Changelog

Synapse-VMRay Changelog

v2.0.0 - 2024-02-20

Features and Enhancements

  • Update Power-Up to remove deprecated it:av:* forms and replace with it:av:scan:result.

  • Add an on-demand migration for it:av:filehit nodes. See the Admin Guide for additional details.

  • Update deprecated $lib.dict() usage to JSON style syntax.

Bugfixes

  • Fix an issue where not all nodes had a seen edge to the meta:source added.

v1.9.0 - 2023-11-16

Features and Enhancements

  • Automatically populate the sample_filename_b64enc submission parameter using the :name property from file:bytes nodes.

v1.8.0 - 2023-10-16

Features and Enhancements

  • Use a more detailed name and description for it:host nodes created for sandbox runs.

  • Add verdict and classification tags to the file:bytes node.

  • Add it:av:filehit nodes for returned threat names.

  • Set file:bytes:name if it is not already set.

Bugfixes

  • Fix ingest bug which created it:dev:regval nodes without a :key property.

v1.7.1 - 2023-04-13

Bugfixes

  • Use conditional assignment on it:host:desc to handle cases where the host description is unset in the response.

v1.7.0 - 2023-03-22

Features and Enhancements

  • Update Power-Up to build with code signing.

v1.6.0 - 2022-07-13

Features and Enhancements

  • Automatically fetch any malware configuration data as part of vmray.sample.iocs.

  • Add ability to query VMRay for IOCs related to a given inet:url or inet:fqdn.

  • VMRay Threat Identifiers are now modelled as meta:rule nodes with matches light edges to the input node.

  • Nodes with associated VMRay Threat Identifiers are now tagged with rep.vmray.vtis.<ID>, where ID is the ID of the VMRay Threat Identifier

Bugfixes

  • Fix an issue in GUID generation for inet:flow IOCs.

v1.5.0 - 2022-06-20

Features and Enhancements

  • Add vmray.sample.submit to submit samples to VMRay for analysis.

v1.4.0 - 2022-05-11

Features and Enhancements

  • Cached API responses are now stored in the JsonStor instead of in nodedata.

  • Update sandbox data ingestion to prefer the :sandbox:file property over :exe where appropriate.

v1.3.0 - 2022-01-27

Features and Enhancements

  • Update it:host creation to use the :desc property to record host description rather than the deprecated :model property.

v1.2.1 - 2022-01-10

Bugfixes

  • Fix an issue where it:host nodes were being re-used when ingesting data. This only applies to new data being added (or re-added).

  • Clarify a warning message related to VMRay not containing analysis results.

v1.2.0 - 2021-12-16

Features and Enhancements

  • Improve modeling of domain IOCs by modeling the protocol information (for DNS and HTTP/HTTPS requests).

  • Update modeling of domain information as inet:dns:a/inet:dns:aaaa nodes instead of inet:url nodes.

  • Model files marked as “Embedded File” as file:subfile nodes.

v1.1.0 - 2021-10-13

Features and Enhancements

  • Add -(refs)> light edges that go from the file:bytes of a report to the associated IOCs.

Bugfixes

  • Initialize meta:source node before potentially adding -(seen)> light edges.

v1.0.1 - 2021-10-06

Bugfixes

  • Add description to storm package

  • Fix issue in vmray.sample.iocs related to invalid query parameters

v1.0.0 - 2021-10-04

Features and Enhancements

  • Initial release of the Synapse-VMRay Power-Up