4.4.4 - Bug Fix

Fixed bugs related to excessive logging and bad error logging

4.4.3 - Bugfix

Update note: for 4.4 we have switched the mysql driver being used. Please update your secrets object to use "mysql+mysqldb" instead of "mysqlmysql+mysqlconnector" in the SQLALCHEMY_DATABASE_URI

Bug fix:

• Added mysqlconnector driver back into API image for compatibility.

4.4 Release

Features

• Tag and Source UI Editor

  • Search for any number of Tags or Sources

    • OR – will find all items that have at least one of the Tag or Source Names

    • AND – will find all items that have all the Tag or Source Names

  • Update a Tag or Source Name or Description

  • Delete all Tags or Sources (will also remove them from the target type)

  • Replace a Tag or Source with a different Tag or Source

  • Add or Remove Tags or Sources for a target type (i.e., Alertgroup, Entity, Intel)

  • Word Cloud shows the top 100 Tags or Sources by count. Selecting a word will also search for it.

• Stats Dashboard

  • Dynamic data visualization with selectable time ranges and various chart types.

  • Metric types:

    • alerts closed

    • alerts create

    • entries created

    • events created

    • entries updated

    • intel created

    • Mean Time To Contain

    • Mean Time to Remediate

• Entity Pane Tag Improvements

  • Add or Remove Entity Class or Tag for multiple Entities

  • Add Comments to the Add or Remove action that will populate the Entity’s Entry Journal.

• Dispatch Promotion to Existing Intel Item

• New API endpoints to enable operations on multiple items

  • For many target types there is a new API endpoint for example:

    
    /api/v1/alertgroup/many
    
    /api/v1/intel/many
    
    /api/v1/dispatch/many
    
    Etc…
    
    

  • Create Many - POST an array of objects to create

  • Update Many – PUT with an array of IDs and a single object to update all items with the same object

  • Delete Many – DELETE with an array of IDs to delete all objects

• Filtering and Ordering Options for Search

• Filter by entity class when searching for entities

• Entity Replay Enrichment button.

• Entity enrichment example documentation.

• Entity Timeline view within Entity Modal.

• Download files as password protected zip.

Fixes

• OpenAPI documentation example improvements and fixes.

• API instability bug fixes.

• Improved firehose update concurrency.

• Initial index creation fixes.

• Improvements to Splunk stats table.

• Display bug fixes in vulnerability feeds.

• Entity Flair display bugs fixed.

• Fixes to user defined flair detection.

• Improved error handling in Flair Engine's download of external images.

• Fixes to Inbox processors usage of Microsoft Graph API.

• Self hosting static resources for API documentation.

• Helm chart improvements.

• File upload to Vulnerability sections now possible.

4.3.0 Release

Favorites

• Users can now favorite items within SCOT which acts like a bookmark and allows for easy navigation back to favorited items.

Popularity

• Users can now upvote/downvote items in SCOT. This is currently an optional feature that can be hidden by the user.

Entity Pane Enhancements

• In the Entity Pane, users can now select multiple Entities for copy or bulk addition of class and tag attributes. Users can also view GeoIP locations on a map.

Internal References

• Users can now create an internal link to other sections of SCOT within Entries. By entering the phrase "SCOT-Event-123" into an entry, the flair engine will create an internal link to Event 123. This will work with Alertgroups, Events, Incidents, Dispatches, Intels, Reports, etc. Flair will also detect the URL https://yourhostname/#/intel/987 and rewrite that to a link to SCOT-Intel-987.

Core Entities Documented

• SCOT now has documentation on the Core Entities. If you create a regex that would be a useful addition to this set, let us know and we will add it. (https://baltig.sandia.gov/scot/scot4/scot4-docs/-/blob/main/content/usage/core_entity.md?ref_type=heads)

Fixes

• Matomo removed
• Creating an alertgroup with tags via the API now works as expected
• Bug in associating new entity classes with existing entities fixed
• Flair engine can now replace images in Alertgroups with local copies
• Dockerfile improvements for container creation
• Improvements to local password lockout and recovery

v4.2.1 - Initial Open Source Release

v4.2.1 - Initial Open Source Release