Changelog

v4.16.0 - 2025-01-17

Features and Enhancements

Updated deprecated $lib.list() usage.

v4.15.0 - 2024-12-02

Features and Enhancements

Update the service to build from Synapse v2.190.0.

v4.14.0 - 2024-08-15

Features and Enhancements

Update the service to build from Synapse v2.178.0.

v4.13.0 - 2024-06-14

Features and Enhancements

Update the service to build from Synapse v2.171.0.

v4.12.0 - 2024-03-26

Features and Enhancements

Update the service to build from Synapse v2.164.0.
Yara Rules and Matches workflow now searches rules in this order:
- Prefix match on rule name
- Substring match on rule name
- N-gram search on rule text if synapse-search is installed/available - Fall back to regex search on rule text if synapse-search is not installed/available
Previously only prefix searches on the rule name were performed.

v4.11.0 - 2024-03-01

Features and Enhancements

Update the service to build from Synapse v2.164.0.

v4.10.1 - 2024-02-06

Bugfixes

Fix an issue where yara.validate would generate an error when validating a rule without text.

v4.10.0 - 2023-11-15

Features and Enhancements

Update the service to build from Synapse v2.154.1.

v4.9.0 - 2023-10-13

Features and Enhancements

Update the service to build from Synapse v2.151.0.

v4.8.0 - 2023-08-21

Features and Enhancements

Update the service to build from Synapse v2.144.0.

v4.7.0 - 2023-07-28

Features and Enhancements

Update the service to build from Synapse v2.143.0.

v4.6.0 - 2023-07-07

Features and Enhancements

Update the service to build from Synapse v2.141.0.

v4.5.0 - 2023-05-19

Features and Enhancements

Update the service to build from Synapse v2.134.0.

Bugfixes

Fix an issue where the Yara worker could fail to start up properly.

v4.4.0 - 2023-05-09

Features and Enhancements

Add created time column to rules table in the workflow.
Update the yara library to add dotnet support.
Update the service to build from Synapse v2.133.0.

v4.3.0 - 2023-02-02

Features and Enhancements

Update the service to build from Synapse v2.122.0.

v4.2.2 - 2023-01-19

Features and Enhancements

Update the Synapse-Yara workers to use Swarm v3.2.3. This fixes an error seen during service startup.

Documentation

Update docker examples to use the v4.x.x image tag.

v4.2.1 - 2022-12-05

Bugfixes

Fix a packaging issue.

v4.2.0 - 2022-12-05

Features and Enhancements

Add boot hooks to the container entrypoint. Move the entrypoint script to /vertex/synapse/entrypoint.sh.
Temporary file usage, which can occur when retrieving a file from the Axon, is now stored in /vertex/storage/tmp.

Bugfixes

Fix unclear workflow error message when attempting to save a rule with no version set.

v4.1.1 - 2022-10-27

Bugfixes

Fix a packaging issue that prevented the YARA pe module from working as expected.

v4.1.0 - 2022-10-09

Features and Enhancements

Update the service to build from Synapse v2.110.0.

v4.0.0 - 2022-08-30

Features and Enhancements

Update permissions to use power-ups.yara.user rule.
Remove the --rulestag option from yara.match. It is redundant with the --rules option.
Remove the --background option from yara.match. Background based matches should instead use the Storm background command.
Removes the Storm Dmon that was created by the previous version of Synapse-Yara. This Dmon was used to consume matches created with the --background option. Make sure that any previously queued work has been completed prior to upgrading to v4.0.0.
Add a Workflow for managing rules and exploring matches (the previous Optic module has been removed).

v3.13.0 - 2022-08-09

Features and Enhancements

Update to newest yara library (>=4.2.3) to support new features and include security updates in the yara library.

v3.12.0 - 2022-07-01

Features and Enhancements

Update to newest yara library (>=4.2.0) to support new features.

v3.11.0 - 2022-06-01

Documentation

Update documentation for AHA provisioning.

v3.10.0 - 2022-05-17

Features and Enhancements

Update to the newest Synapse v2.93.0 to support AHA provisioning.

Bugfixes

Load storm package readonly to allow containers to run as non-root user.

v3.9.1 - 2022-05-04

Bugfix

Fix an issue where the Yara StormDmon could produce errors when ingesting results if the target View is missing. These now produce warning messages.

v3.9.0 - 2022-03-28

Features and Enhancements

Update the Yara service to build off of the current Synapse base image.

v3.8.0 - 2021-10-05

Features and Enhancements

Update the Optic integration to be compatible with Optic v2.25.0.

v3.7.0 - 2021-07-21

Features and Enhancements

Update the service to use tini as a container entrypoint.

v3.6.0 - 2021-07-14

Features and Enhancements

Update the service to ensure that the meta:source node is always made in the current View prior to creating any nodes which may be linked to it via a light edge. This removes the service onload event as a result.

Bugfixes

Correct the Storm command form hinting to correctly represent nodes which may be yielded from commands.

v3.5.0 - 2021-06-21

Features and Enhancements

Update the service to build from Synapse v2.43.0.

v3.4.0 - 2021-05-17

Features and Enhancements

Update the service to build from Synapse v2.38.0.

Improved Documentation

Highlight the dependency on the Synapse Swarm service.

v3.3.0 - 2021-05-03

Features and Enhancements

Update the service to include libyara engine information in the getCellInfo() API.
Add a yara.info Storm command to display information about the libyara library in use.
Update server-side match logging to be a reasonable volume.

v3.2.0 - 2021-04-26

Features and Enhancements

Update the service to include information for the getCellInfo() API.

v3.1.2 - 2021-04-21

Bugfixes

Fix validation error message Storm output. (#29)

v3.1.1 - 2021-04-20

Bugfixes

Fix Docker smoke tests. (#27)
Prevent startup without Swarm and Axon configured. (#26)
Fix Optic UI module when rule has no text. (#25)
Fix loading delay and rendering issues in Optic UI module. (#24)
Fix Optic UI module loading all rules. (#23)

v3.1.0 - 2021-02-23

Features and Enhancements

Add Optic UI module. (#18) (#19) (#20)
Add Storm function to run match without creating nodes. (#21)

Bufixes

Correct yara.match behavior so that multiple inbound file:bytes nodes are added to one job. (#22)

v3.0.0 - 2021-01-26

Features and Enhancements

Run yara.match in foreground by default, and add --yield option. (#17)
Nodes created when using --background are now created in the view the command was run from. (#17)
yara.match command can optionally take a query to define it:app:yara:rules to match against. (#17)
Update initialization logic to no longer require yara.init. Before upgrading the service the old dmon should be deleted. (#17)

v2.5.0 - 2021-01-09

Features and Enhancements

Build new Docker tags for the latest release in a given major version. For example, this adds the v2.x.x Docker tag. (#14)

v2.4.0 - 2020-12-05

Features and Enhancements

Update Synapse version to v2.13.0
Update Synapse-Swarm version to v2.3.0
Plumb configuration for AHA enabled work units

v2.3.0 - 2020-12-04

Features and Enhancements

Update Synapse version to v2.12.3
Update Synapse-Swarm version to v2.2.0

v2.2.2 - 2020-08-06

Features and Enhancements

Update the minimum required Synapse Swarm version for building the Synapse Yara image to v2.2.1. (#9)

v2.2.1 - 2020-07-23

Bugfixes

Fix Docker smoke test for tagged releases. (#8)

v2.2.0 - 2020-07-23

Features and Enhancements

Additional help information for Storm commands. (#7)
Add Docker smoke tests to CI pipeline. (#6)

Bugfixes

Fix rulesbytag option for yara.match. (#4)

Improved Documentation

Fix typos and add clarification for multiple hosts. (#5)

v2.1.0 - 2020-06-30

Improved Documentation

Add Initial Documentation. (#3)

v2.0.0 - 2020-06-09

Features and Enhancements

Initial release of the Synapse Yara service.