Changelog
Synapse-AlienVault Changelog
v1.14.0 - 2024-02-20
Features and Enhancements
Update ingest logic to remove deprecated
it:av:*forms in favor ofit:av:scan:result.Update deprecated
$lib.dict()usage to JSON style syntax.
v1.13.0 - 2023-11-22
Deprecations
Caching has been removed from the following commands, so the
--asofargument has been deprecated and will no longer have any effect:alienvault.otx.domainalienvault.otx.filesalienvault.otx.ipalienvault.otx.pdnsalienvault.otx.url
This release contains an automatic cache cleanup that will run when the package is first upgraded. This will remove existing cached API response data from the jsonstor.
v1.12.0 - 2023-10-11
Features and Enhancements
Fall back to using the
author_namefield for tag generation in the case theauthorfield isn’t populated.Add additional debug printing for the various commands.
Add a name to the automatically generated
it:hostnode used to tie sandbox data together.
v1.11.0 - 2023-08-11
Features and Enhancements
Reconstruct and set a pulse’s URL for the
media:newsnode.Record tags from third party pulse authors as
<tagbase>.<author>.<tag>.Set the pulse’s id as the
:ext:idprop on the resultantmedia:newsnode.Add the author of a pulse to the
:authorsarray of the pulse’smedia:newsnode.
v1.10.1 - 2023-06-16
Bugfixes
Fix typos in the help output for
alienvault.otx.files,alienvault.otx.ip,alienvault.otx.domain, andalienvault.otx.urlHandle invalid time values being returned by the whois endpoints.
v1.10.0 - 2023-03-22
Features and Enhancements
Update Power-Up to build with code signing.
Bugfixes
Fix an issue where certain files would raise BadTypeValu exceptions.
v1.9.0 - 2023-01-05
Features and Enhancements
Updated
alienvault.otx.domain,alienvault.otx.url,alienvault.otx.files,alienvault.otx.ipcommands to automatically pull related pulse and tag information from their respectivegeneralendpoints.Update documentation and help strings for Node Actions and the
alienvault.otx.ipcommand.Expand
alienvault.otx.pdnscommand to acceptinet:ipv4andinet:ipv6nodes.Update
alienvault.otx.domainto ingesthttp_scansendpoint data.
Bugfixes
Fix how the malware endpoints iterate through the API pages.
Fix an issue in creation of
inet:whois:contactnodes.Fix an issue where
it:prod:softnodes created forit:av:filehitnodes would not have their:nameproperty set.
v1.8.0 - 2022-09-28
Features and Enhancements
alienvault.otx.addressandalienvault.otx.domainupdated to link referenced malware files to the input node via a<(refs)-light edge.
Bugfixes
Update modelling of
alienvault.otx.domainto model returned domain information asinet:http:request
v1.7.0 - 2022-06-21
Features and Enhancements
Extract and link
ou:namenodes for the “adversary” field in pulses.Extract and link
ou:industrnamenodes for the “industries” field in pulses.Extract and link
it:prod:softnamenodes for the “malware_families” field in pulses.Extract and link
it:mitre:attack:softwarenodes for the “malware_families” field in pulses.Extract and link
it:mitre:attack:techniquenodes for the “attack_patterns” field in pulses.Add the
alienvault.otx.pulses.byidcommand to allow users to load specific pulses by id.alienvault.otx.pdns --debugupdated to print the raw response returned from the API.alienvault.otx.urls --debugupdated to print the raw response returned from the API.alienvault.otx.files --debugupdated to print the raw response returned from the API.alienvault.otx.pulses --debugupdated to print the raw response returned from the API.
v1.6.0 - 2022-05-11
Features and Enhancements
Update sandbox data ingestion to prefer the
:sandbox:fileproperty over:exewhere appropriate.Cached API responses are now stored in the JsonStor instead of in nodedata.
Bugfixes
Fixed the displayed message for when the API key isn’t set.
v1.5.0 - 2022-03-07
Features and Enhancements
Added
--resyncoption to thealienvault.otx.pulsesto redownload the entire list of subscribed pulses.
Bugfixes
Fixed an issue with
alienvault.otx.fileserroring out on files that lack certain file metadata.Fixed documentation generation for the
alienvault.otx.pulsescommand.Fill in additional properties for sandbox information.
Update
it:hostguid generation to avoid collisions.Removed a reference to a deprecated property.
Fixed an issue with
alienvault.otx.iperroring out on addresses that don’t include ASN information.
v1.4.1 - 2022-01-10
Bugfixes
Fix debug behavior for
alienvault.otx.ip.
v1.4.0 - 2021-12-30
Features and Enhancements
Updated
alienvault.otx.filescommand to processhash:md5hash:sha1andhash:sh256nodes.Added Optic node action to execute
alienvault.otx.ipon compatible nodes.Added Optic node action to execute
alienvault.otx.urlon compatible nodes.Added Optic node action to execute
alienvault.otx.fileson compatible nodes.Added Optic node action to execute
alienvault.otx.domainon compatible nodes.
v1.3.0 - 2021-12-16
Features and Enhancements
Fix wording for the help output of the
alienvault.otx.pulsescommand.Use the
tagsfield to populate#rep.alienvaulttags onto indicators created from Pulse data.Add
alienvault.setup.tagprefixcommand to customize the tag prefix used for pulse data.Populate sandbox behavior data from the cuckoo sandbox runs.
Bugfixes
Added better handling for empty file analysis data.
Properly populate
it:app:yara:rulenodes with the correct rule text from pulse information.
v1.2.0 - 2021-10-13
Features and Enhancements
Populate the
.seenproperty on inet:url nodes created via thealienvault.otx.domaincommandAdd
seenlight edges to nodes created as a result of thealienvault.otxcommands
v1.1.0 - 2021-09-15
Features and Enhancements
Add
alienvault.otx.ipfor enrichinginet:ipv4andinet:ipv6nodes using AlienVault’s IPv4/IPv6 endpoints.Add
alienvault.otx.urlfor enrichinginet:urlnodes using AlienVault’s URL endpoint.Add
alienvault.otx.filesfor enrichingfile:bytesnodes using AlienVault’s File endpoint.Add
alienvault.otx.domainfor enrichinginet:fqdnnodes using AlienVault’s Domain endpoint.
v1.0.1 - 2021-08-20
Bugfixes
Added description to power-up definition
v1.0.0 - 2021-08-13
Features and Enhancements
Initial release of
Synapse-AlienVaultv1.0.0.