Release/v11

CHANGELOG.md

@@ -1,44 +1,4 @@
-# UTMStack 11.0.0 Release Notes
-
-This is the release notes for **UTMStack v11**, a major update from v10. This version introduces significant improvements and new features aimed at enhancing performance, scalability, and security.
-
-## ⚠️ BREAKING CHANGE - Migration Required
-
-**IMPORTANT:** UTMStack v11 introduces fundamental architectural changes that make it **incompatible with v10**.
-
-- **Direct upgrades from v10 to v11 are NOT supported**
-- A **complete migration** is required to move from v10 to v11
-- We are currently developing a **migration tool** to facilitate this process
-- **Do not attempt to upgrade** your v10 installation to v11 until the migration tool is available
-
-Please contact our support team for guidance on migration planning and timeline.
-
-## Key Highlights
-
-### Performance and Resource Optimization
-- **EventProcessor Integration:** Replaced the resource-intensive Logstash with the new **EventProcessor** from Threatwinds, drastically reducing resource usage for data processing.
-- **Plugin Architecture:** Introduced a new **plugin system** for official integrations, improving scalability and maintainability.
-- **Scalable Processing:** Previous versions required one container per data input. Now, v11 uses two EventProcessor containers—a manager and a worker—allowing each to run its plugins and process logs in parallel. Additional workers can be added as needed to avoid bottlenecks.
-
-### Security Enhancements
-- **TLS Improvements:** Strengthened TLS handling across all components.
-- **Mandatory Multi-Factor Authentication (MFA):** Added as a required security measure to protect access.
-
-### SOC-AI Enhancements
-- **Custom Models Support:** Users can now utilize their own models in SOC-AI integrations, in addition to officially supported models.
-
-### User Interface and Usability
-- **UI Overhaul:** Major improvements to visual interfaces for enhanced user experience.
-- **SOAR (formerly Incident Response):** Renamed and upgraded to provide automated alert response workflows.
-- **Rule Creation Improvements:** Simplified graphical interface for rule creation while maintaining YAML-based configuration options.
-- **Log Filter Format Update:** Simplified from complex Logstash syntax to easy-to-use YAML format.
-
-### Centralization and Deployment
-- **Central Server:** All instances can now connect to a central server for improved support, enabling remote log submission.
-- **Cross-Platform Installation:** Added support for **Red Hat** installations in addition to Ubuntu.
-- **Offline On-Premise Installation:** Supported with guided assistance from our engineers for more complex setups.
-- **Automatic Updates:** Updates can now be automatically applied from the central server. Users can schedule updates to run at convenient times, ensuring the system remains current without manual checks.
-
-## Summary
-UTMStack v11 represents a major leap forward in performance, scalability, security, and usability. The new architecture, plugin system, and central server support ensure that deployments can grow with your organization's needs while simplifying management and operations.
+# UTMStack 11.0.1 Release Notes
 
+- Enriched the TIMEZONES constant to include additional IANA zones for broader coverage.
+- Support for additional syslog framing methods (RFC 5424 octet counting).

frontend/src/app/app-module/shared/components/app-module-card/app-module-card.component.html

@@ -1,8 +1,8 @@
 <div class="module-card card text-center p-2 m-0 d-flex flex-column align-items-center justify-content-between">
   <div class="d-flex flex-column w-100">
-    <div *ngIf="version === versionType.COMMUNITY && ModulesEnterprise.includes(module.moduleName)" class="d-flex justify-content-end">
+    <!--<div *ngIf="version === versionType.COMMUNITY && ModulesEnterprise.includes(module.moduleName)" class="d-flex justify-content-end">
       <span class="badge p-1 border-1 m-1 bg-success-300"> Enterprise </span>
-    </div>
+    </div>-->
     <div class="d-flex justify-content-center">
       <img class="p-3 mb-3 mt-1"
            [alt]="module.prettyName"
@@ -18,16 +18,15 @@ <h6 class="card-title font-weight-semibold">{{module.prettyName}}</h6>
     </p>
   </div>
 
-  <button *ngIf="version === versionType.COMMUNITY && !ModulesEnterprise.includes(module.moduleName)"
-    class="btn utm-button mb-3 " (click)="showIntegration()"
+  <button class="btn utm-button mb-3 " (click)="showIntegration()"
           [ngClass]="module.moduleActive?'utm-button-success':'utm-button-primary'">
     <i class="mr-1 icon-puzzle2"></i>
     {{module.moduleActive ? 'Enabled' : 'View integration'}}
   </button>
 
-  <button *ngIf="version === versionType.COMMUNITY && ModulesEnterprise.includes(module.moduleName)"
+  <!--<button *ngIf="version === versionType.COMMUNITY && ModulesEnterprise.includes(module.moduleName)"
           class="btn utm-button utm-button-primary mb-3" (click)="showMessage()">
     <i class="mr-1 icon-lock2"></i>
     Upgrade to Enterprise
-  </button>
+  </button>-->
 </div>

frontend/src/app/incident-response/playbooks/playbooks.component.html

@@ -102,20 +102,20 @@ <h5 class="card-title mb-0 label-header">FLOWS</h5>
           </div>
         </div>
       </div>
-    </div>
 
-    <div class="col-12 text-center py-5">
       <ng-container *ngIf="{ loading: playbookService.loading$ | async,
                               totalItems: playbookService.totalItems$ | async
                            } as data">
         <ng-container *ngIf="!data.loading && data.totalItems === 0">
-          <i class="icon-play text-muted mb-3" style="font-size: 48px;"></i>
-          <h4 class="mb-1 font-weight-semibold text-muted">Start building</h4>
-          <p class="text-muted mb-4">Begin with a template, or start from scratch.</p>
-          <a (click)="newPlaybook()" class="btn utm-button utm-button-primary">
-            <i class="icon-plus2 mr-1"></i>
-            New Flow
-          </a>
+          <div class="d-flex flex-column align-items-center justify-content-center">
+            <i class="icon-play text-muted mb-3" style="font-size: 48px;"></i>
+            <h4 class="mb-1 font-weight-semibold text-muted">Start building</h4>
+            <p class="text-muted mb-4">Begin with a template, or start from scratch.</p>
+            <a (click)="newPlaybook()" class="btn utm-button utm-button-primary">
+              <i class="icon-plus2 mr-1"></i>
+              New Flow
+            </a>
+          </div>
         </ng-container>
         <app-utm-spinner
           class="position-absolute right-50"
@@ -129,6 +129,8 @@ <h4 class="mb-1 font-weight-semibold text-muted">Start building</h4>
 
 
 
+
+
     <div *ngIf="playbookService.totalItems$ | async as totalItems" class="mt-3">
       <div class="row justify-content-center">
         <ngb-pagination (pageChange)="loadPage($event)"

frontend/src/app/incident-response/shared/services/playbook.service.ts

@@ -20,7 +20,7 @@ export class PlaybookService {
   playbooks$ = this.request$.pipe(
     filter(request =>  !!request),
     switchMap(request => {
-      this.loading.next(true);
+      setTimeout(() => this.loading.next(true), 300);
       return this.incidentResponseRuleService.query(request).pipe(
         map(response => {
           this.totalItems.next(Number(response.headers.get('X-Total-Count')));
@@ -30,7 +30,7 @@ export class PlaybookService {
           this.utmToastService.showError('Error', 'An error occurred while fetching playbooks.');
           return of([]);
         }),
-        finalize(() => this.loading.next(false))
+        finalize(() =>  setTimeout(() => this.loading.next(false), 200))
       );
     })
   );

frontend/src/app/shared/components/layout/header/shared/components/utm-version-info/utm-version-info.component.html

@@ -1,4 +1,4 @@
-<ng-container *ngIf="currentVersion$ | async  as currentVersion">
+<ng-container *ngIf="versionInfo  as currentVersion">
   <span *ngIf="currentVersion.build"
     [ngClass]="'badge-success-800'"
     class="badge badge-pill version-info cursor-pointer text-white">

frontend/src/app/shared/components/layout/header/shared/components/utm-version-info/utm-version-info.component.ts

@@ -12,35 +12,38 @@ import {VersionInfo} from '../../../../../../types/updates/updates.type';
   styleUrls: ['./utm-version-info.component.css']
 })
 export class UtmVersionInfoComponent implements OnInit {
-  currentVersion$: Observable<VersionInfo> = EMPTY;
-  destroy$ = new Subject<void>();
+  versionInfo: VersionInfo;
 
   constructor(private checkForUpdatesService: CheckForUpdatesService,
               private utmToastService: UtmToastService,
               private versionTypeService: VersionTypeService) {
   }
 
   ngOnInit() {
-    this.getVersionInfo();
-  }
-
-  getVersionInfo() {
-    this.currentVersion$ = this.checkForUpdatesService.getVersion()
+    this.checkForUpdatesService.getVersion()
       .pipe(
         map(response => response.body || null),
         tap((versionInfo: VersionInfo) => {
-          console.log('versionInfo', versionInfo);
           const version = versionInfo && versionInfo.build && versionInfo.build.version || '';
-          const versionType = version.includes('community') || version === '' ? VersionType.COMMUNITY : VersionType.ENTERPRISE;
+          const versionType = version.includes('community') || version === ''
+            ? VersionType.COMMUNITY
+            : VersionType.ENTERPRISE;
 
           if (versionType !== this.versionTypeService.versionType()) {
             this.versionTypeService.changeVersionType(versionType);
           }
         }),
         catchError(() => {
-          this.utmToastService.showError('Error fetching version info', 'An error occurred while fetching version info.');
+          this.utmToastService.showError(
+            'Error fetching version info',
+            'An error occurred while fetching version info.'
+          );
           return EMPTY;
         })
-      );
+      )
+      .subscribe(versionInfo => {
+        this.versionInfo = versionInfo;
+      });
   }
+
 }

frontend/src/app/shared/constants/alert/alert-field.constant.ts

@@ -488,6 +488,36 @@ export const ALERT_FILTERS_FIELDS: UtmFieldType[] = [
     type: ElasticDataTypesEnum.STRING,
     visible: false,
   },
+  {
+    label: 'Category',
+    field: ALERT_CATEGORY_FIELD,
+    type: ElasticDataTypesEnum.STRING,
+    visible: true,
+  },
+  {
+    label: 'Sensor',
+    field: ALERT_SENSOR_FIELD,
+    type: ElasticDataTypesEnum.STRING,
+    visible: true,
+  },
+  {
+    label: 'Time',
+    field: ALERT_TIMESTAMP_FIELD,
+    type: ElasticDataTypesEnum.DATE,
+    visible: false,
+  },
+  {
+    label: 'Incident Name',
+    field: ALERT_INCIDENT_NAME_FIELD,
+    type: ElasticDataTypesEnum.STRING,
+    visible: true,
+  },
+  {
+    label: 'Tags',
+    field: ALERT_TAGS_FIELD,
+    type: ElasticDataTypesEnum.STRING,
+    visible: true,
+  },
   {
     label: 'Adversary IP',
     field: ALERT_ADVERSARY_IP_FIELD,
@@ -583,36 +613,6 @@ export const ALERT_FILTERS_FIELDS: UtmFieldType[] = [
     field: ALERT_TARGET_GEOLOCATION_LONGITUDE_FIELD,
     type: ElasticDataTypesEnum.STRING,
     visible: false,
-  },
-  {
-    label: 'Category',
-    field: ALERT_CATEGORY_FIELD,
-    type: ElasticDataTypesEnum.STRING,
-    visible: true,
-  },
-  {
-    label: 'Sensor',
-    field: ALERT_SENSOR_FIELD,
-    type: ElasticDataTypesEnum.STRING,
-    visible: true,
-  },
-  {
-    label: 'Time',
-    field: ALERT_TIMESTAMP_FIELD,
-    type: ElasticDataTypesEnum.DATE,
-    visible: false,
-  },
-  {
-    label: 'Incident Name',
-    field: ALERT_INCIDENT_NAME_FIELD,
-    type: ElasticDataTypesEnum.STRING,
-    visible: true,
-  },
-  {
-    label: 'Tags',
-    field: ALERT_TAGS_FIELD,
-    type: ElasticDataTypesEnum.STRING,
-    visible: true,
   }
 ];
 

frontend/src/app/shared/constants/date-timezone-date.const.ts

@@ -1,3 +1,5 @@
+import moment from 'moment-timezone';
+
 export const DATE_SECTION_ID = 5;
 
 export const DEFAULT_DATE_SETTING_TIMEZONE = 'UTC';
@@ -6,7 +8,19 @@ export const DEFAULT_DATE_SETTING_DATE = 'medium';
 export const DATE_SETTING_TIMEZONE_SHORT = 'utmstack.time.zone';
 export const DATE_SETTING_FORMAT_SHORT = 'utmstack.time.dateformat';
 
-export const TIMEZONES: Array<{ label: string; timezone: string, zone: string }> = [
+export const TIMEZONES: Array<{ label: string; timezone: string; zone: string }> =
+  moment.tz.names().map((tz) => {
+    const parts = tz.split('/');
+    const zone = parts[0] || 'Other';
+    const label = tz.replace(/_/g, ' ');
+    return {
+      label,
+      timezone: tz,
+      zone
+    };
+  });
+
+/*export const TIMEZONES: Array<{ label: string; timezone: string, zone: string }> = [
   {label: 'UTC', timezone: 'UTC', zone: 'UTC'},
   {label: 'Eastern Standard Time (New York)', timezone: 'America/New_York', zone: 'America'},
   {label: 'Pacific Standard Time (Los Angeles)', timezone: 'America/Los_Angeles', zone: 'America'},
@@ -38,7 +52,8 @@ export const TIMEZONES: Array<{ label: string; timezone: string, zone: string }>
   {label: 'Jerusalem (IST)', timezone: 'Asia/Jerusalem', zone: 'Asia'},
   {label: 'Buenos Aires (ART)', timezone: 'America/Argentina/Buenos_Aires', zone: 'America'},
   {label: 'São Paulo (BRT)', timezone: 'America/Sao_Paulo', zone: 'America'},
-];
+];*/
+
 export const DATE_FORMATS: Array<{ label: string; format: string; equivalentTo: string }> = [
   {label: 'Short', format: 'short', equivalentTo: 'M/d/yy, h:mm a'},
   {label: 'Medium', format: 'medium', equivalentTo: 'MMM d, y, h:mm:ss a'},

plugins/modules-config/config/config.go

@@ -128,6 +128,8 @@ func (s *ConfigServer) NotifyUpdate(moduleName string, section *ConfigurationSec
 		pluginType = PluginType_SOC_AI
 	case "SOPHOS":
 		pluginType = PluginType_SOPHOS
+	case "CROWDSTRIKE":
+		pluginType = PluginType_CROWDSTRIKE
 	default:
 		_ = catcher.Error("unknown module name", fmt.Errorf("module: %s", moduleName), nil)
 		return
@@ -165,6 +167,7 @@ func (s *ConfigServer) SyncConfigs(backend string, internalKey string) {
 		"O365":         PluginType_O365,
 		"SOC_AI":       PluginType_SOC_AI,
 		"SOPHOS":       PluginType_SOPHOS,
+		"CROWDSTRIKE":  PluginType_CROWDSTRIKE,
 	}
 
 	for name, t := range AllModules {