Skip to content

Releases: alphasoc/nfr

v1.9.0-beta1

05 Mar 17:36
@alphasoc-bot alphasoc-bot
v1.9.0-beta1
44ae68a
Compare
Choose a tag to compare
v1.9.0-beta1 Pre-release
Pre-release

This version adds experimental support for Elasticsearch.

Assets 4
Loading

v1.8.1

10 Jan 16:20
@alphasoc-bot alphasoc-bot
v1.8.1
588de31
Compare
Choose a tag to compare
v1.8.1

This minor release of NFR fixes an issue where some of the IP packets from zeek logs where incorrectly skipped by the log reader/monitor.

Assets 4
Loading

v1.8.0

07 Oct 10:48
@alphasoc-bot alphasoc-bot
v1.8.0
dc371f1
Compare
Choose a tag to compare
v1.8.0

New NFR release which brings improvements to Bro/Zeek log monitoring:

  • Added support for HTTP logs, so you can now score HTTP traffic from http.log file.
  • Fixed issues with DNS/IP log parser.

This is a recommended upgrade for all the Bro/Zeek users.

Assets 4
Loading

v1.7.0

21 Mar 15:19
@alphasoc-bot alphasoc-bot
v1.7.0
14e46d4
Compare
Choose a tag to compare
v1.7.0

New NFR version capable of reading HTTP events from Suricata log files. There was also a bug with fetching a lot of alerts at once (#66), which got fixed.

Finally, new JSON field has been added (#70) – severity – indicating max severity across all the threats. This is useful for filtering high severity alerts without need to parse threats dictionary. At the same time type field has been removed as it was always set to "alert", hence not very useful.

Assets 4
Loading

v1.7.0-beta1

15 Feb 14:56
@alphasoc-bot alphasoc-bot
v1.7.0-beta1
3ec5f39
Compare
Choose a tag to compare
v1.7.0-beta1 Pre-release
Pre-release

Added initial support for reading and submitting HTTP events – currently only from Suricata log files. At this point the only output supported is a native JSON.

Assets 4
Loading

v1.6.0

12 Sep 18:53
@alphasoc-bot alphasoc-bot
v1.6.0
1e44fb4
Compare
Choose a tag to compare
v1.6.0

This release brings improvements (and breaking changes) to alerts format for files and syslog. A new, CEF format, is now available and significant changes to JSON format has been introduced. In the previous versions, after fetching alerts from API, a beefy JSON object with array of alerts was emitted. This array could hold up to 1000 alerts and was really hard to work with. Since NFR version 1.6.0, each alert is presented as a separate JSON object.

Assets 5
Loading

v1.5.2

22 Jun 06:47
@alphasoc-bot alphasoc-bot
v1.5.2
d9ba923
Compare
Choose a tag to compare
v1.5.2

This is a minor release fixing issue with MSDNS logs not being parsed according to a local timezone, but always UTC. This was causing problems mainly for users ahead of UTC as uploaded events were seen as being set far in the future and ignored by scoring system.

Assets 5
Loading

v1.5.2-edge

22 Jun 14:04
@alphasoc-bot alphasoc-bot
v1.5.2-edge
7c3af18
Compare
Choose a tag to compare
v1.5.2-edge Pre-release
Pre-release

Side release with support for reading BlueCat DNS Edge format.

Assets 3
Loading

v1.5.1

21 Jun 17:19
@alphasoc-bot alphasoc-bot
v1.5.1
8f8e0f3
Compare
Choose a tag to compare
v1.5.1

Disable JA3 as it's causing problems, but is not being used by AlphaSOC API yet.

Assets 4
Loading

v1.5.0

21 Jun 15:53
@alphasoc-bot alphasoc-bot
v1.5.0
fa1f6b0
Compare
Choose a tag to compare
v1.5.0

This release brings better support for monitoring files on Windows and MSDNS file format + some general bug fixes.

Assets 4
Loading