Releases: saferwall/saferwall
Releases · saferwall/saferwall
v0.6.0
What's Changed
- feat: store api trace and sys events in own docs by @LordNoteworthy in #446
- fix: compiling yara for building sandbox svc in docker by @LordNoteworthy in #447
- Minor updates in gib and strings pkg by @LordNoteworthy in #448
- fix(sandbox): properly handle reserved and inout params by @LordNoteworthy in #450
- chore(deps): bump golang.org/x/net from 0.8.0 to 0.17.0 by @dependabot in #451
- chore(deps): bump google.golang.org/grpc from 1.53.0 to 1.56.3 by @dependabot in #453
- chore(deps): bump golang.org/x/image from 0.5.0 to 0.10.0 by @dependabot in #454
- IOCs and Capabilities by @LordNoteworthy in #452
- chore(deps): bump golang.org/x/crypto from 0.14.0 to 0.17.0 by @dependabot in #455
- feat: extracting sys events moved from go to lua by @LordNoteworthy in #456
- feat: scan dumps with yara by @LordNoteworthy in #458
- chore: helm chart dependency updates by @LordNoteworthy in #459
- chore: bump to go.1.20 by @LordNoteworthy in #460
- chore: bump saferwall/pe by @LordNoteworthy in #462
- chore(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 by @dependabot in #464
- chore(deps): bump golang.org/x/net from 0.20.0 to 0.23.0 by @dependabot in #465
- feat(sandbox): improve domain retrieval, and VM selection by @LordNoteworthy in #466
- feat(sandbox): include capabilities in file objects for default report by @LordNoteworthy in #467
- chore(sandbox): refactor reverting to snapshot by @LordNoteworthy in #468
Full Changelog: v0.5.0...v0.6.0
saferwall-helm-chart-0.5.0
A hackable malware sandbox for the 21st Century
v0.5.0
What's Changed
- fix(github workflow) depcreated set-output and docker/build-push-action by @LordNoteworthy in #412
- feat (services) post-processor to include first_seen when it's absent by @LordNoteworthy in #413
- feat: add loki-stack chart for log aggregation by @LordNoteworthy in #414
- fix(storage): guarantee sequential write in s3 download by @LordNoteworthy in #415
- fix: Set the nsq config maxInFlight to the same # of goroutines by @LordNoteworthy in #416
- fix(services): increase multi-av scan timeout and nsq msg timeout by @LordNoteworthy in #417
- doc: add documentation how to use compose to develop in the codebase by @LordNoteworthy in #418
- feat: make pulling image contrainers more generic from private registries by @LordNoteworthy in #419
- feat: externalize multi-av scan timeout by @LordNoteworthy in #420
- helm: populate multiav default values for scanTimeout and logLevel by @LordNoteworthy in #421
- feat: change multiav scan timeout from an int (seconds) to duration (string) by @LordNoteworthy in #427
- chore(helm): fix _helpers template by @LordNoteworthy in #428
- chore(helm): default values for new config entries in web apis by @LordNoteworthy in #429
- fix(services): set the status for task progress by @LordNoteworthy in #431
- fix(helm): webapis extra cors origins + new UI by @LordNoteworthy in #432
- fix: update compose to match new UI env vars & bump go to v1.18 by @LordNoteworthy in #433
- feat: Create a summary of behavior activities in sandbox by @LordNoteworthy in #435
- chore(deps): bump google.golang.org/grpc from 1.52.0 to 1.53.0 by @dependabot in #437
- feat(sandbox): append process ID to system events and make events an array instead of an object by @LordNoteworthy in #438
- feat(sandbox): scanning artifacs with Yara by @LordNoteworthy in #439
- feat(sandbox): store process tree data by @LordNoteworthy in #441
- increase gRPC msg size + fix timeout fmt + artifacts length by @LordNoteworthy in #442
- feat: store big byte* API parameters to object storage by @LordNoteworthy in #443
Full Changelog: v0.4.0...v0.5.0
v0.4.0
[0.4.0] - 06/03/2023
Added
- Upload sandbox memdumps and screenshots thumbnails to obj storage #398.
- Upload sandbox desktop screenshots to obj storage #397.
- Sandbox agent health check + basic sysinfo and env data collection #395.
- Push sandbox payload results to the aggregator #391.
- MultiAV McAfee enable scan for potentially unwanted program #387.
- Numerous updates to support different types of messages for the aggregator #383.
- Add methods for the
storage
internal pkg to support bucket creation. - Generate thumbnails for the sandbox screenshots and add health checks for VMs.
- Remove
cluster-autoscaler
form helm chart. - Add documentation with the communication format used between services.
- Add methods for the
- Agent: collect screenshots and memdumps #380.
- Guess file extension and include PE signature #379.
- Curate PE scan results #378.
- Add
inlets-operator
andmetallb
charts #376.inlets-operator
has been deleted later, andmetallb
is installed separately from the chart dependencies. - Add
kube-prometheus-stack
CRDs and experiment with k3s for local dev. - Add
workflow_dispatch
forhelm-release
andrelease
services job.
Changed
- [helm] Remove elastic stack that was used for logging #404.
- [helm] Do not include
kube-prometheus-stack
in main chart & remove elastic stack for logging #403. - Hosting documentation/blog website in cloudflare #402.
- Set k8s version to the same as prod k8s version and update default user/password values in minio helm chart #392.
- Change protobuf message scheme to support uploading object to s3 #383.
- Bind k8s port forwarding services to
0.0.0.0
. - Bump wait-for and golang docker images.
- Bump
yara
,helm
,kuberneters
,exiftool
,kind
,kubens/kubectx
andkube-capacity
. - Bump
aws-efs-csi-driver
,ingress-nginx
,couchbase-operator
andminio
helm chart dependencies.
Fixed
saferwall-helm-chart-0.4.0
A hackable malware sandbox for the 21st Century
saferwall-0.3.0
A hackable malware sandbox for the 21st Century
v0.3.0
[0.3.0] - 14/04/2022
Added
- Add pre-commit-config.yaml.
- Update packer/installer/protector sigs and file magic data.
- Introduce new env variables in the UI k8s manifests.
- Add antivirus detections to the list of tags.
- Cleanup file that has not been accessed since a day from the nfs share.
- Documenting saferwall architecture.
- Saferwall sandbox microservice.
Changed
- Change minio operator to the basic minio.
- Move private go packages to
internal/
directory. - Move helm chart from its own repo to main repo.
- Numerous tolling updates: docker-compose, devContainers, and bumping go pkg dependencies.
Fixed
- Fix crash on webapis k8s manifest when generating the toml config.
v0.2.0
[0.2.0] - 25/11/2021
Added
- Unit tests for ASCII & Unicode strings and AV label pkg.
- [exiftool] ELF binary testcases.
- [yara]: implement yara scanner and update go package version.
- [kubernetes] AWS spot instance template.
- Introduce a new package for virt-manager.
Fixed
- [magic] Handle case where input is empty.
- [magic] fix out of bounds errors due to file help output on null input.
Changed
- Move cli to a separate github repository
- Clean up package tests + add tests for
HashBytes
func. - Update crypto functions to follow idiomatic initialisms.
-[bytestats] remove python3 poc + use package fixtures for testing. - Using
zap
instead oflogrus
and asbtract the logging code. - Asbtract access to object storage and to the database.
- Move the multiav package to a separate repo.
- Separate the consumer into different services (orchestrator, aggregator, pe, metadata, multiav, ML, post-processor).
- Use external NSQ helm chart.
saferwall-0.2.0
Helm Chart Release
v0.1.0
Added
- ML PE classifier(private) and string ranker.
- docker-compose and .devcontainer to ease development.
- A portable executable (PE) file parser.
- A UI for displaying PE parsing results.
gib
: a package to detect gibberish strings.bytestats
: a package that implements byte and entropy statistics for binary files.- cli utility to interact with saferwall web apis.
sdk2json
: a package to convert Win32 API definitions to JSON format.
Changed
- Consumer docker image is separated to a base image and an app image.
- Refactor consumer and make it a go module.
- [Helm] reduce minio MEM request, ES and Kibana CPU request to half a core.
- [Helm] bump chart dependency modules.
- [pkg/consumer] add context timeout to multiav scan gRPC API.
- Move the website, the dashboard and the web apis projects to a separate git repos.
- Improvement in CI/CD pipeline: include code coverage, test only changed modules & running custom github action runners.