Synapse Changelog
v2.167.0 - 2024-04-19
Automatic Migrations
Set the
protectedflag on all Views in the Cortex, using the existing value of thenomergeflag. (#3681)See Data Migration for more information about automatic migrations.
Model Changes
Updates to the
baseandfilemodels. (#3674) (#3688)Updated Types
file:pathNormalizing paths such as
../.././..previously failed. This now produces an empty path.
Deprecated Types
The following types have been marked as deprecated:
edgetimeedge
Deprecated Forms
The following forms have been marked as deprecated:
graph:clustergraph:nodegraph:eventedge:refsedge:hasedge:wenttograph:edgegraph:timeedge
Features and Enhancements
Add
aha.svc.listandaha.svc.statcommands to enumerate the AHA services. Add$lib.ahaStorm APIs to delete, get, and list the AHA services. (#3685) (#3692) (#3693)Add a
protectedoption that can be set on Views to prevent merging and deletion. This replaces thenomergeoption. (#3679)Add Beholder events for creating, deleting, and updating Macros. (#3681)
Update the
StormPkgTest.getTestCore()API to add aprepkghookcallback option. This can be used to execute code prior to loading Storm packages. ThegetTestCore()API now waits foronloadhandlers to complete for each package it loads. (#3687)Ensure that the
Cell.ahaclientis fully owned and managed by theCell. It will no longer use a global client that may exist. (#3677)Update the
stix2-validatorlibrary constraints to>=3.2.0,<4.0.0. Update the allowed range of theidnalibrary to>=3.6,<3.8. (#3672) (#3684)
Bugfixes
Asyncio Tasks created by signal handlers on the Base object are now held onto, to ensure that they cannot be garbage collected before or during their task execution. (#3686)
Update the
Axon.postfilesandAxon.wputAPIs to check for the existence of files before attempting to send them over an HTTP connection. (#3682)Fix an issue where pruning a non-existent tag mistakenly pruned related tags. (#3673)
Ensure that macro names are at least 1 character in length. (#3679)
Fix a bug where
$lib.telepath.open()could leak Python exceptions into the Storm runtime. (#3685)
Improved Documentation
Add documentation for
$lib.aha,$lib.aha.pool, and theaha:pooltype. (#3685)
Deprecations
Deprecate the use of
hiveboot.yamlto configure a Cell hive. This will be removed on 2024-05-05. (#3678)The
nomergeoption on views has been deprecated. It is automatically redirected to theprotectedoption. This redirection will be removed inv3.0.0. (#3681)The Telepath APIs for interacting with a Cell Hive,
listHiveKey,getHiveKeys,getHiveKey,setHiveKey,popHiveKey, andsaveHiveTreehave been deprecated. The toolssynapse.tools.hive.loadandsynapse.tools.hive.savehave been deprecated. These will be removed inv3.0.0. (#3683)The
Telepath.Pipelineclass has been marked as deprecated and will be removed inv3.0.0. (#3691)
v2.166.0 - 2024-04-05
Model Changes
Updates to the
inet,ou,personandriskmodels. (#3649) (#3653) (#3657)New Forms
inet:tls:handshakeAn instance of a TLS handshake between a server and client.
inet:tls:ja3:sampleA JA3 sample taken from a client.
inet:tls:ja3s:sampleA JA3 sample taken from a server.
inet:tls:servercertAn x509 certificate sent by a server for TLS.
inet:tls:clientcertAn x509 certificate sent by a client for TLS.
New Properties
risk:extortionThe form had the following property added to it:
deadlineThe time that the demand must be met.
risk:leakThe form had the following properties added on it:
extortionThe extortion event which used the threat of the leak as leverage.
size:bytesThe approximate uncompressed size of the total data leaked.
it:mitre:attack:techniqueThe form had the following properties updated on it:
nameThis property is now lower-cased and single spaced.
Deprecated Forms
The following forms have been marked as deprecated:
inet:ssl:certPlease use
inet:tls:clientcertorinet:tls:servercert.
Column Display Hints
The following forms had column display hints added to them:
ou:campaignou:conferenceou:goalou:orgou:teamou:techniqueps:contactps:skillps:proficiencyrisk:threatrisk:compromiserisk:mitigationrisk:tool:softwareLight Edges
usesWhen used with a
risk:extortionand anou:techniquenode, the edge indicates the attacker used the technique to extort the victim.
Features and Enhancements
When setting a tag on a node, the tag value is now redirected based on parent tags having
:isnowproperties set. (#3650)Add a
$lib.spooled.set()Storm API. This can be used to get aspooled:setobject. This set will offload the storage of its members to a temporary location on disk when it grows above a certain size. (#3632)Add a
$lib.cache.fixed()Storm API. This can be used to get acache:fixedobject. This cache will execute user provided callbacks written in Storm upon a cache miss. (#3661)Add a
pooloption to Cron jobs. This can be set to True to enable a Cron job storm query to be executed on a Storm pool member. (#3652)Add a
pooloption to Extended HTTP API handlers. This can be set to True to enable an HTTP request handler to be executed on a Storm pool member. (#3663) (#3667)Add a new Storm API,
$lib.cortex.httpapi.getByPath(), that can be used to get anhttp:apiobject by its path. Thepathvalue is evaluated in the same order that the HTTP endpoint resolves the handlers. (#3663)Add
--listand--gateoptions tosynapse.tools.modroleandsynapse.tools.moduser. (#3632)Add a
view.getMergingViews()Storm API. This returns a list of view idens that have open merge requests on a view. (#3666)The Storm API
show:storageoption now includes storage information for any embedded properties. (#3656)Update the
LinkShutDownexception that a Telepath client may raise to indicate that the connection has been disconnected. (#3640)Add repr functions for printing the
aha:poolandhttp:apiobjects in Storm. (#3663) (#3665)The Telepath
Poolobject has been replaced with a new object,ClientV2. This is now the only object returned by thesynapse.telepath.open()API. This is an AHA pool aware Client which can be used to connect to an AHA pool. (#3662)Remove the unused Provenance subsystem from the Cortex. (#3655)
Constrain the
stix2-validatorlibrary to3.0.0,<3.2.0due to an API change. This constraint is expected be changed in the next release. (#3669)
Bugfixes
Fix a bug where a Cortex
promote()call could hang when tearing down any running Cron jobs. Cron jobs cancelled during a promotion event will be logged but their cancelled status will not be recorded in the Nexus. (#3658)Fix a bug where the Storm pool configuration could cause a Cortex to fail to start up. The Storm pool is now configured upon startup but its use is blocked until the Storm pool is ready to service requests. (#3662)
Ensure that the URL argument provided to
cortex.storm.pool.setcan be parsed as a Telepath URL. Previously any string input was accepted. (#3665)
Improved Documentation
Update the list of Cortex permissions in the Admin Guide to include
service.add,service.del,service.get, andservice.list. (#3647)Update the docstring for the Storm
cortex.storm.pool.delcommand to note the effects of removing a pool and the interruption of running queries. (#3665)Update the documentation for the Storm
http:apiobject to include themethodsattribute. (#3663)
Deprecations
The Telepath
task:initmessage format has been marked as deprecated and will be removed inv3.0.0. This should not affect any users using Synapsev2.x.xin their client code. (#3640)The authgate with the name
cortexis not used for permission checking and will be removed inv3.0.0. At startup, the Cortex will now check for any use of this authgate and log warning messages. Attempts to set permissions with this gateiden via Storm will producewarnmessages. (#3648)
v2.165.0 - 2024-03-25
Automatic Migrations
Re-normalize
risk:mitigation:name,it:mitre:attack:technique:name, andit:mitre:attack:mitigation:namesecondary properties. (#3585)Re-normalize
velocityproperties which are float values. (#3616)See Data Migration for more information about automatic migrations.
Model Changes
Add a new model,
sci, for modeling elements of the scientific method. Updates to theecon,file,infotech,inet,ou,ps, andriskmodels. (#3559) (#3585) (#3595) (#3604) (#3606) (#3622) (#3635)New Forms
econ:acct:receiptA receipt issued as proof of payment.
econ:acct:invoiceAn invoice issued requesting payment.
econ:bank:account:type:taxonomyA bank account type taxonomy.
econ:bank:accountA bank account.
econ:bank:balanceA balance contained by a bank account at a point in time.
econ:bank:statementA statement of bank account payment activity over a period of time.
econ:bank:aba:rtnAn American Bank Association (ABA) routing transit number (RTN).
econ:bank:ibanAn International Bank Account Number.
econ:bank:swift:bicA Society for Worldwide Interbank Financial Telecommunication (SWIFT) Business Identifier Code (BIC).
risk:vulnerableIndicates that a node is susceptible to a vulnerability.
sci:hypothesis:type:taxonomyA taxonomy of hypothesis types.
sci:hypothesisA hypothesis or theory.
sci:experiment:type:taxonomyA taxonomy of experiment types.
sci:experimentAn instance of running an experiment.
sci:observationAn observation which may have resulted from an experiment.
sci:evidenceAn assessment of how an observation supports or refutes a hypothesis.
Updated Properties
risk:mitigationThe form had the following properties updated on it:
nameThis property is now lower-cased and single spaced.
it:mitre:attack:techniqueThe form had the following properties updated on it:
nameThis property is now lower-cased and single spaced.
it:mitre:attack:mitigationThe form had the following properties updated on it:
nameThis property is now lower-cased and single spaced.
New Properties
econ:acct:paymentThe form had the following properties added to it:
from:accountThe bank account which made the payment.
to:accountThe bank account which received the payment.
invoiceThe invoice that the payment applies to.
receiptThe receipt that was issued for the payment.
file:mime:imageThe interface had the following property added to it:
textThe text contained within the image.
inet:email:messageThe form had the following property added to it:
flowThe inet:flow which delivered the message.
ou:id:numberThe form had the following property added to it:
issuerThe contact information of the office which issued the ID number.
risk:threatThe form had the following property added to it:
mitre:attack:groupA mapping to a MITRE ATT&CK group if applicable.
risk:tool:softwareThe form had the following property added to it:
mitre:attack:softwareA mapping to a MITRE ATT&CK software if applicable.
risk:mitigationThe form had the following property added to it:
mitre:attack:mitigationA mapping to a MITRE ATT&CK mitigation if applicable.
Deprecated Forms
The following forms have been marked as deprecated:
risk:hasvulnPlease use
risk:vulnerable.
Light Edges
hasWhen used with an
econ:bank:statementand anecon:acct:payment, the edge indicates the bank statement includes the payment.When used with an
ou:orgnode, the edge indicates the organization is or was in possession of the target node.When used with a
ps:contactnode, the edge indicates the contact is or was in possession of the target node.When used with a
ps:personnode, the edge indicates the person is or was in possession of the target node.When used with a
sci:observationnode, the edge indicates the observations are summarized from the target nodes.When used with an
sci:evidencenode, the edge indicates the evidence includes observations from the target nodes.ownsWhen used with an
ou:orgnode, the edge indicates the organization owns or owned the target node.When used with a
ps:contactnode, the edge indicates the contact owns or owned the target node.When used with a
ps:personnode, the edge indicates the person owns or owned the target node.usesWhen used with a
sci:experimentnode, the edge indicates the experiment used the target nodes when it was run.
Features and Enhancements
Change the compression mode used when streaming Cell backups to speed up the backup process. (#3608)
When a Cell is mirroring, gracefully go into read-only mode if the leader is a greater version than the mirror. (#3581) (#3631)
Add
nullas a constant that can be used in Storm expression syntax. (#3600)Add
cortex.storm.pool.get,cortex.storm.pool.set, andcortex.storm.pool.delcommands to manage the Storm query pool which may be used by the Cortex. This replaces the experimental support added inv2.160.0for Storm query pool configuration. The experimental Cortex configurations optionsstorm:pool,storm:pool:timeout:sync, andstorm:pool:timeout:connectionhave been removed. (#3602)Add
$lib.regex.escape()API for escaping strings which may be used as regular expression patterns. (#3605)Add
View.setMergeComment()andView.setMergeVoteComment()Storm APIs for setting comments on merge requests and merge votes. (#3597)Add handlers to the
float,int, andstrtypes to handle norming StormNumberobjects. (#3601)Add a new Storm command,
gen.geo.place, to generate ageo:placenode by name. (#3620)Add an optional reporter name argument to the Storm command
gen.risk.vuln. (#3628)Add a
normoption to the$node.difftags()command. (#3612)Add logging around the leader promotion and handoff actions. (#3615)
Add Telepath APIs to AHA for clearing unused provisioning information. (#3607)
Bugfixes
Fix a bug where Cortex Cron jobs could start prior to data migrations having completed running. (#3610)
Fix an issue where
node.prop.setandnode.prop.delpermissions were not being properly checked. (#3627)Fix a bug in the Storm
mergecommand where the destination layer was not being properly checked for property set and deletion permissions. (#3627)Fix a bug in the Storm
copytocommand where the destination layer was not being properly checked for property set permissions. (#3641)Fix an error when granting a role admin permissions on a vault. (#3603)
Prevent the
synapse.tools.easycerttool from making certificates with names greater than 64 characters in length. Prevent AHA provisioning from creating provisioning requests which would exceed that length. (#3609)Fix an issue with the
velocitybase type returning a float instead of an integer when handling a string value without a unit. (#3616)Fix an issue that could occur when pivoting from a secondary property to a form when using variables for the source and target values. (#3618)
Fix a syntax parsing issue when using the try-set-plus or try-set-minus operator to update an array property on a node using a variable for the property name. (#3630)
Fix an issue with AHA service pools where their Telepath Clients were not configured for use as
aha://clients. (#3643)Fix an issue with AHA service pools where a fini’d Proxy was not properly cleaned up. (#3645)
Improved Documentation
Deprecations
The tool
synapse.tools.cellauthhas been marked as deprecated and will be removed inv3.0.0. (#3587)The tool
synapse.tools.cmdrhas been marked as deprecated and will be removed inv3.0.0. (#3589)The Storm
$lib.model.edgeAPIs have been marked as deprecated and will be removed inv3.0.0. (#3623)The
CoreAPI.enableMigrationMode()andCoreAPI.disableMigrationMode()Telepath methods have been marked as deprecated and will be removed after 2024-05-05. (#3610)The Cortex configuration options
cron:enableandtrigger:enablehave been marked as deprecated and will be removed inv3.0.0. These configuration options no longer control cron or trigger behavior. (#3610)The Storm Package
synapse_minversionkey has been deprecated and will be removed inv3.0.0. Package authors should use thesynapse_versionkey to specify a version range for Synapse they support. An example is the string>=2.165.0,<3.0.0. (#3593)
v2.164.0 - 2024-03-01
Features and Enhancements
Update the Beholder messages
view:merge:init,view:merge:prog, andview:merge:finito addmergeandvoteinformation. (#3580)When optimizing Storm lift operations, skip lifts that would be fully filtered out. (#3582)
Add
tmpdirinformation to thegetSystemInfo()APIs. This is the directory that the service would use for creating any temporary files. (#3583)Update the
synapse.tools.modroletool to add a--deloption to delete a role. (#3586)Add the
reporterou:orgtoou:campaignnodes generated withgen.ou.campaign(#3594)The
synapse.lib.certdir.CertDirclass has been updated to use thecryptographyAPIs instead of thePyOpenSSLAPIs where possible. TheCertDirAPIs no longer returnPyOpenSSLobjects, and now returncryptographyrelated objects. (#3568)Update the
cryptographyandPyOpenSSLlibraries to require their latest versions. (#3568)
Bugfixes
Deprecations
v2.163.0 - 2024-02-21
Features and Enhancements
Add Storm API methods to
$lib.axonwhich share the functionality of$lib.bytesAPIs. These include$lib.axon.has,$lib.axon.hashset,$lib.axon.put,$lib.axon.size, and$lib.axon.upload. (#3570) (#3576)Add support for user provided certificates for doing mTLS in Storm HTTP requests. (#3566)
Enable constructing a guid in Storm from a single value with
$lib.guid(valu=$item). (#3575)
v2.162.0 - 2024-02-15
Model Changes
Updates to the
inet,infotech,ou,proj, andriskmodels. (#3549) (#3551) (#3564)New Properties
inet:email:messageThe form had the following properties added to it:
received:from:ipv4The sending SMTP server IPv4, potentially from the Received: header.
received:from:ipv6The sending SMTP server IPv6, potentially from the Received: header.
received:from:fqdnThe sending server FQDN, potentially from the Received: header.
ou:oid:typeThe form had the following property added to it:
urlThe official URL of the issuer.
proj:projectThe form had the following property added to it:
typeThe project type.
risk:alertThe form had the following properties added to it:
statusThe status of the alert.
assigneeThe Synapse user who is assigned to investigate the alert.
ext:assigneeThe alert assignee contact information from an external system.
risk:mitigationThe form had the following properties added to it:
reporterThe organization reporting on the mitigation.
reporter:nameThe name of the organization reporting on the mitigation.
tagThe tag used to annotate nodes which have the mitigation in place.
New Forms
proj:project:type:taxonomyA type taxonomy for projects.
Deprecated Properties
it:mitre:attack:groupThe
it:mitre:attack:groupform had the following property marked as deprecated:tag
it:mitre:attack:tacticThe
it:mitre:attack:tacticform had the following property marked as deprecated:tag
it:mitre:attack:techniqueThe
it:mitre:attack:techniqueform had the following property marked as deprecated:tag
it:mitre:attack:softwareThe
it:mitre:attack:softwareform had the following property marked as deprecated:tag
it:mitre:attack:campaignThe
it:mitre:attack:campaignform had the following property marked as deprecated:tag
Features and Enhancements
Add Storm API methods for inspecting and manipulating dictionary objects in Storm. These are
$lib.dict.has(),$lib.dict.keys(),$lib.dict.pop(),$lib.dict.update(), and ``$lib.dict.values()` (#3548)Add a
json()method to thestrtype in Storm to deserialize a string as JSON data. (#3555)Add an
_ahainfoattribute to theTelepath.Proxy, containing AHA service name information if that is provided to the Dmon. (#3552)Add permissions checks to
$lib.bytesAPIs usingaxon.hasfor APIs that check for information about the Axon or metrics; andaxon.uploadfor APIs which put bytes in the Axon. These are checked withdefault=Truefor backward compatibility. (#3563)The rstorm
storm-svcandstorm-pkgdirectives now wait for anyonloadhandlers to complete. (#3567)Update the Synapse Python package trove classifiers to list the platforms we support using Synapse with. (#3557)
Bugfixes
Fix a bug in the
Cell.updateHttpSessInfo()API when the Cell does not have the session in memory. (#3556)Fix a bug where a user was allowed to vote for their own View merge request. (#3565)
Include Storm variables from the current and parent scopes when resolving STIX properties and relationships. (#3571)
Improved Documentation
Update the Storm automation documentation. Added additional information about permissions used to manage automations. Added examples for
edge:addandedge:deltriggers. Added examples for managing Macro permissions. (#3547)Update the Storm filtering and lifting documentation to add information about using interfaces and wildcard values with those operations. (#3560)
Update the Synapse introduction to note that Synapse is not intended to replace big-data or data-lake solutions. (#3553)
Deprecations
v2.161.0 - 2024-02-06
Features and Enhancements
Add a Storm command
gen.it.av.scan.resultto help generateit:av:scan:resultnodes. (#3516)Add item specific error message when users do not have sufficient permissions on an object which is using easyperms. (#3532)
Ensure that Nexus events which are written to the log are always applied and cannot be cancelled while the Nexus handler is running. (#3518)
Add
getMergeRequest()andgetMergeRequestSummary()Storm APIs to theViewobject, in order to get information about View merges via Storm. (#3541)Add AHA information to the output of the
Cell.getCellInfo()API. This includes the service name, leader, and network. (#3519)Logs related to AHA service registration and setting services as offline are now logged at the
INFOlevel. (#3534)When creating Cron jobs and Triggers, record their creation time. (#3521) (#3538)
Add a
Cell.updateHttpSessInfo()API to set multiple keys at once on a HTTP session. (#3544)Update the allowed versions of the
cbor2and `` pycryptodome`` libraries. (#3540)
Bugfixes
The Storm API for creating websockets,
$lib.inet.http.connect(), did not properly handle thessl_verifyargument, causing SSL verification of Websocket requests to default to being disabled. This argument is now handled correctly, with SSL verification being enabled by default. (#3527)Fix a bug in embedded Storm queries where they failed to grab their variables properly. (#3531)
Fix a bad variable reference in the Storm
graphimplementation. (#3531)Fix a bug where modifying nodes in a Storm Dmon did not properly update the in-flight node. (#3520)
Improved Documentation
Update the Cortex admin guide with additional information about removing extended forms and properties. (#3510)
Update the Data Model documentation to include additional information about extended forms and properties. (#3523)
Update the Data Model documentation to include information about property interfaces. (#3523)
v2.160.0 - 2024-01-24
Automatic Migrations
Update
inet:ipv6nodes to set their:typeand:scopeproperties. (#3498)Update existing layer push and layer pull configurations to set the default chunk size and queue size values on them. (#3480)
See Data Migration for more information about automatic migrations.
Model Changes
Updates to the
infotech,ou, andriskmodels. (#3501) (#3504) (#3498)New Properties
risk:vulnThe form had the following properties added to it:
severityThe severity of the vulnerability.
priorityThe priority of the vulnerability.
inet:ipv6The form had the following properties added to it:
typeThe type of IP address (e.g., private, multicast, etc.).
scopeThe IPv6 scope of the address (e.g., global, link-local, etc.).
Updated Types
it:exec:procThis now inherits the
it:host:activityinterface.it:exec:threadThis now inherits the
it:host:activityinterface.it:exec:loadlibThis now inherits the
it:host:activityinterface.it:exec:mmapThis now inherits the
it:host:activityinterface.it:exec:mutexThis now inherits the
it:host:activityinterface.it:exec:pipeThis now inherits the
it:host:activityinterface.it:exec:urlThis now inherits the
it:host:activityinterface.it:exec:bindThis now inherits the
it:host:activityinterface.it:exec:file:addThis now inherits the
it:host:activityinterface.it:exec:file:readThis now inherits the
it:host:activityinterface.it:exec:file:writeThis now inherits the
it:host:activityinterface.it:exec:file:delThis now inherits the
it:host:activityinterface.it:exec:reg:getThis now inherits the
it:host:activityinterface.it:exec:reg:setThis now inherits the
it:host:activityinterface.it:exec:reg:delThis now inherits the
it:host:activityinterface.
Features and Enhancements
Add tab completion of commands, forms, properties, tags, and
$lib.functions the Storm CLI tool. (#3493) (#3507)Add
node.set.<form>.<prop>andnode.del.<form>.<prop>permissions conventions to the Cortex for property sets and deletes. (#3505)Add experimental support for Storm query offloading to the Cortex. This can be used to offload Storm queries to an AHA service pool. This can be configured with the
storm:pooloption on the Cortex. (#3452) (#3513)Add a
--deledgesoption to thedelnodecommand. This deletes the N2 edges for a node before deleting the node. (#3503)When creating layer push or pull configurations, the chunk size and queue size can now be set. (#3480)
Add a
cell.hasHttpSess()API to check if a given Cell has a known HTTP session. (#3485)Fire a
core:pkg:onload:completeevent when a Storm packageonloadhandler is completed. This can be used when writing unit tests for Rapid Power-ups. (#3497)
Bugfixes
Remove dataname index entries when removing all nodedata from a node. (#3499)
Fix an issue with
tagpropsnot being correctly returned in$node.getByLayer(). (#3500)Fix an issue with the
edges.delcommand when using the--n2option. This now behaves correctly when the N1 node does not exist. (#3506)Fix an issue with duplicate properties being tracked in the property type map of the data model. This could have resulted in multiple nodes being lifted with interface properties. (#3512)
Improved Documentation
Update Storm filter documentation. Additional information about tag globbing and interval filtering has been included. (#3489)
v2.159.0 - 2024-01-16
Automatic Migrations
Update any extended model elements which used the
taxonomyinterface to now use themeta:taxonomyinterface. (#3334)See Data Migration for more information about automatic migrations.
Features and Enhancements
Add support for lifting, pivoting, and filtering using wildcards, lists, variables, and interfaces as form and property names. (#3334)
Migrate the name of the
taxonomyinterface tometa:taxonomy. (#3334)Update the pinned version of the
larklibrary to1.1.9for compatibility with Python 3.11.7. (#3488)
Bugfixes
Prevent re-adding extended model elements in Nexus handlers. (#3486)
Add missing permissions checks on the
$lib.axon.urlfile()API. This now requires thenode.add.file:bytesandnode.add.inet:urlfilepermissions. (#3490)Fix the permission checking for Vaults to check the Storm runtime
asrootstatus. (#3492)Fix an issue with
$lib.stix.import.ingest()not convertingbundleto a dictionary. (#3495)
Improved Documentation
Add documentation for the
reversekeyword. (#3487)Clarify the use of the “try” operator (
+?) in edit operations. (#3482) (#3487)Update Storm lift documentation to add additional examples and clarify existing documentation. (#3487)
Update Storm data modification documentation to add additional examples and clarify existing documentation. (#3482)
v2.158.0 - 2024-01-03
Features and Enhancements
Update the allowed versions of the``fastjsonschema``,
idna,pygments, andaiosmtpliblibraries. (#3478)
Bugfixes
Fix a bug where the
role:addanduser:addNexus handlers could raise an exception when being called by a service mirror. (#3483)
Improved Documentation
v2.157.0 - 2023-12-21
Features and Enhancements
Added vaults feature for storing and sharing secret values (such as API keys) and associated configuration settings. Vaults can be shared with and used by another user without them being able to see the enclosed secret values. (#3319) (#3461)
Added Storm commands to interact with vaults:
vaults.*. (#3319)Added Storm library to interact with vaults:
$lib.vaults.*. (#3319)Add merge request voting and history tracking for full View merges. (#3466) (#3473) (#3475)
Add service pooling support to AHA. This allows for dynamic service topologies and distributed Telepath API calls. (#3353) (#3477)
Add user managed API keys that can be used to access HTTP API endpoints. (#3470)
Added an
--optsfileoption to the Storm CLI tool. This can be used to specify opts to the CLI tool via YAML. See Storm Opts for details about available options. (#3468)Cron status changes are now persisted through the Nexus. (#3460)
Add a
show:storageoption to the Storm runtime opts to include the storage node data in thenodemessage. (#3471)
Bugfixes
Log a warning message when calling the Python
User.pack(packroles=True)method when a user role is missing from the Auth subsystem. A missing role previously caused anAttributeErrorexception. (#3469)Ensure the Nexus
view:detachevent is idempotent. (#3474)Fix an issue where Storm subqueries containing non-runtsafe values could potentially not execute. (#3443)
v2.156.0 - 2023-12-08
Model Changes
Updates to the
infotech,ou, andriskmodels. (#3436) (#3438) (#3446) (#3447)New Properties
it:av:scan:resultThe form had the following properties added to it:
target:ipv4The IPv4 address that was scanned to produce the result.
target:ipv6The IPv6 address that was scanned to produce the result.
ou:campaignThe form had the following property added to it:
mitre:attack:campaignA mapping to a Mitre ATT&CK campaign if applicable.
risk:vulnThe form had the following property added to it:
idAn identifier for the vulnerability.
New Forms
it:mitre:attack:campaignA Mitre ATT&CK Campaign ID.
risk:technique:masqueradeRepresents the assessment that a node is designed to resemble another in order to mislead.
Updated Types
it:os:windows:sidThe regular expression used to validate the SID has been updated to allow modeling well-known SID values.
Features and Enhancements
Add an
emptykeyword to Storm to conditionally execute queries when there are no nodes in the pipeline. (#3434)Add Storm APIs for getting property counts for a given
layerorview.. These APIs aregetPropCount(),getPropArrayCount(),getTagPropCount(). (#3435)Add a new permission,
view.fork, which can be used to control access for forking a view. This permission defaults to being allowed. (#3437)Add Storm operators to allow pivoting and joining across light edges. The following examples show pivoting across
refsedges and joining the destination nodes with the inbound nodes:-(refs)+>and<+(refs)-. (#3441)Add Storm operators to do pivot out and join (
--+>) and pivot in and join (<+--) operations across light edges. (#3441) (#3442)Storm subqueries used to assign a value now always run. (#3445)
Non-runtsafe
try...catchblocks in Storm now run when there are no inbound nodes. (#3445)The Storm API
$lib.storm.eval()now logs itstextargument to thesynapse.stormlogger. (#3448)Add a
--by-nameargument to the Stormstats.countbycommand. This can be used to sort the results by name instead of count. (#3450)Add a new Storm API
$lib.gis.bbox()to allow computing geospatial bounding boxes. (#3455)
Bugfixes
Prevent recursion errors in
inet:fqdnonset handlers. (#3433)When dereferencing a list or dictionary object off of a Node in Storm, the returned value is now a copy of the value. This avoids the situation where modifying the deferenced value appeared to alter the node but did not actually result in any edits to the underlying data. (#3439)
Add a missing sub-query example to Storm
forloop documentation. (#3451)Fix an issue where attempting to norm an IPv4 with an invalid netmask would raise a Python error. (#3459)
Deprecations
Deprecated Cortex and splice related APIs which were marked for removal after 2023-10-01 have been removed. The list of these APIs can be found at API Deprecation Notice - 2023-10-01. These additional splice related changes have also been made:
The HTTP API
/api/v1/stormnow sets the defaulteditformatopt value tonodeedits. Previously this API produced splice changes by default.The
synapse.tools.cmdrstormcommand no longer displays splices.The
synapse.tools.cmdrlogcommand no longer records splices.The
synapse.tools.csvtooltool no longer records or displays splices.The
synapse.tools.feedtool no longer supports splices or nodeedits as input and the splice documentation example has been removed.(#3449)
The deprecated function
synapse.common.aclosing()has been removed. (#3449)Provisioning a Synapse service with AHA now always updates the local CA certificate and generates new host and user certificates for the service. Previously these would not be regenerated if the CA or service names did not change. (#3457)
v2.155.0 - 2023-11-17
Model Changes
Updates to the
infotech,proj, andriskmodels. (#3422)New Properties
proj:ticketThe form had the following property added to it:
ext:assigneeTicket assignee contact information from an external system.
risk:alertThe form had the following property added to it:
severityA severity rank for the alert.
it:exec:queryThe form had the following property added to it:
offsetThe offset of the last record consumed from the query.
New Forms
it:av:scan:resultThe result of running an antivirus scanner.
Updated Properties
risk:alertThe form had the following properties updated on it:
priorityThe type of this property has been changed from an
inttometa:priority.
risk:attackThe form had the following properties updated on it:
severityThe type of this property has been changed from an
inttometa:severity.
risk:compromiseThe form had the following properties updated on it:
severityThe type of this property has been changed from an
inttometa:severity.
Deprecated Forms
The following forms have been marked as deprecated:
it:av:sigPlease use
it:av:scan:result.it:av:filehitPlease use
it:av:scan:result.it:av:prochitPlease use
it:av:scan:result.
Features and Enhancements
Add a
detach()method to the Stormviewobject. This will detach a forked View from its parent. (#3423)Change the method used to generate the
tookvalue in the Stormfinimessage to use a monotonic clock. (#3425)Performing an invalid “pivot in” operation with a form target (
<- some:form) now raises aStormRuntimeErrorinstead of silently doing nothing. (#3426)Allow relative properties on the right hand side of a filter operation when using Storm expression syntax. (#3424)
Add an
/api/v1/logoutmethod on the Cell to allow HTTPS users to logout of their sessions. (#3430)Allow taxonomy prefix lift and filter operations to work with taxon parts. (#3429)
Update the allowed versions of the
cbor2,pycryptodome,pygments,vcrpy, andxxhashlibraries. Update the pinned version of thelarklibrary. (#3418)
Bugfixes
Improved Documentation
Fix an error in the Cortex mirror deployment guide. The example
docker-compose.yamlwas missing the environment variables forSYN_CORTEX_AXONandSYN_CORTEX_JSONSTOR. (#3430)
v2.154.1 - 2023-11-15
This release is for updating the version of the cryptography package in
Synapse containers to 41.0.5.
v2.154.0 - 2023-11-15
Automatic Migrations
Update the
inet:ipv4:typevalue for RFC6598 addresses toshared. (#3410)See Data Migration for more information about automatic migrations.
Model Changes
Update to the
inetandoumodels.(#3406) (#3407) (#3410) (#3416)
Updated Types
inet:ipv4RFC6598 addresses now have a
:typeproperty value ofshared.inet:urlAccept Microsoft URLPrefix strings with a strong wildcard host value.
Add a check to prevent creating
inet:urlnodes with an empty host and path part, such asinet:url=file://''.
New Properties
ou:orgThe form had the following property added to it:
tagA base tag used to encode assessments made by the organization.
risk:compromiseThe form had the following properties added to it:
ext:idAn external unique ID for the compromise.
urlA URL which documents the compromise.
risk:alertThe form had the following property added to it:
hostThe host which generated the alert.
New Forms
ou:requirementA specific requirement.
risk:leakAn event where information was disclosed without permission.
risk:leak:type:taxonomyA taxonomy of leak event types
risk:extortionAn event where an attacker attempted to extort a victim.
risk:extortion:type:taxonomyA taxonomy of extortion event types.
Light Edges
leakedWhen used with a
risk:leaknode, the edge indicates the leak included the disclosure of the target node.leveragedWhen used with a
risk:extortionnode, the edge indicates the extortion event was based on attacker access to the target node.meetsWhen used with a
ou:requirementnode, the edge indicates the requirement was met by the source node.
Features and Enhancements
Add
edge:addandedge:delas trigger conditions. These trigger when light edges are added or removed from a node. (#3389)Storm lift and filter operations using regular expressions (
~=) are now case insensitive by default. (#3403)Add a
unique()method to the Stormlistobject. This returns a new list with only unique elements in it. (#3415)Add support for
synapse.tools.autodocto generate documentation for API definitions declared in Storm packages. (#3382)A review of Storm library functions was performed and all
readonlysafe functions have been marked for execution in areadonlyStorm runtime. (#3402)Allow setting the layers on a root View with forks. (#3413)
Bugfixes
Per-node Storm variables are now passed into subquery assignment expressions. (#3405)
Fix an issue with Storm Dmon hive storage being opened too late in the Cortex startup sequence. (#3411)
Remove a check when deleting tags from a node which prevented tag deletion from a node when the root tag was deleted in a parent view. (#3408)
v2.153.0 - 2023-10-27
Model Changes
Update to the
inetandoumodels.Deprecated Properties
inet:web:acctThe
inet:web:acctform had the following properties marked as deprecated:name:enrealname:en
inet:web:groupThe
inet:web:groupform had the following property marked as deprecated:name:en
ou:industryThe
ou:industryform had the following property marked as deprecated:subs
Features and Enhancements
Add a new Storm API,
$lib.cortex.httpapi, for creating and managing Extended HTTP API endpoints. These Cortex HTTP API endpoints allow a user to create custom responses via Storm. Documentation for this feature can be found at Extended HTTP API. (#3366)Add a new Storm API,
$lib.iters.zip(), to iterate over sequences of items together. (#3392) (#3398)Add a Storm command
stats.countbyto tally occurrences of values and display a barchart representing the values. (#3385)Update the Storm command
auth.user.modto allow setting a user as admin on a specific auth gate. (#3391)The
proxyargument to$lib.inet.http.*,$lib.axon.wget(),$lib.axon.urlfile(), and$lib.axon.wput()APIs is now gated behind the permissionstorm.lib.inet.http.proxy. Previously this required admin permission to utilize. (#3397)Add an
errorsparameter to$lib.axon.readlines(),$lib.axon.csvrows(), and$lib.axon.jsonlines(). This parameter defaults toignoreto ignore any decoding errors that are encountered when decoding text. (#3395)Lower the maximum allowed version of the
pyopenssllibrary. (#3399)
Bugfixes
Fix a bug in the
Cortex.syncLayersEvents()andCortex.syncIndexEvents()APIs which caused layers to stop sending their node edits under certain conditions. (#3394)Storm now raises a
BadSyntaxErrorwhen attempting to filter by wildcard tags or tagprops when a value is specified for the filter. (#3373)
v2.152.0 - 2023-10-17
Model Changes
Update to the
biz,crypto,geo,it,mat,media, andriskmodels.(#3341) (#3377) (#3376) (#3381)
Updated Interfaces
crypto:smart:effectAdd a
docvalue to the interface.it:host:activityAdd a
docvalue to the interface.taxonomyAdd a
docvalue to the interface.
Updated Types
timeThe
timetype now recognizes RFC822 formatted time strings.biz:service:type:taxonomyThe
taxonomyinterface has been added to the type.geo:place:taxonomyThe
taxonomyinterface has been added to the type.it:log:event:type:taxonomyThe
taxonomyinterface has been added to the type.it:prod:soft:taxonomyThe
taxonomyinterface has been added to the type.mat:typeThe
taxonomyinterface has been added to the type.media:news:taxonomyThe
taxonomyinterface has been added to the type.risk:alert:taxonomyThe
taxonomyinterface has been added to the type.risk:alert:verdict:taxonomyThe
taxonomyinterface has been added to the type.risk:threat:type:taxonomyThe
taxonomyinterface has been added to the type.
New Forms
it:dev:repo:labelA developer selected label.
it:dev:repo:issue:labelA label applied to a repository issue.
Features and Enhancements
Bugfixes
Improved Documentation
Update the documentation for the Storm
view.execcommand to explain the separation of events and nodes between the parent and sub-runtimes. (#3379)
v2.151.0 - 2023-10-06
Model Changes
Update to the
itmodel. (#3361)New Forms
it:mitre:attack:flowA MITRE ATT&CK Flow diagram.
Features and Enhancements
Add a new Storm library
$lib.infosec.mitre.attack.flow. This can be used to normalize and createit:mitre:attack:flownodes from MITRE ATT&CK Flow Diagrams. (#3361) (#3372)Update the Storm
note.addcommand to set themeta:note:createdproperty on the note. (#3569)Add the Axon HTTP APIs to the Cortex. These API endpoints use the Axon that the Cortex is configured to use. (#3550)
Allow user defined functions in Storm to execute in a
readonlyStorm runtime. (#3552)Clarify the Nexus
IsReadOnlyexception to include the common cause for the error, which is normally insufficent space on disk. (#3359)Add a
SYN_LOG_DATEFORMATenvironment variable to allow specifying custom timestamp formats for Synapse services. (#3362)Add a
statusattribute to structured log events for user and role related log events. This attribute indicates if the event was aCREATE,DELETE, orMODIFYoperation. (#3363)Update
Cell.getLogExtra()to prefer using theuserkey from the task scope before using thesesskey from the task scope. Cortex APIs which execute Storm queries now set theuserscope to the user the query is running as. This increases the accuracy of log events caused by Storm queries when theuseris specified in theopts. (#3356)Update Storm setitem AST operator to check the readonly flag on functions when operating in a
readonlyStorm runtime. (#3364)Update the minimum required version of the
fastjsonschemalibrary. (#3358)Update tests and remove the use of deprecated functions for improved Python 3.12 compatibility. (#3355) (#3567)
Bugfixes
Fixed a bug when parenting a View to another View where the bottom view has more than one layer in it omitted non-write layers. The set of layers is now properly computed. (#3354)
Improved Documentation
v2.150.0 - 2023-09-22
Model Changes
Updates to the
inetmodel. (#3347)Updated Types
inet:urlThe
inet:urltype now recognizes UNC network paths and converts them intosmb://URLs.
Features and Enhancements
Allow Storm trigger APIs to reference triggers from other views. (#3342)
Update the
synapse.lib.scrapeand associated APIs to capture additional data: (#3223) (#3347)it:sec:cpeCPE 2.3 strings are now identified.
inet:urlUNC based paths are now identified.
Update the
synapse.lib.scrapeand associated APIs to use subprocesses when scraping large volumes of text. (#3344)Add additional logging for HTTP API endpoints when a request has invalid login information. (#3345)
The CryoTank service has had permissions added to it. (#3328)
Bugfixes
Stormtypes
storfunctions were not previously checked duringreadonlyruntime execution. These are now validated andstorfunctions which would result in changing data in the Cortex will now raise an exception when used with areadonlyStorm runtime. (#3349)
Improved Documentation
v2.149.0 - 2023-09-14
Model Changes
Updates to the
it,meta, andoumodels. (#3338)New Properties
taxonomyThe interface had the following property added to it:
descriptionA definition of the taxonomy entry.
inet:email:messageThe form had the following property added to it:
ccEmail addresses parsed from the “cc” header.
meta:sourceThe form had the following property added to it:
urlA URL which documents the meta source.
ou:campaignThe form had the following property added to it:
timelineA timeline of significant events related to the campaign.
Deprecated Properties
taxonomyThe
taxonomyinterface had the following property marked as deprecated:summary
Features and Enhancements
Add best-effort support to scrape APIs to identify Windows and Linux file paths. (#3343)
Update the Storm
view.addcommand to add a--worldreadableflag to create a view which is readable by theallrole. The$lib.view.add()Storm API now also accepts an optionalworldreadableargument as well. (#3333)Update the Storm
note.addcommand to add a--yieldflag which yields the newly created note. (#3337)Add Storm commands
gen.ou.id.numberandgen.ou.id.typeto help generateou:id:numberandou:id:typenodes. (#3339)Support dynamically setting a Layer to
readonlyusing the Storm$layer.set()API. (#3332)Update the Storm command
helpto display information about Storm types, Storm Libraries and functions. (#3335)
Bugfixes
Ensure that the Cell
tmpdirectory is on the same volume as the Cell storage directory prior to attempting to run the onboot optimization process. If the volumes are different this now issues a warning message and skips the optimization process. (#3336)Protect the Cortex Cron scheduling loop from errors that could happen when starting an agenda item. (#3340)
v2.148.0 - 2023-09-05
Features and Enhancements
Add a
$lib.jsonstor.cachedel()API to allow for the removal of data created by$lib.jsonstor.cacheget(). (#3322)
Bugfixes
Ensure the base Cell
fini()’s the Aha client that it creates. This fixes a unit test performance issue. (#3324)
Deprecations
Mark the following Cryotank related API arguments and functions as deprecated. These APIs are related to server-side offset tracking for callers. Code which relies on these should be updated to do local offset tracking. These APIs and arguments will be removed in v2.150.0. (#3326)
CryoApi.puts(seqn=...)argument.CryoApi.rows(seqn=...)argument.CryoApi.slice(iden=...)argument.CryoApi.offset()function.CryoTank.getOffset()function.CryoTank.setOffset()function.CryoTank.puts(seqn=...)argument.CryoTank.rows(seqn=...)argument.CryoTank.slice(iden=...)argument.TankAPI.offset()function.TankApi.puts(seqn=...)argument.TankAPI.slice(iden=...)argument.
v2.147.0 - 2023-08-31
Features and Enhancements
Bugfixes
Vendor the
asyncio.timeouts.Timeoutclass from Python 3.11.3 to ensure correct task cancellation behavior is available forsynapse.common.wait_for(). (#3321)
v2.146.0 - 2023-08-29
Features and Enhancements
Update Storm
graphprojection to only include edges between nodes in the result set and include a “reverse”: true in the edge info when embedding an edge on its target node once it is yielded. (#3305)Map the Nexus LMDB slab with
map_async=Trueby default. (#3314)Mark the Storm
macro.execas areadonlysafe command. Mark the Storm APIs$lib.macro.list()and$lib.macro.get()asreadonlysafe. Mark thestrAPIs asreadonlysafe. (#3316)
Bugfixes
v2.145.0 - 2023-08-25
Automatic Migrations
Update indexing for light edges to index the N1 and N2 node identifiers together. (#3302)
See Data Migration for more information about automatic migrations.
Model Changes
Update to the
inet,it, andmetamodels. (#3285) (#3298) (#3301) (#3310)New Types
it:sec:tlpThe US CISA Traffic-Light-Protocol used to designate information sharing boundaries.
meta:priorityA generic priority enumeration.
meta:severityA generic severity enumeration.
New Forms
it:sec:metricsA node used to track metrics of an organization’s infosec program.
it:sec:vuln:scanAn instance of running a vulnerability scan.
it:sec:vuln:scan:resultA vulnerability scan result for an asset.``
New Properties
it:dev:repo:issueThe form had the following properties added to it:
updatedThe time the issue was updated.
idThe ID of the issue in the repository system.
it:dev:repo:issue:commentThe form had the following properties added to it:
createdThe time the comment was created.
updatedThe time the comment was updated.
it:dev:repo:diff:commentThe form had the following properties added to it:
createdThe time the comment was created.
updatedThe time the comment was updated.
meta:noteThe form had the following properties added to it:
updatedThe time the note was updated.
Deprecated Properties
it:exec:procThe
it:exec:procform had the following property marked as deprecated:src:exe
inet:whois:iprecThe
inet:whois:iprecform had the following property marked as deprecated:registrant
Features and Enhancements
Add a new Storm keyword,
reverse( ... ), which can be used to run a lift operation in reverse order. (#3266)Update indexing for light edges to index the N1 and N2 node identifiers together. (#3302)
Update the Storm
oncecommand behavior and documentation to be more intuitive when setting its timestamp and allowing nodes through it. (#3282)Add a
synapse_versionkey to the Storm Package schema. This can be used to provide a string version indentifier with a minimum and maximum version, such as>=2.145.0,<3.0.0. (#3304)Update the Storm runtime to respect permissions declared with a
defaultvalue oftrue. This allows Storm packages to define permissions which are defaulted totrue. (#3287)Add a
SIGHUPhandler to the base Cell which can be used to reload HTTPS certificate files from disk. Thesynapse.tools.reloadtool can also be used to trigger this behavior. (#3293)The optional
max:usersfeature no longer countslockedorarchivedusers when adding users. (#3295)Update the YAML functions to use the
yaml.CSafeLoaderandyaml.CSafeDumper. (#3289)
Bugfixes
Replace
asyncio.wait_for()use with a copy of the Python 3.12 implementation to avoid a race condition when cancelling tasks. (#3299) (#3307)Fix an issue with the Storm trigger
set()method not properly checking the values that it allows to be set. (#3290)Fix an off-by-one bug in the
SlabSeqn.aiter()method. (#3300)Fix a performance issue with the IPv6 regular expression used in the scrape APIs. (#3311)
Improved Documentation
Revise the Storm User Guide to consolidate the background information and data modeling sections. Add a user focused section on Views and Layers. (#3303)
Add
inttype specific information to the Storm documentation. (#3288)The Storm
movetagcommand now moves thedoc:urlproperty from the oldsyn:tagnode to the newsyn:tagnode. (#3294)Storm Library and Type documentation no longer renders function signatures with Python style defaults. (#3296)
Deprecations
Many deprecated Cortex and splice related APIs have been marked for removal after 2023-10-01. The full list of APIs which will be removed can be found at API Deprecation Notice - 2023-10-01. (#3292)
The use of
synapse.common.aclosing()has been replaced withcontextlib.aclosing(). The vendoredaclosing()implementation will be removed inv2.250.0. (#3206)
v2.144.0 - 2023-08-09
Model Changes
Updates to the
inet:dnsanditmodel. (#3257) (#3276)New Forms
it:dev:repo:type:taxonomyA version control system type taxonomy.
it:dev:repoA version control system instance.
it:dev:repo:remoteA remote repo that is tracked for changes/branches/etc.
it:dev:repo:branchA branch in a version control system instance.
it:dev:repo:commitA commit to a repository.
it:dev:repo:diffA diff of a file being applied in a single commit.
it:dev:repo:issueAn issue raised in a repository.
it:dev:repo:issue:commentA comment on an issue in a repository.
it:dev:repo:diff:commentA comment on a diff in a repository.
New Properties
inet:dns:answerThe form had the following properties added to it:
timeThe time that the DNS response was transmitted.
Features and Enhancements
The iden of the Cron job is now added to the Storm query log made with the
synapse.stormlogger when using structured logging. (#3235)Add a
keepaliveoption to the Storm queryopts. This may be used with long-running Storm queries when behind a network proxy or load balancer which may terminate idle connections. (#3272)Update the allowed versions of the
cryptographylibrary. (#3281)
Bugfixes
v2.143.0 - 2023-07-28
Model Changes
Update to the
cryptomodel. (#3256)Updated Types
hexThe
zeropadoption has been changed from aboolto anint. It may now be used to specify the zero extended length of the hex string.
Updated Properties
crypto:x509:certThe form had the following properties updated on it:
serialThe
sizevalue has been changed tozeropadto zeropad values with less than 40 octets, and to allow storing large serial numbers from malformed certificates.
Features and Enhancements
Add
$lib.model.ext.getExtModel()and$lib.model.ext.addExtModel()Storm APIs to get all the extended model definitions in a Cortex and to add extended model definitions to a Cortex in bulk. (#3252)Add
inet:ipv6to the list of types identified with scrape APIs. Theinet:serverform identified by scrape APIs now also identifies IPv6 server addresses. (#3259)Add a check to the Cortex startup to identify and log the presence of deprecated model elements and direct users to check and lock them at model.deprecated.check. (#3253) (#3264)
Add a new Storm function,
$lib.vars.type(), to get the type value of an object. (#3100)Add a Storm library,
$lib.pack, for packing and unpacking structured byte values. (#3261)The Storm
$lib.gen()functions and associated commands now generate stable guid values based on their inputs when making nodes. (#3268)Add the
.bazarTLD to the list of TLDs identified by the Synapse scrape functionality. (#3271)Add the View iden to the task identifier for running Storm tasks. (#3247)
Add performance related sysctl values to the output of the Storm
Cell.getSystemInfo()and$lib.cell.getSystemInfo()APIs. (#3236)Update the allowed versions of the
vcrpylibrary. Thank youcaptainGeech42for the contribution. (#3204)
Bugfixes
Ensure the input to the
CoreAPI.storm()( and related APIs ) is a string. (#3255) (#3269)Fix a bug in
synapse.tools.aha.enrollwhere a user with atelepath.yamlfile containing anaha:serverskey with a list of lists failed to enroll a local user. (#3260)Fix an issue where Storm functions using
emitfailed to cleanup their sub-runtimes. (#3250)Add verification that a Storm function call is being made on a callable object and raise a
StormRuntimeErrorif the object cannot be called. Previously invalid calls could raise aTypeError. (#3243)Fix the order of the Beholder
cron:stopmessage firing when a Cron job is stopped. (#3265)
Improved Documentation
Add a section to the Storm reference for user defined functions in Storm. That can be found at Storm Reference - Advanced - Functions. (#3245)
Update the devops documentation to add a note about the Telepath
aha://protocol using amirror=trueparameter to connect to a service mirror instead of a leader. (#3267)Update the
preboot.shexample script to account for Docker changes introduced inv2.133.0.
v2.142.2 - 2023-07-19
Bugfixes
Fix an issue which caused the Docker image tags for
vertexproject/synapse-cryotank:v2.141.1,vertexproject/synapse-jsonstor:v2.141.1, andvertexproject/synapse-stemcell:v2.141.1, to refer to same image. (#3249)
v2.142.1 - 2023-07-19
Bugfixes
Fix an issue which prevented the publication of the Synapse containers with
v2.x.xtags. (#3248)
v2.142.0 - 2023-07-19
Automatic Migrations
Renormalize the
risk:vuln:cvss:v2andrisk:vuln:cvss:v3properties. (#3224)Migrate the
risk:vuln:nametype from astrto arisk:vulnnameform. (#3227)See Data Migration for more information about automatic migrations.
Model Changes
Update to the
it,ou, andriskmodels. (#3224) (#3227) (#3237)New Forms
risk:vulnnameAdd a form to capture vulnerability name such as log4j or rowhammer.
Updated Types
hexThe
hexbase type now accepts azeropadoption that can be used to zero-extend a hex string during normalization.cvss:v2The type now accepts and normalizes unordered CVSS vectors.
cvss:v3The type now accepts and normalizes unordered CVSS vectors.
New Properties
it:sec:c2:configThe form had the following properties added to it:
decoysAn array of URLs used as decoy connections to obfuscate the C2 servers.
ou:techniqueThe form had the following properties added to it:
reporterThe organization reporting on the technique.
reporter:nameThe name of the organization reporting on the technique.
risk:vulnThe form had the following properties added to it:
namesAn array of alternate names for the vulnerability.
Features and Enhancements
Always convert dictionary keys to their primitive values when working with dictionary objects in Storm. Dictionary objects can no longer have keys set which are mutable objects, such as Nodes. (#3233)
Add support for octal constants, such as
0o755, in Storm expressions. (#3231)Add additional events to the Behold API message stream for the addition and removal of extended model elements. (#3228)
Update the
$lib.dmon.add()variable capture to record variables from embedded query objects. (#3230)Add a
.title()method on Storm strings to get title case formatted strings. (#3242)Add a general purpose process pool using forked workers in order to speed up certain processing operations. This includes the Storm operations for JSONSchema parsing, HTML parsing, STIX validation, and XML parsing. (#3033) (#3229)
Add a new Cell configuration option,
max:users. This can be set to limit the maximum number of non-rootusers on Cell. (#3244)Add an
/api/v1/aha/servicesHTTP API to the Aha service. This can be used to get a list of the services registered with Aha. (#3238)Add support for Cosign signatures of tagged Synapse containers. See additional information at Verifying container image signatures. (#3196)
Adjust internal names for Storm objects. (#3229)
Bugfixes
Fix a bug in the scrape for
inet:ipv4where IP addresses were found when there was leading or trailing numbers around the IP addresses. (#3234)Fix a bug where
$lib.model.ext.delForm()did not check for extended property definitions before deletion. Extended properties on a custom form must be deleted prior to deleting the form. (#3223)Always remove the
mirrorconfiguration option fromcell.yamlfile when provisioning a service via Aha. The previous behavior prevented the correct restoration of a service from a backup which was previously provisioned as a mirror and is being restored as a leader. (#3240)Add additional type checking when adding extended model forms and properties to the Cortex. Previously invalid types could raise an
AttributeError. (#3243)
Improved Documentation
Update the Storm lift reference to add an example of lifting nodes by the universal
.createdproperty. (#3245)
v2.141.0 - 2023-07-07
Model Changes
Update to the
itandlangmodels. (#3219)New Properties
it:hostThe form had the following properties added to it:
keyboard:languageThe primary keyboard input language configured on the host.
keyboard:layoutThe primary keyboard layout configured on the host.
lang:languageThe form had the following property added to it:
codeThe language code for this language.
Features and Enhancements
Bugfixes
Fix bug with regular expression comparisons for some types. (#3213)
Fix a
TypeErrorbeing raised when passing a heavy Number object to$lib.math.number(). (#3215)Fix an issue with the Cell backup space checks. They now properly calculate the amount of free space when the Cell backup directory is configured on a separate volume from the Cell storage directory. (#3216)
Prevent the
yieldoperator from directly emitting nodes into the Storm pipeline if those node objects came from a different view. Nodes previously lifted in this manner must be lifted by calling theiden()function on the object to ensure the node being lifted into the pipeline reflects the current view. (#3218)Always remove the
mirrorconfiguration option fromcell.mods.yamlwhen provisioning a service via Aha. The previous behavior prevented the correct restoration of a service from a backup which had been changed from being a leader to being a mirror. (#3220)
v2.140.1 - 2023-06-30
Bugfixes
Fix a typo which prevented the Synapse package for
v2.140.0from being published on PyPI. (#3212)
v2.140.0 - 2023-06-30
Announcement
Synapse now only supports Python 3.11+.
Model Changes
Update to the
inet,file, andoumodels. (#3192) (#3202) (#3207)New Types
file:archive:entryAdd a type to capture an archive entry representing a file and metadata from within a parent archive file.
Updated Types
timeTime values with precision beyond milliseconds are now truncated to millsecond values.
hexHex types now have whitespace and colon (
:) characters stripped from them when lifting and normalizing them.inet:ipv6Add comparators for
>=,>,<=,<operations when lifting and filtering IPV6 values.ou:naicsUpdate the type to allow recording NIACS sector and subsector prefixes.
Features and Enhancements
Synapse now only supports Python 3.11+. The library will now fail to import on earlier Python interpeters, and the published modules on PyPI will no longer install on Python versions < 3.11. (#3156)
Replace
setup.pywith apyproject.tomlfile. (#3156) (#3195)Usages of
hashlib.md5()andhashlib.sha1()have been updated to add theusedforsecurity=Falseargument. (#3163)The Storm
diffcommand is now marked as safe forreadonlyexecution. (#3207)Add a
svc:setevent to the Behold API message stream. This event is fired when a Cortex connects to a Storm Service. (#3205)
Bugfixes
Catch
ZeroDivisionErroranddecimal.InvalidOperationerrors in Storm expressions and raise aStormRuntimeError. (#3203)Fix a bug where
synapse.lib.platforms.linux.getTotalMemory()did not return the correct value in a process running in cgroupsv1 without a maximum memory limit set. (#3198)Fix a bug where a Cron job could be created with an invalid Storm query. Cron jobs now have their queries parsed as part of creation to ensure that they are valid Storm.
$lib.cronAPIs now accept heavy Storm query objects as query inputs. (#3201) (#3207)Field data sent via Storm
$lib.inet.httpAPIs that uses a multipart upload without a validnamefield now raises aBadArgerror. Previously this would result in a PythonTypeError. (#3199) (#3206)
Deprecations
Remove the deprecated
synapse.common.lockfile()function. (#3191)
v2.139.0 - 2023-06-16
Announcement
Due to the introduction of several powerful new APIs and performance improvements, Synapse will be updating to only support Python >=3.11. Our current plan is to drop support for Python <=3.10 in ~4 weeks on 2023-06-19. The next release after 2023-06-19 will include changes that are not backward compatible to earlier versions of Python.
If you currently deploy Synapse Open-Source or Synapse Enterprise via the standard docker containers, you will be unaffected. If you install Synapse via PyPI, you will need to ensure that your environment is updated to Python 3.11+.
Model Changes
Update
it:sec:cpenormalization to extend truncated CPE2.3 strings. (#3186)
Features and Enhancements
The
strtype now acceptsfloatvalues to normalize. (#3174)
Bugfixes
Improved Documentation
Update the Cortex admin guide to include additional examples for setting up user and role permissions. (#3187)
v2.138.0 - 2023-06-13
Features and Enhancements
Bugfixes
Fix an issue with
synapse.tools.stormwhere the!exportcommand did not use the view specified when starting the tool. (#3184)The
synapse.common.getSslCtx()API now only attempts to load files in the target directory. This avoids confusing errors that may be logged when the target directory contains sub directories. (#3179)Fix an edge case in
$lib.infosec.cvss.vectToScore()when calculating CVSS v2 scores. (#3181)
Deprecations
Mark the Python function
synapse.common.lockfile()as deprecated. It will be removed inv2.140.0. (#3183)
v2.137.0 - 2023-06-09
Automatic Migrations
Migrate any
inet:urlnodes with:userand:passwdproperties which may have been URL encoded. These values are now decoded. (#3169)Migrate the storage type for the
file:bytes:mime:pe:imphashproperty. (#3173)See Data Migration for more information about automatic migrations.
Model Changes
Updates to the
geospace,inet,infotech,ou,risk, andtransportmodels. (#3169)New Types
it:mitre:attack:matrixAdd a type to capture the enumeration of MITRE ATT&CK matrix values.
New Forms
inet:egressAdd a form to capture a host using a specific network egress client address.
it:prod:softregAdd a form to capture a registry entry is created by a specific software version.
transport:land:vehicleAdd a form to capture an individual vehicle.
transport:land:registrationAdd a form to capture the registration issued to a contact for a land vehicle.
transport:land:licenseAdd a form to capture the license to operate a land vehicle issued to a contact.
New Properties
inet:http:requestThe form had the following property added to it:
refererThe referer URL parsed from the “Referer:” header in the request.
inet:search:queryThe form had the following property added to it:
requestThe HTTP request used to issue the query.
it:mitre:attack:tacticThe form had the following property added to it:
matrixThe ATT&CK matrix which defines the tactic.
it:mitre:attack:techniqueThe form had the following property added to it:
matrixThe ATT&CK matrix which defines the technique.
it:mitre:attack:mitigationThe form had the following property added to it:
matrixThe ATT&CK matrix which defines the mitigation.
it:app:snort:ruleThe form had the following property added to it:
engineThe snort engine ID which can parse and evaluate the rule text.
it:app:yara:ruleThe form had the following properties added to it:
ext:idThe YARA rule ID from an external system.
urlA URL which documents the YARA rule.
ou:campaignThe form had the following property added to it:
tagThe tag used to annotate nodes that are associated with the campaign.
ou:orgThe form had the following properties added to it:
countryThe organization’s country of origin.
country:codeThe 2 digit ISO 3166 country code for the organization’s country of origin.
risk:threatThe form had the following properties added to it:
countryThe reporting organization’s assessed country of origin of the threat cluster.
country:codeThe 2 digit ISO 3166 country code for the threat cluster’s assessed country of origin.
risk:compromiseThe form had the following property added to it:
vectorThe attack assessed to be the initial compromise vector.
Light Edges
detectsWhen used with a
meta:rulenode, the edge indicates the rule was designed to detect instances of the target node.When used with an
it:app:snort:rulenode, the edge indicates the rule was designed to detect instances of the target node.When used with an
it:app:yara:rulenode, the edge indicates the rule was designed to detect instances of the target node.containsWhen used between two
geo:placenodes, the edge indicates the source place completely contains the target place.
Deprecated Properties
geo:placeThe form had the following property marked as deprecated:
parent
Features and Enhancements
Add a modulo arithmetic operator (
%) to Storm expression parsing. (#3168)Add
$lib.auth.easypermStorm library for interacting with objects that use a simplified permissions model. (#3167)Add
.varsattribute to the Stormauth:userobject. This can be used to access user variables. (#3167)Add
$lib.infosec.cvss.vectToScore()to calculate CVSS scores. (#3171)The Storm
delnodecommand node now requires the use of--forceto delete a node which has lightweight edges pointing to it. (#3176)The STIX export configuration may now include a
synapse_extensionvalue set to$lib.falseto disable the Synapse STIX extension data from being added to objects in the bundle. (#3177)Remove whitespace stripping from Storm queries prior to parsing them. This allows any error highlighting information to accurately reflect the query submitted to the Cortex. (#3175)
Bugfixes
Fix an issue where raising an integer value to a fractional power in Storm was not handled correctly. (#3170)
Handle a SyntaxError that may occur during Storm parsing due to a change in CPython 3.11.4. (#3170)
The
inet:urltype now URL decodes theuserandpasswdproperties when normalizing them. Thank youcaptainGeech42for the bug report. (#2568) (#3169)The URL parser in
synapse.lib.urlhelpnow URL decodes theuserandpasswdvalues when parsing URLs. (#3178)
Deprecations
Mark the Storm functions
$lib.infosec.cvss.saveVectToNode()and$lib.infosec.cvss.vectToProps()as deprecated. (#3178)
v2.136.0 - 2023-06-02
Model Changes
Features and Enhancements
Normalize tag names when performing lift and filter operations. (#3094)
Add
$lib.compression.bzip2,$lib.compression.gzip, and$lib.compression.zlibStorm libraries to assist with compressing and decompressing bytes. (#3155) (#3162)Add a new Cell configuration option,
https:parse:proxy:remoteip. When this is set totrue, the Cell HTTPS server will parseX-Forwarded-ForandX-Real-IPheaders to determine the remote IP of an request. (#3160)Update the allowed versions of the
fastjsonschemaandpycryptodomelibraries. Update the required version of thevcrpylibrary to account for changes inurllib3. Remove the pinned requirement for therequestslibrary. (#3164)
Bugfixes
v2.135.0 - 2023-05-24
Features and Enhancements
Bugfixes
Fix an issue where attempting a tag lift with a variable containing a zero-length string would raise an MDB error. (#3094)
Fix an issue in the Axon
csvrows()andreadlines()APIs where certain exceptions would not be raised. (#3141)Fix an issue with the Storm
runascommand which prevented it being used with a privileged Storm runtime. (#3147)Fix support for Storm list objects in
$lib.max()and$lib.min(). (#3153)
Improved Documentation
Update the Cortex admin guide to include the output of the
auth.perms.listcommand. (#3135)
v2.134.0 - 2023-05-17
Model Changes
Updates to the
riskmodel. (#3137)Light Edges
addressesWhen used with a
risk:mitigationand aou:techniquenode, the edge indicates the mitigation addresses the technique.
Features and Enhancements
Add a
--formsoption to the Stormscrapecommand. This can be used to limit the forms that are made from scraping the input text. Thescrapecommand now uses the View scrape interface to generate its matches, which may include scrape functionality added via power-ups. Thescrapecommand no longer produces warning messages when matched text is not valid for making nodes. (#3127)Add a
revsdefinition to the STIX export configuration, to allow for adding in reverse relationships. (#3137)Add a
--delbytesoption to the Stormdelnodecommand. This can be used to delete the bytes from an Axon when deleting afile:bytesnode. (#3140)Add support for printing nice versions of the Storm
model:form,model:property,model:tagprop, andmodel:typeobjects. (#3134) (#3139)
Bugfixes
Fix an exception that was raised when setting the parent of a View. (#3131) (#3132)
Fix an issue with the text scrape regular expressions misidentifying the
ftp://scheme. (#3127)Correctly handle
readonlyproperties in the Stormcopytocommand. (#3142)Fix an issue were partial service backups were not able to be removed. (#3143) (#3145)
v2.133.1 - 2023-05-09
Bugfixes
Fix an issue where the Storm query hashing added in
v2.133.0did not account for handling erroneous surrogate pairs in query text. (#3130)
Improved Documentation
Update the Storm API Guide to include the
hashkey in theinitmessage. (#3130)
v2.133.0 - 2023-05-08
Model Changes
Updates to the
riskmodel. (#3123)New Properties
risk:vulnThe
risk:vulnform had the following properties added to it:cvss:v2The CVSS v2 vector for the vulnerability.
cvss:v2_0:scoreThe CVSS v2.0 overall score for the vulnerability.
cvss:v2_0:score:baseThe CVSS v2.0 base score for the vulnerability.
cvss:v2_0:score:temporalThe CVSS v2.0 temporal score for the vulnerability.
cvss:v2_0:score:environmentalThe CVSS v2.0 environmental score for the vulnerability.
cvss:v3The CVSS v3 vector for the vulnerability.
cvss:v3_0:scoreThe CVSS v3.0 overall score for the vulnerability.
cvss:v3_0:score:baseThe CVSS v3.0 base score for the vulnerability.
cvss:v3_0:scare:temporalThe CVSS v3.0 temporal score for the vulnerability.
cvss:v3_0:score:environmentalThe CVSS v3.0 environmental score for the vulnerability.
cvss:v3_1:scoreThe CVSS v3.1 overall score for the vulnerability.
cvss:v3_1:score:baseThe CVSS v3.1 base score for the vulnerability.
cvss:v3_1:scare:temporalThe CVSS v3.1 temporal score for the vulnerability.
cvss:v3_1:score:environmentalThe CVSS v3.1 environmental score for the vulnerability.
Deprecated Properties
risk:vulnThe
risk:vulnform had the following properties marked as deprecated:cvss:avcvss:accvss:prcvss:uicvss:scvss:ccvss:icvss:acvss:ecvss:rlcvss:rccvss:mavcvss:maccvss:mprcvss:muicvss:mscvss:mccvss:micvss:macvss:crcvss:ircvss:arcvss:scorecvss:score:temporalcvss:score:environmental
Features and Enhancements
Update the base Synapse images to use Debian bookworm and use Python 3.11 as the Python runtime. For users which build custom images from our published images, see additional information at Working with Synapse Images for changes which may affect you. (#3025)
Add a
highlightparameter to BadSyntaxError and some exceptions raised during the execution of a Storm block. This contains detailed information about where an error occurred in the Storm code. (#3063)Allow callers to specify an
idenvalue when creating a Storm Dmon or a trigger. (#3121)Add support for STIX export configs to specify pivots to include additional nodes. (#3122)
The Storm
auth.user.addruleandauth.role.addrulenow have an optional--indexargument that allows specifying the rule location as a 0-based index value. (#3124)The Storm
auth.user.showcommand now shows the user’sadminstatus on authgates. (#3124)Add a
--only-urlflag to thesynapse.tools.aha.provision.serviceandsynapse.tools.aha.provision.userCLI tools. When set, the tool only prints the URL to stdout. (#3125)Add additional layer validation in the View schema. (#3128)
Update the allowed version of the
cryptography,coverage,idna,pycryptodome,python-bitcoin, andvcrpylibraries. (#3025)
Bugfixes
Ensure the CLI tools
synapse.tools.cellauth,synapse.tools.csvtool, andsynapse.tools.easycertnow return1on an execution failure. In some cases they previously returned-1. (#3118)
v2.132.0 - 2023-05-02
Features and Enhancements
Update the minimum required version of the
fastjsonschema,lark, andpytzlibraries. Update the allowed version of thepackagingandscalecodeclibraries. (#3118)
Bugfixes
v2.131.0 - 2023-05-02
Automatic Migrations
Migrate the
ou:campaign:nameproperty from astrto anou:campnametype and create theou:campnamenodes as needed. (#3082)Migrate the
risk:vuln:typeproperty from astrto arisk:vuln:type:taxonomytype and create therisk:vuln:type:taxonomynodes as needed. (#3082)See Data Migration for more information about automatic migrations.
Features and Enhancements
Updates to the
dns,inet,it,ou,ps, andriskmodels. (#3082) (#3108) (#3113)inet:dns:answerAdd a
mx:priorityproperty to record the priority of the MX response.inet:dns:dynregAdd a form to record the registration of a domain with a dynamic DNS provider.
inet:protoAdd a form to record a network protocol name.
inet:web:attachmentAdd a form to record the instance of a file being sent to a web service by an account.
inet:web:fileDeprecate the
client,client:ipv4, andclient:ipv6properties in favor of usinginet:web:attachment.inet:web:logonRemove incorrect
readonlymarkings for properties.it:app:snort:ruleAdd an
idproperty to record the snort rule id. Add anauthorproperty to record contact information for the rule author. Addcreatedandupdatedproperties to track when the rule was created and last updated. Add anenabledproperty to record if the rule should be used for snort evaluation engines. Add afamilyproperty to record the software family the rule is designed to detect.it:prod:softidAdd a form to record an identifier issued to a given host by a specific software application.
ou:campnameAdd a form to record the name of campaigns.
ou:campaignChange the
nameandnamessecondary properties fromstrtoou:campnametypes.ps:contactAdd a
place:nameto record the name of the place associated with the contact.risk:threatAdd an
activeproperty to record the interval of time when the threat cluster is assessed to have been active. Add areporter:publishedproperty to record the time that a reporting organization first publicly disclosed the threat cluster.risk:tool:softwareAdd a
usedproperty to record the interval when the tool is assessed to have been deployed. Add areporter:discoveredproperty to record the time that a reporting organization first discovered the tool. Add areporter:publishedproperty to record the time that a reporting organization first publicly disclosed the tool.risk:vuln:soft:rangeAdd a form to record a contiguous range of software versions which contain a vulnerability.
risk:vulnChange the
typeproperty from astrto arisk:vuln:type:taxonomy.risk:vuln:type:taxonomyAdd a form to record a taxonomy of vulnerability types.
Add a new Storm command,
auth.user.allowedthat can be used to check if a user is allowed to use a given permission and why. (#3114)Add a new Storm command,
gen.ou.campaign, to assist with generating or creatingou:campaignnodes. (#3082)Add a boolean
defaultkey to the permissions schema definition. This allows a Storm package permission to note what its default value is. (#3099)Data model migrations which fail to normalize existing secondary values into their new types now store those values in Node data on the affected nodes and remove those bad properties from the affected nodes. (#3117)
Bugfixes
Improved Documentation
Add a section about managing data model deprecations to the Synapse Admin guide. (#3102)
Deprecations
Remove the deprecated
synapse.lib.httpapi.HandlerBase.user()andsynapse.lib.httpapi.HandlerBase.getUserBody()functions. Remove the deprecatedsynapse.axon.AxonFileHandler.axon()function. (#3115)
v2.130.2 - 2023-04-26
Bugfixes
v2.130.1 - 2023-04-25
Bugfixes
Fix a race condition in a Telepath unit test which was happening during CI testing. (#3104)
v2.130.0 - 2023-04-25
Features and Enhancements
Updates to the
infotechmodel. (#3095)it:hostAdd an
ext:idproperty for recording an external identifier for a host.
Add support for deleting node properties by assigning
$lib.undefto the property to be removed through$node.props. (#3098)The
Cell.ahaclientis longer cached in thesynapse.telepath.aha_clientsdictionary. This isolates the Cell connection to Aha from other clients. (#3008)When the Cell mirror loop exits, it now reports the current
readystatus to the Aha service. This allows a service to mark itself as “not ready” when the loop restarts and it is a follower, since it may no longer be in the realtime change window. (#3008)Update the required versions of the
nbconvert,sphinxandhide-codelibraries used for building documentation. Increased the allowed ranges for thepygmentsandjupyter-clientlibraries. (#3103)
Bugfixes
Fix an issue in backtick format strings where single quotes in certain positions would raise a syntax error. (#3096)
Fix an issue where permissions were not correctly checked when assigning a property value through
$node.props. (#3098)Fix an issue where the Cell would report a static
readyvalue to the Aha service upon reconnecting, instead of the currentreadystatus. TheCell.ahainfovalue was replaced with aCell.getAhaInfo()API which returns the current information to report to the Aha service. (#3008)
v2.129.0 - 2023-04-17
Features and Enhancements
Updates to the
ouandriskmodels. (#3080)ou:campaignAdd a
namesproperty to record alternative names for the campaign. Addreporterandreporter:nameproperties to record information about a reporter of the campaign.risk:attackAdd
reporterandreporter:nameproperties to record information about a reporter of the attack.risk:compromiseAdd
reporterandreporter:nameproperties to record information about a reporter of the compromise.risk:vulnAdd
reporterandreporter:nameproperties to record information about a reporter of the vulnerability.
Add leader status to the
synapse.tools.aha.listtool output. This will only be available if a leader has been registered for the service. (#3078)Add support for private values in Storm modules, which are specified by beginning the name with a double underscore (
__). These values cannot be dereferenced outside of the module they are declared in. (#3079)Update error messages for Axon.wget, Axon.wput, and Axon.postfiles to include more helpful information. (#3077)
Update
it:semverstring normalization to attempt parsing improperly formatted semver values. (#3080)Update Axon to always pass size value when saving bytes. (#3084)
Bugfixes
Improved Documentation
Add sections on user and role permissions to the Synapse Admin guide. (#3073)
v2.128.0 - 2023-04-11
Automatic Migrations
Migrate the
file:bytes:mime:pe:imphashproperty from aguidto ahash:md5type and create thehash:md5nodes as needed. (#3056)Migrate the
ou:goal:nameproperty from astrto aou:goalnametype and create theou:goalnamenodes as needed. (#3056)Migrate the
ou:goal:typeproperty from astrto aou:goal:type:taxonomytype and create theou:goal:type:taxonomynodes as needed. (#3056)See Data Migration for more information about automatic migrations.
Features and Enhancements
Updates to the
belief,file,lang,it,meta,ou,pol, andriskmodels. (#3056)belief:tenetAdd a
descproperty to record the description of the tenet.file:bytesChange the type of the
mime:pe:imphashfromguidtohash:md5.inet:flowAdd a
rawproperty which may be used to store additional protocol data about the flow.it:app:snort:ruleAdd a
descproperty to record a brief description of the snort rule.ou:goalChange the type of
namefromstrtoou:goalname. Change the type oftypefromstrtoou:goal:type:taxonomy. Add anamesarray to record alternative names for the goal. Deprecate theprevproperty in favor of types.ou:goalnameAdd a form to record the name of a goal.
ou:goalname:type:taxonomyAdd a taxonomy of goal types.
ou:industryAdd a
typeproperty to record the industry taxonomy.ou:industry:type:taxonomyAdd a taxonomy to record industry types.
pol:immigration:statusAdd a form to track the immigration status of a contact.
pol:immigration:status:type:taxonomyAdd a taxonomy of immigration types.
risk:attackAdd a
detectedproperty to record the first confirmed detection time of the attack. Add aurlproperty to record a URL that documents the attack. Add aext:idproperty to record an external identifier for the attack.risk:compromiseAdd a
detectedproperty to record the first confirmed detection time of the compromise.
Add a Storm command
copytothat can be used to create a copy of a node from the current view to a different view. (#3061)Add the current View iden to the structured log output of a Cortex executing a Storm query. (#3068)
Update the allowed versions of the
lmdb,msgpack,tornadoandxxhashlibraries. (#3070)Add Python 3.11 tests to the CircleCI configuration. Update some unit tests to account for Python 3.11 related changes. (#3070)
Allow dereferencing from Storm expressions. (#3071)
Add an
ispartparameter to$lib.tags.prefixto skipsyn:tag:partnormalization of tag names. (#3074)Add
getEdges(),getEdgesByN1(), andgetEdgesByN2()APIs to thelayerobject. (#3076)
Bugfixes
Improved Documentation
Update the Developer guide to note that the underlying Python runtime in Synapse images may change between releases. (#3070)
v2.127.0 - 2023-04-05
Features and Enhancements
Set
Linkhigh water mark to one byte in preparation for Python 3.11 support. (#3064)Allow specifying dictionary keys in Storm with expressions and backtick format strings. (#3065)
Allow using deref syntax (
*$form) when lifting by form with tag (*$form#tag) and form with tagprop (*$form#tag:tagprop). (#3065)Add
cron:startandcron:stopmessages to the events emitted by thebehold()API on the Cortex. These events are only emitted by the leader. (#3062)
Bugfixes
Fix an issue where an Aha service running on a non-default port would not have that port included in the default Aha URLs. (#3049)
Restore the
view.addNode()Storm API behavior where making a node on a View object that corresponds to the currently executing view re-used the current Snap object. This allows nodeedits to be emitted from the Storm message stream. (#3066)
v2.126.0 - 2023-03-30
Features and Enhancements
Add additional Storm commands to assist with managing Users and Roles in the Cortex. (#2923) (#3054)
auth.gate.showShows the definition for an AuthGate.
auth.role.delruleUsed to delete a rule from a Role.
auth.role.modUsed to modify properties of a Role.
auth.role.delUsed to delete a Role.
auth.role.showShows the definition for a Role.
auth.role.listList all Roles.
auth.user.delruleUsed to delete a rule from a User.
auth.user.grantUsed to grant a Role to a User.
auth.user.revokeUsed to revoke a Role from a User.
auth.role.modUsed to modify properties of a User.
auth.user.showShows the definition of a User.
auth.user.listList all Users.
Update some of the auth related objects in Storm: (#2923)
auth:roleAdd
popRule()andgetRules()functions. Add a.gatesaccessor to get all of the AuthGates associated with a role.auth:userAdd
popRule()andgetRules()functions. Add a.gatesaccessor to get all of the AuthGates associated with a user.
Add
$lib.auth.textFromRule(),$lib.auth.getPermDefs()and$lib.auth.getPermDef()Storm library APIs to assist with working with permissions. (#2923)Add a new Storm library function,
$lib.iters.enum(), to assist with enumerating an iterable object in Storm. (#2923)Update the
NoSuchNameexceptions which can be raised by Aha during service provisioning to clarify they are likely caused by re-using the one-time use URL. (#3047)Update
gen.ou.org.hqcommand to setps:contact:orgif unset. (#3052)Add an
optionalflag for Storm package dependencies. (#3058)Add
.],[.,http[:,https[:,hxxp[:andhxxps[:to the list of known defanging strategies which are identified and replaced during text scraping. (#3057)
Bugfixes
Fix an issue where passing a non-string value to
$lib.time.parsewitherrok=$lib.truewould still raise an exception. (#3046)Fix an issue where context managers could potentially not release resources after exiting. (#3055)
Fix an issue where variables with non-string names could be passed into Storm runtimes. (#3059)
Fix an issue with the Cardano regex used for scraping addresses. (#3057)
Fix an issue where scraping a partial Cardano address could raise an error. (#3057)
Fix an issue where the Storm API
view.addNode()checked permissions against the incorrect authgate. This API now only returns a node if the View object is the same as the View the Storm query is executing in. (#3060)
Improved Documentation
v2.125.0 - 2023-03-14
Features and Enhancements
Improved Documentation
Update the Synapse documentation to add PDF and HTMLZip formats.
v2.124.0 - 2023-03-09
Features and Enhancements
Added
--tryoption togen.risk.vuln,gen.pol.country,gen.pol.country.government, andgen.ps.contact.emailcommands and their associated Storm functions. (#3030)Added
$lib.gen.orgHqByNameand$lib.gen.langByName. (#3030)Added the configuration option
onboot:optimizeto all services to allow devops to delay service startup and allow LMDB to optimize storage for both size and performance. May also be set by environment variableSYN_<SERVICE>_ONBOOT_OPTIMIZE=1(#3001)Ensure that
AuthDenyexceptions include the user iden in theuserkey, and the name in theusernamefield. Previously theAuthDenyexceptions had multiple identifiers for these fields. (#3035)Add an optional
--viewargument to thesynapse.tools.stormCLI tool. This allows a user to specify their working View for the Storm CLI. This was contributed by captainGeech42. (#2937)Updates to
synapse.lib.scopeand theScopeclass. AScope.copy()method has been added to create a shallow copy of aScope. A module levelclone(task)function has been added which clones the current task scope to the targettask. Async Tasks created withBase.schedCoro()calls now get a shallow copy of the parent task scope. (#3021)Add a new Storm command,
batch, to assist in processing nodes in batched sets. (#3034)Add global permissions,
`storm.macro.adminandstorm.macro.edit, to allow users to administer or edit macros. (#3037)Mark the following Storm APIs as safe to execute in read-only queries:
$lib.auth.users.get(),$lib.auth.users.list(),$lib.auth.users.byname(),$lib.auth.roles.get(),$lib.auth.roles.list(),$lib.auth.roles.byname(),$lib.auth.gates.get()and$lib.auth.gates.list(). (#3038)Added
uplinkkey togetCellInfo(), which indicates whether the Cell is currently connected to an upstream mirror. (#3041)
Bugfixes
Fix an issue in the Storm grammar where part of a query could potentially be incorrectly parsed as an unquoted case statement. (#3032)
Fix an issue where exceptions could be raised which contained data that was not JSON serializable.
$lib.raisearguments must now also be JSON safe. (#3029)Fix an issue where a spawned process returning a non-pickleable exception would not be handled properly. (#3036)
Fix an issue where a locked user could login to a Synapse service on a TLS Telepath connection if the connection presented a trusted client certificate for the locked user. (#3035)
Fix a bug in
Scope.enter()where the added scope frame was not removed when the context manager was exited. (#3021)Restoring a service via the
SYN_RESTORE_HTTPS_URLenvironment variable could timeout when downloading the file. The total timeout for this process has been disabled. (#3042)
Improved Documentation
Deprecations
The
ctorsupport inScopehas been removed. The population of the global default scope with environment variables has been removed. (#3021)
v2.123.0 - 2023-02-22
Automatic Migrations
If the
risk:vuln:cvss:avproperty equalsVit is migrated toP. (#3013)Parse
inet:http:cookienodes to populate the newly added:nameand:valueproperties. (#3015)See Data Migration for more information about automatic migrations.
Features and Enhancements
Added the
beliefmodel which includes the following new forms: (#3015)belief:systemA belief system such as an ideology, philosophy, or religion.
belief:tenetA concrete tenet potentially shared by multiple belief systems.
belief:subscriberA contact which subscribes to a belief system.
belief:system:type:taxonomyA hierarchical taxonomy of belief system types.
Added declaration for
risk:compromise -(uses)> ou:techniquelight-weight edges. (#3015)Updated
inet:http:sessionandinet:http:requestforms to include the following property: (#3015):cookiesAn array of
inet:http:cookievalues associated with the node.
Updated the
inet:http:cookieform to include the following properties: (#3015)nameThe name of the cookie preceding the equal sign.
valueThe value of the cookie after the equal sign if present.
Added logic to allow constructing multiple
inet:http:cookienodes by automatically splitting on;such asfoo=bar; baz=faz(#3015)Updated
it:log:eventto add the following properties: (#3015)typeAn
it:log:event:type:taxonomytype for the log entry.ext:idAn external ID that uniquely identifies this log entry.
productAn
it:prod:softverof the product which produced the log entry.
Updated the
risk:compromiseform to include the following properties: (#3015)goalAn
ou:goalnode representing the assessed primary goal of the compromise.goalsAn array of
ou:goalnodes representing additional goals of the compromise.
Updated
risk:attackandrisk:compromiseforms to deprecate thetechniquesproperty in favor of using-(uses)> ou:techniquelight-weight edges. (#3015)Updates to the
inet:dns, andmediamodels. (#3005) (#3017)inet:dns:answerRemove all read-only flags present on the secondary properties for this form.
media:newsAdd an
updatedproperty to record last time the news item was updated.
Updated
inet:flowto include the following properties: (#3017)src:ssh:keyThe key sent by the client as part of an SSH session setup.
dst:ssh:keyThe key sent by the server as part of an SSH session setup.
src:ssl:certThe x509 certificate sent by the client as part of an SSL/TLS negotiation.
dst:ssl:certThe x509 certificate sent by the server as part of an SSL/TLS negotiation.
src:rdp:hostnameThe hostname sent by the client as part of an RDP session setup.
src:rdp:keyboard:layoutThe keyboard layout sent by the client as part of an RDP session setup.
Add
synapse.utils.stormcov, a Coverage.py plugin for measuring code coverage of Storm files. (#2961)Clean up several references to the
cell.authobject in HTTP API handlers. Move the logic in/api/v1/auth/onepass/issueAPI handler to the base Cell. (#2998) (#3004)Clarify the error message encountered by a Synapse mirrored service if the mirror gets desynchronized from its upstream service. (#3006)
Update how read-only properties are handled during merges. The
.createdproperty will always be set when merging a node down. If two nodes have other conflicting read-only property values, those will now emit a warning in the Storm runtime. (#2989)The
Axon.wget()API response now includes HTTP request history, which is added when the API request encounters redirects. The$lib.axon.wget()Storm API now includes information about the original request URL. This data is now used to createinet:urlredirnodes, such as when the Stormwgetcommand is used to retrieve a file. (#3011)Ensure that
BadTypeValuexceptions raised when normalizing invalid data with thetimetype includes the value in the exception message. (#3009)Add a callback on Slab size expansion to trigger a free disk space check on the related cell. (#3016)
Add support for choices in Storm command arguments. (#3019)
Add an optional parameter to the Storm
uniqcommand to allow specifying a relative property or variable to operate on rather than node iden. (#3018)Synapse HTTP API logs now include the user iden and username when that information is available. For deployments with structured logging enabled, the HTTP path, HTTP status code, user iden, and username are added to that log message. (#3007)
Add
web_useridenandweb_usernameattributes to the Synapse HTTP Handler class. These are used for HTTP request logging to populate the user iden and username data. These are automatically set when a user authenticates using a session token or via basic authentication. The HTTP Session tracking now tracks the username at the time the session was created. The_web_uservalue, which previously pointed to a heavy HiveUser object, is no longer populated by default. (#3007)Add
$lib.inet.http.codereasonStorm API for translating HTTP status codes to reason phrases.inet:http:respobjects now also have areasonvalue populated. (#3023)Update the minimum version of the
cryptographylibrary to39.0.1and the minimum version of thepyopenssllibrary to23.0.0. (#3022)
Bugfixes
The Storm
wgetcommand createdinet:urlfilenodes with theurlproperty of the resolved URL fromaiohttp. This made it so that a user could not pivot from aninet:urlnode which had a URL encoded parameter string to the resultinginet:urlfilenode. Theinet:urlfilenodes are now made with the original request URL to allow that pivoting to occur. (#3011)The
Axon.wget()and$lib.axon.wget()APIs returned URLs in theurlfield of their responses which did not contain fragment identifiers. These API responses now include the fragment identifier if it was present in the resolved URL. (#3011)The Storm
treecommand did not properly handle Storm query arguments which were declared asstorm:querytypes. (#3012)Remove an unnecessary permission check in the Storm
movenodescommand which could cause the command to fail. (#3002)When a user email address was provided to the HTTP API
/api/v1/auth/adduser, the handler did not properly set the email using change controlled APIs, so that information would not be sent to mirrored cells. The email is now being set properly. (#2998)The
risk:vuln:cvss:avenum incorrectly includedVinstead ofP. (#3013)Fix an issue where the
ismaxspecification on time types did not merge time values correctly. (#3017)Fix an issue where using a function call to specify the tag in a tagprop operation would not be correctly parsed. (#3020)
Improved Documentation
Update copyright notice to always include the current year. (#3010)
Deprecations
The
synapse.lib.httpapi.Handler.user()andsynapse.lib.httpapi.Handler.getUserBody()methods are marked as deprecated. These methods will be removed in Synapsev2.130.0. (#3007)
v2.122.0 - 2023-01-27
Features and Enhancements
Updates to the
biz,file,lang,meta,pol, andriskmodels. (#2984)biz:serviceAdd a
launchedproperty to record when the operator first made the service available.file:bytesAdd
exe:compilerandexe:packerproperties to track the software used to compile and encode the file.lang:languageAdd a new guid form to represent a written or spoken language.
lang:nameAdd a new form to record the name of a language.
meta:nodeAdd a
typeproperty to record the note type.meta:note:type:taxonomyAdd a form to record an analyst defined taxonomy of note types.
pol:countryCorrect the
vitalsproperty type fromps:vitalstopol:vitals.ps:contactAdd a
langproperty to record the language specified for the contact.Add a
langsproperty to record the alternative languages specified for the contact.ps:skillAdd a form to record a specific skill which a person or organization may have.
ps:skill:type:taxonomyAdd a form to record a taxonomy of skill types.
ps:proficiencyAdd a form to record the assessment that a given contact possesses a specific skill.
risk:alertAdd a
priorityproperty that can be used to rank alerts by priority.risk:compromiseAdd a
severityproperty that can be used as a relative severity score for the compromise.risk:threatAdd a
typeproperty to record the type of the threat cluster.risk:threat:type:taxonomyAdd a form to record a taxonomy of threat types.
Add support for Python 3.10 to Synapse. (#2962)
Update the Synapse docker containers to be built from a Debian based image, instead of an Ubuntu based image. These images now use Python 3.10 as the Python runtime. (#2962)
Add an optional
--typeargument to the Stormnote.addcommand. (#2984)Add a Storm command,
gen.lang.language, to lift or generate alang:languagenode by name. (#2984)Update the allowed versions of the
cbor2library; and upgrade the versions ofaiostmplibandaiohttp-socksto their latest versions. (#2986)The
X-XSS-Protectionheader was removed from the default HTTP API handlers. This header is non-standard and only supported by Safari browsers. Service deployments which rely on this header should use thehttps:headersconfiguration option to inject that header into their HTTP responses. (#2997)
Bugfixes
Malformed hash values normalized as
file:bytesraised exceptions which were not properly caught, causing Storm?=syntax to fail. Malformed values are now properly handled infile:bytes. (#3000)
Improved Documentation
Deprecations
The Cortex APIs
provStacks()andgetProvStack(iden)have been removed. (#2995)
v2.121.1 - 2022-01-23
Bugfixes
When creating Storm Macros using
v2.121.0, the creator of the Macro was incorrectly set to therootuser. This is now set to the user that created the macro using the Stormmacro.setcommand or the$lib.macro.set()API. (#2993)
v2.121.0 - 2022-01-20
Automatic Migrations
Storm Macros stored in the Cortex are migrated from the Hive to the Cortex LMDB slab. (#2973)
See Data Migration for more information about automatic migrations.
Features and Enhancements
Updates to the
inetandoumodels. (#2982) (#2987)inet:dns:soaThe
fqdn,nsandemailproperties had the read-only flag removed from them.ou:orgAdd a
goalsproperty to record the assessed goals of the organization.
Add extended permissions for Storm Macro functionality using a new simplified permissions system. This allows users to opt into assigning users or roles the permission to read, write, administrate, or deny access to their Macros. These permissions can be set by the Storm
$lib.macro.grant()API. (#2973)Add extended information about a Storm Macro, including its creation time, update time, and a description. The Macro name, description and Storm can now be set via the Storm
$lib.macro.mod()API. (#2973)Allow users and Power-Ups to store graph projection definitions in the Cortex. Graph projections have the same simplified permissions system applied to them as introduced for Storm Macros. Storm users can now also load a stored graph projection into a running Storm query. These new features are exposed via the Storm
$lib.graphAPIs. (#2914)The disk space required to make the backup of a Synapse service is now checked prior to a live backup being made. If there is insufficient storage to make the backup on the volume storing the backup, a LowSpace exception will be raised. (#2990)
Bugfixes
When normalizing the
inet:emailtype, an unclear PythonValueErrorcould have been raised to a user. This is now caught and a specificBadTypeValuexception is raised. (#2982)The
synapse.exc.StormRaiseexception caused an error when recreating the exception on the client side of a Telepath connection. This exception will now raise properly on the caller side. (#2985)When using the Storm
diffcommand to examine a forked View, if a node was deleted out from the base layer and edited in the fork, an exception would be raised. This situation is now properly handled. (#2988)
Improved Documentation
v2.120.0 - 2023-01-11
Features and Enhancements
Update to the
riskmodels. (#2978)risk:threatAdd a
merge:timeandmerged:isnowproperties to track when a threat cluster was merged with another threat cluster.risk:alertAdd an
engineproperty to track the software engine that generated the alert.
Add events for
trigger:add,trigger:del, andtrigger:setto the Beholder API. (#2975)
Bugfixes
Fix an infinite loop in
synapse.tools.stormwhen using the tool in an environment without write access to the history file. (#2977)
v2.119.0 - 2023-01-09
Features and Enhancements
Updates to the
biz,econ,ou, andriskmodels. (#2931)biz:listingAdd a form to track a specific product or service listed for sale at a given price by a specific seller.
biz:serviceAdd a form to track a service performed by a specific organization.
biz:service:typeAdd a form to record an analyst defined taxonomy of business services.
biz:bundleAdd a
serviceproperty to record the service included in the bundle.Deprecate the
dealandpurchasesecondary properties in favor ofecon:receipt:itemto represent bundles being sold.biz:productAdd a
price:currencyproperty to denote the currency of the prices.Add a
makerproperty to represent the contact information for the maker of a product.Deprecate the
madeby:org,madeby:orgname,madeby:orgfqdnproperties in favor of using the newmakerproperty.econ:receipt:itemAdd a form to represent a line item included as part of a purchase.
econ:acquiredDeprecate the form in favor of an
acquiredlight edge.ou:campaignAdd a
budgetproperty to record the budget allocated for the campaign.Add a
currencyproperty to record the currency of theecon:pricesecondary properties.Add a
result:revenueproperty to record the revenue resulting from the campaign.Add a
result:popproperty to record the count of people affected by the campaign.risk:alert:verdict:taxonomyAdd a form to record an analyst defined taxonomy of the origin and validity of an alert.
risk:alertAdd a
benignproperty to record if the alert has been confirmed as benign or malicious.Add a
verdictproperty to record the analyst verdict taxonomy about why an alert is marked as benign or malicious.
Annotate the following light edges. (#2931)
acquiredWhen used with an
econ:purchasenode, the edge indicates the purchase was used to acquire the target node.ipwhoisWhen used with an
inet:whois:iprecnode andinet:ipv4orinet:ipv6nodes, the edge indicates the source IP whois record describes the target IP address.
Add a new Cell configuration option,
limit:disk:free. This represents the minimum percentage of free disk space on the volume hosting a Synapse service that is required in order to start up. This value is also monitored every minute and will disable the Cell Nexus if the free space drops below the specified value. This value defaults to five percent (5 %) free disk space. (#2920)
Improved Documentation
Add a Devops task related to configuration of the free space requirement. (#2920)
v2.118.0 - 2023-01-06
Features and Enhancements
Updates to the
inet,pol, andpsmodels. (#2970) (#2971)inet:tunnelAdd a form to represent the specific sequence of hosts forwarding connections, such as a VPN or proxy.
inet:tunnel:type:taxonomyAdd a form to record an analyst defined taxonomy of network tunnel types.
pol:countryAdd a
governmentproperty to represent the organization for the government of the country.ps:contactAdd a
typeproperty to record the taxonomy of the node. This may be used for entity resolution.ps:contact:type:taxonomyAdd a form to record an analyst defined taxonomy of contact types.
Add the following Storm commands to help with analyst generation of several guid node types: (#2970)
gen.it.prod.softLift (or create) an
it:prod:softnode based on the software name.gen.ou.industryLift (or create) an
ou:industrynode based on the industry name.gen.ou.orgLift (or create) an
ou:orgnode based on the organization name.gen.ou.org.hqLift (or create) the primary
ps:contactnode for the ou:org based on the organization name.gen.pol.countryLift (or create) a
pol:countrynode based on the 2 letter ISO-3166 country code.gen.pol.country.governmentLift (or create) the
ou:orgnode representing a country’s government based on the 2 letter ISO-3166 country code.gen.ps.contact.emailLift (or create) the
ps:contactnode by deconflicting the email and type.gen.risk.threatLift (or create) a
risk:threatnode based on the threat name and reporter name.gen.risk.tool.softwareLift (or create) a
risk:tool:softwarenode based on the tool name and reporter name.gen.risk.vulnLift (or create) a
risk:vulnnode based on the CVE.
Add
$lib.gen.riskThreat(),$lib.gen.riskToolSoftware(),$lib.gen.psContactByEmail(), and$lib.gen.polCountryByIso2()Storm API functions to assist in generatingrisk:threat,risk:tool:software,ps:contactandpol:countrynodes. (#2970)Update the CRL bundled within Synapse to revoke the
The Vertex Project Code Signer 00key. (#2972)
Bugfixes
Fix an issue in the Axon
csvrows()andreadlines()APIs which could cause the Axon service to hang. (#2969)
v2.117.0 - 2023-01-04
Automatic Migrations
The
risk:tool:software:soft:namesandrisk:tool:software:techniquesproperties are migrated to being unique arrays. (#2950)See Data Migration for more information about automatic migrations.
Features and Enhancements
Updates to the
riskmodel. (#2950)risk:tool:softwareThe
soft:namesandtechniquesproperties are converted into sorted and uniqued arrays.
Add support to the Cortex
addStormPkg()and$lib.pkg.add()APIs to load Storm Packages which have been signed to allow cryptographic signature verification. Root CA and intermediate CA certificates have been embedded into Synapse to allow for verification of Rapid Power-Ups signed by The Vertex Project. (#2940) (#2957) (#2963)Update
synapse.tools.genpkgto add optional code signing to Storm packages that it creates. (#2940)Update
synapse.tools.genpkgto require the packages it produces will be JSON compatible when serialized, to avoid possible type coercion issues introduced by the Pythonjsonlibrary. (#2958)Update
synapse.tools.easycertto allow for creating code signing certificates and managing certificate revocation lists (CRLs). (#2940)Add the Nexus index (
nexsindx) value to the data returned by thegetCellInfo()APIs. (#2949)Allow the Storm backtick format strings to work with multiline strings. (#2956)
The Storm
Bytes.json()method now raises exceptions that areSynErrsubclasses when encountering errors. This method has been updated to add optionalencodinganderrorsarguments, to control how data is deserialized. (#2945)Add support for registering an OAuth2 provider in the Cortex and having user tokens automatically refreshed in the background. These APIs are exposed in Storm under the
$lib.inet.http.oauth.v2library. (#2910)STIX validation no longer caches any downloaded files it may use when attempting to validate STIX objects. (#2966)
Modified the behavior of Storm emitter functions to remove the read-ahead behavior. (#2953)
Bugfixes
Fix some error messages in the Snap which did not properly add variables to the message. (#2951)
Fix an error in the
synapse.tools.aha.enrollcommand example. (#2948)Fix an error with the
mergecommand creatingNo form named Nonewarnings in the Cortex logs. (#2952)Fix the Storm
inet:smtp:messagegetter and setter for thehtmlproperty so it will correctly produce HTML formatted messages. (#2955)Several
certdirAPIs previously allowed throughopenssl.crypto.X509StoreContextErrorandopenssl.crypto.Errorexceptions. These now raise SynapseBadCertVerifyandBadCertBytesexceptions. (#2940)Fix an issue where a Storm package’s
modconfvalues were mutable. (#2964)
Improved Documentation
Removed outdated Kubernetes related devops documentation as it is in the process of being rewritten. (#2948)
Deprecations
The Cortex APIs
provStacks()andgetProvStack(iden)and the corresponding Cortex configuration optionprovenance:enhave been marked as deprecated and are planned to be removed inv2.122.0. (#2682)
v2.116.0 - 2022-12-14
Automatic Migrations
The
ou:contract:award:priceandou:contract:budget:priceproperties are migrated fromecon:currencytoecon:pricetypes. (#2943)See Data Migration for more information about automatic migrations.
Features and Enhancements
Updates to the
oumodel. (#2943)ou:contractThe
award:priceandbudget:priceproperties had their types changed fromecon:currencytoecon:price. Add acurrencysecondary property to record the currency of theecon:pricevalues.
Bugfixes
The
synapse.tools.genpkgtool could raise a PythonTypeErrorwhen the specified package file did not exist. It now raises aNoSuchFileexception. (#2941)When a service is provisioned with an
aha:provisionURL placed in acell.yamlfile, that could create an issue when a mirror is deployed from that service, preventing it from starting up a second time. Services now remove theaha:provisionkey from acell.yamlfile when they are booted from a mirror if the URL does not match the boot URL. (#2939)When deleting a node from the Cortex, secondary properties defined as arrays were not checked for their references to other nodes. These references are now properly checked prior to node deletion. (#2942)
Improved Documentation
v2.115.1 - 2022-12-02
Features and Enhancements
Patch release to include an updated version of the
pytestlibrary in containers.
v2.115.0 - 2022-12-01
Automatic Migrations
The
inet:flow:dst:softnamesandinet:flow:dst:softnamesproperties are migrated fromit:dev:strtoit:prod:softnametypes. (#2930)See Data Migration for more information about automatic migrations.
Features and Enhancements
Updates to the
inetmodel. (#2930)inet:flowThe
dst:softnamesandsrc:softnamesproperties had their types changed fromit:dev:strvalues toit:prod:softname.
Add support for secondary property pivots where the target property is an array type. (#2922)
The Storm API
$lib.bytes.has()now returns a false value when the input is null. (#2924)When unpacking loop values in Storm, use the primitive value when the item being unpacked is a Storm primitive. (#2928)
Add a
--deloption to thesynapse.tools.modusertool to allow removing a user from a service. (#2933)Add entrypoint hooks to the Aha, Axon, Cortex, Cryotank, and JsonStor containers that allow a user to hook the container boot process. (#2919)
Temporary files created by the Axon, Cortex and base Cell class are now created in the cell local
tmpdirectory. In many deployments, this would be located in/vertex/storage/tmp. (#2925)Update the allowed versions of the
cbor2andpycryptodomelibraries. For users installingsynapse[dev],coverage,pytest,pytest-covandpytest-xdistare also updated to their latest versions. (#2935)
Bugfixes
When a Storm Dmon definition lacked a
viewiden, it would previously default to using the Cortex default view. Dmons now prefer to use the user default view before using the Cortex default view. This situation would only happen with Dmons created via the Telepath API where theviewiden was not provided in the Dmon definition. (#2929)Non-integer mask values provided to
inet:cidr4types now raise aBadTypeValuexception. (#2932)Fix an incorrect call to
os.unlinkinsynapse.tools.aha.enroll. (#2926)
Improved Documentation
Update the automation section of the Synapse User guide, expanding upon the use of cron jobs and triggers across views and forks. (#2917)
v2.114.0 - 2022-11-15
Features and Enhancements
Updates to the
cryptomodel. (#2909)crypto:keyAdd
ivandmodeproperties to record initialization vectors and cipher modes used with a key.
Allow the creator for Cron jobs and the user for Triggers to be set. This can be used to effectively change the ownership of these automation elements. (#2908)
When Storm package
onloadqueries produce print, warning, or error messages, those now have the package name included in the message that is logged. (#2913)Update the Storm package schema to allow declaring configuration variables. (#2880)
Bugfixes
The
delCertPath()APIs insynapse.lib.easycertno longer attempt to create a file path on disk when removing the reference count to a certificate path. (#2907)Fix error handling when Axon is streaming files with the
readlines()andcsvrows()APIs. (#2911)The Storm
trigger.listcommand failed to print triggers which were created in a Cortex prior tov2.71.0. These triggers no longer generate an exception when listed. (#2915)Fix an error in the HTTP API example documentation for the
requestsexample. (#2918)
Improved Documentation
Add a Devops task to enable the Python warnings filter to log the use of deprecated Synapse APIs. Python APIs which have been deprecated have had their docstrings updated to reflect their deprecation status. (#2905)
v2.113.0 - 2022-11-04
Automatic Migrations
The
risk:tool:software:typeproperty is migrated to therisk:tool:software:taxonomytype. (#2900)See Data Migration for more information about automatic migrations.
Features and Enhancements
Updates to the
inet,infotech,media,meta,ou, andriskmodels. (#2897) (#2900) (#2903)inet:email:message:linkAdd a
textproperty to record the displayed hypertext link if it was not a raw URL.inet:web:acctAdd a
bannerproperty representing the banner image for the account.inet:web:mesgAdd a
deletedproperty to mark if a message was deleted.inet:web:post:linkAdd a form to record a link contained in the post text.
it:mitre:attack:groupAdd an
isnowproperty to record the potential for MITRE groups to be deprecated and renamed.it:mitre:attack:softwareAdd an
isnowproperty to record the potential for MITRE software to be deprecated and renamed.it:prod:soft:taxonomyAdd a form to record an analyst defined taxonomy of software.
it:prod:softAdd a
typeproperty to record the taxonomy of the software. Deprecated thetechniquesproperty in favor of theuseslight edge.it:sec:cveDeprecated the
desc,urlandreferencesproperties in favor of using therisk:vuln:cve:desc,risk:vuln:cve:url, andrisk:vuln:cve:referencesproperties.media:newsAdd a
topicsarray property to record a list of relevant topics in the article.media:topicAdd a form for recording different media topics.
meta:ruleAdd a
urlproperty to record a URL that documents as rule.Add an
ext:idproperty to record an external identifier for the rule.meta:sophisticationAdd a form to record sophistication score with named values:
very low,low,medium,high, andvery high.ou:campaignAdd a
sophisticationproperty to record the assessed sophistication of a campaign.Deprecate the
techniquesproperty in favor of using theuseslight edge.ou:hasgoalDeprecate the
ou:hasgoalform in favor of using theou:org:goalsproperty.ou:orgDeprecate the
techniquesproperty in favor of using theuseslight edge.ou:techniqueAdd a
sophisticationproperty to record the assessed sophistication of a technique.risk:alertAdd a
urlproperty for a URL that documents the alert.Add an
ext:idproperty to record an external ID for the alert.risk:attackAdd a
sophisticationproperty to record the assessed sophistication of an attack.risk:availabilityAdd a taxonomy for availability status values.
risk:threatAdd a
sophisticationproperty to record the assessed sophistication of a threat cluster.Deprecate the
techniquesproperty in favor of theuseslight edge.risk:tool:softwareAdd an
availabilityproperty to record the assessed availability of the tool.Add a
sophisticationproperty to record the assessed sophistication of the software.Migrate the
typeproperty torisk:tool:software:taxonomy.Deprecate the
techniquesproperty in favor of theuseslight edge.risk:tool:software:taxonomyRename the type
risk:tool:taxonomytorisk:tool:software:taxonomy.risk:vulnAdd a
mitigatedproperty to record if a mitigation or fix is available for the vulnerability.Add an
exploitedproperty to record if the vulnerability has been exploited in the wild.Add
timeline:discovered,timeline:published,timeline:vendor:notified,timeline:vendor:fixed, andtimeline:exploitedproperties to record the timeline for significant events on a vulnerability.Add
cve:desc,cve:url, andcve:referencessecondary properties to record information about the CVE associated with a vulnerability.Add
`nist:nvd:sourceto record the name of the organization which reported the vulnerability in the NVD.Add
nist:nvd:publishedandnist:nvd:modifiedto record when the vulnerability was first published, and later modified, in the NVD.Add
cisa:kev:name,cisa:kev:desc,cisa:kev:action,cisa:kev:vendor,cisa:kev:product,cisa:kev:added,cisa:kev:duedateproperties to record information about the CISA KEV database entry for the vulnerability.
Annotate the following light edges. (#2900)
seenWhen used with
meta:sourcenodes, the edge indicates the target node was observed by the source node.stoleWhen used with a
risk:compromisenode, the edge indicates the target node was stolen or copied as a result of the compromise.targetsWhen used with
risk:attack, the edge indicates the target node is targeted by the attack.When used with
risk:attackandou:industrynodes, the edge indicates the attack targeted the industryWhen used with
risk:threat, the edge indicates the target node is targeted by the threat cluster.When used with
risk:threatandou:industrynodes, the edge indicates the threat cluster targets the industry.usesWhen used with
ou:campaignandou:techniquenodes, the edge indicates the campaign used a given technique.When used with
ou:organdou:techniquenodes, the edge indicates the organization used a given technique.When used with
risk:threat, the edge indicates the target node was used to facilitate the attack.When used with
risk:attackandou:techniquenodes, the edge indicates the attack used a given technique.When used with
risk:attackandrisk:vulnnodes, the edge indicates the attack used the vulnerability.When used with
risk:tool:software, the edge indicates the target node is used by the tool.When used with
risk:tool:softwareandou:techniquenodes, the edge indicates the tool uses the technique.When used with
risk:tool:softwareandrisk:vulnnodes, the edge indicates the tool used the vulnerability.When used with
risk:threat, the edge indicates the target node was used by threat cluster.When used with
risk:threatandou:techniquenodes, the edge indicates the threat cluster uses the technique.When used with
risk:threatandrisk:vulnnodes, the edge indicates the threat cluster uses the vulnerability.
Add
$lib.gen.vulnByCve()to help generaterisk:vulnnodes for CVEs. (#2903)Add a unary negation operator to Storm expression syntax. (#2886)
Add
$lib.crypto.hmac.digest()to compute RFC2104 digests in Storm. (#2902)Update the Storm
inet:http:resp.json()method to add optionalencodinganderrorsarguments, to control how data is deserialized. (#2898)Update the Storm
bytes.decode()method to add an optionalerrorsargument, to control how errors are handled when decoding data. (#2898)Logging of role and user permission changes now includes the authgate iden for the changes. (#2891)
Bugfixes
Catch
RecursionErrorexceptions that can occur in very deep Storm pipelines. (#2890)
Improved Documentation
Update the Storm reference guide to explain backtick format strings. (#2899)
Update
guidsection on Storm type-specific behavior doc with some additional guid generation examples. (#2901)Update Storm control flow documentation to include
init,fini, andtry/catchexamples. (#2901)Add examples for creating extended model forms and properties to the Synapse admin guide. (#2904)
v2.112.0 - 2022-10-18
Features and Enhancements
Add
--emailas an argument tosynapse.tools.moduserto allow setting a user’s email address. (#2891)Add support for
hxxp[s]:prefixes in scrape functions. (#2887)Make the SYNDEV_NEXUS_REPLAY resolution use
s_common.envbool()in theSynTest.withNexusReplay()helper. AddwithNexusReplay()calls to all test helpers which make Cells which previously did not have it available. (#2889) (#2890)Add implementations of
getPermDef()andgetPermDefs()to the base Cell class. (#2888)
Bugfixes
Fix an idempotency issue in the JsonStor multiqueue implementation. (#2890)
Improved Documentation
Add Synapse-GCS (Google Cloud Storage) Advanced Power-Up to the Power-Ups list.
v2.111.0 - 2022-10-12
Features and Enhancements
Update the Storm grammar to allow specifying a tag property with a variable. (#2881)
Add log messages for user and role management activities in the Cell. (#2877)
The logging of service provisioning steps on Aha and when services were starting up was previously done at the
DEBUGlevel. These are now done at theINFOlevel. (#2883)The
vertexproject/synapse:docker images now have the environment variableSYN_LOG_LEVELset toINFO. Previously this wasWARNING. (#2883)
Bugfixes
Move the Nexus
runMirrorLooptask to hang off of the Telepath Proxy and not the Telepath client. This results in a faster teardown of therunMirrorLooptask during Nexus shutdown. (#2878)Remove duplicate tokens presented to users in Storm syntax errors. (#2879)
When bootstrapping a service mirror with Aha provisioning, the
prov.donefile that was left in the service storage directory was the value from the upstream service, and not the service that has been provisioned. This resulted inNoSuchNameexceptions when restarting mirrors. The bootstrapping process now records the correct value in theprov.donefile. (#2882)
v2.110.0 - 2022-10-07
Features and Enhancements
Updates to the
geomodel. (#2872)geo:telemAdd an
accuracyproperty to record the accuracy of the telemetry reading.
Add Nexus support to the Axon, to enable mirrored Axon deployments. (#2871)
Add Nexus support for HTTP API sessions. (#2869)
Add support for runtime string formatting in Storm. This is done with backtick (
`) encapsulated strings. An example of this is$world='world' $lib.print(`hello {$world}`)(#2870) (#2875)Expose user profile storage on the
auth:userobject, with theprofilector. (#2876)Storm package command names are now validated against the same regex used by the grammar. The
synapse.tools.genpkgtool now validates the compiled package against the same schema used by the Cortex. (#2864)Add
$lib.gen.newsByUrl()and$lib.gen.softByName()to help generatemedia:newsandit:prod:softnodes, respectively. (#2866)Add a new realtime event stream system to the Cell, accessible remotely via
CellApi.behold()and a websocket endpoint,/api/v1/behold. This can be used to get realtime changes about services, such as user creation or modification events; or layer and view change events in the Cortex. (#2851)Update stored user password hashing to use PBKDF2. Passwords are migrated to this format as successful user logins are performed. (#2868)
Add the ability to restore a backup tarball from a URL to the Cell startup process. When a Cell starts via
initFromArgv(), if the environment variableSYN_RESTORE_HTTPS_URLis present, that value will be used to retrieve a tarball via HTTPS and extract it to the service local storage, removing any existing data in the directory. This is done prior to any Aha based provisioning. (#2859)
Bugfixes
Improved Documentation
Update Storm and Storm HTTP API documentation to show the set of
optsand different types of message that may be streamed by from Storm APIs. Add example HTTP API client code to the Synapse repository. (#2834)Update the Data Model and Analytical model background documentation. Expand on the discussion of light edges use. Expand discussion of tags versus forms, linking the two via
:tagprops. (#2848)
Deprecations
v2.109.0 - 2022-09-27
Features and Enhancements
Add a
format()API tostrvariables in Storm. (#2849)Update the Telepath user resolution for TLS links to prefer resolving users by the Cell
aha:networkover the certificate common name. (#2850)Update all Synapse tools which make telepath connections to use the
withTeleEnv()helper. (#2844)Update the Telepath and HTTPs TLS listeners to drop RSA based key exchanges and disable client initiated renegotiation. (#2845)
Update the minimum allowed versions of the
aioimaplibandoauthliblibraries. (#2847) (#2854)
Bugfixes
Improved Documentation
Update Storm and Storm HTTP API documentation to show the set of
optsand different types of message that may be streamed by from Storm APIs. Add example HTTP API client code to the Synapse repository. (#2834)Update the Data Model and Analytical model background documentation. Expand on the discussion of light edges use. Expand discussion of tags versus forms, linking the two via
:tagprops. (#2848)
v2.108.0 - 2022-09-12
Features and Enhancements
Update the Telepath TLS connections to require a minimum TLS version of 1.2. (#2833)
Update the Axon implementation to use the
initServiceStorage()andinitServiceRuntime()methods, instead of overriding__anit__. (#2837)Update the minimum allowed versions of the
aiosmtplibandregexlibraries. (#2832) (#2841)
Bugfixes
Catch
LarkErrorexceptions in all Storm query parsing modes. (#2840)Catch
FileNotFounderrors insynapse.tools.healthcheck. This could be caused by the tool running during container startup, and prior to a service making its Unix listening socket available. (#2836)Fix an issue in
Axon.csvrows()where invalid data would cause processing of a file to stop. (#2835)Address a deprecation warning in the Synapse codebase. (#2842)
Correct the type of
syn:splice:spliceto bedata. Previously it wasstr. (#2839)
Improved Documentation
v2.107.0 - 2022-09-01
Automatic Migrations
Migrate the
risk:alert:typeproperty to ataxonomytype and create new nodes as needed. (#2828)Migrate the
pol:country:nameproperty to ageo:nametype and create new nodes as needed. (#2828)See Data Migration for more information about automatic migrations.
Features and Enhancements
Updates to the
geo,inet,media,pol,proj, andriskmodels. (#2828) (#2829)geo:areaAdd a new type to record the size of a geographic area.
geo:place:taxonomyAdd a form to record an analyst defined taxonomy of different places.
geo:placeAdd a
typeproperty to record the taxonomy of a place.inet:web:membThis form has been deprecated.
inet:web:memberAdd a guid form that represents a web account’s membership in a channel or group.
media:news:taxonomyAdd a form to record an analyst defined taxonomy of different types or sources of news.
media:newsAdd a
typeproperty to record the taxonomy of the news. Add anext:idproperty to record an external identifier provided by a publisher.pol:vitalsAdd a guid form to record the vitals for a country.
pol:countryAdd
names,place,dissolvedandvitalssecondary properties. Thenameis changed from astrto ageo:nametype. Deprecate thepopsecondary property.pol:candidateAdd an
incumbentproperty to note if the candidate was an incumbent in a race.projAdd missing docstrings to the
projmodel forms.risk:alert:taxonomyAdd a form to record an analyst defined taxonomy of alert types.
risk:alertThe
typeproperty is changed from astrto therisk:alert:taxonomytype.
Add
**as a power operator for Storm expression syntax. (#2827)Add a new test helper,
synapse.test.utils.StormPkgTestto assist with testing Rapid Power-Ups. (#2819)Add
$lib.axon.metrics()to get the metrics from the Axon that the Cortex is connected to. (#2818)Add
pack()methods to theauth:userandauth:roleobjects. This API returns the definitions of the User and Role objects. (#2823)Change the Storm Package
requirevalues to log debug messages instead of raising exceptions if the requirements are not met. Add a$lib.pkg.deps()API that allows inspecting if a package has its dependencies met or has conflicts. (#2820)
Bugfixes
Improved Documentation
Add Developer documentation for writing Rapid Power-Ups. (#2803)
Add the
synapse.tests.utilspackage to the Synapse API autodocs. (#2819)Update Devops documentation to note the storage requirements for taking backups of Synapse services. (#2824)
Update the Storm
minandmaxcommand help to clarify their usage. (#2826)
v2.106.0 - 2022-08-23
Features and Enhancements
Bugfixes
v2.105.0 - 2022-08-19
Features and Enhancements
Add a Number primitive to Storm to facilitate fixed point math operations. Values in expressions which are parsed as floating point values will now be Numbers by default. Values can also be cast to Numbers with
$lib.math.number(). (#2762)Add
$lib.basex.encode()and$lib.basex.decode()for encoding and decoding strings using arbitrary charsets. (#2807)The tag removal operator (
-#) now accepts lists of tags to remove. (#2808)Add a
$node.difftags()API to calculate and optionally apply the difference between a list of tags and those present on a node. (#2808)Scraped Ethereum addresses are now returned in their EIP55 checksummed form. This change also applies to lookup mode. (#2809)
Updates to the
mat,ps, andriskmodels. (#2804)massAdd a type for storing mass with grams as a base unit.
ps:vitalsAdd a form to record statistics and demographic data about a person or contact.
ps:personAdd a
vitalssecondary property to record the most recent known vitals for the person.ps:contactAdd a
vitalssecondary property to record the most recent known vitals for the contact.risk:tool:taxonomyAdd a form to record an analyst defined taxonomy of different tools.
risk:tool:softwareAdd a form to record software tools used in threat activity.
risk:threatAdd
reporter,reporter:name,org:loc,org:names, andgoalssecondary properties.
Annotate the following light edges. (#2804)
usesWhen used with
risk:threatnodes, the edge indicates the target node is used by the source node.
Bugfixes
v2.104.0 - 2022-08-09
Automatic Migrations
Migrate crypto:x509:cert:serial from str to hex type. Existing values which cannot be converted as integers or hex values will be moved into nodedata under the key
migration:0_2_10as{'serial': value}(#2789)Migrate
ps:contact:titleto theou:jobtitletype and createou:jobtitlenodes. (#2789)Correct hugenum property index values for values with more than 28 digits of precision. (#2766)
See Data Migration for more information about automatic migrations.
Features and Enhancements
Updates to the
cryptoandpsmodels. (#2789)crypto:x509:certThe
serialsecondary property has been changed from astrto ahextype.ps:contactThe type of the
titlesecondary property has been changed from astrto anou:jobtitle.
Add
$lib.hex.toint(),$lib.hex.fromint(),$lib.hex.trimext()and$lib.hex.signext()Storm APIs for handling hex encoded integers. (#2789)Add
set()andsetdefault()APIs on the SynErr exception class. Improve support for unpickling SynErr exceptions. (#2797)Add logging configuration to methods which are called in spawned processes, and log exceptions occurring in the processes before tearing them down. (#2795)
Bugfixes
Improved Documentation
Update data model documentation. (#2796)
v2.103.0 - 2022-08-05
Features and Enhancements
Updates to the
it,ou, andriskmodels. (#2778)it:prod:softAdd a
techniquessecondary property to record techniques employed by the author of the software.ou:campaignAdd a
techniquessecondary property to record techniques employed by the campaign.ou:orgAdd a
techniquessecondary property to record techniques employed by the org.ou:techniqueAdd a form to record specific techniques used to achieve a goal.
ou:technique:taxonomyAdd a form to record an analyst defined taxonomy of different techniques.
risk:attackAdd a
techniquessecondary property to record techniques employed during the attack. Deprecate the following secondary properties, in favor of using light edges.targettarget:hosttarget:orgtarget:persontarget:placeused:emailused:fileused:hostused:serverused:softwareused:urlused:vulnvia:emailvia:ipv4via:ipv6via:phone
risk:compromiseAdd a
techniquessecondary property to record techniques employed during the compromise.risk:threatAdd a form to record a threat cluster or subgraph of threat activity attributable to one group.
Annotate the following light edges. (#2778)
targetsWhen used with
ou:org,ou:campaign,risk:threat, orrisk:attacknodes, the edge indicates the target node was targeted by the source node.usesWhen used with an
ou:campaignorrisk:attacknode, the edge indicates the target node is used by the source node.
Change the behavior of the Storm
countcommand to consume nodes. If the previous behavior is desired, use the--yieldoption when invoking thecountcommand. (#2779)Add
$lib.random.int()API to Storm for generating random integers. (#2783)Add a new tool,
synapse.tools.livebackupfor taking a live backup of a service. (#2788)The Storm
$lib.jsonstor.cacheset()API now returns a dict containing the path and time. The$lib.jsonstor.cacheget()API now has an argument to retrieve the entire set of enveloped data. (#2790)Add a HTTP 404 handler for the Axon
v1/by/sha256/<sha256>endpoint which catches invalid<sha256>values. (#2780)Add helper scripts for doing bulk Synapse Docker image builds and testing. (#2716)
Add
aha:\\support tosynapse.tools.csvtool. (#2791)
Bugfixes
Improved Documentation
Deprecations
The
vertexproject/synapse:master-py37andvertexproject/synapse:v2.x.x-py37Docker containers are no longer being built. (#2716)
v2.102.0 - 2022-07-25
Features and Enhancements
Updates to the
crypto,geo,inet,mat,media,ou,pol, andprojmodels. (#2757) (#2771)crypto:keyAdd
public:md5,public:sha1, andpublic:sha256secondary properties to record those hashes for the public key. Addprivate:md5,private:sha1, andprivate:sha256secondary properties to record those hashes for the public key.geo:nlocThe
geo:nlocform has been deprecated.geo:telemAdd a new form to record a the location of a given node at a given time. This replaces the use of
geo:nloc.it:sec:c2:configAdd a
proxiessecondary property to record proxy URLS used to communicate to a C2 server. Add alistenssecondary property to record urls the software should bind. Add adns:resolverssecondary property to record DNS servers the software should use. Add ahttp:headerssecondary property to record HTTP headers the software should use.it:exec:queryAdd a new form to record an instance of a query executed on a host.
it:queryAdd a new form to record query strings.
mat:typeAdd a taxonomy type to record taxonomies of material specifications or items.
mat:itemAdd a
typesecondary property to record the item type.mat:specAdd a
typesecondary property to record the item type.media:newsAdd a
publishersecondary property to record the org that published the news. Add apublisher:namesecondary property to record the name of the org. Deprecate theorgsecondary property.ou:campaignAdd a
conflictsecondary property to record the primary conflict associated the campaign.ou:conflictAdd a new form to record a conflict between two or more campaigns which have mutually exclusive goals.
ou:contributionAdd a new form to represent contributing material support to a campaign.
pol:electionAdd a new form to record an election.
pol:raceAdd a new form to record indivdual races in an election.
pol:officeAdd a new form to record an appointed or elected office.
pol:termAdd a new form to record the term in office for an individual.
pol:candidateAdd a form to record a candidate for a given race.
pol:pollingplaceAdd a form to record the polling locations for a given election.
proj:ticketAdd a
ext:creatorsecondary form to record contact information from and external system.
Annotate the following light edges. (#2757)
aboutA light edge created by the Storm
note.addcommand, which records the relationship between ameta:notenode and the target node.includesWhen used with a
ou:contributionnode, the edge indicates the target node was the contribution made.hasWhen used with a
meta:rulesetandmeta:rulenode, indicates the ruleset contains the rule.matchesWhen used with a
meta:rulenode, the edge indicates the target node matches the rule.refsA light edge where the source node refers to the target node.
seenatWhen used with a
geo:telemtarget node, the edge indicates the source node was seen a given location.usesWhen used with a
ou:orgnode, the edge indicates the target node is used by the organization.
Commonly used light edges are now being annotated in the model, and are available through Cortex APIs which expose the data model. (#2757)
Make Storm command argument parsing errors into exceptions. Previously the argument parsing would cause the Storm runtime to be torn down with
printmessages, which could be missed. This now means that automations which have a invalid Storm command invocation will fail loudly. (#2769)Allow a Storm API caller to set the task identifier by setting the
taskvalue in the Stormoptsdictionary. (#2768) (#2774)Add support for registering and exporting custom STIX objects with the
$lib.stixStorm APIS. (#2773)Add APIS and Storm APIs for enumerating mirrors that have been registered with AHA. (#2760)
Bugfixes
Ensure that auto-adds are created when merging part of a View when using the Storm
merge --applycommand. (#2770)Add missing support for handling timezone offsets without colon separators when normalizing
timevalues.timevalues which contain timezone offsets and not enough data to resolve minute level resolution will now fail to parse. (#2772)Fix an issue when normalizing
inet:urlvalues when the host value was the IPv4 address0.0.0.0. (#2771)Fix an issue with the Storm
cron.listcommand, where the command failed to run when a user had been deleted. (#2776)
Improved Documentation
Update the Storm user documentation to include the Embedded Property syntax, which is a shorthand (
::) that can be used to reference properties on adjacent nodes. (#2767)Update the Synapse Glossary. (#2767)
Update Devops documentation to clarify the Aha URLs which end with``…`` are intentional. (#2775)
v2.101.1 - 2022-07-14
Bugfixes
v2.101.0 - 2022-07-12
Automatic Migrations
Create nodes in the Cortex for the updated properties noted in the data model updates listed below.
Axon indices are migrated to account for storing offset information to support the new offset and size API options.
See Data Migration for more information about automatic migrations.
Features and Enhancements
Updates to the
crypto,infotech,ps, andtransportmodels. (#2720) (#2738) (#2739) (#2747)crypto:smart:effect:minttokenAdd a new form to model smart contract effects which create non-fungible tokens.
crypto:smart:effect:burntoken`Add a new form to model smart contract effects which destroy non-fungible tokens.
crypto:smart:effect:proxytokenAdd a new form that tracks grants for a non-owner address the ability to manipulate a specific non-fungible token.
crypto:smart:effect:proxytokenallAdd a new form that tracks grants for a non-owner address the ability to manipulate all of the non-fungible tokens.
crypto:smart:effect:proxytokensAdd a new form that tracks grants for a non-owner address to manipulate fungible tokens.
it:av:signameAdd a new form to track AV signature names. Migrate
it:av:filehit:sig:nameandit:av:sig:nameto use the new form.it:exec:procAdd a
namesecondary property to track the display name of a process. Add apath:basesecondary property to track the basename of the executable for the process.ps:contactAdd an
orgnamessecondary property to track an array of orgnames associated with a contact.transport:sea:vesselAdd
makeandmodelsecondary properties to track information about the vessel.
Add a new Storm command,
movenodes, that can be used to move a node entirely from one layer to another. (#2714)Add a new Storm library,
$lib.gen, to assist with creating nodes based on secondary property based deconfliction. (#2754)Add a
sorted()method to thestat:tallyobject, to simplify handling of tallied data. (#2748)Add a new Storm function,
$lib.mime.html.totext(), to extract inner tag text from HTML strings. (#2744)Add Storm functions
$lib.crypto.hashes.md5(),$lib.crypto.hashes.sha1(),$lib.crypto.hashes.sha256()and$lib.crypto.hashes.sha512()to allow hashing bytes directly in Storm. (#2743)Add an
Axon.csvrows()API for streaming CSV rows from an Axon, and a corresponding$lib.axon.csvrows()Storm API. (#2719)Expand Synapse requirements to include updated versions of the
pycryptome,pygments, andscalecodecmodules. (#2752)Add range support to
Axon.get()to read bytes from a given offset and size. The/api/v1/axon/files/by/sha256/<SHA-256>HTTP API has been updated to support aRangeheader that accepts abytesvalue to read a subset of bytes that way as well. (#2731) (#2755) (#2758)
Bugfixes
v2.100.0 - 2022-06-30
Features and Enhancements
Support parsing CVSS version 3.1 prefix values. (#2732)
Bugfixes
Improved Documentation
v2.99.0 - 2022-06-23
Features and Enhancements
Add an extensible STIX 2.1 import library,
$lib.stix.import. The function$lib.stix.import.ingest()can be used to STIX bundles into a Cortex via Storm. (#2727)Add a Storm
uptimecommand to display the uptime of a Cortex or a Storm Service configured on the Cortex. (#2728)Add
--viewand--optsfilearguments tosynapse.tools.csvtool. (#2726)
Bugfixes
Fix an issue getting the maximum available memory for a host running with Linux cgroupsv2 apis. (#2728)
v2.98.0 - 2022-06-17
Features and Enhancements
Updates to the
econmodel. (#2717)econ:acct:balanceAdd
total:receivedandtotal:sentproperties to record total currency sent and received by the account.
Add additional debug logging for Aha provisioning. (#2722)
Adjust whitespace requirements on Storm grammar related to tags. (#2721)
Always run the function provided to the Storm
divertcommand per node. (#2718)
Bugfixes
Fix an issue that prevented function arguments named
funcin Storm function calls. (#2715)Ensure that active coroutines have been cancelled when changing a Cell from active to passive status; before starting any passive coroutines. (#2713)
Fix an issue where
Nexus._tellAhaReadywas registering with the Aha service when the Cell did not have a proper Aha service name set. (#2723)
v2.97.0 - 2022-06-06
Features and Enhancements
Add an
/api/v1/aha/provision/serviceHTTP API to the Aha service. This can be used to generateaha:provisionURLs. (#2707)Add
proxyoptions to$lib.inet.httpStorm APIs, to allow an admin user to specify an alternative (or to disable) proxy setting. (#2706)Add a
--tagand--propoption to the Stormdiffcommand. Update the Stormmergecommand examples to show more real-world use cases. (#2710)Add the ability to set the layers in a non-forked view with the
$view.set(layers, $iden)API on the Storm view object. (#2711)Improve Storm parser logic for handling list and expression syntax. (#2698) (#2708)
Bugfixes
Improve error handling of double quoted strings in Storm when null characters are present in the raw query string. This situation now raises a BadSyntax error instead of an opaque Python ValueError. (#2709)
Fix unquoted JSON keys which were incorrectly allowed in Storm JSON style expression syntax. (#2698)
When merging layer data, add missing permission checks for light edge and node data changes. (#2671)
v2.96.0 - 2022-05-31
Features and Enhancements
Updates to the
transportmodel. (#2697)velocityAdd a new base type to record velocities in millimeters/second.
transport:directionAdd a new type to indicate a direction of movement with respect to true North.
transport:air:telemAdd
:courseand:headingproperties to record the direction of travel. Add:speed,:airspeedand:verticalspeedproperties to record the speed of travel.transport:sea:telemAdd
:courseand:headingproperties to record the direction of travel. Add a:speedproperty to record the speed of travel. Add:destination,:destination:nameand:destination:etato record information about the destination.
Restore the precedence of environment variables over
cell.yamloptions during Cell startup. API driven overrides are now stored in thecell.mods.yamlfile. (#2699)Add
--dmon-portand--https-portoptions to thesynapse.tools.aha.provision.servicetool in order to specify fixed listening ports during provisioning. (#2703)Add the ability of
synapse.tools.moduserto set user passwords. (#2695)Restore the call to the
recover()method on the Nexus during Cell startup. (#2701)Add
mesgarguments toNoSuchLayerexceptions. (#2696)Make the LMDB slab startup more resilient to a corrupted
cell.opts.yamlfile. (#2694)
Bugfixes
Fix missing variable checks in Storm. (#2702)
Improved Documentation
Add a warning to the deployment guide about using Docker on Mac OS. (#2700)
v2.95.1 - 2022-05-24
Bugfixes
Fix a regression in the Telepath
aha://update fromv2.95.0. (#2693)
v2.95.0 - 2022-05-24
Features and Enhancements
Add a
searchmode to Storm. Thesearchmode utilizes the Storm search interface to lift nodes. Thelookupmode no longer uses the search interface. (#2689)Add a
?mirror=trueflag toaha://Telepath URLs which will cause the Aha service lookups to prefer using a mirror of the service rather than the leader. (#2681)Add
$lib.inet.http.urlencode()and$lib.inet.http.urldecode()Storm APIs for handling URL encoding. (#2688)Add type validation for all Cell configuration options throughout the lifetime of the Cell and all operations which modify its configuration values. This prevents invalid values from being persisted on disk. (#2687) (#2691)
Bugfixes
Fix an issue where the
=sign in the Storm grammar was assigned an anonymous terminal name by the grammar parser. This caused an issue with interpreting various syntax errors. (#2690)
v2.94.0 - 2022-05-18
Automatic Migrations
Re-normalize the migrated properties noted in the data model updates listed below. See Data Migration for more information about automatic migrations.
Features and Enhancements
Updates to the
crypto,infotech,ou, andpersonmodels. (#2620) (#2684)crypto:algorithmAdd a form to represent a named cryptography algorithm.
crypto:keyAdd a form to represent a cryptographic key and algorithm.
crypto:smart:effect:transfertokenAdd a form to represent the effect of transferring ownership of a non-fungible token.
crypto:smart:effect:transfertokensAdd a form to represent the effect of transferring multiple fungible tokens.
crypto:smart:effect:edittokensupplyAdd a form to represent the increase or decrease in the supply of fungible tokens.
it:prod:softnameAdd a form to represent a software name.
it:hostAdd a
:os:namesecondary property.it:mitre:attack:softwareMigrate the
:nameand:namesproperties toit:prod:softnametype.it:prod:softMigrate the
:nameand:namesproperties toit:prod:softnametype.it:prod:softverDeprecate the
:software:nameproperty. Migrate the:nameand:namesproperties toit:prod:softnametype.it:app:yara:ruleAdd a
:familyproperty to represent the software family the rule is designed to detect.it:sec:c2:configAdd a form to represent C2 configuration data.
ou:campaignAdd a
:org:nameproperty to represent the name of the organization responsible the campaign. Add a:org:fqdnproperty to represent the fqdn of the organization responsible the campaign. Add a:teamproperty to represent the team responsible for the campaign.ou:teamAdd a form to represent a team within an organization.
ou:industryMigrate the
:nameproperty toou:industrynametype. Add a:namesproperty for alternative names.ou:industrynameAdd a form to represent the name of an industry.
ou:positionAdd a
:teamproperty to represent the team associated with a given position.ps:contactAdd a
:crypto:addressproperty to represent the crypto currency address associated with the contact.
Add
$lib.copy()to Storm. This allows making copies of objects which are compatible with being serialized with msgpack. (#2678)Remove print events from the Storm limit command. (#2674)
Bugfixes
Fix an issue where client certificates presented in Telepath
sslconnections could fallback to resolving users by a prefix. This was not intended to be allowed when client certificates are used with Telepath. (#2675)Fix an issue where
node:deltriggers could fail to fire when adding nodeedits directly to a view or snap. (#2654)Fix header escaping when generating autodoc content for Synapse Cells. (#2677)
Assorted unit tests fixes to make tests more stable. (#2680)
Fix an issue with Storm function argument parsing. (#2685)
Improved Documentation
v2.93.0 - 2022-05-04
Features and Enhancements
Updates to the
inetandinfotechmodels. (#2666):sandbox:fileAdd a
sandbox:fileproperty to record an initial sample from a sandbox environment to the following forms:it:exec:procit:exec:threadit:exec:loadlibit:exec:mmapit:exec:mutexit:exec:pipeit:exec:urlit:exec:bindit:exec:file:addit:exec:file:delit:exec:file:readit:exec:file:writeit:exec:reg:delit:exec:reg:getit:exec:reg:setit:host:activityUpdate the interface to add a
sandbox:fileproperty to record an initial sample from a sandbox environment.
Changed primary Storm parser to a LALR compatible syntax to gain 80x speed up in parsing Storm queries (#2649)
Added service provisioning API to AHA service and associated tool
synapse.tools.aha.provision.serviceand documentation to make it easy to bootstrap Synapse services using service discovery and SSL client-side certificates to identify service accounts. (#2641)Added user provisioning API to AHA service and associated tools
synapse.tools.aha.provision.userandsynapse.tools.aha.enrollto make it easy to bootstrap new users with SSL client-side certificates and AHA service discovery configuration. (#2641)Added automatic mirror initialization logic to Synapse services to enable new mirrors to be initilized dynamically via AHA provisioning rather than from a pre-existing backup. (#2641)
Added
handoff()API to Synapse services to allow mirrors to be gracefully promoted to leader. (#2641)Added
synapse.tools.promoteto allow easy promotion of mirror to leader using the newhandoff()API. (#2641)Added
aha:provisionconfiguration to Synapse services to allow them to automatically provision and self-configure using AHA. (#2641)Adjusted Synapse service configuration preference to allow runtime settings to be stored in
cell.yaml. (#2641)Added optional
certhashparameter to telepathssl://URLs to allow cert-pinning behavior and automatic trust of provisioning URLs. (#2641)Added
synapse.tools.moduserandsynapse.tools.modrolecommands to modernize and ease user/role management from within Synapse service docker containers. (#2641)Add
$lib.jsonstor.cacheget()andlib.jsonstor.cacheset()functions in Storm to easily implement data caching in the JSONStor. (#2662)Add a
paramsoption to$lib.inet.http.connect()to pass parameters when creating Websocket connections in Storm. (#2664)
Bugfixes
Added
getCellRunId()API to Synapse services to allow them to detect incorrect mirror configurations where they refer to themselves. (#2641)Ensure that CLI history files can be read and written upon starting interactive CLI tools. (#2660)
Assorted unit tests fixes to make tests more stable. (#2656) (#2665)
Fix several uses of Python features which are formally deprecated and may be removed in future Python versions. (#2668)
Improved Documentation
Added new Deployment Guide with step-by-step production ready deployment instructions (#2641)
Refactored Devops Guide to give task-oriented instructions on performing common devops tasks. (#2641)
Added new minimal Admin Guide as a place for documenting Cortex admin tasks. (#2641)
Updated Getting Started to direct users to synapse-quickstart instructions. (#2641)
Added
easycerttool documentation. (#2641)Removed
cmdrtool documentation to emphasize newer tools such asstorm. (#2641)Update the list of available Advanced and Rapid Power-Ups. (#2667)
v2.92.0 - 2022-04-28
Features and Enhancements
Bugfixes
When setting ival properties, they are now properly merged with existing values. This only affected multi-layer views. (#2655)
v2.91.1 - 2022-04-24
Bugfixes
Fix a parsing regression in inet:url nodes related to unencoded “@” symbols in URLs. (#2653)
v2.91.0 - 2022-04-21
Features and Enhancements
Updates to the
inetandinfotechmodels. (#2634) (#2644) (#2652)inet:urlThe
inet:urltype now recognizes variousfile:///values from RFC 8089.it:sec:cveThe
it:sec:cvetype now replaces various Unicode dashes with hyphen characters when norming. This allows a wider range of inputs to be accepted for the type. Scrape related APIs have also been updated to match on this wider range of inputs.
The Cell now uses
./backupas a default path for storing backups in, if thebackup:dirpath is not set. (#2648)Add POSIX advisory locking around the Cell
cell.guidfile, to prevent multiple processes from attempting to start a Cell from the same directory. (#2642)Change the default
SLAB_COMMIT_WARNtime from 5 seconds to 1 second, in order to quickly identify slow storage performance. (#2630)Change the Cell
iterBackupArchiveanditerNewBackupArchiveroutines to always log exceptions they encounter, and report the final log message at the appropriate log level for success and failure. (#2629)When normalizing the
strtypes, whenonespaceis specified, we skip thestripbehavior since it is redundant. (#2635)Log exceptions raised by Cell creation in
initFromArgv. Catchlmdb.LockErrorwhen opening a LMDB database and re-raise an exception with a clear error message. (#2638)Update schema validation for Storm packages to ensure that cmd arguments do not have excess fields in them. (#2650)
Bugfixes
Adjust comma requirements for the JSON style list and dictionary expressions in Storm. (#2636)
Add Storm query logging in a code execution path where it was missing. (#2647)
Tuplify the output of
synapse.tools.genpkg.loadPkgPrototo ensure that Python list constructs[...]do not make it into Power-Up documentation. (#2646)Fix an issue with heavy Stormtypes objects where caching was preventing some objects from behaving in a dynamic fashion as they were intended to. (#2640)
In norming
intvalues, when something is outside of the minimum or maximum size of the type, we now include the string representation of the valu instead of the raw value. (#2643)Raise a
NotReadyexception when a client attempts to resolve anaha://URL and there have not been anyahaservers registered. (#2645)
Improved Documentation
v2.90.0 - 2022-04-04
Features and Enhancements
Updates to the
metaandinfotechmodels. (#2624)meta:ruleAdd a new form for generic rules, which should be linked to the nodes they match with a
matcheslight edge.meta:rulesetAdd
:author,:created, and:updatedsecondary properties.it:app:yara:ruleAdd
:createdand:updatedsecondary properties.
Add a new Docker image
vertexproject/synapse-jsonstor. (#2627)Allow passing a version requirement string to
$lib.import(). (#2626)
Bugfixes
Fix an issue where using a regex lift on an array property could incorrectly yield the same node multiple times. (#2625)
Improved Documentation
Update documentation regarding mirroring to be clearer about whether a given cell supports it. (#2619)
v2.89.0 - 2022-03-31
Features and Enhancements
Update the
metamodel. (#2621)meta:rulesetAdd a new form to denote the collection of a set of nodes representing rules, which should be linked together with a
haslight edge.
Add additional filter options for the Storm
mergecommand. (#2615)Update the
BadSyntaxErrorexception thrown when parsing Storm queries to additionally include line and column when available. Fix an issue where a!character being present in the exception text could truncate the output. (#2618)
v2.88.0 - 2022-03-23
Automatic Migrations
Re-normalize the
geo:place:name,crypto:currency:block:hash, andcrypto:currency:transaction:hashvalues to account for their modeling changes. Migratecrypto:currency:transaction:inputandcrypto:currency:transaction:outputvalues to the secondary properties on the respectivecrypto:payment:inputandcrypto:payment:outputnodes to account for the modeling changes. Makegeo:namenodes forgeo:place:namesecondary properties to account for the modeling changes. See Data Migration for more information about automatic migrations.
Features and Enhancements
Several updates for the
crypto,geospace,inet, andmetamodels. (#2594) (#2608) (#2611) (#2616)crypto:payment:inputAdd a secondary property
:transactionto denote the transaction for the payment.crypto:payment:outputAdd a secondary property
:transactionto denote the transaction for the payment.crypto:currency:blockChange the type of the
:hashproperty from a0xprefixedstrto ahextype.crypto:currency:transactionChange the type of the
:hashproperty from a0xprefixedstrto ahextype. Deprecate the:inputsand:outputssecondary properties.geo:placeChange the type of the
:namesecondary property togeo:name.inet:web:channelAdd a new form to denote a channel within a web service or instance.
inet:web:instanceAdd a new form to track an instance of a web service, such as a channel based messaging platform.
inet:web:mesgAdd
:channel,:place, and:place:namesecondary properties.inet:web:postAdd
:channeland:place:namesecondary properties.meta:eventAdd a new form to denote an analytically relevant event in a curated timeline.
meta:event:taxonomyAdd a new form to represent a taxonomy of
meta:event:typevalues.meta:timelineAdd a new form to denote a curated timeline of analytically relevant events.
meta:timeline:taxonomyAdd a new form to represent a taxonomy of
meta:timeline:typevalues.
Add support for
$lib.len()to count the length of emitter or generator functions. (#2603)Add support for scrape APIs to handle text that has been defanged with
\\.characters. (#2605)Add a
nomergeoption to View objects that can be set to prevent merging a long lived fork. (#2614)Add
liftByProp()andliftByTag()methods to the Stormtypeslayerobjects. These allow lifting of nodes based on data stored in a specific layer. (#2613)Expand Synapse requirements to include updated versions of the
pygmentslibrary. (#2602)
Improved Documentation
Fix the example regular expressions used in the
$lib.scrape.genMatches()Storm library API examples. (#2606)
v2.87.0 - 2022-03-18
Features and Enhancements
Several updates for the
inetandmetamodels. (#2589) (#2592)inet:ssl:jarmhashAdd a form to record JARM hashes.
inet:ssl:jarmsampleAdd a form to record JARM hashes being present on a server.
meta:noteAdd a form for recording free text notes.
Update the Synapse docker containers to be built from a Ubuntu based image, instead of a Debian based image. (#2596)
Add a Storm
note.addcommand that creates ameta:notenode to record freeform text, and links that node to the input nodes using aaboutlight edge. (#2592)Support non-writeable or non-existing directories within Synapse
certdirdirectories. (#2590)Add an optional
tickargument to thesynapse.lib.lmdbslab.Hist.add()function. This is exposed internally for Axon implementations to use. (#2593)Expand Synapse requirements to include updated versions of the
pycryptome,pygments,scalecodecandxxhashmodules. (#2598)
Bugfixes
v2.86.0 - 2022-03-09
Automatic Migrations
Migrate secondary properties in Cortex nodes which use
hugenumtype to account for updated ranges. See Data Migration for more information about automatic migrations.
Features and Enhancements
Bugfixes
Add missing read-only flags to secondary properties of Comp type forms which were computed from the primary property of the node. This includes the following: (#2587)
crypto:currency:address:coincrypto:currency:address:idencrypto:currency:block:coincrypto:currency:block:offsetcrypto:currency:client:coinaddrcrypto:currency:client:inetaddrcrypto:currency:smart:token:contractcrypto:currency:smart:token:tokenidcrypto:x509:revoked:crlcrypto:x509:revoked:certcrypto:x509:signedfile:certcrypto:x509:signedfile:fileecon:acquired:itemecon:acquired:purchaseinet:dns:query:clientinet:dns:query:nameinet:dns:query:typeinet:whois:contact:typeinet:wifi:ap:bssidinet:wifi:ap:ssidmat:itemimage:filemat:itemimage:itemmat:specimage:filemat:specimage:specou:id:number:typeou:id:number:valueou:hasgoal:goalou:hasgoal:orgtel:mob:cell:carriertel:mob:cell:carrier:mcctel:mob:cell:carrier:mnctel:mob:cell:cidtel:mob:cell:lac
Fix an issue where Layers configured with writeback mirrors did not properly handle results which did not have any changes. (#2583)
Improved Documentation
v2.85.1 - 2022-03-03
Bugfixes
v2.85.0 - 2022-03-03
Features and Enhancements
Several updates for the
crypto,geo,inet,it,psandriskmodels. (#2570) (#2573) (#2574)crypto:payment:inputAdd a new form to record payments made into a transaction.
crypto:payment:outputAdd a new form to record payments receieved from a transaction.
crypto:currency:transactionAdd
inputsandoutputsarray secondary properties to record inputs and outputs for a given transaction.geo:nameAdd a new form representing an unstructured place name or address.
geo:placeAdd a
namessecondary property which is an array ofgeo:namevalues.inet:flowAdd
dst:txcount,src:txcount,tot:txcountandtot:txbytessecondary properties.it:exec:procAdd an
accountsecondary property as ait:accounttype. Mark theusersecondary property as deprecated.ps:contactAdd
birth:place,birth:place:loc,birth:place:name,death:place,death:place:locanddeath:place:namesecondary properties.risk:compromiseAdd a
theft:pricesecondary property to represent value of stolen assets.
Embed Cron, StormDmon, and Trigger iden values and automation types into the Storm runtime when those automations are run. This information is populated in a dictionary variable named
$auto. (#2565)Add
$lib.crypto.coin.ethereum.eip55()to convert an Ethereum address to a checksummed address. (#2577)Add a
defaultargument to the$lib.user.allowed()andallowed()method onuserStormType. (#2570)Add a
inauguralconfiguration key to the baseCellclass. This can currently be used to bootstrap roles, permissions, and users in a Cell upon the first time it is started. (#2570)De-duplicate nodes when running the Storm
lookupmode to lift nodes. (#2567)Add a test helper that can be used to isolate the
synapse.lib.certdir.certdirsingleton behavior via context manager. (#2564)
Bugfixes
Calls to
addFormProp()APIs when the property name already exists now raise aDupPropNameexception. (#2566)Do not allow Storm
macro’s to be created that have names greater than 492 characters in length. (#2569)Fix a bug in the scrape logic for Ethereum where the regular expression matched on
0Xprefixed strings but the validation logic did not account for that uppercase character. (#2575)
Improved Documentation
Add documentation for the
$autovariable embedded into the Cron, StormDmon, and Trigger automations. Add documentation for variables representing the form, node value, properties and tags which are responsible for Triggers running. (#2565)
v2.84.0 - 2022-02-22
Features and Enhancements
Add
$lib.time.toUTC()to adjust a local epoch milliseconds time to UTC. (#2550)Add a optional
timeoutargument to$lib.service.wait(). The function now returns$lib.trueif the service is available, or$lib.falseif the service does not become available during the timeout window. (#2561)Update the
Layer.verify()routines to add verification of tagprop and array indexes in layers. These routines are in a beta status and are subject to change. (#2560)Update the Cortex’s connection to a remote Axon to use a Telepath Client. (#2559)
v2.83.0 - 2022-02-17
Features and Enhancements
Add
:ip:protoand:ip:tcp:flagsproperties to theinet:flowform. (#2554)Add
$lib.log.debug(),$lib.log.info(),$lib.log.warning(), and$lib.log.error()Stormtypes APIs. These allow a user to send log messages to the Cortex logging output directly.Update the
synapse.tools.genpkgtool to support using files with the.stormextension. This is enabled by adding the following option to a Storm package definition. (#2555)genopts: dotstorm: true
Add form and prop values to
BadTypeValuexceptions when raised during node edit generation. (#2552)
Bugfixes
Correct a race condition in the
CoreApi.syncLayersEventsandCoreApi.syncIndexEventsAPIs. (#2553)
Improved Documentation
Remove outdated documentation related to making
CoreModuleclasses. (#2556)
v2.82.1 - 2022-02-11
Bugfixes
v2.82.0 - 2022-02-10
Features and Enhancements
Add an
addNode()API to the Stormtypesviewobject. This allows the programmatic creation of a node with properties being set in a transactional fashion. (#2540)Add support to Storm for creating JSON style list and dictionary objects. (#2544)
The
AhaCellnow bootstraps TLS CA certificates for the configuredaha:networkvalue, a host certificate for theaha:namevalue, and a user certificate for theaha:adminvalue. (#2542)Add
mesgarguments to all exceptions raised insynapse.lib.certdir. (#2546)
Improved Documentation
Fix some missing and incorrect docstrings for Stormtypes. (#2545)
Deprecations
Telepath APIs and Storm commands related to
spliceshave been marked as deprecated. (#2541)
v2.81.0 - 2022-01-31
Features and Enhancements
The
it:sec:cpenow recognizes CPE 2.2 strings during type normalization. CPE 2.2 strings will be upcast to CPE 2.3 and the 2.2 string will be added to the:v2_2secondary property ofit:sec:cpe. The Storm hotfix$lib.cell.hotFixesApply()can be used to populate the:v2_2property on existingit:sec:cpenodes where it is not set. (#2537) (#2538) (#2539)Setting properties on nodes may now take a fast path if the normed property has no subs, no autoadds and is not a locked property. (#2539)
Bugfixes
Fix an issue with
Ivalnorm()routines when norming a tuple or list of values. The max value returned previously could have exceeded the value of the future marker?, which would have been then caused an aBadTypeValuexception during node edit construction. This is is now caught during the initialnorm()call. (#2539)
v2.80.1 - 2022-01-26
Bugfixes
The embedded JsonStor added to the Cortex in
v2.80.0needed to have a stable iden for the Cell and and auth subsystem. This has been added. (#2536)
v2.80.0 - 2022-01-25
Features and Enhancements
Add a triple quoted string
'''syntax to Storm for defining multiline strings. (#2530)Add a JSONStor to the Cortex, and expose that in Storm for storing user related content. (#2530) (#2513)
Add durable user notifications to Storm that can be used to send and receive messages between users. (#2513)
Add a
leafargument to$node.tags()that causes the function to only return the leaf tags. (#2535)Add an error message in the default help text in pure Storm commands when a user provides additional arguments or switches, in addition to the
--helpswitch. (#2533)Update
synapse.tools.genpkgto automatically bundle Optic workflows from files on disk. (#2531)Expand Synapse requirements to include updated versions of the
packaging,pycryptomeandscalecodecmodules. (#2534)
Bugfixes
Add a missing
tostr()call to the Stormbackgroundquery argument. (#2532)
v2.79.0 - 2022-01-18
Features and Enhancements
Add
$lib.scrape.ndefs()and$lib.scrape.context()to scrape text. Thendefs()API yields a unique set of node form and value pairs, while thecontext()API yields node form, value, and context information for all matches in the text. (#2508)Add
:nameand:descproperties to theit:prod:softverform. (#2528)Update the
Layer.verify()routines to reduce false errors related to array types. The method now takes a dictionary of configuration options. These routines are in a beta status and are subject to change. (#2527)Allow setting a View’s parent if does not have an existing parent View and only has a single layer. (#2515)
Add
hxxp[:\\]andhxxps[:\\]to the list of known defanging strategies which are identified and replaced during text scraping. (#2526)Expand Synapse requirements to include updated versions of the
typing-extensionsmodule. (#2525)
Bugfixes
Deprecations
The
$lib.scrape()function has been deprecated in favor the new$lib.scrapelibrary functions. (#2508)
v2.78.0 - 2022-01-14
Automatic Migrations
Migrate Cortex nodes which may have been skipped in an earlier migration due to missing tagprop indexes. See Data Migration for more information about automatic migrations.
Features and Enhancements
Expand Synapse requirements to include updated versions of the
base58,cbor2,lmdb,pycryptodome,PyYAML,xxhash. (#2520)
Bugfixes
Improved Documentation
v2.77.0 - 2022-01-07
Features and Enhancements
Add Mach-O metadata support the file model. This includes the following new forms:
file:mime:macho:loadcmd,file:mime:macho:version,file:mime:macho:uuid,file:mime:macho:segment, andfile:mime:macho:section. (#2503)Add
it:screenshot,it:prod:hardware,it:prod:component,it:prod:hardwaretype, andrisk:mitigationforms to the model. Add:hardwareproperty torisk:hasvulnform. Add:hardwareproperty toit:hostform. The:manuand:modelsecondary properties onit:hosthave been deprecated. (#2514)The
guidtype now strips hyphen (-) characters when doing norm. This allows users to provide external UUID / GUID strings for use. (#2514)Add a
Axon.postfiles()to allow POSTing files as multi-part form encoded files over HTTP. This is also exposed through thefieldsargument on the Storm$lib.inet.http.post()and$lib.inet:http:requestAPIs. (#2516)Add
.yuccTLD to the list of TLDs identified by the Synapse scrape functionality. (#2518)Add
mesgarguments to all instances ofNoSuchPropexceptions. (#2519)
v2.76.0 - 2022-01-04
Features and Enhancements
Add
emitandstopkeywords to Storm. Theemitkeyword is used in functions to make them behave as generators, which can yield arbitrary values. Thestopkeyword can be used to prematurely end a function which isemit’ing values. (#2475)Add Storm Module Interfaces. This allows Storm Package authors to define common module interfaces, so that multiple modules can implement the API convention to provide a consistent set of data across multiple Storm modules. A
searchconvention is added to the Cortex, which will be used inlookupmode when thestorm:interface:searchconfiguration option is set. (#2475)Storm queries in
lookupmode now firelook:missevents into the Storm message stream when the lookup value contains a valid node value, but the node is not present in the current View. (#2475)Add a
:hostsecondary property torisk:hasvulnform to recordit:hostinstances which have a vulnerability. (#2512)Add
synapse.lib.scrapesupport for identifyingit:sec:cvevalues. (#2509)
Bugfixes
v2.75.0 - 2021-12-16
This release contains an automatic data migration that may cause additional startup time on the first boot. This is done to unique array properties which previously were not uniqued. Deployments with startup or liveliness probes should have those disabled while this upgrade is performed to prevent accidental termination of the Cortex process. Please ensure you have a tested backup available before applying this update.
Features and Enhancements
Update the following array properties to be unique sets, and add a data model migration to update the data at rest: (#2469)
biz:rfp:requirementscrypto:x509:cert:ext:sanscrypto:x509:cert:ext:crlscrypto:x509:cert:identities:fqdnscrypto:x509:cert:identities:emailscrypto:x509:cert:identities:ipv4scrypto:x509:cert:identities:ipv6scrypto:x509:cert:identities:urlscrypto:x509:cert:crl:urlsinet:whois:iprec:contactsinet:whois:iprec:linksinet:whois:ipcontact:rolesinet:whois:ipcontact:linksinet:whois:ipcontact:contactsit:account:groupsit:group:groupsit:reveng:function:impcallsit:reveng:filefunc:funccallsit:sec:cve:referencesrisk:vuln:cwestel:txtmesg:recipients
Add Layer index verification routines, to compare the Layer indices against the stored data for Nodes. This is exposed via the
.verify()API on the Stormtypeslayerobject. These routines are in a beta status and are subject to change. (#2488)The
.json()API oninet:http:respnow raises as_exc.BadJsonTextexception, which can be caught with the Stormtry ... catchsyntax. (#2500)Add
$lib.inet.ipv6.expand()to expand an IPv6 address to its long form. (#2502)Add
hasPathObj(),copyPathObj()andcopyPathObjs()APIs to theJsonStor. (#2438)Allow setting a custom title when making documentation for Cell
confdefswith thesynapse.tools.autodoctool. (#2504)Update the minimum version of the
aiohttplibrary tov3.8.1. (#2495)
Improved Documentation
Add content previously hosted at
commercial.docs.vertex.linkto the mainline Synapse documentation. This includes some devops information related to orchestration, information about Advanced and Rapid Power-Ups, information about the Synapse User Interface, as well as some support information. (#2498) (#2499) (#2501)Add
Synapse-MalshareandSynapse-TeamCymruRapid Power-Ups to the list of available Rapid Power-Ups. (#2506)Document the
jsonlinesoption for theapi/v1/stormandapi/v1/storm/nodesHTTP APIs. (#2505)
v2.74.0 - 2021-12-08
Features and Enhancements
Add
.onionand.bitto the TLD list used for scraping text. Update the TLD list from the latest IANA TLD list. (#2483) (#2497)Add support for writeback mirroring of layers. (#2463) (#2489)
Add
$lib.scrape()Stormtypes API. This can be used to do programmatic scraping of text using the same regular expressions used by the Stormscrapecommand and thesynapse.lib.scrapeAPIs. (#2486)Add a
jsonlinesoutput mode to Cortex streaming HTTP endpoints. (#2493)Add a
--rawargument to the Stormpkg.loadcommand. This loads the raw JSON response as a Storm package. (#2491)Add a
blockedenum to theproj:ticket:statusproperty to represent a blocked ticket. (#2490)
Bugfixes
Fix a behavior with
$pathlosing variables in pure Storm command execution. (#2492)
Improved Documentation
Update the description of the Storm
scrapecommand. (#2494)
v2.73.0 - 2021-12-02
Features and Enhancements
Add a Storm
runascommand. This allows admin users to execute Storm commands as other users. (#2473)Add a Storm
intersectcommand. This command produces the intersection of nodes emitted by running a Storm query over all inbound nodes to theintersectcommand. (#2480)Add
waitandtimeoutparameters to theAxon.hashes()and$lib.axon.list()APIs. (#2481)Add a
readonlyflag tosynapse.tools.genpkg.loadPkgProto()andsynapse.tools.genpkg.tryLoadPkgProto()APIs. If set toTruethis will open files in read only mode. (#2485)Allow Storm Prim objects to be capable of directly yielding nodes when used in
yieldstatements. (#2479)Update the StormDmon subsystem to add debug log information about state changes, as well as additional data for structured logging output. (#2455)
Bugfixes
Catch a fatal application error that can occur in the Cortex if the forked process pool becomes unusable. Previously this would cause the Cortex to appear unresponsive for executing Storm queries; now this causes the Cortex to shut down gracefully. (#2472)
Fix a Storm path variable scoping issue where variables were improperly scoped when nodes were passed into pure Storm commands. (#2459)
v2.72.0 - 2021-11-23
Features and Enhancements
Bugfixes
Update the
asyncio-socksversion to a version which has a pinned version range for thepython-socksdependency. (#2478)
v2.71.1 - 2021-11-22
Bugfixes
Update the
PyOpenSSLversion to21.0.0and pin a range of modern versions of thecryptographywhich have stronger API compatibility. This resolves an API compatibility issue with the two libraries which affected SSL certificate generation. (#2476)
v2.71.0 - 2021-11-19
Features and Enhancements
Add support for asynchronous triggers. This mode of trigger operation queues up the trigger event in the View for eventual processing. (#2464)
Update the crypto model to add a
crypto:smart:tokenform to represent a token managed by a smart contract. (#2462)Add
$lib.axon.readlines()and$lib.axon.jsonlines()to Stormtypes. (#2468)Add the Storm
modeto the structured log output of a Cortex executing a Storm query. (#2466)
Bugfixes
Fix an error when converting Lark exceptions to Synapse
BadSyntaxError. (#2471)
Improved Documentation
Deprecations
Remove
$path.trace()objects. (#2445)
v2.70.1 - 2021-11-08
Bugfixes
Improved Documentation
Update the Storm Control Flow documentation with additional examples. (#2443)
v2.70.0 - 2021-11-03
Features and Enhancements
Add
:dst:handshakeandsrc:handshakeproperties toinet:flowto record text representations of the handshake strings of a given connection. (#2451)Add a
proj:attachmentform to theprojectmodel to represent attachments to a givenproj:ticket. (#2451)Add a implicit wildcard behavior to the
timetype when lifting or filtering nodes. Dates ending in a*are converted into ranges covering all possible times in them. For example,.created=202101*would lift all nodes created on the first month of 2021. (#2446)Add the following
$lib.timefunctions to chop information from a time value. (#2446)$lib.time.year()$lib.time.month()$lib.time.day()$lib.time.hour()$lib.time.minute()$lib.time.second()$lib.time.dayofweek()$lib.time.dayofmonth()$lib.time.monthofyear()
Add
List.extend(),List.slice(),Str.find(), andStr.size()functions to Stormtypes. (#2450) (#2451)Add
$lib.json.schema()and ajson:schemaobject to Stormtypes. These can be used to validate arbitrary data JSON structures in Storm using JSON Schema. (#2448)Update syntax checking rules and address deprecation warnings for strings in the Synapse codebase. (#2426)
v2.69.0 - 2021-11-02
Features and Enhancements
v2.68.0 - 2021-10-29
Features and Enhancements
Add
crypto:currency:transaction,crypto:currency:block,crypto:smart:contractandecon:acct:balancforms. (#2423)Add
$lib.hex.decode()and$lib.hex.encode()Stormtypes functions to encode and decode hexidecimal data as bytes. Addslice()andunpack()methods to the Storm Bytes object. (#2441)Add
$lib.yamland$lib.xmlStormtypes libraries for interacting with YAML and XML text, respectively. (#2434)Add a Storm
versioncommand to show the user the current version of Synapse the Cortex is using. (#2440)
Bugfixes
Fix overzealous
ifstatement caching in Storm. (#2442)
v2.67.0 - 2021-10-27
Features and Enhancements
Add
$node.addEdge()and$node.delEdge()APIs in Storm to allow for programatically setting edges. Add areverseargument to$node.edges()that allows traversing edges in reverse. (#2351)
Bugfixes
Fix a pair of regressions related to unicode/IDNA support for scraping and normalizing FQDNs. (#2436)
Improved Documentation
Add documentation for the Cortex
api/v1/storm/callHTTP API endpoint. (#2435)
v2.66.0 - 2021-10-26
Features and Enhancements
Improve unicode/IDNA support for scraping and normalizing FQDNs. (#2408)
Add
$lib.inet.http.ouathto support OAuth based workflows in Storm, starting with OAuth v1.0 support. (#2413)Replace
pysha3requirement withpycryptodome. (#2422)Add a
tls:ca:dirconfiguration option to the Cortex and Axon. This can be used to provide a directory of CA certificate files which are used in Storm HTTP API and Axon wget/wput APIs. (#2429)
Bugfixes
Catch and raise bad ctors given in RStorm
storm-cortexdirectives. (#2424)Fix an issue with the
cron.atcommand not properly capturing the current view when making the Cron job. (#2425)Disallow the creation of extended properties, universal properties, and tag properties which are not valid properties in the Storm grammar. (#2428)
Fix an issue with
$lib.guid()missing atoprim()call on its input. (#2421)
Improved Documentation
Update our Cell devops documentation to note how to replace the TLS keypair used by the built in webserver with third party certificates. (#2432)
v2.65.0 - 2021-10-16
Features and Enhancements
Add support for interacting with IMAP email servers though Storm, using the
$lib.inet.imap.connect()function. This returns a object that can be used to delete, read, and search emails in a given IMAP mailbox. (#2399)Add a new Storm command,
once. This command can be used to ‘gate’ a node in a Storm pipeline such that the node only passes through the command exactly one time for a given named ‘gate’. The gate information is stored in nodedata, so it is inspectable and subject to all other features that apply to nodedata. (#2404)Add a
:releasedproperty toit:prod:softverto record when a software version was released. (#2419)Add a
tryLoadPkgProtoconvenience function to thesynapse.tools.genpkgfor Storm service package generation with inline documentation. (#2414)
Bugfixes
Improved Documentation
v2.64.1 - 2021-10-08
Bugfixes
v2.64.0 - 2021-10-06
Features and Enhancements
Add support for scraping the following cryptocurrency addresses to the
synapse.lib.scrapeAPIs and Stormscrapecommand. (#2387) (#2401)Bitcoin
Bitcoin Cash
Ethereum
Ripple
Cardano
Polkadot
The internal cache of regular expressions in the
synapse.lib.scrapelibrary is also now a private member; API users should use thesynapse.lib.scrape.scrape()function moving forward.Add
:namesproperty to theit:mitre:attack:softwareform. (#2397)Add a
:descproperty to theinet:whois:iprecform. (#2392)Added several new Rstorm directives. (#2359) (#2400)
storm-cli- Runs a Storm query with the Storm CLI toolstorm-fail- Toggles whether or not the following Storm command should fail or not.storm-multiline- Allows embedding a multiline Storm query as a JSON encoded string for future execution.storm-vcr-callback- Allows specifying a custom callback which a VCR object is sent too.
Bugfixes
Improved Documentation
Storm reference docs have been converted from Jupyter notebook format to Synapse
.rstormformat, and now display examples using the Storm CLI tool, instead of the Cmdr CLI tool. (#2359)
v2.63.0 - 2021-09-29
Features and Enhancements
Bugfixes
Fix the repr for the``auth:user`` Stormtype when printing a user object in Storm. (#2383)
v2.62.1 - 2021-09-22
Bugfixes
Fix an issue in the Nexus log V1 to V2 migration code which resulted in LMDB file copies being made instead of having directories renamed. This can result in a sparse file copy of the Nexus log, resulting in a condition where the volume containing the Cell directory may run out of space. (#2374)
v2.62.0 - 2021-09-21
Features and Enhancements
Add APIs to support trimming, rotating and culling Nexus logs from Cells with Nexus logging enabled. These operations are distributed to downstream consumers, of the Nexus log (e.g. mirrors). For the Cortex, this can be invoked in Storm with the
$lib.cell.trimNexsLog()Stormtypes API. The Cortex devops documentation contains more information about Nexus log rotation. (#2339) (#2371)Add
.size()API to the Stormtypesstorm:queryobject. This will run the query and return the number of nodes it would have yielded. (#2363)
Improved Documentation
Document the tag glob meanings on the Stormtypes
$node.tags()API. (#2368)
v2.61.0 - 2021-09-17
Features and Enhancements
Add a
!exportcommand to the Storm CLI to save query results to a.nodesfile. (#2356)Add
$lib.cell.hotFixesCheck()and$lib.cell.hotFixesApply()Stormtypes functions. These can be used to apply optional hotfixes to a Cortex on demand by an admin. (#2348)Add
$lib.infosec.cvss.calculateFromProps()to allow calculating a CVSS score from a dictionary of CVSS properties. (#2353)Add
$node.data.has()API to Stormtypes to allow easy checking if a node has nodedata for a given name. (#2350)
Bugfixes
Improved Documentation
Add link to the Power-Ups blog post from the Cortex dev-ops documentation. (#2357)
v2.60.0 - 2021-09-07
Features and Enhancements
Add new
risk:compromiseandrisk:compromisetypeforms. Addattacker,compromise, andtargetsecondary properties to therisk:attackform. (#2348)
Bugfixes
Add a missing
wait()call when calling theCoreApi.getAxonUpload()andCoreApi.getAxonBytes()Telepath APIs. (#2349)
Deprecations
Deprecate the
actor:org,actor:person,target:organdtarget:personproperties onrisk:attackin favor of newattackerandtargetsecondary properties. Deprecate thetypeproperty onou:campaignin favor of thecamptypeproperty. (#2348)
v2.59.0 - 2021-09-02
Features and Enhancements
Add a new Storm command,
pkg.docs, to enumerate any documentation that has been bundled with a Storm package. (#2341)Add support for manipulating
'proj:commentnodes via Stormtypes. (#2345)Add
Axon.wput()and$lib.axon.wput()to allow POSTing a file from an Axon to a given URL. (#2347)Add
$lib.export.toaxon()to allow exporting a.nodesfile directly to an Axon based on a given storm query and opts. (#2347)The
synapse.tools.feedtool now accepts a--viewargument to feed data to a specific View. (#2342)The
synapse.tools.feedtool now treats.nodesfiles as msgpack files for feeding data to a Cortex. (#2343)When the Storm
helpcommand has an argument without any matching commands, it now prints a helpful message. (#2338)
Bugfixes
v2.58.0 - 2021-08-26
Features and Enhancements
Add
!pushfile,!pullfile, and!runfilecommands to thesynapse.tools.stormtool. (#2334)Add multiname SNI support to
ssl://listening configurations for the Daemon. (#2336)Add a new Cortex HTTP API Endpoint,
/api/v1/feed. This can be used to add nodes to the Cortex in bulk. (#2337)Refactor the
syn.nodesfeed API implementation to smooth out the ingest rate. (#2337)Sort the Storm Package commands in documentation created by
synpse.tools.autodocalphabetically. (#2335)
Deprecations
Deprecate the
syn.splicesandsyn.nodedatafeed API formats. (#2337)
v2.57.0 - 2021-08-24
Features and Enhancements
Add a basic
synapse.tools.stormCLI tool. This can be used to connect to a Cortex via Telepath and directly execute Storm commands. (#2332)Add an
inet:http:sessionform to track the concept of a prolonged session a user may have with a webserver across multiple HTTP requests. Add an:success` property to the ``ou:campaignform to track if a campaign was sucessful or not. Add an:goalproperty to therisk:attackform to track the specific goal of the attack. Add an:descproperty to theproj:projectform to capture a description of the project. (#2333)
Bugfixes
Fix an issue with
synapse.lib.rstormwhere multiline node properties could produce RST which did not render properly. (#2331)
Improved Documentation
Clean up the documentation for the Storm
wgetcommand. (#2325)
v2.56.0 - 2021-08-19
Features and Enhancements
Refactor some internal Axon APIs for downstream use. (#2330)
Bugfixes
Resolve an ambiguity in the Storm grammar with yield statement and dollar expressions inside filter expression. There is a slight backwards incompatibility with this change, as dollar expressions insider of filter expressions now require a
$prepended where before it was optional. (#2322)
v2.55.0 - 2021-08-18
Features and Enhancements
Add
$node.props.set()Stormtypes API to allow programmatically setting node properties. (#2324)Deny non-runtsafe invocations of the following Storm commands: (#2326)
graphidenmovetagparallelteetree
Add a
Axon.hashset()API to get the md5, sha1, sha256 and sha512 hashes of file in the Axon. This is exposed in Stormtypes via the$lib.bytes.hashset()API. (#2327)Add the
synapse.servers.stemcellserver and a new Docker image,vertexproject/synaspe-stemcell. The Stemcell server is similar to thesynapse.servers.cellserver, except it resolves the Cell ctor from thecell:ctorkey from thecell.yamlfile, or from theSYN_STEM_CELL_CTORenvironment variable. (#2328)
v2.54.0 - 2021-08-05
Features and Enhancements
Add
storm-envvardirective to RST preprocessor to include environment variables instorm-predirective execution context. (#2321)Add new
diffstorm command to allow users to easily lift the set of nodes with changes in the top layer of a forked view. Also adds the--no-tagsoption to themergecommand to allow users to omittag:addnode edits and newly constructedsyn:tagnodes when merging selected nodes. (#2320)Adds the following properties to the data model: (#2319)
biz:deal:buyer:orgbiz:deal:buyer:orgnamebiz:deal:buyer:orgfqdnbiz:deal:seller:orgbiz:deal:seller:orgnamebiz:deal:seller:orgfqdnbiz:prod:madeby:orgbiz:prod:madeby:orgnamebiz:prod:madeby:orgfqdnou:opening:postedou:opening:removedou:org:vitals
Updates
storm-mock-httpto support multiple HTTP requests/responses in RST preprocessor. (#2317)
v2.53.0 - 2021-08-05
This release contains an automatic data migration that may cause additional startup time on the first boot. This is done to unique array properties which previously were not uniqued. Deployments with startup or liveliness probes should have those disabled while this upgrade is performed to prevent accidental termination of the Cortex process. Please ensure you have a tested backup available before applying this update.
Features and Enhancements
Add an
embedsoption to Storm to allow extracting additional data when performing queries. (#2314)Enforce node data permissions at the Layer boundary. Remove the
node.data.getandnode.data.listpermissions. (#2311)Add
auth.self.set.email,auth.self.set.name,auth.self.set.passwdpermissions on users when changing those values. These permissions default to being allowed, allowing a rule to be created that can deny users from changing these values. (#2311)Add
$lib.inet.smtpto allow sending email messages from Storm. (#2315)Warn if a LMDB commit operation takes too long. (#2316)
Add new data types,
taxonandtaxonomy, to describe hierarchical taxonomies. (#2312)Add a new Business Development model. This allows tracking items related to contract, sales, and purchasing lifecycles. This adds the following new forms to the data model:
biz:dealtype,biz:prodtype,biz:dealstatus,biz:rfp,biz:deal,biz:bundle,biz:product, andbiz:stake. The Org model is also updated to add new forms for supporting parts of the business lifecycle, addingou:jobtype,ou:jobtitle,ou:employment,ou:opening,ou:vitals,ou:camptype, andou:orgtype,ou:conttypeforms. The Person model got a new form,ps:workhist. (#2312)Add a
:deletedproperty toinet:web:post. (#2312)Update the following array properties to be unique sets, and add a data model migration to update the data at rest: (#2312)
edu:course:prereqsedu:class:assistantsou:org:subsou:org:namesou:org:dns:mxou:org:locationsou:org:industriesou:industry:sicou:industry:subsou:industry:isicou:industry:naicsou:preso:sponsorsou:preso:presentersou:conference:sponsorsou:conference:event:sponsorsou:conference:attendee:rolesou:conference:event:attendee:rolesou:contract:typesou:contract:partiesou:contract:requirementsou:position:reportsps:person:namesps:person:nicksps:persona:namesps:persona:nicksps:education:classesps:contactlist:contacts
Bugfixes
Prevent renaming the
allrole. (#2313)
Improved Documentation
Add documentation about Linux kernel parameteres which can be tuned to affect Cortex performance. (#2316)
v2.52.1 - 2021-07-30
Bugfixes
Fix a display regression when enumerating Cron jobs with the Storm
cron.listcommand. (#2309)
v2.52.0 - 2021-07-29
Features and Enhancements
Add a new specification for defining input forms that a pure Storm command knows how to natively handle. (#2301)
Add
Lib.reverse()andLib.sort()methods to Stormtypes API. (#2306)Add
View.parentproperty in Stormtypes API. (#2306)Support Telepath Share objects in Storm. (#2293)
Allow users to specify a view to run a cron job against, move a cron job to a new view, and update permission check for adding/moving cron jobs to views. (#2292)
Add CPE and software name infomation to the
inet:flowform. Addit:av:prochit,it:exec:thread,it:exec:loadlib,it:exec:mmap,it:app:yara:procmatchforms to the infotech model. Add:namesarrays toit:prod:softandit:prod:softverforms to assist in entity resolution of software. Add arisk:alertform to the risk model to allow for capturing arbitrary alerts. (#2304)Allow Storm packages to specify other packages they require and possible conflicts would prevent them from being installed in a Cortex. (#2307)
Bugfixes
v2.51.0 - 2021-07-26
Features and Enhancements
Add a
--sizeoption to the Stormdivertcommand to limit the number of times the generator is iterated. (#2297)Add a
permskey to the pure Storm command definition. This allows for adding intuitive permission boundaries for pure Storm commands which are checked prior to command execution. (#2297)Allow full properties with comparators when specifying the destination or source when walking light edges. (#2298)
Bugfixes
Fix an issue with LMDB slabs not being backed up if their directories did not end in
.lmdb. (#2296)
v2.50.0 - 2021-07-22
Features and Enhancements
Add
.cacheget()andcacheset()APIs to the Stormnode:dataobject for easy caching of structured data on nodes based on time. (#2290)Make the Stormtypes unique properly with a Set type. This does disallow the use of mutable types such as dictionaries inside of a Set. (#2225)
Skip executing non-runtsafe commands when there are no inbound nodes. (#2291)
Add
asroot:permskey to Storm Package modules. This allows package authors to easily declare permissions their packages. Add Storm commandsauth.user.add,auth.role.add,auth.user.addrule,auth.role.addrule, andpkg.perms.listto help with some of the permission management. (#2294)
v2.49.0 - 2021-07-19
Features and Enhancements
Add a
idenparameter when creating Cron jobs to allow the creation of jobs with stable identifiers. (#2264)Add
$lib.cellStormtypes library to allow for introspection of the Cortex from Storm for Admin users. (#2285)Change the Telepath Client connection loop error logging to log at the Error level instead of the Info level. (#2283)
Make the tag part normalization more resilient to data containing non-word characters. (#2289)
Add
$lib.tags.prefix()Stormtypes to assist with normalizing a list of tags with a common prefix. (#2289)Do not allow the Storm
divertcommand to work with non-generator functions. (#2282)
Bugfixes
Fix an issue with Storm command execution with non-runtsafe options. (#2284)
Log when the process pool fails to initialize. This may occur in certain where CPython multiprocessing primitives are not completely supported. (#2288)
In the Telepath Client, fix a race condition which could have raised an AttributeError in Aha resolutions. (#2286)
Prevent the reuse of a Telepath Client object when it has been fini’d. (#2286)
Fix a race condition in the Aha server when handling distributed changes which could have left the service in a desynchronized state. (#2287)
Improved Documentation
Update the documentation for the
synapse.tools.feedtool. (#2279)
v2.48.0 - 2021-07-13
Features and Enhancements
Add a Storm
divertcommand to ease the implementation of--yieldconstructs in Storm commands. This optionally yields nodes from a generator, or yields inbound nodes, while still ensuring the generator is conusmed. (#2277)Add Storm runtime debug tracking. This is a boolean flag that can be set or unset via
$lib.debug. It can be used by Storm packages to determine if they should take extra actions, such as additional print statements, without needing to track additional function arguments in their implementations. (#2278)
Bugfixes
v2.47.0 - 2021-07-07
Features and Enhancements
Add
$lib.regex.replace()Stormtypes API to perform regex based replacement of string parts. (#2274)Add universal properties to the dictionary returned by
Cortex.getModelDict()as aunivskey. (#2276)Add additional
asyncio.sleep(0)statements toLayer._storNodeEditsto improve Cortex responsiveness when storing large numbers of edits at once. (#2275)
v2.46.0 - 2021-07-02
Features and Enhancements
Update the Cortex
storm:log:levelconfiguration value to accept string values such asDEBUG,INFO, etc. The default log level for Storm query logs is nowINFOlevel. (#2262)Add
$lib.regex.findall()Stormtypes API to find all matching parts of a regular expression in a given string. (#2265)Add
$lib.inet.http.head()Stormtypes API to perform easy HEAD requests, andallow_redirectsarguments to existinglib.inet.httpAPIs to allow controlling the redirect behavior. (#2268)Add
$lib.storm.eval()API to evaluate Storm values from strings. (#2269)Add
getSystemInfo()andgetBackupInfo()APIS to the Cell for getting useful system information. (#2267)Allow lists in rstorm bodies. (#2261)
Add a
:descsecondary property to theproj:sprintform. (#2261)Call _normStormPkg in all loadStormPkg paths, move validation to post normalization and remove mutation in validator (#2260)
Add
SYN_SLAB_COMMIT_PERIODenvironment variable to control the Synapse slab commit period. Addlayer:lmdb:max_replay_logCortex option to control the slab replay log size. (#2266)Update Ahacell log messages. (#2270)
Bugfixes
Fix an issue where the
Trigger.pack()method failed when the user that created the trigger had been deleted. (#2263)
Improved Documentation
Update the Cortex devops documentation for the Cortex to document the Storm query logging. Update the Cell devops documentation to explain the Cell logging and how to enable structured (JSON) logging output. (#2262)
Update Stormtypes API documentation for
bool,proj:epic,proj:epics,proj:ticket,proj:tickets,proj:sprint,proj:sprints,proj:project,stix:bundletypes. (#2261)
v2.45.0 - 2021-06-25
Features and Enhancements
Add a application level process pool the base Cell implemenation. Move the processing of Storm query text into the process pool. (#2250) (#2259)
Minimize the re-validation of Storm code on Cortex boot. (#2257)
Add the
ou:presoform to record conferences and presentations. Add astatussecondary property to theit:mitre:attack:techniqueform to track if techniques are current, deprecated or withdrawn. (#2254)
Bugfixes
Remove incorrect use of
cmdoptsin Storm command definitions unit tests. (#2258
v2.44.0 - 2021-06-23
This release contains an automatic data migration that may cause additional
startup time on the first boot. This only applies to a Cortex that is using
user defined tag properties or using ps:person:name properties.
Deployments with startup or liveliness probes should have those disabled while
this upgrade is performed to prevent accidental termination of the Cortex
process. Please ensure you have a tested backup available before applying this
update.
Features and Enhancements
Add a
.move()method on Stormtypestriggerobjects to allow moving a Trigger from one View to another View. (#2252)When the Aha service marks a service as down, log why that service is being marked as such. (#2255)
Add
:budget:priceproperty to theou:contractform. Add:settledproperty to theecon:purchaseform. (#2253
Bugfixes
v2.43.0 - 2021-06-21
Features and Enhancements
Add a
.typestring to the Stormtypesauth:gateobject to allow a user to identify the type of auth gate it is. (#2238)Add
$lib.user.idenreference to the Stormtype$lib.userto get the iden of the current user executing Storm code. (#2236)Add a
--no-buildoption tosynapse.tools.genpkgto allow pushing an a complete Storm Package file. (#2231) (#2232) (#2233)The Storm
movetagcommand now checks for cycles when setting thesyn:tag:isnowproperty. (#2229)Deprecate the
ou:org:hasform, in favor of using light edges for storing those relationships. (#2234)Add a
descriptionproperty to theou:industryform. (#2239)Add a
--nameparameter to the Stormtrigger.addcommand to name triggers upon creation. (#2237)Add
regxto theBadTypeValuexception of thestrtype when a regular expression fails to match. (#2240)Consolidate Storm parsers to a single Parser object to improve startup time. (#2247)
Improve error logging in the Cortex
callStorm()andstorm()APIs. (#2243)Add
from:contract,to:contract, andmemoproperties to theecon:acct:paymentform. (#2248)Improve the Cell backup streaming APIs link cleanup. (#2249)
Bugfixes
Improved Documentation
v2.42.2 - 2021-06-11
Bugfixes
Protect against a few possible RuntimeErrors due to dictionary sizes changing during iteration. (#2227)
Fix StormType
Liblookups with imported modules which were raising aTypeErrorinstead of aNoSuchNameerror. (#2228)Drop old Storm Packages if they are present when re-adding them. This fixes an issue with runtime updates leaving old commands in the Cortex. (#2230)
v2.42.1 - 2021-06-09
Features and Enhancements
Add a
--no-docsoption to thesynapse.tools.genpkgtool. When used, this not embed inline documentation into the generated Storm packages. (#2226)
v2.42.0 - 2021-06-03
Features and Enhancements
Bugfixes
Fix an issue in the JsonStor cell where there were missing fini calls. (#2223)
Add a missing timeout to an
getAhaSvc()call. (#2224)Change how tagprops are serialized to avoid a issue with sending packed nodes over HTTP APIs. This changes the packed node structure of tagprops from a dictionary keyed with
(tagname, propertyname)to a dictionary keyed off of thetagname, which now points to a dictionary containing thepropertynamewhich represents the value of the tagprop. (#2221 <https://github.com/vertexproject/synapse/pull/2221>`_)
v2.41.1 - 2021-05-27
Bugfixes
Add PR
#2117to bugfix list in CHANGLOG.rst for v2.41.0 :D
v2.41.0 - 2021-05-27
Features and Enhancements
Add an
it:cmdform and update theit:exec:proc:cmdproperty to use it. This release includes an automatic data migration on startup to update theit:exec:proc:cmdon any existingit:exec:procnodes. (#2219)
Bugfixes
v2.40.0 - 2021-05-26
Features and Enhancements
Add a
--parallelswitch to theteeStorm command. This allows for all of the Storm queries provided to theteecommand to execute in parallel, potentially producing a mixed output stream of nodes. (#2209)Convert the Storm Runtime object in a Base object, allowing for reference counted Storm variables which are made from Base objects and are properly torn down. (#2203)
Add
$lib.inet.http.connect()method which creates a Websocket object inside of Storm, allowing a user to send and receive messages over a websocket. (#2203)Support pivot join operations on tags. (#2213)
Add
stormrepr()implementation forsynapse.lib.stormtypes.Lib, which allows for$lib.print()to display useful strings for Storm Libraries and imported modules. (#2212)Add a storm API top updated a user name. (#2214)
Bugfixes
Fix the logger name for
synapse.lib.aha. (#2210)Log
ImportErrorexceptions insynapse.lib.dyndeps.getDynMod. This allows easier debugging when using thesynapse.servers.cellserver when running custom Cell implementations. (#2211)Fix an issue where a Storm command which failed to set command arguments successfully would not teardown the Storm runtime. (#2212)
v2.39.1 - 2021-05-21
Bugfixes
Fix an issue with referencing the Telepath user session object prior to a valid user being set. (#2207)
v2.39.0 - 2021-05-20
Features and Enhancements
Add more useful output to Storm when printing heavy objects with
$lib.print(). (#2185)Check rule edits for roles against provided authgates in Storm. (#2199)
Add
Str.rsplit()and maxsplit arguments tosplit()/rsplit()APIs in Storm. (#2200)Add default argument values to the output of Storm command help output. (#2198)
Add a
syn:tag:partType and allow thesyn:tagtype to normalize a list of tag parts to create a tag string. This is intended to be used with the$lib.cast()function in Storm. (#2192)Add debug logging to the Axon for reading, writing, or deleting of blobs. (#2202)
Add a timeout argument to the
$lib.inet.httpfunctions. The functions will all now always return ainet:http:respobject; if the.codeis -1, an unrecoverable exception occurred while making the request. (#2205)Add support for embedding a logo and documentation into a Storm Package. (#2204)
Bugfixes
v2.38.0 - 2021-05-14
Features and Enhancements
Remove trigger inheritance from Views. Views will now only execute triggers which are created inside of them. (#2189)
Remove read-only property flags from secondary properties on
file:bytesnodes. (#2191)Add a simple
it:log:eventform to capture log events. (#2195)Add structured logging as an option for Synapse Cells. When enabled, this produces logs as JSONL sent to stderr. This can be set via the
SYN_LOG_STRUCTenvironment variable, or adding the--structured-loggingcommand line switch. (#2179)Add a
nodes.importcommand to import a.nodesfile from a URL. (#2186)Allow the
desckey to View and Layer objects in Storm. This can be used to set descriptions for these objects. (#2190)Use the gateiden in Storm auth when modifying rules; allowing users to share Views and Layers with other users. (#2194)
Bugfixes
Fix an issue with Storm Dmon deletion not behaving properly in mirror configurations. (#2188)
Explicitly close generators in Telepath where an exception has caused the generator to exit early. (#2183)
Fix an issue where a trigger owner not having access to a view would cause the Storm pipeline to stop. (#2189)
v2.37.0 - 2021-05-12
Features and Enhancements
Add a
file:mime:imageinterface to the Synapse model for recording MIME specific metadata from image files. (#2187)Add
file:mime:jpg,file:mime:tiff,file:mime:gifandfile:mime:pngspecific forms for recording metadata of those file types. (#2187)Add
$lib.pkg.has()Stormtype API to check for for the existence of a given Storm package by name. (#2182)All
None / $lib.nullas input to setting a user password. This clears the password and prevents a user from being able to login. (#2181)Grab any Layer push/pull offset values when calling
Layer.pack(). (#2184)Move the retrieval of
https:headersfrom HTTP API handlers into a function so that downstream implementers can redirect where the extra values are retrieved from. (#2187)
Bugfixes
Fix an issue which allowed for deleted Storm Packages to be retrieved from memory. (#2182)
v2.36.0 - 2021-05-06
Features and Enhancements
Add
risk:vulnsupport to the default Stix 2.1 export, and capture vulnerability information used by threat actors and in campaigns. Add the ability to validate Stix 2.1 bundles to ensure that they are Stix 2.1 CS02 compliant. Add the ability to lift Synapse nodes based on bundles which were previously exported from Synapse. The lift feature only works with bundles created with Synapse v2.36.0 or greater. (#2174)Add a
Str.upper()function for uppercasing strings in Storm. (#2174)Automatically bump a user’s StormDmon’s when they are locked or unlocked. (#2177)
Add Storm Package support to
synapse.tools.autodocsand update the rstorm implementation to capture additional directives. (#2172)Tighten lark-parser version requirements. (#2175)
Bugfixes
Fix reported layer size to represent actual disk usage. (#2173)
v2.35.0 - 2021-04-27
Features and Enhancements
Add
:issuer:certand:selfsignedproperties to thecrypto:x509:certform to enable modeling X509 certificate chains. (#2163)Add a
https:headersconfiguration option to the Cell to allow setting arbitrary HTTP headers for the Cell HTTP API server. (#2164)Update the Cell HTTP API server to have a minimum TLS version of v1.2. Add a default
/robots.txtroute. AddX-XSS=ProtectionandX-Content-Type-Optionsheaders to the default HTTP API responses. (#2164)Update the minimum version of LMDB to
1.2.1. (#2169)
Bugfixes
Improve the error message for Storm syntax error handling. (#2162)
Update the layer byarray index migration to account for arrays of
inet:fqdnvalues. (#2165) (#2166)Update the
vertexproject/synapse-aha,vertexproject/synapse-axon,vertexproject/synapse-cortex, andvertexproject/synapse-cryotankDocker images to usetinias a default entrypoint. This fixes an issue where signals were not properly being propagated to the Cells. (#2168)Fix an issue with enfanged indicators which were not properly being lifted by Storm when operating in
lookupmode. (#2170)
v2.34.0 - 2021-04-20
Features and Enhancements
Storm function definitions now allow keyword arguments which may have default values. These must be read-only values. (#2155) (#2157)
Add a
getCellInfo()API to theCellandCellAPIclasses. This returns metadata about the cell, its version, and the currently installed Synapse version. Cell implementers who wish to expose Cell specific version information must adhere to conventiosn documented in the API docstrings of the function. (#2151)Allow external Storm modules to be added in genpkg definitions. (#2159)
Bugfixes
The
$lib.layer.get()Stormtypes returned the top layer of the default view in the Cortex when called with no arguments, instead of the top layer of the current view. This now returns the top layer of the current view. (#2156)Avoid calling
applyNodeEditwhen editing a tag on a Node and there are no edits to make. (#2161)
Improved Documentation
Fix typo in docstrings from
$lib.model.tagsStormtypes. (#2160)
v2.33.1 - 2021-04-13
Bugfixes
Fix a regression when expanding list objects in Storm. (#2154)
v2.33.0 - 2021-04-12
Features and Enhancements
Add CWE and CVSS support to the
risk:vulnform. (#2143)Add a new Stormtypes library,
$lib.infosec.cvss, to assist with parsing CVSS data, computing scores, and updatingrisk:vulnnodes. (#2143)Add ATT&CK, CWD, and CPE support to the IT model. (#2143)
Add
it:network,it:domain,it:account,it:groupandit:loginguid forms to model common IT concepts. (#2096)Add a new model,
project, to model projects, tickets, sprints and epics. The preliminary forms for this model includeproj:project,proj:sprint,proj:ticket,proj:comment, andprojec:project. (#2096)Add a new Stormtypes library,
$lib.project, to assist with using the project model. The API is provisional. (#2096)Allow lifting
guidtypes with the prefix (^=) operator. (#2096)Add
ou:contest:result:urlto record where to find contest results. (#2144)Allow subquery as a value in additional places in Storm. This use must yield exactly one node. Secondary property assignments to array types may yield multiple nodes. (#2137)
Tighten up Storm iterator behavior on the backend. This should not have have user-facing changes in Storm behavior. (#2148) (#2096)
Update the Cell backup routine so that it blocks the ioloop less. (#2145)
Expose the remote name and version of Storm Services in the
service.listcommand. (#2149)Move test deprecated model elements into their own Coremodule. (#2150)
Update
larkdependency. (#2146)
Bugfixes
v2.32.1 - 2021-04-01
Features and Enhancements
Bugfixes
Do not allow light edge creation on runt nodes. (#2136)
Fix backup test timeout issues. (#2141)
Fix the
synapse.lib.msgpack.en()function so that now raises the correct exceptions when operating in fallback mode. (#2140)Fix the
Snap.addNodes()API handling of deprecated model elements when doing bulk data ingest. (#2142)
v2.32.0 - 2021-03-30
Features and Enhancements
Increase the verbosity of logging statements related to Cell backup operations. This allows for better visibility into what is happening while a backup is occurring. (#2124)
Add Telepath and Storm APIs for setting all the roles of a User at once. (#2127)
Expose the Synapse package commit hash over Telepath and Stormtypes. (#2133)
Bugfixes
Increase the process spawn timeout for Cell backup operations. Prevent the Cell backup from grabbing lmdb transactions for slabs in the cell local tmp directory. (#2124)
v2.31.1 - 2021-03-25
Bugfixes
Fix a formatting issue preventing Python packages from being uploaded to PyPI. (#2131)
v2.31.0 - 2021-03-24
Features and Enhancements
Add initial capability for exporting STIX 2.1 from the Cortex. (#2120)
Refactor how lift APIs are implemented, moving them up to the Cortex itself. This results in multi-layer lifts now yielding nodes in a sorted order. (#2093) (#2128)
Add
$lib.range()Storm function to generate ranges of integers. (#2122)Add an
errokoption to the$lib.time.parse()Storm function to allow the function to return$lib.nullif the time string fails to parse. (#2126)Don’t execute Cron jobs, Triggers, or StormDmons for locked users. (#2123) (#2129)
The
gitcommit hash is now embedded into thesynapse.lib.versionmodule when building PyPi packages and Docker images. (#2119)
Improved Documentation
Update Axon wget API documentation to note that we always store the body of the HTTP response, regardless of status code. (#2125)
v2.30.0 - 2021-03-17
Features and Enhancements
Add
$lib.trycast()to allow for Storm control flow based on type normalization. (#2113)
Bugfixes
Resolve a bug related to pivoting to a secondary property that is an array value. (#2111)
Fix an issue with Aha and persisting the online state of services upon startup. (#2103)
Convert the type of
inet:web:acct:singup:client:ipv6from ainet:ipv4to aninet:ipv6. (#2114)Fix an idempotency issue when deleting a custom form. (#2112)
Improved Documentation
v2.29.0 - 2021-03-11
This release includes a Cortex storage Layer bugfix. It does an automatic upgrade upon startup to identify and correct invalid array index values. Depending on time needed to perform this automatic upgrade, the Cortex may appear unresponsive. Deployments with startup or liveliness probes should have those disabled while this upgrade is performed to prevent accidental termination of the Cortex process.
Features and Enhancements
Bugfixes
Fix an issue with Array property type deletion not properly deleting values in the
byarrayindex. This requires an automatic data migration done at Cortex startup to remove extra index values which may be present in the index. (#2104) (#2106)Fix issues with using the Storm
?=operator with types which can generate multiple values from a given input string when making nodes. (#2105) (#2107)
Improved Documentation
v2.28.1 - 2021-03-08
Bugfixes
Improved Documentation
v2.28.0 - 2021-02-26
Features and Enhancements
Add
String.reverse()Stormtypes API to reverse a string. (#2086)Add Cell APIs for streaming compressed backups. (#2084) (#2091)
Refactor
snap.addNodes()to reduce the transaction count. (#2087) (#2090)Add
$lib.axon.list()Stormtypes API to list hashes in an Axon. (#2088)Add user permissions requirements for Aha CSR signing. (#2089)
Add
aha:svcinfoconfiguration option for the base Cell. (#2089)Add interfaces to the output of
model.getModelDefs()and thegetModelDict()APIs. (#2092)Update pylmdb to
v1.1.1. (#2076)
Bugfixes
Fix incorrect permissions check in the
merge --diffStorm command. (#2085)Fix service teardown issue in Aha service on fini. (#2089)
Fix possible
synapse.tools.cmdrteardown issue when using Aha. (#2089)Cast
synapse_minversionfrom Storm Packages into a tuple to avoid packages added with HTTP endpoints from failing to validate. (#2095)
Improved Documentation
v2.27.0 - 2021-02-16
Features and Enhancements
Bugfixes
Fix Agenda events which were not being properly tracked via the Nexus. (#2078)
Improved Documentation
v2.26.0 - 2021-02-05
Features and Enhancements
Add Storm commands for easily adding, deleting, and listing layer push and pull configurations. (#2071)
Bugfixes
Improved Documentation
Update user docs for Storm flow control and data model references. (#2066)
v2.25.0 - 2021-02-01
Features and Enhancements
Implement tag model based pruning behavior for controlling how individual tag trees are deleted from nodes. (#2067)
Add model interfaces for defining common sets of properties for forms, starting with some file mime metadata. (#2040)
Add
file:mime:msdoc,file:mime:msxls,file:mime:msppt, andfile:mime:rtfforms. (#2040)Tweak the ival normalizer to auto-expand intervals with a single element. (#2070)
Removed the experimental
spawnfeature of the Storm runtime. (#2068)
Bugfixes
Add a missing async yield statement in
View.getEdgeVerbs(). (#2069)
Improved Documentation
Correct incorrect references to the
synapse.tools.easycertdocumentation. (#2065)
v2.24.0 - 2021-01-29
Features and Enhancements
Add support for storing model metadata for tags and support for enforcing tag trees using regular expressions. (#2056)
Add
ou:contest:urlsecondary property. (#2059)Add
synapse.lib.autodocto collect some Storm documentation helpers into a single library. (#2034)Add
tag.pruneStorm command to remove parent tags when removing a leaf tag from a node. (#2062)Update the
msgpackPython dependency to versionv1.0.2. (#1735)Add logs to Cell backup routines. (#2060)
Export the Layer iterrows APIs to the CoreApi. (#2061)
Bugfixes
Improved Documentation
v2.23.0 - 2021-01-21
Features and Enhancements
Add support for ndef based light edge definitions in the
syn.nodesfeed API. (#2051) (#2053)Add secondary properties
:loc,:latlong, and:placeto theinet:web:actionandinet:web:logonforms. (#2052)Add secondary property
:enabledto the formit:app:yara:rule. (#2052)Deprecate the
file:stringandou:memberforms, in favor of using light edges for storing those relationships. (#2052)
v2.22.0 - 2021-01-19
Features and Enhancements
Allow expression statements to be used in Storm filters. (#2041)
Add
file:subfile:pathsecondary property to record the path a file was stored in a parent file. The correspondingfile:subfile:nameproperty is marked as deprecated. (#2043)Make the Axon
wget()timeout a configurable parameter. (#2047)Add a
Cortex.exportStorm()on the Cortex which allows for exporting nodes from a Storm query which can be directly ingested with thesyn.nodesfeed function. If the data is serialized using msgpack and stored in a Axon, it can be added to a Cortex with the newCortex.feedFromAxon()API. A new HTTP API,/api/v1/storm/export, can be used to get a msgpacked file using this export interface. (#2045)
Bugfixes
Fix issues in the Layer push and pull loop code. (#2044) (#2048)
Add missing
toprim()andtostr()calls for the Stormtypes Whois guid generation helpers. (#2046)Fix behavior in the Storm lookup mode which failed to lookup some expected results. (#2049)
Fix
$lib.pkg.get()return value when the package is not present. (#2050)
v2.21.1 - 2021-01-04
Bugfixes
Fix a variable scoping issue causing a race condition. (#2042)
v2.21.0 - 2020-12-31
Features and Enhancements
Add a Storm
wgetcommand which will download a file from a URL using the Cortex Axon and yieldinet:urlfilenodes. (#2035)Add a
--diffoption to themergecommand to enumerate changes. (#2037)Allow StormLib Layer API to dynamically update a Layer’s logedits setting. (#2038)
Add StormLib APIs for adding and deleting extended model properties, forms and tag properties. (#2039)
Bugfixes
Fix an issue with the JsonStor not created nested entries properly. (#2036)
v2.20.0 - 2020-12-29
Features and Enhancements
Correct the StormType
Queue.pop()API to properly pop and return only the item at the specified index or the next entry in the Queue. This simplifies the intent behind the.pop()operation; and removes thecullandwaitparameters which were previously on the method. (#2032)
Bugfixes
v2.19.0 - 2020-12-27
Features and Enhancements
Bugfixes
Fix bug in dry-run output of new merge command. (#2026)
v2.18.1 - 2020-12-24
Bugfixes
Make syncIndexEvents testing more resiliant
Make syncIndexEvents yield more often when filtering results (#2025)
Update push/pull tests to use new waittask() API
Raise clear errors in ambiguous use of node.tagglobs() API
Update model docs and examples for geo:latitude and geo:longitude
Support deref form names in storm node add expressions (#2024)
Update tests to normalize equality comparison values (#2023)
v2.18.0 - 2020-12-23
Features and Enhancements
Added axon.size() API and storm plumbing (#2020)
Bugfixes
Fix active coro issue uncovered with cluster testing (#2021)
v2.17.1 - 2020-12-22
Features and Enhancements
Added (BETA) RST pre-processor to embed Storm output into RST docs. (#1988)
Added a
mergecommand to allow per-node Layer merge operations to be done. (#2009)Updated storm package format to include a semver version string. (#2016)
Added telepath proxy getPipeline API to minimize round-trip delay. (#1615)
Added Node properties iteration and setitem APIs to storm. (#2011)
Bugfixes
v2.17.0 - 2020-12-22
2.17.0 was not published due to CI issues.
v2.16.1 - 2020-12-17
Features and Enhancements
Allow the
matchdefused in theLayer.syncIndexEvents()API to match on tagprop data. (#2010)
Bugfixes
Improved Documentation
v2.16.0 - 2020-12-15
Features and Enhancements
Replaced the View sync APIs introduced in
v2.14.0with Layer specific sync APIs. (#2003)Add
$lib.regex.matches()and$lib.regex.search()Stormtypes APIs for performing regular expression operations against text in Storm. (#1999) (#2005)Add
synapse.tools.genpkgfor generating Storm packages and loading them into a Cortex. (#2004)Refactored the StormDmon implementation to use a single async task and allow the Dmons to be restarted via
$lib.dmon.bump(iden). This replaces the outer task / inner task paradigm that was previously present. Also add the ability to persistently disable and enable a StomDmon. (#1998)Added
aha://support to thesynapse.tools.pushfileandsynapse.tools.pullfiletools. (#2006)
Bugfixes
Properly handle whitespace in keyword arguments when calling functions in Storm. (#1997)
Fix some garbage collection issues causing periodic pauses in a Cortex due to failing to close some generators used in the Storm Command AST node. (#2001) (#2002)
Fix scope based permission checks in Storm. (#2000)
v2.15.0 - 2020-12-11
Features and Enhancements
Bugfixes
Ensure parent FQDN exists even in out-of-order node edit playback. (#1995)
v2.14.2 - 2020-12-10
Bugfixes
v2.14.1 - 2020-12-09
Features and Enhancements
Add a
/api/v1/activeHTTP API to the Cell that can be used as an unauthenticated liveliness check. (#1987)Add
$lib.pip.gen()Stormtypes API for ephemeral queues and bulk data access in Storm. (#1986)Add a
$lib.model.tagprop()Stormtypes API for retrieving Tagprop definitions. (#1990)Add efficient View and Layer push/pull configurations. (#1991) (#1992)
Add
getAhaUrls()to the Aha service to prepare for additional service discovery. (#1989)Add a
/api/v1/auth/onepass/issueHTTP API for an admin to mint a one-time password for a Cell user. (#1982)
Bugfixes
Make
aha://urls honor local paths. (#1985)
v2.14.0 - 2020-12-09
2.14.0 was not published due to CI issues.
v2.13.0 - 2020-12-04
Features and Enhancements
Add
$lib.pkg.get()StormTypes function to get the Storm Package definition for a given package by name. (#1983)
Bugfixes
The user account provisioned by the
aha:admincould be locked out. Now, upon startup, if they have been locked out or had their admin status removed, they are unlocked and admin is reset. (#1984)
v2.12.3 - 2020-12-03
Bugfixes
Prevent OverflowError exceptions which could have resulted from lift operations with integer storage types. (#1980)
Remove
inet:ipv4norm routine wrap-around behavior for integers which are outside the normal bounds of IPv4 addresses. (#1979)Fix
view.addand fork related permissions. (#1981)Read
telepath.yamlwhen using thesynapse.tools.cellauthtool. (#1981)
v2.12.2 - 2020-12-01
This release also includes the changes from v2.12.1, which was not released due to an issue with CI pipelines.
Bugfixes
Add the missing API
getPathObjson the JsonStorCell. (#1976)Fix the HasRelPropCond AST node support for Storm pivprop operations. (#1972)
Fix support for the
aha:registryconfig parameter in a Cell to support an array of strings. (#1975)Split the
Cortex.addForm()Nexus handler into two parts to allow for safe event replay. (#1978)Stop forking a large number of child layers in a View persistence test. (#1977)
v2.12.1 - 2020-12-01
Bugfixes
v2.12.0 - 2020-11-30
Features and Enhancements
Add a
onloadparamter to thestormpkgdefinition. This represents a Storm query which is executed every time thestormpkgis loaded in a Cortex. (#1971) (#1974)Add the ability, in Storm, to unset variables, remove items from dictionaries, and remove items from lists. This is done via assigning
$lib.undefto the value to be removed. (#1970)Add support for SOCKS proxy support for outgoing connections from an Axon and Cortex, using the
'http:proxyconfiguration option. This configuration value must be a valid string for theaiohttp_socks.ProxyConnector.from_url()API. The SOCKS proxy is used by the Axon when downloading files; and by the Cortex when making HTTP connections inside of Storm. (#1968)Add
aha:adminto the Cell configuration to provide a common name that is used to create an admin user for remote access to the Cell via the Aha service. (#1969)Add
auth:ctorandauth:confconfig to the Cell in order to allow hooking the construction of theHiveAuthobject. (#1969)
v2.11.0 - 2020-11-25
Features and Enhancements
Optimize Storm lift and filter queries, so that more efficient lift operations may be performed in some cases. (#1966)
Add a
Axon.wget()API to allow the Axon to retrieve files directly from a URL. (#1965)Add a JsonStor Cell, which allows for hierarchical storage and retrieval of JSON documents. (#1954)
Add a Cortex HTTP API,
/api/v1/storm/call. This behaves like theCoreApi.callStorm()API. (#1967)Add
:client:hostand:server:hostsecondary properties to theinet:http:requestform. (#1955)Add
:hostand:acctsecondary properties to theinet:search:queryform. (#1955)Add a Telepath service discovery implementation, the Aha cell. The Aha APIs are currently provisional and subject to change. (#1954)
v2.10.2 - 2020-11-20
Features and Enhancements
The Storm
cron.atcommand now supports a--nowflag to create a cron job which immediately executes. (#1963)
Bugfixes
v2.10.1 - 2020-11-17
Bugfixes
Fix a CI issue which prevented the Python
sdistpackage from being uploaded to PyPi. (#1960)
v2.10.0 - 2020-11-17
Announcements
The v2.10.0 Synapse release contains support for Python 3.8. Docker images
are now built using a Python 3.8 image by default. There are also Python 3.7
images available as vertexproject/synapse:master-py37 and
vertexproject/synapse:v2.x.x-py37.
Features and Enhancements
Python 3.8 release support for Docker and PyPi. (#1921) (#1956)
Add support for adding extended forms to the Cortex. This allows users to define their own forms using the existing types which are available in the Synapse data model. (#1944)
The Storm
andandorstatements now short-circuit and will return when their logical condition is first met. This means that subsequent clauses in those statements may not be executed. (#1952)Add a mechanism for Storm Services to specify commands which may require privilege elevation to execute. An example of this may be to allow a command to create nodes; without managning individual permissions on what nodes a user may normally be allowed to create. Services using this mechanism wiill use the
storm.asroot.cmd.<<cmd name>>hierarchy to grant this permission. (#1953) (#1958)Add
$lib.jsonStormtypes Library to convert between string data and primitives. (#1949)Add a
parallelcommand to allow for executing a portion of a Storm query in parallel. Add abackgroundcommand to execute a Storm query as a detached task from the current query, capturing variables in the process. (#1931) (#1957)Add a
$lib.exit()function to StormTypes to allow for quickly exiting a Storm query. (#1931)Add
$lib.bytes.upload()to Stormtypes for streaming bytes into the Axon that the Cortex is configured with. (#1945)Add Storm commands to manage locking and unlocking deprecated model properties. (#1909)
Add
cron.cleanupcommand to make it easy to clean up completed cron jobs. (#1942)Add date of death properties and consistently named photo secondary properties. (#1929)
Add model additions for representing education and awards. (#1930)
Add additional account linkages to the
inetmodel for users and groups. (#1946)Add
inet:web:hashtagas its own form, and add:hashtagstoinet:web:post. (#1946)Add
lang:translationto capture language translations of texts in a more comprehensive way than olderlangmodel forms did. Thelang:idiomandlang:transforms have been marked as deprecated. (#1946)Update the
oumodel to addou:attendeeandou:contestandou:contest:resultforms. Several secondary properties related to conference attendance have been marked deprecated. (#1946)The
ps:personaandps:persona:hasforms have been marked as deprecated. (#1946)Add
ps:contactlistto allow collecting multipleps:contactnodes together. (#1935)Allow the Storm Service cmdargs to accept any valid model type in the
typevalue. (#1923) (#1936)Add
>,<,>=and<=comparators forinet:ipv4type. (#1938)Add configuration options to the Axon to limit the amount of data which can be stored in it. Add a configuration option the Cortex to limit the number of nodes which may be stored in a given Cortex. (#1950)
Bugfixes
Fix a potential incorrect length for Spooled sets during fallback. (#1937)
Fix an issue with the Telepath
Clientobject caching theirMethodandGenrMethodattributes across re-connections of the underlyingProxyobjects. (#1939) (#1941)Fix a bug where a temporary spool slab cleanup failed to remove all files from the filesystem that were created when the slab was made. (#1940)
Move exceptions which do not subclass
SynErrout ofsynapse/exc.py. (#1947) (#1951)
v2.9.2 - 2020-10-27
Bugfixes
v2.9.1 - 2020-10-22
Features and Enhancements
Reuse existing an existing
DateTimeobject when making time strings. This gives a slight performance boost for thesynapse.lib.time.repr()function. (#1919)Remove deprecated use of
looparguments when callingasyncioprimitives. (#1920)Allow Storm Services to define a minimum required Synapse version by the Cortex. If the Cortex is not running the minimum version, the Cortex will not load (#1900)
Only get the nxsindx in the
Layer.storeNodeEdits()function if logging edits. (#1926)Include the Node iden value in the
CantDelNodeexception when attempting to delete a Node failes due to existing references to the node. (#1926)Take advantage of the LMDB append operation when possible. (#1912)
Bugfixes
Fix an issues in the Telepath Client where an exception thrown by a onlink function could cause additional linkloop tasks to be spawned. (#1924)
v2.9.0 - 2020-10-19
Announcements
The v2.9.0 Synapse release contains an automatic Cortex Layer data
migration. The updated layer storage format reduces disk and memory
requirements for a layer. It is recommended to test this process with a
backup of a Cortex before updating a production Cortex.
In order to maximize the space savings from the new layer storage format,
after the Cortex has been migrated to v2.9.0, one can take a cold
backup of the Cortex and restore the Cortex from that backup. This
compacts the LMDB databases which back the Layers and reclaims disk space
as a result. This is an optional step; as LMDB will eventually re-use the
existing space on disk.
If there are any questions about this, please reach out in the Synapse Slack channel so we can assist with any data migration questions.
Features and Enhancements
Optimize the layer storage format for memory size and performance. (#1877) (#1885) (#1899) (#1917)
Initial support Python 3.8 compatibility for the core Synapse library. Additional 3.8 support (such as wheels and Docker images) will be available in future releases. (#1907)
Add a read only Storm option to the Storm runtime. This option prevents executing commands or Stormtypes functions which may modify data in the Cortex. (#1869) (#1916)
Allow the Telepath Dmon to disconnect clients using a ready status. (#1881)
Ensure that there is only one online backup of a Cell occurring at a time. (#1883)
Added
.lower(),.strip(),.lstrip()and.rstrip()methods to the Stormtypes Str object. These behave like the Pythonstrmethods. (#1886) (#1906)When scraping text, defanged indicators are now refanged by default. (#1888)
Normalize read-only property declarations to use booleans in the data model. (#1887)
Add
lift.byverbcommand to allow lifting nodes using a light edge verb. (#1890)Add netblock and range lift helpers for
inet:ipv6type, similar to the helpers forinet:ipv4. (#1869)Add a
edges.delcommand to bulk remove light weight edges from nodes. (#1893)The
yieldkeyword in Storm now supports iterating over Stormtypes List and Set objects. (#1898)Add
ou:contract,ou:industryandit:reveng:function:stringsforms to the data model. (#1894)Add some display type-hinting to the data model for some string fields which may be multi-line fields. (#1892)
Add
getFormCounts()API to the Stormtypes View and Layer objects. (#1903)Allow Cortex layers to report their total size on disk. This is exposed in the Stormtypes
Layer.pack()method for a layer. (#1910)Expose the remote Storm Service name in the
$lib.service.get()Stormtypes API. This allows getting a service object without knowing the name of the service as it was locally added to a Cortex. Also add a$lib.service.has()API which allows checking to see if a service is available on a Cortex. (#1908) (#1915)Add regular expression (
~=) and prefix matching (^=) expression comparators that can be used with logical expressions inside of Storm. (#1906)Promote
CoreApi.addFeedData()calls to tracked tasks which can be viewed and terminated. (#1918)
Bugfixes
Fixed a Storm bug where attempting to access an undeclared variable silently fails. This will now raise a
NoSuchVarexception. This is verified at runtime, not at syntax evaluation. (#1916)Ensure that Storm HTTP APIs tear down the runtime task if the remote disconnects before consuming all of the messages. (#1889)
Fix an issue where the
model.edge.listcommand could block the ioloop for large Cortex. (#1890)Fix a regex based lifting bug. (#1899)
Fix a few possibly greedy points in the AST code which could have resulted in greedy CPU use. (#1902)
When pivoting across light edges, if the destination form was not a valid form, nothing happened. Now a StormRuntimeError is raised if the destination form is not valid. (#1905)
Fix an issue with spawn processes accessing lmdb databases after a slab resize event has occurred by the main process. (#1914)
Fix a slab teardown race seen in testing Python 3.8 on MacOS. (#1914)
Deprecations
The
0.1.xto2.x.xMigration tool and associated Cortex sync service has been removed from Synapse in the2.9.0release.
Improved Documentation
v2.8.0 - 2020-09-22
Features and Enhancements
Module updates to support generic organization identifiers, generic advertising identifiers, asnet6 and a few other secondary property additions. (#1879)
Update the Cell backup APIs to perform a consistent backup across all slabs for a Cell. (#1873)
Add support for a environment variable,
SYN_LOCKMEM_DISABLEwhich will disable any memory locking of LMDB slabs. (#1882)
Deprecations
The
0.1.xto2.x.xMigration tool and and associated Cortex sync service will be removed from Synapse in the2.9.0release. In order to move forward to2.9.0, please make sure that any Cortexes which still need to be migrated will first be migrated to2.8.xprior to attempting to use2.9.x.
Improved Documentation
Add Synapse README content to the Pypi page. This was a community contribution from https://github.com/wesinator. (#1872)
v2.7.3 - 2020-09-16
Deprecations
The
0.1.xto2.x.xMigration tool and and associated Cortex sync service will be removed from Synapse in the2.9.0release. In order to move forward to2.9.0, please make sure that any Cortexes which still need to be migrated will first be migrated to2.8.xprior to attempting to use2.9.x. (#1880)
Bugfixes
Remove duplicate words in a comment. This was a community contribution from enadjoe. (#1874)
Fix a nested Nexus log event in Storm Service deletion. The
delevent causing Storm code execution could lead to nested Nexus events, which is incongruent with how Nexus change handlers work. This now spins off the Storm code in a free-running coroutine. This does change the servicedelsemantics since any support Storm packages a service had may be removed by the time the handler executes. (#1876)Fix an issue where the
cullparameter was not being passed to the multiqueue properly when calling.gets()on a Storm Types Queue object. (#1876)Pin the
nbconvertpackage to a known working version, asv6.0.0of that package broke the Synapse document generation by changing how templates work. (#1876)Correct
minandmaxinteger examples in tagprop documentation and tests. (#1878)
v2.7.2 - 2020-09-04
Features and Enhancements
Update tests for additional test code coverage. This was a community contribution from blackout. (#1867)
Add implicit links to documentation generated for Storm services, to allow for direct linking inside of documentation to specific Storm commands. (#1866)
Add future support for deprecating model elements in the Synapse data model. This support will produce client and server side warnings when deprecated model elements are used or loaded by custom model extensions or CoreModules. (#1863)
Bugfixes
Update
FixedCache.put()to avoid a cache miss. This was a community contribution from blackout. (#1868)Fix the ioloop construction to be aware of
SYN_GREEDY_COROenvironment variable to put the ioloop into debug mode and log long-running coroutines. (#1870)Fix how service permissions are checked in
$lib.service.get()and$lib.service.wait()Storm library calls. These APIs now first checkservice.get.<service iden>before checkingservice.get.<service name>permissions. A successfulservice.get.<service name>check will result in a warning to the client and the server. (#1871)
v2.7.1 - 2020-08-26
Features and Enhancements
Refactor an Axon unit test to make it easier to test alternative Axon implementations. (#1862)
Bugfixes
Improved Documentation
Fix an incorrect statement in our documentation about the intrinsic Axon that a Cortex creates being remotely accessible. (#1862)
v2.7.0 - 2020-08-21
Features and Enhancements
Add Telepath and HTTP API support to set and remove global Storm variables. (#1846)
Add Cell level APIs for performing the backup of a Cell. These APIs are exposed inside of a Cortex via a Storm Library. (#1844)
Add support for Cron name and doc fields to be editable. (#1848)
Add support for Runtime-only (
runt) nodes in the PivotOut operation (-> *). (#1851)Add
:nicksand:namessecondary properties tops:personandps:personatypes. (#1852)Add a new
ou:positionform and a few associated secondary properties. (#1849)Add a step to the CI build process to smoke test the sdist and wheel packages before publishing them to PyPI. (#1853)
Add support for representing
nodedatain the command hinting for Storm command implementations and expose it on thesyn:cmdrunt nodes. (#1850)Add package level configuration data to Storm Packages in the
modconfvalue of a package definition. This is added to the runtime variables when a Storm package is imported, and includes thesvcidenfor packages which come from Storm Services. (#1855)Add support for passing HTTP params when using
$lib.inet.http.*functions to make HTTP calls in Storm. (#1856)Log Storm queries made via the
callStorm()andcount()APIs. (#1857)
Bugfixes
Fix an issue were some Storm filter operations were not yielding CPU time appropriately. (#1845)
Improved Documentation
Remove a reference to deprecated
eval()API from quickstart documentation. (#1858)
v2.6.0 - 2020-08-13
Features and Enhancements
Support
+hh:mmand+hh:mmtimezone offset parsing when normalizingtimevalues. (#1833)Enable making mirrors of Cortex mirrors work. (#1836)
Remove read-only properties from
inet:flowandinet:http:requestforms. (#1840)Add support for setting nodedata and light edges in the
syn.nodesingest format. (#1839)Sync the LMDB Slab replay log if it gets too large instead of waiting for a force commit operation. (#1838)
Make the Agenda unit tests an actual component test to reduce test complexity. (#1837)
Support glob patterns when specifying files to upload to an Axon with
synapse.tools.pushfile. (#1837)Use the node edit metadata to store and set the
.createdproperty on nodes, so that mirrors of Cortexes have consistent.createdtimestamps. (#1765)Support parent runtime variables being accessed during the execution of a
macro.execcommand. (#1841)Setting tags from variable values in Storm now calls
s_stormtypes.tostr()on the variable value. (#1843)
Bugfixes
v2.5.1 - 2020-08-05
Features and Enhancements
Bugfixes
Sanitize passwords from Telepath URLs during specific cases where the URL may be logged. (#1830)
Improved Documentation
Fix a few typos in docstrings. (#1831)
v2.5.0 - 2020-07-30
Features and Enhancements
Refactor the Nexus to remove leadership awareness. (#1785)
Add support for client-side certificates in Telepath for SSL connections. (#1785)
Add multi-dir support for CertDir. (#1785)
Add a
--no-edgesoption to the Stormgraphcommand. (#1805)Add
:doc:urlto thesyn:tagform to allow recording a URL which may document a tag. (#1805)Add
CoreApi.reqValidStorm()and a/api/v1/reqvalidstormCortex HTTP API endpoint to validate that a given Storm query is valid Storm syntax. (#1806)Support Unicode white space in Storm. All Python s (Unicode white space + ASCII separators) is now treated as white space in Storm. (#1812)
Refactor how StormLib and StormPrim objects access their object locals, and add them to a global registry to support runtime introspection of those classes. (#1804)
Add smoke tests for the Docker containers built in CircleCI, as well as adding Docker healthchecks to the Cortex, Axon and Cryotank images. (#1815)
Initialize the names of the default view and layer in a fresh Cortex to
default. (#1814)Add HTTP API endpoints for the Axon to upload, download and check for the existend of files. (#1817) (#1822) (#1824) (#1825)
Add a
$lib.bytes.has()API to check if the Axon a Cortex is configured with knows about a given sha256 value. (#1822)Add initial model for prices, currences, securities and exchanges. (#1820)
Add a
:authorfield to theit:app:yara:ruleform. (#1821)Add an experimental option to set the NexusLog as a
map_asyncslab. (#1826)Add an initial transportation model. (#1816)
Add the ability to dereference an item, from a list of items, in Storm via index. (#1827)
Add a generic
$lib.inet.http.request()Stormlib function make HTTP requests with arbitrary verbs. (#1828)
Bugfixes
Fix an issue with the Docker builds for Synapse where the package was not being installed properly. (#1815)
Improved Documentation
Update documentation for deploying Cortex mirrors. (#1811)
Add automatically generated documentation for all the Storm
$lib...functions and Storm Primitive types. (#1804)Add examples of creating a given Form to the automatically generated documentation for the automatically generated datamodel documentation. (#1818)
Add additional documentation for Cortex automation. (#1797)
Add Devops documentation for the list of user permissions relevant to a Cell, Cortex and Axon. (#1823)
v2.4.0 - 2020-07-15
Features and Enhancements
Update the Storm
scrapecommand to makerefslight edges, instead ofedge:refsnodes. (#1801) (#1803)Add
:headersand:response:headerssecondary properties to theinet:http:requestform as Array types, so that requests can be directly linked to headers. (#1800)Add
:headerssecondary property to theinet:email:messaageform as Array types, so that messages can be directly linked to headers. (#1800)Add additional model elements to support recording additional data for binary reverse engineering. (#1802)
v2.3.1 - 2020-07-13
Bugfixes
Prohibit invalid rules from being set on a User or Role object. (#1798)
v2.3.0 - 2020-07-09
Features and Enhancements
Add
ps.listandps.killcommands to Storm, to allow introspecting the runtime tasks during (#1782)Add an
autoaddmode to Storm, which will extract basic indicators and make nodes from them when executed. This is a superset of the behavior in thelookupmode. (#1795)Support skipping directories in the
synapse.tools.backuptool. (#1792)Add prefix based lifting to the Hex type. (#1796)
Bugfixes
Fix an issue for prop pivot out syntax where the source data is an array type. (#1794)
Improved Documentation
v2.2.2 - 2020-07-03
Features and Enhancements
Add some small enhancements to the Cortex benchmarking script. (#1790)
Bugfixes
Fix an error in the help for the
macro.delcommand. (#1786)Fix rule indexing for the
synapse.tools.cellauthtool to correctly print the rule offsets. (#1787)Remove extraneous output from the Storm Parser output. (#1789)
Rewrite the language (and private APIs) for the Storm
model.edgerelated commands to remove references to extended properties. That was confusing language which was unclear for users. (#1789)During 2.0.0 migrations, ensure that Cortex and Layer idens are unique; and make minimum 0.1.6 version requirement for migration. (#1788)
v2.2.1 - 2020-06-30
Bugfixes
The Axon test suite was missing a test for calling
Axon.get()on a file it did not have. This is now included in the test suite. (#1783)
Improved Documentation
Improve Synapse devops documentation hierarchy. Add note about Cell directories being persistent. (#1781)
v2.2.0 - 2020-06-26
Features and Enhancements
Add a
postAnit()callback to thesynapse.lib.base.Base()object which is called after the__anit__()call chain is completed, but beforeBase.anit()returns the object instance to the caller. This is used by the Cell to defer certain Nexus actions until the Cell has completed initializing all of its instance attributes. (#1768)Make
synapse.lib.msgpack.en()raise aSynErr.NotMsgpackSafeexception instead of passing through the exception raised by msgpack. (#1768)
Bugfixes
Add a missing
toprim()call in$lib.globals.set(). (#1778)Fix an issue in the quickstart documentation related to permissions. Thank you
enadjoefor your contribution. (#1779)Fix an Cell/Cortex startup issue which caused errors when starting up a Cortex when the last Nexus event was replayed. This has a secondary effect that Cell implementers cannot be making Nexus changes during the
__anit__methods. (#1768)
Improved Documentation
v2.1.2 - 2020-06-18
Bugfixes
Disallow command and bare string contensts from starting with
//and/*in Storm syntax. (#1769)
v2.1.1 - 2020-06-16
Bugfixes
Fix an issue in the autodoc tool which failed to account for Storm Service commands without cmdargs. (#1775)
v2.1.0 - 2020-06-16
Features and Enhancements
Improved Documentation
Refactor
v2.0.0changelog documentation. (#1763)Add Vertex branding to the Synapse documentation. (#1767)
Update Backups documentation in the Devops guide. (#1764)
Update the autodoc tool to generate documentation for Cell confdefs and StormService information. (#1772)
Update to separate the devops guides into distinct sections. (#1772)
Add documentation for how to do boot-time configuration for a Synapse Cell. (#1772)
Remove duplicate information about backups. (#1774)
v2.0.0 - 2020-06-08
Initial 2.0.0 release.
API Deprecation Notice - 2023-10-01
It’s time to shed some long standing deprecations to reduce technical debt and prepare for some new features and subsystems! The following deprecated APIs and commands will be removed on 2023-10-01:
Storm Commands
sudosplice.listsplice.undo
Storm Options
editformat=splices
Cortex Telepath APIs
stat()addCronJob()delCronJob()updateCronJob()enableCronJob()disableCronJob()listCronJobs()editCronJob()setStormCmd()delStormCmd()addNodeTag()delNodeTag()setNodeProp()delNodeProp()eval()watch()splices()splicesBack()spliceHistory()addFeedData(syn.splice, ...)addFeedData(syn.nodeedits, ...)
Layer Telepath APIs
splices()splicesBack()truncate()
Cmdr Commands
atcrontrigger