stix2-validator from 1.1.2 to 3.0.2
  • Bump boto3 from 1.17.20 to 1.21.5## 4.0.0 (2022-02-23)