2.2.1

What's Changed

Enhancements 📈

• Add progress bar for long running migrations by @udgover in #1202
• Move hostname_extract under events and fix validator call by @udgover in #1203

Other Changes

• Arango improvements to handle TTL for long running queries and iter over cursor rather than generating a list by @udgover in #1196

Full Changelog: 2.2...2.2.1

2.2

What's Changed

Breaking changes 🧨

• Schemas validation and easy creation by @udgover in #1159
• Please have a look at the new migration step before updating : https://yeti-platform.io/docs/updating/

Enhancements 📈

• Improve schemas loader to handle several classes in same file by @udgover in #1157
• Add AuthSecret observable by @udgover in #1167
• Switch I/O bound path operation functions to non-async by @udgover in #1166
• Indexes by @tomchop in #1168
• Dockerhub analytic update by @udgover in #1178
• Handle max results in Censys analytics to not burn all API quota in a day by @udgover in #1184

Bug fixes 🐛

• Fix Threatfox feed by @0xRet in #1155
• More robust logging by @tomchop in #1171
• Fixes 1154 by @udgover in #1182

Other Changes

• Event queue watcher and reducer by @udgover in #1162
• Consumer config management by @udgover in #1163
• trim queue based on its memory usage rather than its length by @udgover in #1164
• Add new command: webserver-prod by @tomchop in #1170
• Do not publish event when current type is auditlog by @udgover in #1172
• Lazy validation by @udgover in #1175
• Fixes 1153 by providing tag list by @udgover in #1183
• Arango concurrency by @udgover in #1180
• Add datadog metrics submitter listening on all events by @udgover in #1186
• Migrations by @tomchop in #1181

Full Changelog: 2.1.13...2.2

2.1.13

What's Changed

Enhancements 📈

• Add events bus when inserting or updating new object in arangodb by @udgover in #1144
• Increase max tag length to 250 by @tomchop in #1156

Other Changes

• Bugfix in export_name by @tomchop in #1149
• Update AQL Queries to work with Clustered ArangoDB Deploys by @1nv8rzim in #1150
• Improved Log Redaction and Filtering by @1nv8rzim in #1151
• Pin arangodb to 3.11 by @tomchop in #1152

Full Changelog: 2.1.12...2.1.13

2.1.12

What's Changed

Warning: This release contains breaking changes, see below.

Breaking changes 🧨

• Remove templates from database, move to filesystem by @tomchop in #1141

Make sure to export the templates to jinja files before upgrading to this version.

Security 🚨

• Config secret by @tomchop in #1142

Enhancements 📈

• Load schemas dynamically by @udgover in #1135
• Add task related commands by @udgover in #1139
• Add Yeti Package to create several objects defined as json by @udgover in #1140
• Add Support for Exports Read/Writing From S3 Buckets by @1nv8rzim in #1137
• Convert Auth to Being Stateless by @1nv8rzim in #1143
• Load default_tag_expiration from yeti.conf by @mbonino in #1147

Bug fixes 🐛

• Use export name in URL parameter to select export to edit by @tomchop in #1146

New Contributors

• @1nv8rzim made their first contribution in #1137

Full Changelog: 2.1.11...2.1.12

2.1.11

What's Changed

Enhancements 📈

• Regex matching in /graph/match by @tomchop in #1112
• Add the new in operator in neighbor filter by @tomchop in #1114
• Be more flexible when searching patterns by @tomchop in #1116
• DFIQ 1.1 changes by @tomchop in #1122
• Better error handling in DFIQ by @tomchop in #1128
• Link to count by @udgover in #1130
• Related observables count by @udgover in #1131
• Add max length to tags by @tomchop in #1132
• Limit the number of tags that can be sent by @tomchop in #1133
• Exclude related_observables_count from model_dump_json in save method by @udgover in #1134

Bug fixes 🐛

• Bugfix when deleting & exporting DFIQ objects by @tomchop in #1126
• Check that parents are valid before attempting to create DFIQ object by @tomchop in #1127
• Fix bug when clearing parents would not update parents by @tomchop in #1129
• Correction of CVE-2024-45412 thanks @Sim4n6 GHSA-cwwm-pq9x-2cxv

Other Changes

• Do not log contents of body for /user/ paths by @tomchop in #1111
• Use CONTAINS instead of REGEX_TEST by default by @tomchop in #1118
• Handle context overwrite by @udgover in #1120
• Set expiry date on cookie to have persistent browser auth by @tomchop in #1121
• Adds GithubMonitor analytics by @udgover in #1119

Full Changelog: 2.1.10...2.1.11

2.1.10

What's Changed

Enhancements 📈

• update MITRE by @sebdraven in #1094
• Add delete observable endpoint by @sebdraven in #1095
• Add technique ID in aliases by @sebdraven in #1096
• Suricata Rules by @sebdraven in #1102
• Add new dfiq_archive endpoint by @tomchop in #1107

Bug fixes 🐛

• Fix #1097 by @tomchop in #1098
• Fixes date parsing issue by setting date format by @udgover in #1100

New feeds

• Add YARAify by @sebdraven in #1091
• Add ETOpen by @sebdraven in #1105

Other Changes

• Add test for multiple entity types by @tomchop in #1106
• Update deps by @tomchop in #1109

Full Changelog: 2.1.9...2.1.10

2.1.9

This release contains major DFIQ enhancements in terms of edition and visualization.

What's Changed

Enhancements 📈

• DFIQ details by @tomchop in #1086
• Allow for longer expiry delays when issuing browser cookies by @tomchop in #1088

Bug fixes 🐛

• Update sslblacklist_ja3.py by @sebdraven in #1083
• Fix find queries to discriminate on type by @tomchop in #1090

New feeds

• Context in entities by @sebdraven in #1089

Other Changes

• Logging by @tomchop in #1078
• Use default value for browser token expiry by @tomchop in #1093

Full Changelog: 2.1.8...2.1.9

2.1.8

What's Changed

Enhancements 📈

• Update indicators when DFIQ Approaches are created via the API by @tomchop in #1080

Full Changelog: 2.1.7...2.1.8

2.1.7

What's Changed

Enhancements 📈

• Add support for SSL JA3 signatures + feed by @sebdraven in #1068
• Feature: Ability to sort and filter graph traversal by @tomchop in #1067
• OIDC token auth by @tomchop in #1072
• DFIQ API endpoint to upload archives by @tomchop in #1076

Bug fixes 🐛

• Adjust internal bit for Approaches by @tomchop in #1079

New feeds

• Tweaks to the DFIQ feed by @tomchop in #1071
• Update otx_alienvault.py by @sebdraven in #1074
• fixe ssl3blacklist by @sebdraven in #1077

Other Changes

• Change the way links are created in forensicartifacts by @tomchop in #1069
• Bump requests from 2.31.0 to 2.32.0 by @dependabot in #1075

Full Changelog: 2.1.6...2.1.7

2.1.6

Other Changes

• Bump idna from 3.6 to 3.7 by @dependabot in #1063
• Remove usage of deprecated traverse() function by @tomchop in #1066

Full Changelog: 2.1.5...2.1.6