Releases: opencybersecurityalliance/stix-shifter
Releases · opencybersecurityalliance/stix-shifter
5.1.0
5.1.0 (2023-03-08)
Breaking changes:
- Support for asynchronous API calls in transmission modules #1038
Deprecations:
- Removed boto3 dependency in favor of aioboto3
Changes:
- Add Okta table of mappings and update elastic ECS #1372
- Okta connector #1323
- support large query with elastic search_after pagination #1299
- cybereason quick ping #1350
- aiogoogle module used for async changes in gcp_chronicle #1331
- base release5.0.x - Cookies are handled for cybereason asynchronous c… #1313
- Paloalto - changes done to map process.x_unique_id with data source field actor_process_instance_id #1318
- Added cookie support #1310
- Removed language common fields #984
- Updated RHACS connector to support self signed certificate authentication #1174
Fixes:
- QRadarEpochToTimestamp for exponential notation #1352
- Remove the x-ecs-process and x-ecs-file entities from elastic_ecs mapping #1335
- azure_log_analytics: fix translation of IN operator #1355
- Build warnings fix #1347
- Updating file hash mapping for Athena OCSF support #1345
- upddate mapping for Reaqta #1326
- update mapping tables to show both comparision and observation AND OR operators #1348
- Update OCSF network traffic mappings #1332
- fix mapping error #1320
- Fix Reqata SITX 2.1 mappings for image_ref #1291
- elastic_ecs: remove unneeded ValueToList transformer from event.category mapping #1305
- elastic_ecs: fix STIX 2.1 results translation #1306
- Added aiohttp ssl certificate proper handling #1308
- Auth header serialize fix, response wraper fixes #1298
Dependency update:
- Bump aioboto3 from 10.4.0 to 11.0.1 in /stix_shifter #1368
- Bump aiomysql from 0.0.21 to 0.1.1 in /stix_shifter #1369
- Bump boto3 from 1.26.78 to 1.26.84 in /stix_shifter #1363
- Bump boto3 from 1.26.74 to 1.26.78 in /stix_shifter #1344
- Bump boto3 from 1.26.64 to 1.26.74 in /stix_shifter #1337
- Bump boto3 from 1.26.55 to 1.26.64 in /stix_shifter #1317
4.6.0
4.6.0 (2023-01-24)
Changes:
- Instructions for the usage of custom mappings #1274
- Add log analytics API support to azure sentinel connector #1214
- Update OCSF schema in Athena mappings #1245
- splunk: allow multiple, comma-separated index names in the index option #1271
- Rename azure sentinel to Microsoft Graph Security Connector #1212
- elastic_ecs: add beats dialect #1208
- update script to create sql database #1228
- Test for START STOP timestamp format #1218
- Updated RHACS connector to support self signed certificate authentication #1174
Fixes:
- Mapping updates for Guardium STIX 2.1 #1102
- Add default time range to STIX Bundle connector #1288
- Updated code to handle maximum query length limitation in darktrace. #1259
- Use raw strings for regex #1276
- Updated changes for the issue #1270 #1272
- change all two lettered property names #1251
- mapping fixes for splunk #1239
- splunk: use like, cidrmatch SPL functions for LIKE, ISSUBSET operators #1244
- Fix supported property exporter to handle from-STIX fields not wrapped in a list #1236
- fix domain_ioc mapping (removal of network_traffic ref) #1226
- Updated cybereason code to fix the issue #1215 #1224
- Darktrace timeout exception handled #1210
- Aws athena ocsf fixes #1182
- elastic_ecs: more fixes for LIKE and MATCHES #1195
Dependency update:
4.5.2
4.5.2 (2022-11-21)
Changes:
- AWS Athena, added external id support #1187
- Update aws athena supported attribute #1184
- Update AWS Athena for OCSF schema support #1178
- Upgrade pytests version for dev environment #1170
- ocsf schema support in aws Athena #1134
- Add RHACS and Google Chronicle group params #1150
- return proxy translation error #1130
- Updated the readme mappings for GCP Chronicle #1146
Fixes:
- Updated to support query without milliseconds in darktrace connector #1199
- fix formatting of commit list generated by changelog script #1200
- fixed timestamp issue for start and end filter and mapping correction #1142
- Fixed pagination and meta files delete for aws athena #1176
- gcp chronicle: removed an invalid unittest #1166
- Remove optional word from indices label #1157
- Fixed deployment script with --platform linux/amd64 #1154
- Updated connector.py file for the bug fix #1103 #1104
Dependency update:
- Bump flask from 2.0.3 to 2.2.2 in /stix_shifter #1072
- Bump requests-toolbelt from 0.9.1 to 0.10.1 in /stix_shifter #1180
- Bump jsonmerge from 1.8.0 to 1.9.0 in /stix_shifter #1194
- Bump boto3 from 1.26.5 to 1.26.10 in /stix_shifter #1193
- Bump boto3 from 1.21.21 to 1.26.1 in /stix_shifter #1175
- Bump pyopenssl from 21.0.0 to 22.1.0 in /stix_shifter #1144
4.4.0
4.4.0 (2022-10-06)
Changes:
- Add optional group parameter to connector configs #1094
- Adding GCP Chronicle UDI Connector #1075
- Update Secretserver mappings #1092
- Connector template for lab #1117
Fixes:
- Get rid of StixObjectIdEncoder #1124
- Fixed IBM Security Verify config file #1125
- edits to coding lab #1120
- Update epoch time to 10 digits for demo data #1119
- update coding lab #1114
- Lab fixes #1116
Dependency update:
- Bump colorlog from 6.6.0 to 6.7.0 in /stix_shifter #1095
4.3.0
4.3.0 (2022-09-09)
Changes:
- CLI and coding tutorials #1105
- Adding RHACS(StackRox) UDI connector #1055
- Added Utility for normalization of connectors #1078
- CrowdStrike: Added User-Agent string to API Client for tracking #1064
- Process unique ID #1051
- Added matcher lib support for 2.1 #960
- In query Enhancement #1022
- Infoblox add docstrings for module #719
- Release/3.3.x json to stix #598
Fixes:
- Id contributing properties from json to py #1093
- splunk: fix STIX timestamp processing #1084
- Fixing absolute path for id_contributing_properties.json #1079
- Fix mapping and added hex to int transformer #1068
- Downgrade boto3 version to 1.21.21 #1036
- Fix the length of the results of Qradar connector #1034
- Revert "Change certificate parameter type for consistency" #1031
- reaqta: enable certification authentication #1028
- fix configuration in proofpoint and sumologic #745
- Validator review code change for Proofpoint #739
4.2.0
Changes:
- Added reaqta from_stix generate script #977
- Change certificate parameter type #1000
- splunk: add index to options #993
- Best practices document for connector development #986
- Update supported attributes and overview readme #976
- Guardium rel 1.10 #958
- Updated the readme mappings for darktrace. #942
- Added Darktrace UDI connector. #896
- Update table of mappings for ReaQta and IN operator support #937
- Updated the Readme mapping files #932
- Adding SentinelOne UDI connector #888
- Reaqta connector #879
Fixes:
- Fixed unique_cybox_objects storing #1005
- fallback to random UUID if STIX object contains no defined id contributing properties #990
- error_test timeouts on translate and status #987
- fix two deprecation warnings #940
- splunk: fix mapping of process command line [#918] #971
- splunk: fix incorrect dst_ref.value mapping [#919] #970
- splunk: fix translation of IN, LIKE, and MATCHES [#789] #969
- fix eventType mapping for reaqta connector #967
- Reaqta: Fix network traffic for inbound and mapping update #952
- Remove deprecated SourceImage field from aql search #950
- Reaqta: implemented grater/less fields translation, fixed from_stix fields sorting, fixed unittests #938
- Reaqta Connector:Update mapping and unittest #964
- Fixed stix parsing with setvalue types #907
Dependency update:
4.1.0
Changes:
- Updated mappings for PaloAlto readme #890
- Added Palo Alto Cortext XDR UDI Connector #858
- package utils/normalization #882
- add sample transformer to template modules #870
- Added IN operator for Vision One UDI connector #861
- Update arcsight custom attributes #865
- results metadata support #813
- Template projects rename #854
- doc update for operators and custom transformers #846
- Adding BaseNormalization Class #820
- Add IN operator for sumologic connector #845
- Adding IN operator support to CB connector #835
- Stix validator update #838
- CrowdStrike: Adding IN operator support #842
- Adding changelog #833
- New UDI connector module for IBM Security Verify #802
- Adding connector name in the error responses #824
Fixes:
- use simple setup for mysql endpoints #885
- Mysql tablename fix #868
- RestApiClient in stix-shifter using https mount call #864
- Fixed StixObjectId conversion to string #863
- Fixed stix-validator 3.0.2 usage in translator #851
- remove process_user field mapping from windows-registry-key stix object #850
- Secret server 1.9 #836
- Fixed calculating and updating deterministic IDs and the… #826
hide timeout, fix carbonblack, update aws_cloud_watch_logs desc
Search timeoout (#490) * aws update desc (#486) * search_timeout * add seconds * fix test
improve ping
Stixbundle fix ping (#478) * restapi add auth * config and translation * fix auth * connection timeout, params from env * fix tests * rename host to url * max timeout 60 * fix redirect
parse logic is implemented on module level (breaking change)
parse logic hidden in module (breaking change) (#470) * Aql query parser for time ranges * parse logic hidden in module (breaking change) Co-authored-by: Md Azam <[email protected]>