Changelog¶
Changelog¶
v4.8.0 - 2023-01-31¶
Features and Enhancements¶
Update file report ingest to create
it:sec:c2:config
andrisk:tool:software
nodes for extracted malware configs.
v4.7.4 - 2023-01-05¶
Bugfixes¶
Update
inet:flow
andinet:dns:request
nodes created from contacted_domains and contacted_ips file relationships to set the:sandbox:file
prop rather than:exe
or:src:exe
.
v4.7.3 - 2022-10-10¶
Bugfixes¶
Set the corresponding hash property on
file:bytes
nodes created byvirustotal.file.behavior
when enriching by MD5 or SHA-1 hash.
v4.7.2 - 2022-10-07¶
Bugfixes¶
Fix an issue with handling malformed historical WHOIS records.
v4.7.1 - 2022-10-07¶
Bugfixes¶
Fix an issue with handling malformed WHOIS records.
v4.7.0 - 2022-09-22¶
Features and Enhancements¶
Add
virustotal.enrich
command for enriching nodes with VirusTotal report data.Add
virustotal.domain.relationships
,virustotal.ip.relationships
, andvirustotal.url.relationships
commands for retrieving object relationship data.Add dependency requirements to package definition.
v4.6.0 - 2022-09-02¶
Features and Enhancements¶
Add Node Actions for
virustotal.ssl.history
andvirustotal.whois.history
.Update the
crypto:x509:certificate:serial
behavior to reflect the modeling change in Synapsev2.104.0
.Update
virustotal.search
andvirustotal.file.search
to createit:exec:query
nodes with-(found)>
edges.
Bugfixes¶
Fix example in User Guide documentation.
v4.5.0 - 2022-06-01¶
Features and Enhancements¶
Support Synapse-FileParser >= 4.0.0.
Bugfixes¶
Fix an issue where additional permissions were required to use Synapse-FileParser.
v4.4.0 - 2022-05-11¶
Features and Enhancements¶
Add
virustotal.file.relationships
command for retrieving file relationship data.Update
virustotal.file.report
to also pull contacted_ips, contacted_domains, and contacted_urls by default.Update
virustotal.urls
to createinet:http:request
nodes with additional HTTP response data if available.Update
virustotal.dlfiles
to acceptinet:url
nodes.Update
virustotal.dlfiles
to createinet:urlfile
nodes for all inbound node types.inet:download
nodes will no longer be created forinet:ipv4
nodes.Cached API responses are now stored in the JsonStor instead of in nodedata.
Update sandbox data ingestion to prefer the
:sandbox:file
property over:exe
where appropriate.
v4.3.2 - 2022-04-06¶
Bugfixes¶
Fix an issue in response handling when deleting livehunt notifications.
Fix a pagination issue in livehunt queries.
v4.3.1 - 2022-04-06¶
Bugfixes¶
Update page result limit for
virustotal.livehunt.files
queries.
v4.3.0 - 2022-04-05¶
Features and Enhancements¶
Add
virustotal.ssl.history
command for retrieving historical SSL certificates.Add
virustotal.whois.history
command for retrieving historical WHOIS records.Add
virustotal.livehunt.files
command for retrieving livehunt notifications.Add
virustotal.livehunt.notifications.delete
command for deleting livehunt notifications.
Bugfixes¶
Use correct
meta:source
node when generating userguide and normalize the:name
field to the current convention.Fix a typo in the
virustotal.file.behavior
command help.Add missing
-(refs)>
edges frominet:search:query
nodes to search results.Update
.seen
oninet:url
andinet:ipv4
nodes returned in search results when possible.
v4.2.0 - 2022-01-19¶
Features and Enhancements¶
Update
it:host
creation to use the:desc
property to record host description rather than the deprecated:model
property.Add
virustotal.search
command which queries the /api/v3/search endpoint rather than the /api/v3/intelligence/search endpoint used byvirustotal.file.search
.Add ingest handlers for domain, ip, and url results returned by search queries.
v4.1.0 - 2022-01-04¶
Bugfixes¶
Clarify warning message output for invalid API keys.
Deprecations¶
Deprecate the
virustotal.setup.tagdns
andvirustotal.setup.tagip
commands. Thevirustotal.file.behavior
command will no longer apply tags configured by these commands toinet:flow
nodes and the commands will be removed in v5.0.0.
v4.0.2 - 2021-11-02¶
Bugfixes¶
Fix an issue where
it:av:filehit
nodes were not being created.
v4.0.1 - 2021-10-06¶
Bugfixes¶
Add description to storm package
v4.0.0 - 2021-10-04¶
Features and Enhancements¶
Initial release of the
Synapse-VirusTotal
Power-Up v4.0.0
Updating from 3.x.x¶
The previous 3.x.x
version of Synapse-VirusTotal
was distributed as
a Storm Service using a Docker container. This service must be removed from
the Cortex prior to updating.
See the Admin Guide for details on setting up the API key and user permissions.