Releases: jasonish/evebox
Releases · jasonish/evebox
0.20.0 - 2025-01-28
- Feature to fit screen height instead of number of rows. Only
available for alerts. - [fix] Pagination fixes.
- Kibana inspired filters. This is still a work in progress.
- [fix] Handle "null" or "empty" IP addresses.
- [fix] [sqlite] Fix negated queries.
- [webapp] Attempt to resolve IP addresses to hostnames using DNS
records. This is still a work in progress. - [fix] [opensearch] Fixes for OpenSearch as features only available in
Elasticsearch were being used. This increases compatiblity with
OpenSearch as its used by ClearNDR (formerly SELKS). - [eve2pcap] Use SID as filename when available.
- [webapp] Allow user to choose local time or UTC time:
#161 - Auto-archive events by filter:
#52 - [sqlite] Use server side events to stream back data such as
aggregations, so updates in the UI can start right away. - [elastic] Support custom certificate authority: #222
- Auto archive events by date. Allows users to set a number of days,
events older will be automatically archived.
0.19.0
0.19.0 - 2024-12-13
- [server] Don't forget session on server restart. Persists session
tokens in the config db. - Reduced data between client and server for inbox/alert views.
- Move to sqlx for database.
- Move to chrono for time.
- Re-add commenting, this for SQLite as well:
#271 - Send less data for alert views:
#261 - [alerts] Display
sniand/orrrnamein alerts view. Useful for
alerts usingsniorrrnameas an IOC. - [webapp] Re-add logout button. Disappeared in the move to SolidJS:
#315 - Start on a JA4 report, a bit crude but working.
- Support JA4db with an update tool and an API endpoint to update it.
- Support Suricata 8 DNS v3 records.
0.18.2
0.18.1
What's Changed
- build(deps): bump follow-redirects from 1.15.5 to 1.15.6 in /webapp by @dependabot in #300
Full Changelog: 0.18.0...0.18.1
Contributors
dependabot
Assets 2
0.18.0
What's Changed
- build(deps-dev): bump vite from 3.2.5 to 3.2.7 in /webapp by @dependabot in #276
Full Changelog: 0.17.0...0.18.0
Contributors
dependabot
Assets 2
0.17.2
0.17.1
0.17.0
- Move to SolidJS for frontend development.
- New special query string keywords:
- Feature parity between SQLite and Elasticsearch. This means that
some reports were removed, but should come back for both SQLite and
Elasticsearch: #95 - [sqlite] Enable event retention by default to a value of 7 days. If
an SQLite database becomes too large, it can be hard to trim back
down to a usable size without significant downtime. - Start on a new overview report.
- Fix issue where alert report graph didn't refresh over time change:
#247 - Don't allow the agent to send a payload larger than the server can
receive: #248 - [webapp] Fix broken filter on SIDs search:
#251 - [packaging] Add default configuration file:
#221 - [webapp] Alert graph failing to refresh on time range change:
#247 - [agent] Add Elasticsearch as the submission endpoint for events.
- [elastic-import] Deprecated, use the agent instead.
- [sqlite] Database file size based event retention:
#256 - [server] Fix PCAP downloads when authentication fails:
#262
Contributors
ip, latest, and earliest
Assets 2
0.16.0 - 2022-11-12
0.15.0
0.15.0 - 2022-02-27
- [sqlite] Remove full text search engine. It provided little benefit on search
and was very expensive to add events to. - Add a stats view.
- [webapp] Update to Angular 13.
- [server] Move from Warp to Axum.
- [webapp] Remove Brace editor for pretty printing of JSON and replace with
a JSON pretty printer module. - [elastic] Fixes to Elastic field name mappings that should address issues
with ECS. Most things seem to work.