Skip to content

Version 1.2.7
Compare
Choose a tag to compare
@HugoSoszynski HugoSoszynski released this 27 May 09:36
· 42 commits to master since this release
v1.2.7
53d1aa2
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Changelog

!!! CAUTION: LOTS OF BREAKING CHANGES IN THIS RELEASE !!!

Core

  • FIX unsigned integer parsing in parameters

Session

  • FIX In case of parsing error of the body with a client waiting for response would not respond and go back to listening. Now sends a JSON with an error message and an error code.

Rework of RedisManager

  • remove janitor thread -> all connection checks are done by the threads and are time based
  • simplify connection management -> no master AND replica connection
  • add ability to search and connect to new valid connection if query fails during call
  • add rate limiting when doing researches -> no flood of existing Redis replicas
  • keep configured and found Redis instances for reconnections/discovery

ThreadManager

  • add possibility to change default wake-up interval

Toolkit

Files

  • Added filename formating utils

CMake

Boost:

  • fully use the cmake module to find required Boost components (core and filters)
  • prefer static libs over dynamic ones

Hiredis:

  • add a module to find hiredis libs
  • prefer static libs over dynamic ones

Mlpack:

  • add a module to find mlpack libs and sources
  • automatically try to add openmp to compilation if mlpack was compiled with it
  • prefer static libs over dynamic ones

Armadillo:

  • include modules from Cmake and Armadillo projects to find Armadillo and dependent libs

Faup:

  • add a module to find faup libs and sources
  • prefer static libs over dynamic ones

Yara/Content_inspection:

  • add a module to find yara libs and sources
  • silence libcrypto not found on some architectures
  • add OpenSSL's crypto lib in dependencies

Tensorflow:

Misc:

  • improve threading library detection

Tests

  • FIX single equal sign on tests requirements for redis module
  • minor refactor of redis and filter classes -> remove Redis from default Filter class
  • BREAKING CHANGE change and complete Redis tests:
    • simple_master_server = test simple master connection
    • master_replica = test simple connection through initial replica
    • master_replica_master_temp_fail = test behaviour during temporary disconnection of master when connected through initial replica
    • master_replica_transfer_no/with_healthcheck = test connection transfer from one server to the other, after master change, without and with healthcheck involved
    • master_replica_failover_no/with_healthcheck = test connection failover from one (failing) server to a new master, without and with healthcheck involved
    • multi_thread_master = test proper behaviour of redis manager with multithreading (one connection per thread)
    • master_replica_discovery_rate_limiting = test discovery rate limiting with multithreading
  • Updated Hostlookup tests to cover more failure behavior and new DB format

Manager

  • Fix requirements (#182)

Filters

Global

  • use new RedisManager to handle reconnection automatically if query fails
  • FIX unescaped double quotes in strings inside of the logs formatted as JSON

Tanomaly

  • BREAKING CHANGE only start detection thread when filter is connected to a Redis master through an unix socket (filter with a local Redis master will start detection, otherwise will simply add entries to Redis)
  • BREAKING CHANGE remove ability to start/stop detection thread through body
  • FIX body validation regex
  • new parameter 'detection_frequency' -> interval between 2 detection triggers
  • new parameter 'start_detection_thread' to manually start it
  • don't stop detection thread when unable to query Redis data

Hostlookup

  • Added compatibility with a new json db format
    • Added db_type optional field to configuration :
      • text for basic text format
      • json for the new JSON format
      • Default is text
    • Feed name is the file name without extention in text mode
  • BREAKING Updated the alert raised to include the feed name and changed the "host" field for "entry" to transition to a more generic filter.

Content Inspection

  • FIX example conf

Test filter

  • add redis capabilities
    • new parameter 'redis_list_name'
    • new parameter 'redis_channel_name'
    • possibility to trigger a Redis LPUSH with message trigger 'trigger_redis_list'
    • possibility to trigger a Redis channel publish with message trigger 'trigger_redis_channel'

Github

  • FIX Moved PR template to .github/ dir, to be used automatically when creating a PR
  • add workflow to build docker dev image
    • able to compile Darwin
    • able to launch test (excluding proprietary filters such as DGA)
  • add workflow to build release image(s)
    • able to run all open-source filters

Docker

  • add dockerfile to compile dependencies and create "development" and "release" images
Assets 3
Loading