Skip to content

Synapse v2.166.0
Compare
Choose a tag to compare
@vtx-machine vtx-machine released this 05 Apr 23:06
· 310 commits to master since this release
v2.166.0
09f8a7b

Model Changes

  • Updates to the inet, ou, person and risk models.
    (#3649 <https://github.com/vertexproject/synapse/pull/3649>)
    (#3653 <https://github.com/vertexproject/synapse/pull/3653>    )
    (#3657 <https://github.com/vertexproject/synapse/pull/3657>_)

    New Forms

    inet:tls:handshake
    An instance of a TLS handshake between a server and client.

    inet:tls:ja3:sample
    A JA3 sample taken from a client.

    inet:tls:ja3s:sample
    A JA3 sample taken from a server.

    inet:tls:servercert
    An x509 certificate sent by a server for TLS.

    inet:tls:clientcert
    An x509 certificate sent by a client for TLS.

    New Properties

    risk:extortion
    The form had the following property added to it:

    deadline
    The time that the demand must be met.

    risk:leak
    The form had the following properties added on it:

    extortion
    The extortion event which used the threat of the leak as leverage.

    size:bytes
    The approximate uncompressed size of the total data leaked.

    it:mitre:attack:technique
    The form had the following properties updated on it:

    name
    This property is now lower-cased and single spaced.

    Deprecated Forms

    The following forms have been marked as deprecated:

    inet:ssl:cert
    Please use inet:tls:clientcert or inet:tls:servercert.

    Column Display Hints

    The following forms had column display hints added to them:

    ou:campaign
    ou:conference
    ou:goal
    ou:org
    ou:team
    ou:technique
    ps:contact
    ps:skill
    ps:proficiency
    risk:threat
    risk:compromise
    risk:mitigation
    risk:tool:software

    Light Edges

    uses
    When used with a risk:extortion and an ou:technique node, the edge
    indicates the attacker used the technique to extort the victim.

Features and Enhancements

  • When setting a tag on a node, the tag value is now redirected based on
    parent tags having :isnow properties set.
    (#3650 <https://github.com/vertexproject/synapse/pull/3650>_)
  • Add a $lib.spooled.set() Storm API. This can be used to get a
    spooled:set object. This set will offload the storage of its members
    to a temporary location on disk when it grows above a certain size.
    (#3632 <https://github.com/vertexproject/synapse/pull/3632>_)
  • Add a $lib.cache.fixed() Storm API. This can be used to get a
    cache:fixed object. This cache will execute user provided callbacks
    written in Storm upon a cache miss.
    (#3661 <https://github.com/vertexproject/synapse/pull/3661>_)
  • Add a pool option to Cron jobs. This can be set to True to enable a
    Cron job storm query to be executed on a Storm pool member.
    (#3652 <https://github.com/vertexproject/synapse/pull/3652>_)
  • Add a pool option to Extended HTTP API handlers. This can be set to
    True to enable an HTTP request handler to be executed on a Storm pool member.
    (#3663 <https://github.com/vertexproject/synapse/pull/3663>)
    (#3667 <https://github.com/vertexproject/synapse/pull/3667>    )
  • Add a new Storm API, $lib.cortex.httpapi.getByPath(), that can be
    used to get an http:api object by its path. The path value is
    evaluated in the same order that the HTTP endpoint resolves the handlers.
    (#3663 <https://github.com/vertexproject/synapse/pull/3663>_)
  • Add --list and --gate options to synapse.tools.modrole and
    synapse.tools.moduser.
    (#3632 <https://github.com/vertexproject/synapse/pull/3632>_)
  • Add a view.getMergingViews() Storm API. This returns a list of view
    idens that have open merge requests on a view.
    (#3666 <https://github.com/vertexproject/synapse/pull/3666>_)
  • The Storm API show:storage option now includes storage information for
    any embedded properties.
    (#3656 <https://github.com/vertexproject/synapse/pull/3656>_)
  • Update the LinkShutDown exception that a Telepath client may raise to
    indicate that the connection has been disconnected.
    (#3640 <https://github.com/vertexproject/synapse/pull/3640>_)
  • Add repr functions for printing the aha:pool and http:api objects
    in Storm.
    (#3663 <https://github.com/vertexproject/synapse/pull/3663>)
    (#3665 <https://github.com/vertexproject/synapse/pull/3665>    )
  • The Telepath Pool object has been replaced with a new object,
    ClientV2. This is now the only object returned by the
    synapse.telepath.open() API. This is an AHA pool aware Client which
    can be used to connect to an AHA pool.
    (#3662 <https://github.com/vertexproject/synapse/pull/3662>_)
  • Remove the unused Provenance subsystem from the Cortex.
    (#3655 <https://github.com/vertexproject/synapse/pull/3655>_)
  • Constrain the stix2-validator library to 3.0.0,<3.2.0 due to
    an API change. This constraint is expected be changed in the next
    release.
    (#3669 <https://github.com/vertexproject/synapse/pull/3669>_)

Bugfixes

  • Fix a bug where a Cortex promote() call could hang when tearing down
    any running Cron jobs. Cron jobs cancelled during a promotion event will
    be logged but their cancelled status will not be recorded in the Nexus.
    (#3658 <https://github.com/vertexproject/synapse/pull/3658>_)
  • Fix a bug where the Storm pool configuration could cause a Cortex to fail
    to start up. The Storm pool is now configured upon startup but its use is
    blocked until the Storm pool is ready to service requests.
    (#3662 <https://github.com/vertexproject/synapse/pull/3662>_)
  • Ensure that the URL argument provided to cortex.storm.pool.set can be
    parsed as a Telepath URL. Previously any string input was accepted.
    (#3665 <https://github.com/vertexproject/synapse/pull/3665>_)

Improved Documentation

  • Update the list of Cortex permissions in the Admin Guide to include
    service.add, service.del, service.get, and service.list.
    (#3647 <https://github.com/vertexproject/synapse/pull/3647>_)
  • Update the docstring for the Storm cortex.storm.pool.del command to note
    the effects of removing a pool and the interruption of running queries.
    (#3665 <https://github.com/vertexproject/synapse/pull/3665>_)
  • Update the documentation for the Storm http:api object to include the
    methods attribute.
    (#3663 <https://github.com/vertexproject/synapse/pull/3663>_)

Deprecations

  • The Telepath task:init message format has been marked as deprecated and
    will be removed in v3.0.0. This should not affect any users using Synapse
    v2.x.x in their client code.
    (#3640 <https://github.com/vertexproject/synapse/pull/3640>_)
  • The authgate with the name cortex is not used for permission checking and
    will be removed in v3.0.0. At startup, the Cortex will now check for any
    use of this authgate and log warning messages. Attempts to set permissions
    with this gateiden via Storm will produce warn messages.
    (#3648 <https://github.com/vertexproject/synapse/pull/3648>_)

For complete changelog entries, see the following https://synapse.docs.vertex.link/en/latest/synapse/changelog.html

Assets 2
Loading