------------------------------------------------------------------- Fri Mar 18 14:12:59 UTC 2022 - jeffm@suse.com - Update to version 0.6.3~git19.640f7a1c: * Add tcpsnoop plugin ------------------------------------------------------------------- Tue Mar 15 13:31:21 UTC 2022 - jeffm@suse.com - Update to version 0.6.3~git17.741ebb59: * kafka-humio-gateway: update README.md * kafka-humio-gateway: Fix missing variable rename * Add Kafka-Humio Gateway [Depends on PR#10] (#8) ------------------------------------------------------------------- Tue Mar 15 01:04:29 UTC 2022 - jeffm@suse.com - Update to version 0.6.3~git13.af7fdb00: * SUSE: Add SSHLogin artifacts * Add a Kafka export plugin * SUSE: Do build tests on every pull request * Add systemd-dev as build dependency for github workflow ------------------------------------------------------------------- Fri Feb 18 00:52:01 UTC 2022 - jeffm@suse.com - Update to version 0.6.3~git6.d95ed32e: * Update the Linux.Events.SSHLogin artifact to scan the systemd journal * Update the Linux.Syslog.SSHLogin artifact to scan the systemd journal * Add parser to read systemd journal on Linux * Add an artifact to enumerate immutable files under a path * Add chattr function support for linux * Make GitHub actions more flexible on Windows ------------------------------------------------------------------- Thu Feb 10 02:12:54 UTC 2022 - Jeff Mahoney - Add simple default configs and provide dirs in /var/lib for client and server. ------------------------------------------------------------------- Mon Feb 7 14:40:47 UTC 2022 - Jeff Mahoney - Temporarily re-enable Windows artifacts (LSS#4). ------------------------------------------------------------------- Wed Feb 2 18:10:19 UTC 2022 - Jeff Mahoney - Added systemd unit file and placeholder config file. ------------------------------------------------------------------- Thu Jan 27 17:33:45 UTC 2022 - jeffm@suse.com - Update to version 0.6.3~git0.69e0fffa: * Prepare for 0.6.3 release (#1515) * add limitations to description and key path to query (#1514) * Retry remote datastore connections (#1513) * Write minion log files and autocert in its own dir. (#1512) * Synced KapeFiles artifacts (#1511) * Added data retention server artifacts (#1510) * Set an upper limit for ttl in memcache (#1508) * Add updates to Windows.System.Services (#15) (#1509) * Ensure collector container is properly closed when interrupted. (#1507) * Continually rebuild the index at runtime. (#1506) * Harder vacuum - directly move client task directories to the attic. (#1505) * add limitation disclaimer (#1504) * Reduce critial section to avoid deadlock in repository manager (#1503) * Implemented a vacuum command to remove old tasks from client queues. (#1501) * Better format profile metrics output. (#1495) * Cap size of directories and report large directories. (#1493) * Set ACE completers per editor to avoid global state. (#1492) * Add HttpOnly flag to all cookies. (#1491) * Refactor completion routine calls (#1490) * fix: upgrade react-bootstrap from 1.3.0 to 1.6.4 (#1486) * fix: upgrade http-proxy-middleware from 1.0.5 to 1.3.1 (#1485) * fix: upgrade react-ace from 9.1.3 to 9.5.0 (#1487) * fix: upgrade recharts from 2.0.9 to 2.1.8 (#1488) * fix: upgrade react-datetime-picker from 3.0.4 to 3.4.3 (#1489) * Limit size of cached directories. (#1483) * Add more instrumentation to memory caches. (#1482) * Fixed chart resizing bug (#1481) * Removed the old queries: list from artifacts. (#1480) * [Snyk] Fix for 9 vulnerabilities (#1479) * Remove lock around critical section. (#1478) * Added MacOS.Forensics.AppleDoubleZip (#1476) * Update Windows.Persistence.PermanentWMIEvents to add blind custom namespace detection (#13) (#1475) * Make index snapshot frequency configurable * fix APIConfigLoader not applying command line args (#1463) * Flush index from memory to disk (#1470) * Prepare RC2 (#1473) * Bugfix: Setting notebook index did not escape username (#1471) * Fixed 2 bugs with the memcache file store (#1469) * Update flow active time when the result set is completed (#1468) * Tag artifacts as built ins (#1467) * Fixed bug in the pathspec() VQL function. (#1465) * Update PrivateKeys.yaml (#1459) * Added recursion_callback option to the glob plugin (#1461) * Added config wizard for multi-frontend configuration (#1460) * Calculate the sha256 hash of the offline container. (#1458) * Artifact inspection GUI now allows pivot. (#1457) * Client certs can now be specified in the config file. (#1456) * New Upload File Form element (#1455) * Added a sparse accessor (#1453) * Hunt wizard estimates clients affected (#1452) * Make the interrogation process customizable. (#1451) * Update Info.yaml (#1427) * Improved Lnk parser to include additional fields. (#1449) * Added a Yara GUI element editor. (#1447) * Added patch and merge to `config show` and `config generate` (#1445) * Remove usage of FatalIfError from main module (#1443) * Introduced a dedicated pathspec object (#1440) * Bump is-svg from 4.2.2 to 4.3.0 in /gui/velociraptor (#1437) * Only pass client config in the client VQL scope. (#1436) * rework protobuf message generator (#1435) * Update Autoruns.yaml * Added test for filefinder (#1431) * fix filters in filefinder artifact (#1430) * Add Artifact to collect KapeFile targets on Linux (#1426) * Enabled lazy quotes on csv parser (#1424) * Fixed bug in client comms. (#1423) * Add document filter for better usability (#1421) * Added resource information to the output of parse_pe() (#1420) * Low latency client connectivity discovery (#1419) * Add RecentDocs collection (#1416) * Update Amcache artifact for clarity (#1415) * Added extra parameters to parse_csv() (#1413) * Added netcat plugin to read from socket (#1412) * Updated SRUM with Network Usage and Upload option (#1408) * Synced darwin and freebsd file accessor with the linux one. (#1409) * Added Windows.Forensics.SAM artifact (#1404) * Initial artifacts can be specified in config (#1403) * Add conhost.exe to binary rename (#1402) * Add update Prefetch Btime execution fix (#1398) * Update Prefetch timeline (#1397) * Cleanup search API (#1396) * Update protobuf dependencies. (#1394) * More multi-frontend optimizations (#1393) * Client info manager now keeps track of scheduled tasks. (#1392) * add sid and lookupsid plugin (#1388) * Add Mutant whitelist (#1387) * Notify currently connected clients on new hunts (#1386) * Index rebuild command loads new index service. (#1385) * Changes to support distributed architecture. (#1384) * Added procdump and procdump64 (#1382) * Fixed heavy mutex contention in the labeler. (#1375) * Add shellcode to CobaltStrike carver (#10) (#1373) * Added an index rebuild command. (#1369) * GUI artifact form was ignoring the friendly name attribute (#1368) * Added a specialized form element for regex parameters. (#1367) * Added a gRPC based remote datastore (#1366) * Display all subauthorities for GUID in SRUM (#1365) * Verify all gRPC peer certificates were signed by the Velociraptor CA (#1362) * Implemented MemcacheFileDatastore - memory caching with file backend (#1361) * Added new plugins to manipulate event tables easier. (#1355) * Refactored in memory datastore to be more efficient. (#1353) * Sync vfilter (#1351) * Add both fqdn and hostname to the client search table (#1350) * BUGFIX: Datastore on windows is unable to represent files with . (#1348) * Added buffer_size parameter to parse_records_with_regex() (#1347) * Propagate column types from artifact to flow notebook. (#1346) * Cobalt parser update (#1345) * Allow listener to not use file buffer. (#1344) * Fix Deployment documentation link in README (#1343) * Preserve uint64 types across Listener (#1341) * Fix spelling (#1339) * Refactored queue listener to preserve order. (#1340) * Added a magic() VQL function (#1338) * Fixed bug in CSS (#1337) ------------------------------------------------------------------- Thu Jan 27 17:27:42 UTC 2022 - jeffm@suse.com - Update to version 0.6.2~git0.8dd598b2: * Update ese parser to fix timestamp bug * Prepare final 0.6.2 release (#1363) * Verify all gRPC peer certificates were signed by the Velociraptor CA * Removed search index parallelism (#1358) * Added new plugins to manipulate event tables easier. (#1355) * Sync vfilter (#1351) * Add both fqdn and hostname to the client search table (#1350) * BUGFIX: Datastore on windows is unable to represent files with . (#1348) * Added buffer_size parameter to parse_records_with_regex() (#1347) * Propagate column types from artifact to flow notebook. (#1346) ------------------------------------------------------------------- Thu Jan 06 20:14:39 UTC 2022 - jeffm@suse.com - Update to version 0.6.2~git73.dc02b45e: * Update PrivateKeys.yaml (#1459) * Added recursion_callback option to the glob plugin (#1461) * Added config wizard for multi-frontend configuration (#1460) * Calculate the sha256 hash of the offline container. (#1458) * Artifact inspection GUI now allows pivot. (#1457) * Client certs can now be specified in the config file. (#1456) * New Upload File Form element (#1455) * Added a sparse accessor (#1453) * Hunt wizard estimates clients affected (#1452) * Make the interrogation process customizable. (#1451) ------------------------------------------------------------------- Tue Dec 21 20:25:43 UTC 2021 - Jeff Mahoney - Disable Windows artifacts. We don't target Windows endpoints and the queries clutter the GUI. ------------------------------------------------------------------- Thu Dec 16 14:12:05 UTC 2021 - Jeff Mahoney - Switch to using master branch via service files. - Added update-vendoring.sh to update the nodejs and go dependencies after version update. - Patch the version string to reflect the package version instead of an indistinguishable -dev. ------------------------------------------------------------------- Thu Dec 2 01:46:34 UTC 2021 - Jeff Mahoney - Initial packaging.