Changelog

Synapse-AlienVault Changelog

NEXTVERS - 2023-XX-YY

Bugfixes

  • Fix an issue where certain files would raise BadTypeValu exceptions.

v1.9.0 - 2023-01-05

Features and Enhancements

  • Updated alienvault.otx.domain, alienvault.otx.url, alienvault.otx.files, alienvault.otx.ip commands to automatically pull related pulse and tag information from their respective general endpoints.

  • Update documentation and help strings for Node Actions and the alienvault.otx.ip command.

  • Expand alienvault.otx.pdns command to accept inet:ipv4 and inet:ipv6 nodes.

  • Update alienvault.otx.domain to ingest http_scans endpoint data.

Bugfixes

  • Fix how the malware endpoints iterate through the API pages.

  • Fix an issue in creation of inet:whois:contact nodes.

  • Fix an issue where it:prod:soft nodes created for it:av:filehit nodes would not have their :name property set.

v1.8.0 - 2022-09-28

Features and Enhancements

  • alienvault.otx.address and alienvault.otx.domain updated to link referenced malware files to the input node via a <(refs)- light edge.

Bugfixes

  • Update modelling of alienvault.otx.domain to model returned domain information as inet:http:request

v1.7.0 - 2022-06-21

Features and Enhancements

  • Extract and link ou:name nodes for the “adversary” field in pulses.

  • Extract and link ou:industrname nodes for the “industries” field in pulses.

  • Extract and link it:prod:softname nodes for the “malware_families” field in pulses.

  • Extract and link it:mitre:attack:software nodes for the “malware_families” field in pulses.

  • Extract and link it:mitre:attack:technique nodes for the “attack_patterns” field in pulses.

  • Add the alienvault.otx.pulses.byid command to allow users to load specific pulses by id.

  • alienvault.otx.pdns --debug updated to print the raw response returned from the API.

  • alienvault.otx.urls --debug updated to print the raw response returned from the API.

  • alienvault.otx.files --debug updated to print the raw response returned from the API.

  • alienvault.otx.pulses --debug updated to print the raw response returned from the API.

v1.6.0 - 2022-05-11

Features and Enhancements

  • Update sandbox data ingestion to prefer the :sandbox:file property over :exe where appropriate.

  • Cached API responses are now stored in the JsonStor instead of in nodedata.

Bugfixes

  • Fixed the displayed message for when the API key isn’t set.

v1.5.0 - 2022-03-07

Features and Enhancements

  • Added --resync option to the alienvault.otx.pulses to redownload the entire list of subscribed pulses.

Bugfixes

  • Fixed an issue with alienvault.otx.files erroring out on files that lack certain file metadata.

  • Fixed documentation generation for the alienvault.otx.pulses command.

  • Fill in additional properties for sandbox information.

  • Update it:host guid generation to avoid collisions.

  • Removed a reference to a deprecated property.

  • Fixed an issue with alienvault.otx.ip erroring out on addresses that don’t include ASN information.

v1.4.1 - 2022-01-10

Bugfixes

  • Fix debug behavior for alienvault.otx.ip.

v1.4.0 - 2021-12-30

Features and Enhancements

  • Updated alienvault.otx.files command to process hash:md5 hash:sha1 and hash:sh256 nodes.

  • Added Optic node action to execute alienvault.otx.ip on compatible nodes.

  • Added Optic node action to execute alienvault.otx.url on compatible nodes.

  • Added Optic node action to execute alienvault.otx.files on compatible nodes.

  • Added Optic node action to execute alienvault.otx.domain on compatible nodes.

v1.3.0 - 2021-12-16

Features and Enhancements

  • Fix wording for the help output of the alienvault.otx.pulses command.

  • Use the tags field to populate #rep.alienvault tags onto indicators created from Pulse data.

  • Add alienvault.setup.tagprefix command to customize the tag prefix used for pulse data.

  • Populate sandbox behavior data from the cuckoo sandbox runs.

Bugfixes

  • Added better handling for empty file analysis data.

  • Properly populate it:app:yara:rule nodes with the correct rule text from pulse information.

v1.2.0 - 2021-10-13

Features and Enhancements

  • Populate the .seen property on inet:url nodes created via the alienvault.otx.domain command

  • Add seen light edges to nodes created as a result of the alienvault.otx commands

v1.1.0 - 2021-09-15

Features and Enhancements

  • Add alienvault.otx.ip for enriching inet:ipv4 and inet:ipv6 nodes using AlienVault’s IPv4/IPv6 endpoints.

  • Add alienvault.otx.url for enriching inet:url nodes using AlienVault’s URL endpoint.

  • Add alienvault.otx.files for enriching file:bytes nodes using AlienVault’s File endpoint.

  • Add alienvault.otx.domain for enriching inet:fqdn nodes using AlienVault’s Domain endpoint.

v1.0.1 - 2021-08-20

Bugfixes

  • Added description to power-up definition

v1.0.0 - 2021-08-13

Features and Enhancements

  • Initial release of Synapse-AlienVault v1.0.0.