forked from pool/velociraptor
Jeff Mahoney
ae02f616a5
* Add tcpsnoop plugin - Update to version 0.6.3~git19.640f7a1c: * Add tcpsnoop plugin OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=13
219 lines
10 KiB
Plaintext
219 lines
10 KiB
Plaintext
-------------------------------------------------------------------
|
|
Fri Mar 18 14:12:59 UTC 2022 - jeffm@suse.com
|
|
|
|
- Update to version 0.6.3~git19.640f7a1c:
|
|
* Add tcpsnoop plugin
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Mar 15 13:31:21 UTC 2022 - jeffm@suse.com
|
|
|
|
- Update to version 0.6.3~git17.741ebb59:
|
|
* kafka-humio-gateway: update README.md
|
|
* kafka-humio-gateway: Fix missing variable rename
|
|
* Add Kafka-Humio Gateway [Depends on PR#10] (#8)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Mar 15 01:04:29 UTC 2022 - jeffm@suse.com
|
|
|
|
- Update to version 0.6.3~git13.af7fdb00:
|
|
* SUSE: Add SSHLogin artifacts
|
|
* Add a Kafka export plugin
|
|
* SUSE: Do build tests on every pull request
|
|
* Add systemd-dev as build dependency for github workflow
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 18 00:52:01 UTC 2022 - jeffm@suse.com
|
|
|
|
- Update to version 0.6.3~git6.d95ed32e:
|
|
* Update the Linux.Events.SSHLogin artifact to scan the systemd journal
|
|
* Update the Linux.Syslog.SSHLogin artifact to scan the systemd journal
|
|
* Add parser to read systemd journal on Linux
|
|
* Add an artifact to enumerate immutable files under a path
|
|
* Add chattr function support for linux
|
|
* Make GitHub actions more flexible on Windows
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 10 02:12:54 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Add simple default configs and provide dirs in /var/lib for client
|
|
and server.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Feb 7 14:40:47 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Temporarily re-enable Windows artifacts (LSS#4).
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Feb 2 18:10:19 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Added systemd unit file and placeholder config file.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jan 27 17:33:45 UTC 2022 - jeffm@suse.com
|
|
|
|
- Update to version 0.6.3~git0.69e0fffa:
|
|
* Prepare for 0.6.3 release (#1515)
|
|
* add limitations to description and key path to query (#1514)
|
|
* Retry remote datastore connections (#1513)
|
|
* Write minion log files and autocert in its own dir. (#1512)
|
|
* Synced KapeFiles artifacts (#1511)
|
|
* Added data retention server artifacts (#1510)
|
|
* Set an upper limit for ttl in memcache (#1508)
|
|
* Add updates to Windows.System.Services (#15) (#1509)
|
|
* Ensure collector container is properly closed when interrupted. (#1507)
|
|
* Continually rebuild the index at runtime. (#1506)
|
|
* Harder vacuum - directly move client task directories to the attic. (#1505)
|
|
* add limitation disclaimer (#1504)
|
|
* Reduce critial section to avoid deadlock in repository manager (#1503)
|
|
* Implemented a vacuum command to remove old tasks from client queues. (#1501)
|
|
* Better format profile metrics output. (#1495)
|
|
* Cap size of directories and report large directories. (#1493)
|
|
* Set ACE completers per editor to avoid global state. (#1492)
|
|
* Add HttpOnly flag to all cookies. (#1491)
|
|
* Refactor completion routine calls (#1490)
|
|
* fix: upgrade react-bootstrap from 1.3.0 to 1.6.4 (#1486)
|
|
* fix: upgrade http-proxy-middleware from 1.0.5 to 1.3.1 (#1485)
|
|
* fix: upgrade react-ace from 9.1.3 to 9.5.0 (#1487)
|
|
* fix: upgrade recharts from 2.0.9 to 2.1.8 (#1488)
|
|
* fix: upgrade react-datetime-picker from 3.0.4 to 3.4.3 (#1489)
|
|
* Limit size of cached directories. (#1483)
|
|
* Add more instrumentation to memory caches. (#1482)
|
|
* Fixed chart resizing bug (#1481)
|
|
* Removed the old queries: list from artifacts. (#1480)
|
|
* [Snyk] Fix for 9 vulnerabilities (#1479)
|
|
* Remove lock around critical section. (#1478)
|
|
* Added MacOS.Forensics.AppleDoubleZip (#1476)
|
|
* Update Windows.Persistence.PermanentWMIEvents to add blind custom namespace detection (#13) (#1475)
|
|
* Make index snapshot frequency configurable
|
|
* fix APIConfigLoader not applying command line args (#1463)
|
|
* Flush index from memory to disk (#1470)
|
|
* Prepare RC2 (#1473)
|
|
* Bugfix: Setting notebook index did not escape username (#1471)
|
|
* Fixed 2 bugs with the memcache file store (#1469)
|
|
* Update flow active time when the result set is completed (#1468)
|
|
* Tag artifacts as built ins (#1467)
|
|
* Fixed bug in the pathspec() VQL function. (#1465)
|
|
* Update PrivateKeys.yaml (#1459)
|
|
* Added recursion_callback option to the glob plugin (#1461)
|
|
* Added config wizard for multi-frontend configuration (#1460)
|
|
* Calculate the sha256 hash of the offline container. (#1458)
|
|
* Artifact inspection GUI now allows pivot. (#1457)
|
|
* Client certs can now be specified in the config file. (#1456)
|
|
* New Upload File Form element (#1455)
|
|
* Added a sparse accessor (#1453)
|
|
* Hunt wizard estimates clients affected (#1452)
|
|
* Make the interrogation process customizable. (#1451)
|
|
* Update Info.yaml (#1427)
|
|
* Improved Lnk parser to include additional fields. (#1449)
|
|
* Added a Yara GUI element editor. (#1447)
|
|
* Added patch and merge to `config show` and `config generate` (#1445)
|
|
* Remove usage of FatalIfError from main module (#1443)
|
|
* Introduced a dedicated pathspec object (#1440)
|
|
* Bump is-svg from 4.2.2 to 4.3.0 in /gui/velociraptor (#1437)
|
|
* Only pass client config in the client VQL scope. (#1436)
|
|
* rework protobuf message generator (#1435)
|
|
* Update Autoruns.yaml
|
|
* Added test for filefinder (#1431)
|
|
* fix filters in filefinder artifact (#1430)
|
|
* Add Artifact to collect KapeFile targets on Linux (#1426)
|
|
* Enabled lazy quotes on csv parser (#1424)
|
|
* Fixed bug in client comms. (#1423)
|
|
* Add document filter for better usability (#1421)
|
|
* Added resource information to the output of parse_pe() (#1420)
|
|
* Low latency client connectivity discovery (#1419)
|
|
* Add RecentDocs collection (#1416)
|
|
* Update Amcache artifact for clarity (#1415)
|
|
* Added extra parameters to parse_csv() (#1413)
|
|
* Added netcat plugin to read from socket (#1412)
|
|
* Updated SRUM with Network Usage and Upload option (#1408)
|
|
* Synced darwin and freebsd file accessor with the linux one. (#1409)
|
|
* Added Windows.Forensics.SAM artifact (#1404)
|
|
* Initial artifacts can be specified in config (#1403)
|
|
* Add conhost.exe to binary rename (#1402)
|
|
* Add update Prefetch Btime execution fix (#1398)
|
|
* Update Prefetch timeline (#1397)
|
|
* Cleanup search API (#1396)
|
|
* Update protobuf dependencies. (#1394)
|
|
* More multi-frontend optimizations (#1393)
|
|
* Client info manager now keeps track of scheduled tasks. (#1392)
|
|
* add sid and lookupsid plugin (#1388)
|
|
* Add Mutant whitelist (#1387)
|
|
* Notify currently connected clients on new hunts (#1386)
|
|
* Index rebuild command loads new index service. (#1385)
|
|
* Changes to support distributed architecture. (#1384)
|
|
* Added procdump and procdump64 (#1382)
|
|
* Fixed heavy mutex contention in the labeler. (#1375)
|
|
* Add shellcode to CobaltStrike carver (#10) (#1373)
|
|
* Added an index rebuild command. (#1369)
|
|
* GUI artifact form was ignoring the friendly name attribute (#1368)
|
|
* Added a specialized form element for regex parameters. (#1367)
|
|
* Added a gRPC based remote datastore (#1366)
|
|
* Display all subauthorities for GUID in SRUM (#1365)
|
|
* Verify all gRPC peer certificates were signed by the Velociraptor CA (#1362)
|
|
* Implemented MemcacheFileDatastore - memory caching with file backend (#1361)
|
|
* Added new plugins to manipulate event tables easier. (#1355)
|
|
* Refactored in memory datastore to be more efficient. (#1353)
|
|
* Sync vfilter (#1351)
|
|
* Add both fqdn and hostname to the client search table (#1350)
|
|
* BUGFIX: Datastore on windows is unable to represent files with . (#1348)
|
|
* Added buffer_size parameter to parse_records_with_regex() (#1347)
|
|
* Propagate column types from artifact to flow notebook. (#1346)
|
|
* Cobalt parser update (#1345)
|
|
* Allow listener to not use file buffer. (#1344)
|
|
* Fix Deployment documentation link in README (#1343)
|
|
* Preserve uint64 types across Listener (#1341)
|
|
* Fix spelling (#1339)
|
|
* Refactored queue listener to preserve order. (#1340)
|
|
* Added a magic() VQL function (#1338)
|
|
* Fixed bug in CSS (#1337)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jan 27 17:27:42 UTC 2022 - jeffm@suse.com
|
|
|
|
- Update to version 0.6.2~git0.8dd598b2:
|
|
* Update ese parser to fix timestamp bug
|
|
* Prepare final 0.6.2 release (#1363)
|
|
* Verify all gRPC peer certificates were signed by the Velociraptor CA
|
|
* Removed search index parallelism (#1358)
|
|
* Added new plugins to manipulate event tables easier. (#1355)
|
|
* Sync vfilter (#1351)
|
|
* Add both fqdn and hostname to the client search table (#1350)
|
|
* BUGFIX: Datastore on windows is unable to represent files with . (#1348)
|
|
* Added buffer_size parameter to parse_records_with_regex() (#1347)
|
|
* Propagate column types from artifact to flow notebook. (#1346)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jan 06 20:14:39 UTC 2022 - jeffm@suse.com
|
|
|
|
- Update to version 0.6.2~git73.dc02b45e:
|
|
* Update PrivateKeys.yaml (#1459)
|
|
* Added recursion_callback option to the glob plugin (#1461)
|
|
* Added config wizard for multi-frontend configuration (#1460)
|
|
* Calculate the sha256 hash of the offline container. (#1458)
|
|
* Artifact inspection GUI now allows pivot. (#1457)
|
|
* Client certs can now be specified in the config file. (#1456)
|
|
* New Upload File Form element (#1455)
|
|
* Added a sparse accessor (#1453)
|
|
* Hunt wizard estimates clients affected (#1452)
|
|
* Make the interrogation process customizable. (#1451)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Dec 21 20:25:43 UTC 2021 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Disable Windows artifacts. We don't target Windows endpoints and
|
|
the queries clutter the GUI.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Dec 16 14:12:05 UTC 2021 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Switch to using master branch via service files.
|
|
- Added update-vendoring.sh to update the nodejs and go dependencies
|
|
after version update.
|
|
- Patch the version string to reflect the package version instead
|
|
of an indistinguishable <next-tag>-dev.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Dec 2 01:46:34 UTC 2021 - Jeff Mahoney <jeffm@suse.com>
|
|
|
|
- Initial packaging.
|