Changelog

Synapse-RecordedFuture Changelog

v1.2.0 - 2025-05-30

Features and Enhancements

  • Updated recordedfuture.corefs and recordedfuture.notes.search to populate the it:exec:query:synuser property.

v1.1.0 - 2025-01-27

Automatic Migrations

  • Migrated all it:av:filehit, it:av:prochit, and it:av:sig nodes created by Synapse-RecordedFuture to it:av:scan:result nodes. The migrated nodes are removed by this migration.

Features and Enhancements

  • Deprecated recordedfuture.sandbox.migrationAvHit() on-demand migration function.

v1.0.1 - 2025-01-17

Bugfixes

  • Fixed an issue where invalid port numbers were not handled correctly.

v1.0.0 - 2024-12-12

Features and Enhancements

  • Updated Power-Up to remove deprecated it:av:* forms and replace with it:av:scan:result. recordedfuture.sandbox.* commands that ingest analysis results will now yield it:av:scan:result nodes.

  • Added an on-demand migration for it:av:* nodes. See the Admin Guide for additional details.

v0.12.0 - 2024-09-23

Features and Enhancements

  • Retrieve and ingest full analyst notes referenced by alerts.

v0.11.1 - 2024-09-11

Bugfixes

  • Fix an issue where media:news nodes for Insikt Group notes related to an alert were not constructed correctly.

v0.11.0 - 2024-08-05

Features and Enhancements

  • Add a --size option to the recordedfuture.sandbox.sample.search and recordedfuture.sandbox.sample.list commands.

Bugfixes

  • Fix an issue that prevented the --alertrule option on recordedfuture.alert.search from working.

  • Fix an issue with pagination handling in recordedfuture.sandbox.sample.search and recordedfuture.sandbox.sample.list.

v0.10.0 - 2024-06-28

Features and Enhancements

  • Replace deprecated risk:hasvuln usage with risk:vulnerable.

This release contains an automatic data migration that will run when the package is first upgraded. The migration creates risk:vulnerable nodes from the deprecated risk:hasvuln nodes.

v0.9.0 - 2024-06-05

Bugfixes

  • Safely skip invalid CPE strings.

v0.8.1 - 2024-05-15

Bugfixes

  • Fix an issue where invalid malware name values were not handled properly.

v0.8.0 - 2024-03-13

Features and Enhancements

  • Update $lib.bytes usage with $lib.axon APIs.

v0.7.0 - 2024-02-20

Features and Enhancements

  • Set the :ext:id and :url properties on media:news nodes created when ingesting analyst notes.

  • Update “sightings” ingest to handle sightings which have no associated URL.

  • Update deprecated $lib.dict() usage to JSON style syntax.

v0.6.0 - 2024-02-06

Features and Enhancements

  • Add recordedfuture.sandbox.setup.fakenet command to define IPv4 ranges to exclude from the ingest for all sandbox commands.

v0.5.1 - 2023-11-01

Bugfixes

  • Fix an issue where sandbox results containing flows with no start or end times were not handled correctly.

Deprecations

  • Caching has been removed from the recordedfuture.riskrules, recordedfuture.search, recordedfuture.enrich, recordedfuture.corefs, and recordedfuture.ip.geo commands, so the --asof argument has been deprecated and will no longer have any effect.

This release contains an automatic cache cleanup that will run when the package is first upgraded. This will remove cached API response data from the jsonstor for commands which no longer perform caching.

v0.5.0 - 2023-10-05

Features and Enhancements

  • Add recordedfuture.notes.search command to search for and ingest analyst notes from Recorded Future.

v0.4.0 - 2023-08-18

Features and Enhancements

  • Add recordedfuture.sandbox.sample.ingest command for ingesting results from a sample by ID.

  • Add power-ups.recordedfuture.sandbox.submit permission to control which users are allowed to submit samples.

Bugfixes

  • Fix an issue where URL submissions from the Recorded Future Sandbox were not successfully being ingested.

v0.3.0 - 2023-07-21

NOTE: Recorded Future Sandbox requires a separate API key.

Features and Enhancements

  • Add recordedfuture.sandbox.* commands to support interacting with Recorded Future Sandbox.

  • Add recordedfuture.ip.geo command for enriching IP addresses with VPN and Geographical Information.

  • Add recordedfuture.hunting.rules command for ingesting YARA or Snort rules from Recorded Future Hunting Packages.

  • Add recordedfuture.daily.ransomware command for ingesting Daily Ransomware Roundup articles.

  • Risk rules for the vulnerability type can now be ingested with the recordedfuture.riskrules command.

  • Add vulnerability as a search type for the recordedfuture.search command.

  • The recordedfuture.enrich and recordedfuture.corefs commands now also accept it:sec:cwe and risk:vuln nodes as input.

  • Add vulnerability searching to the search workflow.

v0.2.0 - 2023-03-29

Features and Enhancements

  • Add commands and workflow for ingesting Recorded Future alerts.

  • Add recordedfuture.feed.c2 command for ingesting C2 feeds.

  • Update CyberVulnerabilty entity ingest to create risk:vuln nodes for CVEs.

v0.1.1 - 2022-12-07

NOTE: This release is considered Beta and may be subject to change.

Bugfixes

  • Fix an issue where nodes added by saving results from the workflow would be linked to new meta:rule nodes rather than the existing rules created by recordedfuture.risk.rules.

v0.1.0 - 2022-11-16

NOTE: This release is considered Beta and may be subject to change.

Features and Enhancements

  • Add recordedfuture.search command.

  • Update workflow to allow lifting selected entities in the Research Tool.

Bugfixes

  • Fix a typo in the recordedfuture.risk.rules command help.

v0.0.1 - 2022-09-30

NOTE: This release is considered Beta and may be subject to change.

Features and Enhancements

  • Initial release of the Synapse-RecordedFuture Power-Up