forked from zeek/spicy-analyzers
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCHANGES
296 lines (162 loc) · 7.99 KB
/
CHANGES
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
0.2.25 | 2021-11-03 16:33:43 +0100
* Improvements in LDAP logging (fox-ds)
0.2.24-5 | 2021-11-02 11:54:12 +0100
* Show diff if pre-commit fails. (Benjamin Bannier, Corelight)
* Check for invalid STUN error classes and numbers. (Benjamin Bannier, Corelight)
* Prettier representation of STUN error code attribute values. (Seth Grover)
0.2.24 | 2021-10-15 10:38:05 +0200
* Release 0.2.24.
0.2.23-15 | 2021-10-15 10:37:49 +0200
* Add docstrings to CMake functions and macros. (Benjamin Bannier, Corelight)
* Break overlong strings. (Benjamin Bannier, Corelight)
* Reformat CMake files with cmake-format. (Benjamin Bannier, Corelight)
* Place comment before long invocation. (Benjamin Bannier, Corelight)
* Cache pre-commit artifacts. (Benjamin Bannier, Corelight)
* Bump pre-commit-hooks. (Benjamin Bannier, Corelight)
0.2.23-8 | 2021-10-06 17:59:24 +0200
* [LDAP] Redact clear text passwords by default in LDAP simple
binds. (Keith Jones, Corelight)
* [LDAP] Enable UDP. (Keith Jones, Corelight)
0.2.23-5 | 2021-10-02 09:05:42 +0200
* GH-88: Copy over Zeek DPS signatures for analyzers we replace
(HTTP and DHCP). (Benjamin Bannier, Corelight)
0.2.23-2 | 2021-09-15 10:44:23 +0200
* Adjust macos job for recent Cirrus CI images changes. (Benjamin Bannier, Corelight)
0.2.23 | 2021-09-14 13:51:02 +0200
* GH-77: Explicitly list scripts to install. (Benjamin Bannier, Corelight)
* Move analyzers one level up. (Benjamin Bannier, Corelight)
0.2.22 | 2021-08-27 09:19:09 +0200
* GH-81: Fix test `protocol.facefish_rootkit.facefish_full_pcap` for zeek-4.1.0. (Benjamin Bannier, Corelight)
* Remove use of Zeek's `-B` flag in tests. (Benjamin Bannier, Corelight)
* Add zeek-4.1.0 to the CI. (Benjamin Bannier, Corelight)
0.2.21 | 2021-08-03 12:03:34 +0200
* Fix a typo in STUN analyzer. (Keith Jones)
0.2.20 | 2021-07-30 16:07:50 +0200
* Bump minimum Spicy version to 1.2.0. (Benjamin Bannier, Corelight)
0.2.19-5 | 2021-07-17 10:47:01 +0200
* [ZIP] Fix a version a version issue where scripts could end up
being loaded even when we didn't compile the analyzer. (Robin
Sommer, Corelight)
* [LDAP] Fix an issue where a switch's `&parse-from` attribute could
end up accessing a unit field even when it wasn't set. (Robin
Sommer, Corelight)
* Remove support for Spicy-side in-tree build. (Robin Sommer,
Corelight)
* Pull in new CMake logic and testing scripts from spicy-plugin.
(Robin Sommer, Corelight)
0.2.19 | 2021-07-11 08:51:59 +0200
* [STUN] Fix indexing. (Keith Jones, Corelight)
0.2.18 | 2021-07-06 20:34:11 +0200
* Make Facefish detection more robust by requiring two way communication. (Keith Jones, Corelight)
0.2.17-2 | 2021-07-06 20:31:41 +0200
* GH-46: Fixing false positives discussed in issue #46. (Keith Jones, Corelight)
0.2.17 | 2021-07-05 20:17:24 +0200
* Added OpenVPN HMAC MD5, SHA256 and SHA512 variants to increase detections. (Keith Jones, Corelight)
0.2.16-6 | 2021-06-24 19:51:38 +0200
* Added Tailscale. (Keith Jones, Corelight)
* Add resources developers might find useful in the future. (Keith Jones, Corelight)
0.2.16 | 2021-06-23 12:29:37 +0200
* Release 0.2.16.
0.2.15-9 | 2021-06-23 12:28:27 +0200
* Added STUN protocol. (Keith Jones, Corelight)
0.2.15 | 2021-06-08 13:37:39 +0200
* Release 0.2.15.
0.2.14-10 | 2021-06-08 13:35:56 +0200
* GH-35: Implement LDAP analyzer enhancements after upstream change.
- Expose ASN1String as a Spicy string.
- Use unit switch &parse-from construct.
- Remove workaround for zeek/spicy-plugin#35. (Benjamin Bannier, Corelight)
0.2.14-6 | 2021-06-08 13:34:24 +0200
* Added Facefish rootkit analyzer. (Keith Jones, Corelight)
0.2.14 | 2021-05-31 12:53:33 +0200
* Add ZIP analyzer. (Robin Sommer, Corelight)
This decompresses ZIP files and feeds their content back recursively
into Zeek's file analysis.
0.2.13 | 2021-05-31 12:03:12 +0200
* Make parallel build and test opt-out instead of opt-in. (Benjamin Bannier,
Corelight)
* Build package without any parallelism. (Benjamin Bannier, Corelight)
0.2.12 | 2021-05-19 14:16:26 +0200
* Add LDAP protocol analyzer. (Seth Grover)
0.2.11 | 2021-05-17 09:39:00 +0200
* Remove `analyzer_id` from scripts for IPSec. (Keith Jones)
0.2.10-4 | 2021-05-05 11:49:06 +0200
* Add Aruba Networks vendor ID info. (Keith Jones, Corelight)
0.2.10-2 | 2021-05-04 09:02:25 +0200
* Removed duplicate line in IPSec constants. (Keith Jones)
0.2.10 | 2021-04-23 10:52:52 +0000
* [IPSec] Add more vendor IDs. (Keith Jones, Corelight)
0.2.9 | 2021-04-22 11:58:38 +0000
* [IPSec] Fix various vector parsing issues and remove typing from a
type where we don't know all cases yet. (Keith Jones, Corelight)
0.2.8-6 | 2021-04-20 07:11:11 +0000
* GH-47: Update source for trace file. (Robin Sommer, Corelight)
0.2.8-4 | 2021-04-16 08:40:20 +0000
* [IPSec] Small cleanup. (Keith Jones, Corelight)
0.2.8 | 2021-03-31 15:54:20 +0000
* [Wireguard] Add missing existence check. (Keith Jones, Corelight)
0.2.7 | 2021-03-31 09:55:16 +0000
* GH-36: [DNS] Implement SVR resource record. (Robin Sommer, Corelight)
0.2.6 | 2021-03-31 09:42:47 +0000
* Add IPSec analyzer. (Keith Jones, Corelight)
0.2.5-5 | 2021-03-31 08:24:57 +0000
* Document the sources of our traces files. (Robin Sommer, Corelight)
* GH-40: Add MacOS Big Sur CI task. (Benjamin Bannier, Corelight)
* Allow running CI as non-root user. (Benjamin Bannier, Corelight)
0.2.5 | 2021-03-29 12:38:45 +0000
* [Wireguard] Change logging to only have one line per connection
that tracks connection establishment as well as the number of
handshake initiation and response packets. (Johanna Amann,
Corelight)
* [Wireguard] Fix Zeek 3.x compatibility (Johanna Amann, Corelight)
0.2.4-2 | 2021-03-26 16:36:52 +0000
* Fix for in-tree Spicy build. (Robin Sommer, Corelight)
0.2.4 | 2021-03-26 15:49:07 +0000
* GH-31: Install Zeek scripts as well during manual install. (Robin
Sommer, Corelight)
* Let package depend on spicy-plugin. (Robin Sommer, Corelight)
0.2.3-14 | 2021-03-25 19:38:52 +0100
* Fix test & CI instabilities. (Benjamin Bannier, Corelight)
0.2.3-2 | 2021-03-24 07:05:49 +0000
* Limit parsing of a PE file's strings to 512 bytes (Jon Siwek,
Corelight)
0.2.3 | 2021-03-22 16:47:25 +0000
* Add OpenVPN protocol analyzer. (Keith Jones, Corelight)
0.2.2-6 | 2021-03-18 15:41:07 +0100
* Cleanup CI platforms for zeek-4.0.0 as LTS release. (Benjamin
Bannier)
* Disable JIT parallelism in CI. (Benjamin Bannier)
* Install Spicy from upstream package. (Benjamin Bannier)
0.2.2 | 2021-03-18 12:25:10 +0000
* GH-10: [HTTP] Fix potential analyzer error reporting unset field.
(Robin Sommer, Corelight)
0.2.1 | 2021-03-18 09:47:44 +0000
* GH-817: Extend PNG test to catch Spicy's #817. (Robin Sommer, Corelight)
* Add file tests to btest config. (Robin Sommer, Corelight)
0.2.0 | 2021-03-15 19:20:12 +0000
* Release 0.2.0.
0.1.0-23 | 2021-03-15 19:19:31 +0000
* Update README. (Robin Sommer, Corelight)
* GH-10: [DNS] Add missing event parameters. (Robin Sommer,
Corelight)
0.1.0-17 | 2021-03-15 19:02:19 +0000
* GH-10: [DNS] Add missing event parameters.
0.1.0-16 | 2021-03-15 18:46:56 +0000
* Split CI zkg run into separate test and install steps, and fix
test execution. (Robin Sommer, Corelight)
0.1.0-12 | 2021-03-15 13:55:57 +0000
* Add Portable Executable (PE) file format parser. The current
parses headers along with import/export tables. (Jon Siwek,
Corelight)
0.1.0-9 | 2021-03-15 10:18:38 +0000
* [Wireguard] Check zeroes in protocol and tighten DPD. (Johanna
Amann, Corelight)
* [Wireguard] GH-13: Check there is no data after handshake
messages. (Johanna Amann, Corelight)
0.1.0-6 | 2021-03-12 17:37:22 +0000
* Fix missing installation of compiled modules in standalone build.
(Robin Sommer, Corelight)
0.1.0-4 | 2021-03-11 13:39:37 +0000
* Tweaking CMake setup. (Robin Sommer, Corelight)
0.1.0 | 2021-02-18 13:23:44 +0000
* Starting CHANGES.