Changelog
Synapse-RecordedFuture Changelog
v1.0.0 - 2024-12-12
Features and Enhancements
Updated Power-Up to remove deprecated
it:av:*
forms and replace withit:av:scan:result
.recordedfuture.sandbox.*
commands that ingest analysis results will now yieldit:av:scan:result
nodes.Added an on-demand migration for
it:av:*
nodes. See the Admin Guide for additional details.
v0.12.0 - 2024-09-23
Features and Enhancements
Retrieve and ingest full analyst notes referenced by alerts.
v0.11.1 - 2024-09-11
Bugfixes
Fix an issue where
media:news
nodes for Insikt Group notes related to an alert were not constructed correctly.
v0.11.0 - 2024-08-05
Features and Enhancements
Add a
--size
option to therecordedfuture.sandbox.sample.search
andrecordedfuture.sandbox.sample.list
commands.
Bugfixes
Fix an issue that prevented the
--alertrule
option onrecordedfuture.alert.search
from working.Fix an issue with pagination handling in
recordedfuture.sandbox.sample.search
andrecordedfuture.sandbox.sample.list
.
v0.10.0 - 2024-06-28
Features and Enhancements
Replace deprecated
risk:hasvuln
usage withrisk:vulnerable
.
This release contains an automatic data migration that will run when the package is first upgraded.
The migration creates risk:vulnerable
nodes from the deprecated risk:hasvuln
nodes.
v0.9.0 - 2024-06-05
Bugfixes
Safely skip invalid CPE strings.
v0.8.1 - 2024-05-15
Bugfixes
Fix an issue where invalid malware name values were not handled properly.
v0.8.0 - 2024-03-13
Features and Enhancements
Update
$lib.bytes
usage with$lib.axon
APIs.
v0.7.0 - 2024-02-20
Features and Enhancements
Set the
:ext:id
and:url
properties onmedia:news
nodes created when ingesting analyst notes.Update “sightings” ingest to handle sightings which have no associated URL.
Update deprecated
$lib.dict()
usage to JSON style syntax.
v0.6.0 - 2024-02-06
Features and Enhancements
Add
recordedfuture.sandbox.setup.fakenet
command to define IPv4 ranges to exclude from the ingest for all sandbox commands.
v0.5.1 - 2023-11-01
Bugfixes
Fix an issue where sandbox results containing flows with no start or end times were not handled correctly.
Deprecations
Caching has been removed from the
recordedfuture.riskrules
,recordedfuture.search
,recordedfuture.enrich
,recordedfuture.corefs
, andrecordedfuture.ip.geo
commands, so the--asof
argument has been deprecated and will no longer have any effect.
This release contains an automatic cache cleanup that will run when the package is first upgraded. This will remove cached API response data from the jsonstor for commands which no longer perform caching.
v0.5.0 - 2023-10-05
Features and Enhancements
Add
recordedfuture.notes.search
command to search for and ingest analyst notes from Recorded Future.
v0.4.0 - 2023-08-18
Features and Enhancements
Add
recordedfuture.sandbox.sample.ingest
command for ingesting results from a sample by ID.Add
power-ups.recordedfuture.sandbox.submit
permission to control which users are allowed to submit samples.
Bugfixes
Fix an issue where URL submissions from the Recorded Future Sandbox were not successfully being ingested.
v0.3.0 - 2023-07-21
NOTE: Recorded Future Sandbox requires a separate API key.
Features and Enhancements
Add
recordedfuture.sandbox.*
commands to support interacting with Recorded Future Sandbox.Add
recordedfuture.ip.geo
command for enriching IP addresses with VPN and Geographical Information.Add
recordedfuture.hunting.rules
command for ingesting YARA or Snort rules from Recorded Future Hunting Packages.Add
recordedfuture.daily.ransomware
command for ingesting Daily Ransomware Roundup articles.Risk rules for the
vulnerability
type can now be ingested with therecordedfuture.riskrules
command.Add
vulnerability
as a search type for therecordedfuture.search
command.The
recordedfuture.enrich
andrecordedfuture.corefs
commands now also acceptit:sec:cwe
andrisk:vuln
nodes as input.Add vulnerability searching to the search workflow.
v0.2.0 - 2023-03-29
Features and Enhancements
Add commands and workflow for ingesting Recorded Future alerts.
Add
recordedfuture.feed.c2
command for ingesting C2 feeds.Update CyberVulnerabilty entity ingest to create
risk:vuln
nodes for CVEs.
v0.1.1 - 2022-12-07
NOTE: This release is considered Beta and may be subject to change.
Bugfixes
Fix an issue where nodes added by saving results from the workflow would be linked to new
meta:rule
nodes rather than the existing rules created byrecordedfuture.risk.rules
.
v0.1.0 - 2022-11-16
NOTE: This release is considered Beta and may be subject to change.
Features and Enhancements
Add
recordedfuture.search
command.Update workflow to allow lifting selected entities in the Research Tool.
Bugfixes
Fix a typo in the
recordedfuture.risk.rules
command help.
v0.0.1 - 2022-09-30
NOTE: This release is considered Beta and may be subject to change.
Features and Enhancements
Initial release of the
Synapse-RecordedFuture
Power-Up