2.1.13

What's Changed

Enhancements 📈

• Add events bus when inserting or updating new object in arangodb by @udgover in #1144
• Increase max tag length to 250 by @tomchop in #1156

Other Changes

• Bugfix in export_name by @tomchop in #1149
• Update AQL Queries to work with Clustered ArangoDB Deploys by @1nv8rzim in #1150
• Improved Log Redaction and Filtering by @1nv8rzim in #1151
• Pin arangodb to 3.11 by @tomchop in #1152

Full Changelog: 2.1.12...2.1.13

2.1.12

What's Changed

Warning: This release contains breaking changes, see below.

Breaking changes 🧨

• Remove templates from database, move to filesystem by @tomchop in #1141

Make sure to export the templates to jinja files before upgrading to this version.

Security 🚨

• Config secret by @tomchop in #1142

Enhancements 📈

• Load schemas dynamically by @udgover in #1135
• Add task related commands by @udgover in #1139
• Add Yeti Package to create several objects defined as json by @udgover in #1140
• Add Support for Exports Read/Writing From S3 Buckets by @1nv8rzim in #1137
• Convert Auth to Being Stateless by @1nv8rzim in #1143
• Load default_tag_expiration from yeti.conf by @mbonino in #1147

Bug fixes 🐛

• Use export name in URL parameter to select export to edit by @tomchop in #1146

New Contributors

• @1nv8rzim made their first contribution in #1137

Full Changelog: 2.1.11...2.1.12

2.1.11

What's Changed

Enhancements 📈

• Regex matching in /graph/match by @tomchop in #1112
• Add the new in operator in neighbor filter by @tomchop in #1114
• Be more flexible when searching patterns by @tomchop in #1116
• DFIQ 1.1 changes by @tomchop in #1122
• Better error handling in DFIQ by @tomchop in #1128
• Link to count by @udgover in #1130
• Related observables count by @udgover in #1131
• Add max length to tags by @tomchop in #1132
• Limit the number of tags that can be sent by @tomchop in #1133
• Exclude related_observables_count from model_dump_json in save method by @udgover in #1134

Bug fixes 🐛

• Bugfix when deleting & exporting DFIQ objects by @tomchop in #1126
• Check that parents are valid before attempting to create DFIQ object by @tomchop in #1127
• Fix bug when clearing parents would not update parents by @tomchop in #1129
• Correction of CVE-2024-45412 thanks @Sim4n6 GHSA-cwwm-pq9x-2cxv

Other Changes

• Do not log contents of body for /user/ paths by @tomchop in #1111
• Use CONTAINS instead of REGEX_TEST by default by @tomchop in #1118
• Handle context overwrite by @udgover in #1120
• Set expiry date on cookie to have persistent browser auth by @tomchop in #1121
• Adds GithubMonitor analytics by @udgover in #1119

Full Changelog: 2.1.10...2.1.11

2.1.10

What's Changed

Enhancements 📈

• update MITRE by @sebdraven in #1094
• Add delete observable endpoint by @sebdraven in #1095
• Add technique ID in aliases by @sebdraven in #1096
• Suricata Rules by @sebdraven in #1102
• Add new dfiq_archive endpoint by @tomchop in #1107

Bug fixes 🐛

• Fix #1097 by @tomchop in #1098
• Fixes date parsing issue by setting date format by @udgover in #1100

New feeds

• Add YARAify by @sebdraven in #1091
• Add ETOpen by @sebdraven in #1105

Other Changes

• Add test for multiple entity types by @tomchop in #1106
• Update deps by @tomchop in #1109

Full Changelog: 2.1.9...2.1.10

2.1.9

This release contains major DFIQ enhancements in terms of edition and visualization.

What's Changed

Enhancements 📈

• DFIQ details by @tomchop in #1086
• Allow for longer expiry delays when issuing browser cookies by @tomchop in #1088

Bug fixes 🐛

• Update sslblacklist_ja3.py by @sebdraven in #1083
• Fix find queries to discriminate on type by @tomchop in #1090

New feeds

• Context in entities by @sebdraven in #1089

Other Changes

• Logging by @tomchop in #1078
• Use default value for browser token expiry by @tomchop in #1093

Full Changelog: 2.1.8...2.1.9

2.1.8

What's Changed

Enhancements 📈

• Update indicators when DFIQ Approaches are created via the API by @tomchop in #1080

Full Changelog: 2.1.7...2.1.8

2.1.7

What's Changed

Enhancements 📈

• Add support for SSL JA3 signatures + feed by @sebdraven in #1068
• Feature: Ability to sort and filter graph traversal by @tomchop in #1067
• OIDC token auth by @tomchop in #1072
• DFIQ API endpoint to upload archives by @tomchop in #1076

Bug fixes 🐛

• Adjust internal bit for Approaches by @tomchop in #1079

New feeds

• Tweaks to the DFIQ feed by @tomchop in #1071
• Update otx_alienvault.py by @sebdraven in #1074
• fixe ssl3blacklist by @sebdraven in #1077

Other Changes

• Change the way links are created in forensicartifacts by @tomchop in #1069
• Bump requests from 2.31.0 to 2.32.0 by @dependabot in #1075

Full Changelog: 2.1.6...2.1.7

2.1.6

Other Changes

• Bump idna from 3.6 to 3.7 by @dependabot in #1063
• Remove usage of deprecated traverse() function by @tomchop in #1066

Full Changelog: 2.1.5...2.1.6

Yeti 2.1.5

What's Changed

Enhancements 📈

• API endpoints for DFIQ YAML validation by @tomchop in #1039
• Improve error handling in the API by @tomchop in #1044
• Improvement to LOLBAS feed by @tomchop in #1045
• Graph search can now select target vertices based on root_type (previously only leaf types) by @tomchop in #1065

Bug fixes 🐛

• Fix normalization in tags by @tomchop in #1052
• Add logout actions and session store (fixes #1041, fixes #1022) by @tomchop in #1059
• Fix OTX feed and tags for Mitre Attack by @sebdraven in #1058
• Export fixes by @tomchop in #1060
• Strongly type GraphResponse by @tomchop in #1062

New feeds

• Minor changes to LOLBAS indicators by @tomchop in #1038
• Fix regression in DFIQ feed by @tomchop in #1043
• LOLBas enhancements by @tomchop in #1047
• Change tor_exit_nodes feed to use the Tor Onionoo API + introduce tests by @itsmvd in #1029
• MISP SSL configuration updates by @shannaniggans in #1053
• Tweak feed actions by @tomchop in #1056
• Update lolbas.py by @shannaniggans in #1055
• Update OTX defaults in yeti.conf.sample by @sebdraven in #1057
• new feed TweetLive by @sebdraven in #1061

Other Changes

• Minor enhancements by @tomchop in #1048

New Contributors

• @shannaniggans made their first contribution in #1053

Full Changelog: 2.1.4...2.1.5

Yeti 2.1.4

What's Changed

Enhancements 📈

• Introduce ForensicArtifacts indicator type by @tomchop in #1010
• Introduce min / max hops to graph search by @tomchop in #1019
• Introduce search aliases (fixes #1001) by @tomchop in #1021
• Introduce tags to indicator objects by @tomchop in #1026
• Support registry keys in forensicartifacts by @tomchop in #1028
• Add API endpoints to swap links by @tomchop in #1031

Bug fixes 🐛

• Update pandas read_csv quoting values in multiple feeds by @0xRet in #1023
• Excluding Comment Lines from phishing_database Feed by @benmontour in #1027

New feeds

• Add Cisco Umbrella Top1M domains feed by @udgover in #1013
• Add Tranco top domains feed by @udgover in #1015
• Refactor the DFIQ import to import from local system as well by @tomchop in #1018

Other Changes

• Bump fastapi to 109 by @tomchop in #1011
• Push :dev labeled Docker images on each push to main by @tomchop in #1012
• Use arbitrary str instead of enum for querytype by @tomchop in #1016
• Bump python-multipart from 0.0.6 to 0.0.7 by @dependabot in #1017
• Minor optimizaitons by @tomchop in #1020
• Update dependencies by @tomchop in #1032
• Return tagged observables when bulk adding them by @tomchop in #1033

Full Changelog: 2.1.3...2.1.4