Changelog

Synapse-Group-IB Changelog

v0.6.0 - 2024-06-28

NOTE: This release is considered Beta and may be subject to change.

Features and Enhancements

  • Replace deprecated risk:hasvuln usage with risk:vulnerable.

This release contains an automatic data migration that will run when the package is first upgraded. The migration creates risk:vulnerable nodes from the deprecated risk:hasvuln nodes.

Bugfixes

  • Fix an issue with API responses where the count of returned items used to be an integer but is now a dictionary.

v0.5.0 - 2024-06-05

NOTE: This release is considered Beta and may be subject to change.

Bugfixes

  • Safely skip invalid CPE strings.

v0.4.1 - 2024-05-20

NOTE: This release is considered Beta and may be subject to change.

Bugfixes

  • Fix an issue where large C2 configs would generate an error.

  • Fix an issue where newer API versions were generating invalid risk:threat nodes.

  • Fix an issue where groupib.ti.threat.actors.search was using risk:threat:name to enrich nodes instead of risk:threat:org:name

v0.4.0 - 2024-04-22

NOTE: This release is considered Beta and may be subject to change.

Features and Enhancements

  • Add commands for retrieving compromised account and bank card data.

Bugfixes

  • Fix an issue where enriching media:news nodes created during threat actor ingest would create new media:news nodes rather than updating the existing node.

v0.3.1 - 2024-02-20

NOTE: This release is considered Beta and may be subject to change.

Features and Enhancements

  • Update deprecated $lib.dict() usage to JSON style syntax.

v0.3.0 - 2023-11-22

NOTE: This release is considered Beta and may be subject to change.

Features and Enhancements

  • Add groupib.ti.threat.reports.byid command to retrieve a single report by ID.

  • Add a rep.groupib.ioc tag to nodes when ingesting indicators.

  • Convert threat report HTML to text before scraping to avoid incorrectly matching hashes contained in links.

  • Add groupib.ti.iocs.updated, groupib.ti.malware.configs.updated, groupib.ti.threat.actors.updated, groupib.ti.threat.reports.updated, and groupib.ti.vulns.updated commands which use the /updated versions of the endpoints with seqUpdate logic for iteration. These commands also have a --since-last option which can be used to pull new results since the last run of the command with a particular query.

v0.2.0 - 2023-07-05

NOTE: This release is considered Beta and may be subject to change.

Features and Enhancements

  • Parse additional C2 configuration values.

  • Adjust command names to be under the groupib.ti namespace.

  • Update required permission to power-ups.groupib.ti.user.

  • Add groupib.ti.iocs.search command.

  • Add groupib.ti.vulns.search command.

  • Add groupib.ti.threat.reports.search command.

Bugfixes

  • Fix an issue where the risk:tool:software:tag property was not set.

v0.1.0 - 2023-05-23

NOTE: This release is considered Beta and may be subject to change.

Features and Enhancements

  • Initial beta release of the Synapse-Group-IB Power-Up