forked from arkime/arkime
-
Notifications
You must be signed in to change notification settings - Fork 0
/
CHANGELOG
155 lines (144 loc) · 6.49 KB
/
CHANGELOG
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
0.9.0 2013/08/26
- 32bit fix for lpd/fpd
- easybutton now uses nodejs 0.10, 0.8 is still supported for now
- Work around for tcp seq number wrapping causing viewer exit
- dns parsing core fix
- switch to nonblocking pcap saves
- more debuging info on proxy failure
- Fixed bug when setting viewUrl
- Limit number of libnids errors (issue #115)
- Display possible reasons for libnids IP Header error
- Another domainless hostname fix (issue #116)
- Exports should be between 2x-5x faster
- Added actions menu for search/sessions
- Scrub and Delete actions, user must have remove right enabled (issue #119, issue #89)
- Add/Remove(remove right required) tags actions
- Hourly rotation (issue #122)
- unique.txt fixes (issue #123)
- Actions can be done on linked sessions (issue #120)
- SPI Graph auto refresh (issue #111)
- Better error handling for SPI data display (issue #109)
- List queries using [] syntax (issue #106)
- user prefs with timezone display (issue #95)
- Basic IRC searches
- Disk Queue stats display
0.8.7 2013/07/12
- Use recent versions of express which REQUIRES "npm install" in viewer directory
- Use recent version of jade which requires extra spaces, use "git diff -w" to
- Now index Host headers with and without port
- pcapng exporting with meta data
- Basic upload feature, doesn't support transfers of meta data yet
- addUser.js has better help and error reporting
- ES optimizations to use bool instead of and/or, also use regexp filter
instead of regexp query
- Changed ES stats shown to hopefully more useful ones
- Fixed viewer exit on empty data gzip decode
0.8.6 2013/06/20
- Deal with non data ES nodes
- Viewer prints error if it can't find pcapDir setting
- New setting dbFlushTimeout that controls how often we flush to ES
- New setting compressES that turns on compresesion to ES, requires
http.compression: true in elasticsearch yml file
- libnids was overreporting traffic, switch to libpcap stats,
bytes/sec and total bytes/sec in stats will be lower
- Fixed recent jade warnings
- Fixed openned export
- minor ui improvements
0.8.5 2013/06/14
- NOTICE: Requires at least 0.90.1 ES
- New export dialog that asks for filename and number selection
- spigraph shows health, decodes tags/ips, has sort by name
- spigraph/spiview show total counts
- upgrade to jvectormap 1.2.2 which fixes spigraph issues
- deal with 113 (SLL) pcap type
- header search and header cnt search didn't always work
- ignore case of trailing .pcap when processing a directory
- fixed bad bug with exporting large files corrupting pcap
- HTTP file decoding works better
- On exit ignore http queue limits
0.8.4 2013/05/28
- NOTICE: Last version to support 0.20 ES
- NOTICE: Changed some expressions, old versions are supported for now
email.ct* => email.content-type*
email.mv* => email.content-type*
email.id* => email.message-id*
email.ua* => email.x-mailer*
header* => http.hasheader*
ua* => http.user-agent*
http.ua* => http.user-agent*
- valgrind fixes and memory reduction
- New SPI Graph tab which lets you graph an expression per field
- Now possible to chose which http request, response and smtp headers
to index using headers-http-request, headers-http-response,
headers-email sections
- Session Graph now shows the full queried range instead of data
available range
- Fixed db.pl wipe error
- Added density to db.pl info
- Added override-ips config section that allows overriding of
country, tag, asn for ips and cidr ips
- Clean up add users UI a little, and clear fields on successful add
0.8.3 2013/05/09
- full text for uri is now available
- regex searches using == /REGEXHERE/
regex can be slow so be careful
- regex and wildcard searches full text instead of tokenized
- fixed bug with uri.cnt not be recorded
- filenumber generation rewritten, can now deal with
multiple instances running and other edge cases
- http body content is md5, although the encoded
and non encoded version will get different md5s
- detect when npm install needs to be run
- quoted strings and regex strings detect better
- new centerTime=time&timeWindow=minutes option to do +- views
- show tags names in unique views
- remember view setting for future session views
- DNS qclass and qtype tags
- Upgrade yara and glib version
0.8.2 2013/04/29
- Install ES 0.90
- fixed dropped packet stats
- netflow plugin (issue #27)
- memory capture improvements
- record capture memory in stats
- record filesize for offline pcap
- remove port from http host header (issue #63)
- db.pl prints more info by default, multiple -v even more
information, and new info command
- fixed viewer crashes if pcap can't be read (issue #67)
- minor css cleanup
- Display CERT info in session view
0.8.1 2013/04/19
- Should support nodejs 0.10.3, but still use 0.8.23 for now
- Support RAW link type pcap files
- renamed decode.js to pcap.js
- Setting spiDataMaxIndices to -1 allows all for spiview
- Log userId for requests
- fixed uri.cnt
- don't exit moloch-capture until all file creates finish
0.8.0 2013/04/17
- New SPI View tab, REQUIRES elasticsearch 0.90 RC2 or later
- config spiDataMaxIndices controls how many indices to run against since
spiview feature can cause elastic search to blowup memory.
- display date as year/mon/day
- Lots of UI cleanup, slighly less ugly as before hopefully
- 32 bit builds should work
- Fixed bug where status codes/http methods weren't always recorded
- New SMTP plugin callbacks, more to come
- offline capture reading should work better with old libpcap versions
- DB now stores full and tokenized version of user agents, ASNs, and cert info
- verify the config file has a defaults section
- display elastic search health for admin users on pages
- display elastic search stats on stats page
- display ip protocol friendly name
- display simple png view of raw session data and attachments on mouseover,
requires "npm install" in viewer directory
- new much more accurate world map [thanks Dave]
- fixed user name XSS issue [thanks z0mbiehunt3r]
- fixed many viewer exits
- timestamp display option in sessionDetail
- graph now uses seconds if less then 30 minutes and hours if more
then 5 days. This makes display faster
- Refactored how capture stores spi data in memory
- Refactored hash table code
- Added host.dns, host.http, host.email