Changelog

Synapse-AlienVault Changelog

v1.16.1 - 2025-07-29

Bugfixes

  • Fixed an issue where an it:prod:soft without :name could prevent the it:av:filehit migration from completing.

v1.16.0 - 2025-03-13

Automatic Migrations

  • Unset it:exec:proc:src:proc property values which were set to an incorrect value.

Bugfixes

  • Fixed an issue with guid generation for it:exec:proc:src:proc property values.

v1.15.0 - 2025-01-27

Automatic Migrations

  • Migrated all it:av:sig and it:av:filehit nodes created by Synapse-AlienVault to it:av:scan:result nodes. The migrated it:av:sig and it:av:filehit nodes are removed by this migration.

Features and Enhancements

  • Updated deprecated $lib.list() usage to JSON style syntax.

v1.14.0 - 2024-02-20

Features and Enhancements

  • Update ingest logic to remove deprecated it:av:* forms in favor of it:av:scan:result.

  • Update deprecated $lib.dict() usage to JSON style syntax.

v1.13.0 - 2023-11-22

Deprecations

  • Caching has been removed from the following commands, so the --asof argument has been deprecated and will no longer have any effect:

    alienvault.otx.domain

    alienvault.otx.files

    alienvault.otx.ip

    alienvault.otx.pdns

    alienvault.otx.url

This release contains an automatic cache cleanup that will run when the package is first upgraded. This will remove existing cached API response data from the jsonstor.

v1.12.0 - 2023-10-11

Features and Enhancements

  • Fall back to using the author_name field for tag generation in the case the author field isn’t populated.

  • Add additional debug printing for the various commands.

  • Add a name to the automatically generated it:host node used to tie sandbox data together.

v1.11.0 - 2023-08-11

Features and Enhancements

  • Reconstruct and set a pulse’s URL for the media:news node.

  • Record tags from third party pulse authors as <tagbase>.<author>.<tag>.

  • Set the pulse’s id as the :ext:id prop on the resultant media:news node.

  • Add the author of a pulse to the :authors array of the pulse’s media:news node.

v1.10.1 - 2023-06-16

Bugfixes

  • Fix typos in the help output for alienvault.otx.files, alienvault.otx.ip, alienvault.otx.domain, and alienvault.otx.url

  • Handle invalid time values being returned by the whois endpoints.

v1.10.0 - 2023-03-22

Features and Enhancements

  • Update Power-Up to build with code signing.

Bugfixes

  • Fix an issue where certain files would raise BadTypeValu exceptions.

v1.9.0 - 2023-01-05

Features and Enhancements

  • Updated alienvault.otx.domain, alienvault.otx.url, alienvault.otx.files, alienvault.otx.ip commands to automatically pull related pulse and tag information from their respective general endpoints.

  • Update documentation and help strings for Node Actions and the alienvault.otx.ip command.

  • Expand alienvault.otx.pdns command to accept inet:ipv4 and inet:ipv6 nodes.

  • Update alienvault.otx.domain to ingest http_scans endpoint data.

Bugfixes

  • Fix how the malware endpoints iterate through the API pages.

  • Fix an issue in creation of inet:whois:contact nodes.

  • Fix an issue where it:prod:soft nodes created for it:av:filehit nodes would not have their :name property set.

v1.8.0 - 2022-09-28

Features and Enhancements

  • alienvault.otx.address and alienvault.otx.domain updated to link referenced malware files to the input node via a <(refs)- light edge.

Bugfixes

  • Update modelling of alienvault.otx.domain to model returned domain information as inet:http:request

v1.7.0 - 2022-06-21

Features and Enhancements

  • Extract and link ou:name nodes for the “adversary” field in pulses.

  • Extract and link ou:industrname nodes for the “industries” field in pulses.

  • Extract and link it:prod:softname nodes for the “malware_families” field in pulses.

  • Extract and link it:mitre:attack:software nodes for the “malware_families” field in pulses.

  • Extract and link it:mitre:attack:technique nodes for the “attack_patterns” field in pulses.

  • Add the alienvault.otx.pulses.byid command to allow users to load specific pulses by id.

  • alienvault.otx.pdns --debug updated to print the raw response returned from the API.

  • alienvault.otx.urls --debug updated to print the raw response returned from the API.

  • alienvault.otx.files --debug updated to print the raw response returned from the API.

  • alienvault.otx.pulses --debug updated to print the raw response returned from the API.

v1.6.0 - 2022-05-11

Features and Enhancements

  • Update sandbox data ingestion to prefer the :sandbox:file property over :exe where appropriate.

  • Cached API responses are now stored in the JsonStor instead of in nodedata.

Bugfixes

  • Fixed the displayed message for when the API key isn’t set.

v1.5.0 - 2022-03-07

Features and Enhancements

  • Added --resync option to the alienvault.otx.pulses to redownload the entire list of subscribed pulses.

Bugfixes

  • Fixed an issue with alienvault.otx.files erroring out on files that lack certain file metadata.

  • Fixed documentation generation for the alienvault.otx.pulses command.

  • Fill in additional properties for sandbox information.

  • Update it:host guid generation to avoid collisions.

  • Removed a reference to a deprecated property.

  • Fixed an issue with alienvault.otx.ip erroring out on addresses that don’t include ASN information.

v1.4.1 - 2022-01-10

Bugfixes

  • Fix debug behavior for alienvault.otx.ip.

v1.4.0 - 2021-12-30

Features and Enhancements

  • Updated alienvault.otx.files command to process hash:md5 hash:sha1 and hash:sh256 nodes.

  • Added Optic node action to execute alienvault.otx.ip on compatible nodes.

  • Added Optic node action to execute alienvault.otx.url on compatible nodes.

  • Added Optic node action to execute alienvault.otx.files on compatible nodes.

  • Added Optic node action to execute alienvault.otx.domain on compatible nodes.

v1.3.0 - 2021-12-16

Features and Enhancements

  • Fix wording for the help output of the alienvault.otx.pulses command.

  • Use the tags field to populate #rep.alienvault tags onto indicators created from Pulse data.

  • Add alienvault.setup.tagprefix command to customize the tag prefix used for pulse data.

  • Populate sandbox behavior data from the cuckoo sandbox runs.

Bugfixes

  • Added better handling for empty file analysis data.

  • Properly populate it:app:yara:rule nodes with the correct rule text from pulse information.

v1.2.0 - 2021-10-13

Features and Enhancements

  • Populate the .seen property on inet:url nodes created via the alienvault.otx.domain command

  • Add seen light edges to nodes created as a result of the alienvault.otx commands

v1.1.0 - 2021-09-15

Features and Enhancements

  • Add alienvault.otx.ip for enriching inet:ipv4 and inet:ipv6 nodes using AlienVault’s IPv4/IPv6 endpoints.

  • Add alienvault.otx.url for enriching inet:url nodes using AlienVault’s URL endpoint.

  • Add alienvault.otx.files for enriching file:bytes nodes using AlienVault’s File endpoint.

  • Add alienvault.otx.domain for enriching inet:fqdn nodes using AlienVault’s Domain endpoint.

v1.0.1 - 2021-08-20

Bugfixes

  • Added description to power-up definition

v1.0.0 - 2021-08-13

Features and Enhancements

  • Initial release of Synapse-AlienVault v1.0.0.