Skip to content

v4.4.0
Compare
Choose a tag to compare
@ethack ethack released this 25 Aug 20:00
· 55 commits to master since this release
v4.4.0
4a4b639
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Changes:

  • Add timestamp to HTML report templates (#662)
  • Use the past 24 hours of data to analyze proxy beacons rather than just the last hour (#690)
  • The RITA parser has been updated with a number of performance tweaks (#654, #695)
  • Gather IPs for FQDN beacon analysis using DNS lookups from the past 24 hours of data rather than just the last hour (#676, #700)
  • Drop stobe limit down to 86400 (#697)
  • Add option to configuration file which filters out connections from external hosts to internal hosts (#655)

Bug Fixes:

  • Add unique indexes to beaconFQDN and beaconProxy collections (#689)
  • Add additional indexes to host collection (#687)
  • Prevented duplicate threat intel records from being created in the host collection (#683)
  • Fixed a bug where threat intel records in the host collection were not being updated when using rolling imports (#683)
  • Fixed a bug where the max beacon score listed in the host collection for a pair of hosts would never decrease when using rolling imports (#683)
  • Fixed a bug where rare signature entries might not be added to the host collection due to a race condition (#683)
  • Fixed a bug where the connection counts for each host in the host collection were under-counted when using rolling imports (#683)
  • Removed unused/ broken code in max duration analysis (#683)
Assets 4