LOKI version 0.30.3

• fix: prebuilt loki.exe binary in 0.30.2 release was built from source code of 0.30.1 (still had shellcode detection as default)

LOKI version 0.30.2

• Making PE-Sieve shellcode search optional #134

(pre-build binary was still 0.30.1)

LOKI version 0.30.1

fix: issue with PyInstaller including pyconfig.h

WARNING: file already exists but should not: C:\Users\...\AppData\Local\Temp\_MEI31642\include\pyconfig.h

LOKI version 0.30.0

Changes due to pull requests by @s3c

• Added --syslogtcp, allowing TCP syslog servers, was easier with our Splunk setup
• Included pywin32, setuptools==19.2, and rfc5424-logging-handler in pip command, latter to enable rfc5424 compatible syslog logging
• Fixed exception handler for #51 (not sure why this triggered for me since there is a check before this func is called in init, might be because subfolder didn't exist for some reason)
• Added date and time to default filename
• Added ability to specify log directory independant of filename, which is useful for automation that pushes logs to a fileshare (the new default filename which contains the hostname and time is used)
• Added OS path conversion for portability, needed for parsing data within SOAR platform as well as running loki from a webdav share (so we don't have to store any files on the host)
• Enabled pe-sieve shellcode search, nice extra check
• Added some argument sanity checking
• Added rfc5424logging compatible syslog logging (splunk parsing with linux_messages_syslog)
• Made minor changes to logging output to allow Splunk to easily parse syslog messages (just removed a colon)
• Renamed command line flag --printAll to lowercase, to match format of others
• Updated build script for python x64 compatibility
• Added process name whitelist, and switch to disable pesieve, since some EDR solutions get really upset when you touch them
• Added switch to ignore network comms checks

Change by me

• Upgrade to PE-Sieve version 0.2.2

LOKI version 0.29.2

• Upgraded PE-Sieve version from 0.1.6 to 0.1.7

LOKI version 0.29.1

• Upgraded PE-Sieve version from 1.4.3 to 1.6.0

LOKI version 0.29.0

• Feature: New Plugin Framework provided by @DidierStevens
• Bugfix: Generic method to avoid unicode decode errors

LOKI version 0.28.2

• Upgraded PE-Sieve to v0.1.4.3

LOKI version 0.28.1

• Minor bugfix: handle cases in which PESieve didn't produce JSON output (some error)

LOKI version 0.28.0

• Don't show every rule during startup but only a count (use --debug to see them)
• LOKI upgrader allows a signature clean-up to handle errors caused by old (most likely renamed) rules (--clean)
• Bugfix: Exclude LOKI's processes from checks
• Bugfix: Error fix in loki-upgrader (cannot create output directory)