Changes to the project will be tracked in this file via the date of change.
- Unit tests for ScanPe added (infosec-intern)
- strelka_dirstream.py now supports moving files after upload (zachsis)
- Added version info to ScanPe (infosec-intern)
- Expanded identification of email files (David J. Bianco)
- pip packages now installed via requirements.txt file(s) (infosec-intern)
- EOF error flag to ScanBzip2 (Josh Liburdi)
- taste_yara now loads files from directories, not a static file (Kristin Dahl)
- Options for manually setting ZeroMQ TCP reconnections on the task socket (between broker and workers) (Josh Liburdi)
- "request_port" option renamed to "request_socket_port" (Josh Liburdi)
- "task_port" option renamed to "task_socket_port" (Josh Liburdi)
- strelka_dirstream.py switched from using inotify to directory polling (Josh Liburdi)
- strelka_dirstream.py supports monitoring multiple directories (Josh Liburdi)
- extract-strelka.bro will temporarily disable file extraction when the extraction directory reaches a maximum threshold (Josh Liburdi)
- New scanner ScanFalconSandbox can send files to CrowdStrike's Falcon Sandbox (Kristin Dahl)
- New scanner ScanPhp can collect tokenized metadata from PHP files (Josh Liburdi)
- New scanner ScanStrings can collect strings from file data (similar to Unix "strings" utility) (Josh Liburdi)
- ScanPdf was unintentionally extracting duplicate streams, but now it is fixed to only extract unique streams (Josh Liburdi)
- ScanJavascript now supports deobfuscating JavaScript files before parsing metadata (Josh Liburdi)
- ScanUrl now supports user-defined regular expressions that can be called per-file (Josh Liburdi)
- Refactored taste.yara
javascript_file
rule for readability (Josh Liburdi) - Removed JavaScript files from ScanUrl in the default strelka.yml (Josh Liburdi)
- Project went public!