Merge pull request #46 from NextronSystems/v4

chore: add 4.2.0 changelog and update screenshot

administration/api.rst

@@ -4,7 +4,7 @@ API
 ---
 
 The API documentation has been integrated into the web interface.
-You can find it in the ``Documentation`` menu.
+You can find it in the top right corner's help menu.
 
 .. figure:: ../images/cockpit_api_documentation.png
    :alt: API Documentation

changelog/index.rst

@@ -10,5 +10,6 @@ Cockpit version 4.
 .. toctree::
     :caption: Contents
 
+    log2
     log1
     log0

changelog/log0.rst

@@ -1,4 +1,4 @@
-.. Index:: AC4 Changes
+.. Index:: 4.0 Changes
 
 Analysis Cockpit v4.0
 ---------------------

changelog/log1.rst

@@ -1,8 +1,24 @@
-.. Index:: AC4 Changes
+.. Index:: 4.1 Changes
 
 Analysis Cockpit v4.1
 ---------------------
 
+Analysis Cockpit 4.1.9
+######################
+
+Release Date: Thu,  4 Jul 2024 15:17:00 +0200
+
+.. list-table::
+    :header-rows: 1
+    :widths: 15, 85
+
+    * - Type
+      - Description
+    * - Breaking Changes
+      - If you are upgrading from a version older than 4.1.5, please read the release notes of 4.1.5 carefully.
+    * - Bugfixes
+      - Fixed grouping criteria issues when applying suggested cases
+
 Analysis Cockpit 4.1.8
 ######################
 
@@ -15,23 +31,23 @@ Release Date: Tue,  2 Jul 2024 11:02:00 +0200
     * - Type
       - Description
     * - Security
-      - OS Security Fix (AC-577)
+      - OS Security Fix
     * - Bugfix
-      - Fixed missing grouping criteria when applying suggested cases (AC-556)
+      - Fixed missing grouping criteria when applying suggested cases
     * - Bugfix
-      - Fixed too many events in LogWatcher's 'All Events' section (AC-561)
+      - Fixed too many events in LogWatcher's 'All Events' section
     * - Bugfix
-      - Fixed an escape issue in conditions with double backslashes (AC-564)
+      - Fixed an escape issue in conditions with double backslashes
     * - Bugfix
-      - Fixed inaccurate estimated remaining time for reindexing (AC-566)
+      - Fixed inaccurate estimated remaining time for reindexing
     * - Bugfix
-      - Fixed an off-by-one date error in the incoming events graph (AC-567)
+      - Fixed an off-by-one date error in the incoming events graph
     * - Bugfix
-      - Fixed non-working table search for some columns in the 'Manage Dashboards' section (AC-570)
+      - Fixed non-working table search for some columns in the 'Manage Dashboards' section
     * - Bugfix
-      - Fixed 'csrf error' popup when using the 'Session expired' login dialog (AC-571)
+      - Fixed 'csrf error' popup when using the 'Session expired' login dialog
     * - Bugfix
-      - Fixed an startup error when using 'Matched Signatures' with wide date range (AC-585)
+      - Fixed an startup error when using 'Matched Signatures' with wide date range
 
 Analysis Cockpit 4.1.5
 ######################
@@ -49,108 +65,108 @@ Release Date: Wed, 19 Jun 2024 09:41:00 +0200
 
 * **Highlights**
 
-  - Added the ability to create custom Event Dashboards in the Baselining and All Events sections. (AC-6)
-  - Added event insights by ChatGPT, enabling automatic analysis of THOR events with assessments and recommendations. Also, added the ability to ask ChatGPT to explain THOR events or terms within an event. (AC-89)
-  - Introduced a new 'Matched Signatures' section showing all matched signatures chronologically. (AC-83)
-  - Added the ability to collect files from an asset via the Management Center. (AC-10)
-  - Implemented a Data Retention Policy for retaining events for a specified period and automatically deleting them afterwards. (AC-12, AC-175)
-  - Added graphs and statistics to the Overview Dashboard. (AC-235, AC-299, AC-300, AC-301, AC-303, AC-309, AC-310, AC-316, AC-317)
+  - Added the ability to create custom Event Dashboards in the Baselining and All Events sections.
+  - Added event insights by ChatGPT, enabling automatic analysis of THOR events with assessments and recommendations. Also, added the ability to ask ChatGPT to explain THOR events or terms within an event.
+  - Introduced a new 'Matched Signatures' section showing all matched signatures chronologically.
+  - Added the ability to collect files from an asset via the Management Center.
+  - Implemented a Data Retention Policy for retaining events for a specified period and automatically deleting them afterwards.
+  - Added graphs and statistics to the Overview Dashboard.
 
 ----
 
 * **Features**
 
-  - Added the ability to assign priorities to cases. (AC-84)
-  - Introduced a new field 'compromised' to track compromised assets. (AC-69)
-  - Added a detailed diagnostics status page showing system health and connectivity. (AC-182)
-  - Added a Diagnostics Pack that can be downloaded and sent to Nextron Systems for support. (AC-298)
-  - Included a base64 and hex decoder in the context menu of THOR events. (AC-18)
-  - Added a new field 'under investigation' to track ongoing investigations in cases. (AC-79)
-  - Added the ability to schedule reports, including the option to send them via email. (AC-229)
-  - Added the ability to enforce 2FA or password resets for users. (AC-231)
+  - Added the ability to assign priorities to cases.
+  - Introduced a new field 'compromised' to track compromised assets.
+  - Added a detailed diagnostics status page showing system health and connectivity.
+  - Added a Diagnostics Pack that can be downloaded and sent to Nextron Systems for support.
+  - Included a base64 and hex decoder in the context menu of THOR events.
+  - Added a new field 'under investigation' to track ongoing investigations in cases.
+  - Added the ability to schedule reports, including the option to send them via email.
+  - Added the ability to enforce 2FA or password resets for users.
 
 ----
 
 * **Improvements**
 
-  - New index structure for events in Elasticsearch, significantly improving performance. (AC-313)
-  - Re-added the 'Incoming events' graph in Baselining and All Events sections. (AC-2, AC-289, AC-341)
-  - Improved the query for compromise assessment mode. (AC-348)
-  - Added the ability to edit case details and conditions in the 'Add to Case' dialog. (AC-28, AC-172)
-  - Added the ability to bulk merge cases, including merging cases with different assignment types. (AC-238, AC-167)
-  - Forwarded OS information to the Security Center now uses data from the Management Center. (AC-85)
-  - Display which users have set up 2FA in the user management section. (AC-13)
-  - Added a stop button for 'Auto Baselining'. (AC-14)
-  - Enhanced bulk actions in the case table, allowing editing of tags, priorities, and more. (AC-23)
-  - Automatically adjust heap size for Elasticsearch and MariaDB based on system memory. (AC-160)
-  - Re-added the 'Last 30 days' filter in the event table of an asset or case. (AC-196)
-  - Added a 'Delete' button in the table of connected Management Centers. (AC-197)
-  - Enhanced security by preventing API endpoint leaks and using a more secure password hash algorithm. (AC-215, AC-370)
-  - Refactored the case comments section. (AC-266)
-  - Display additional asset information like file systems and MAC addresses. (AC-286)
-  - Improved support for THOR 10.7, especially for case assignments using Auto Case IDs. (AC-287)
+  - New index structure for events in Elasticsearch, significantly improving performance.
+  - Re-added the 'Incoming events' graph in Baselining and All Events sections.
+  - Improved the query for compromise assessment mode.
+  - Added the ability to edit case details and conditions in the 'Add to Case' dialog.
+  - Added the ability to bulk merge cases, including merging cases with different assignment types.
+  - Forwarded OS information to the Security Center now uses data from the Management Center.
+  - Display which users have set up 2FA in the user management section.
+  - Added a stop button for 'Auto Baselining'.
+  - Enhanced bulk actions in the case table, allowing editing of tags, priorities, and more.
+  - Automatically adjust heap size for Elasticsearch and MariaDB based on system memory.
+  - Re-added the 'Last 30 days' filter in the event table of an asset or case.
+  - Added a 'Delete' button in the table of connected Management Centers.
+  - Enhanced security by preventing API endpoint leaks and using a more secure password hash algorithm.
+  - Refactored the case comments section.
+  - Display additional asset information like file systems and MAC addresses.
+  - Improved support for THOR 10.7, especially for case assignments using Auto Case IDs.
 
 ----
 
 * **UX**
 
-  - Improved the error message when Elasticsearch aborts a query due to RAM issues. (AC-86)
-  - Prevented 'raw contains' search with an empty value. (AC-1)
-  - Enabled submitting a Lucene query with the 'Enter' key. (AC-39)
-  - Moved submit buttons from left to right. (AC-21)
-  - Enhanced the visibility of the right-click context menu for events. (AC-16)
-  - Improved the 'Merge case' dialog and positioning of search bubbles in the event table. (AC-34, AC-42)
-  - Show 'group scan' in the scan table. (AC-46, AC-47)
-  - Reuse the last status and type of the previous guided baselining case as the default for the next one. (AC-49)
-  - Added a description to unresolvable Auto Case IDs. (AC-51)
-  - Improved the column preferences dialog for tables with many columns. (AC-59)
-  - Removed links from breadcrumbs. (AC-62)
-  - Added dark mode for API documentation. (AC-71)
-  - Hide the Valhalla link for some YARA rules, e.g., external or custom rules. (AC-74, AC-27)
-  - Enabled dragging and dropping condition terms in the 'Create Case' dialog. (AC-102)
-  - Moved example events in 'Create Case' from top to bottom and made them expandable. (AC-103, AC-104)
-  - Improved error messages for login failures due to incorrect credentials. (AC-151)
-  - Enabled selecting asset labels and case tags from a dropdown when creating reports. (AC-228)
-  - Enhanced cosmetics for tooltips in event charts. (AC-177)
-  - Allowed searching for displayed text instead of numeric values in most tables. (AC-204, AC-282)
-  - Removed zero bytes ('\x00') from THOR events in the GUI. (AC-19)
-  - Preserved conditions when switching from guided to custom mode in the condition builder. (AC-36)
-  - Display version number and 'up-to-date' status on the overview page. (AC-223)
-  - Hide deleted Management Centers in the connected Management Centers table. (AC-251)
-  - Updated menu items for the sandbox. (AC-253)
-  - Showed actual values instead of numeric values in event charts (e.g., for case type). (AC-256)
-  - Improved change history for cases, showing the diff of conditions. (AC-259)
-  - Added THOR key highlighting in Guided Baselining. (AC-284)
-  - Rearranged menu items in the settings section. (AC-307)
-  - Enhanced cosmetics for the 'similar cases' dropdown in the 'Create Case' dialog. (AC-264)
-  - Optionally hide all non-favorite THOR keys. (AC-319)
-  - Moved manuals and API documentation to the navbar. (AC-339)
-  - Highlighted searched terms in the Event table. (AC-355)
+  - Improved the error message when Elasticsearch aborts a query due to RAM issues.
+  - Prevented 'raw contains' search with an empty value.
+  - Enabled submitting a Lucene query with the 'Enter' key.
+  - Moved submit buttons from left to right.
+  - Enhanced the visibility of the right-click context menu for events.
+  - Improved the 'Merge case' dialog and positioning of search bubbles in the event table.
+  - Show 'group scan' in the scan table.
+  - Reuse the last status and type of the previous guided baselining case as the default for the next one.
+  - Added a description to unresolvable Auto Case IDs.
+  - Improved the column preferences dialog for tables with many columns.
+  - Removed links from breadcrumbs.
+  - Added dark mode for API documentation.
+  - Hide the Valhalla link for some YARA rules, e.g., external or custom rules.
+  - Enabled dragging and dropping condition terms in the 'Create Case' dialog.
+  - Moved example events in 'Create Case' from top to bottom and made them expandable.
+  - Improved error messages for login failures due to incorrect credentials.
+  - Enabled selecting asset labels and case tags from a dropdown when creating reports.
+  - Enhanced cosmetics for tooltips in event charts.
+  - Allowed searching for displayed text instead of numeric values in most tables.
+  - Removed zero bytes ('\x00') from THOR events in the GUI.
+  - Preserved conditions when switching from guided to custom mode in the condition builder.
+  - Display version number and 'up-to-date' status on the overview page.
+  - Hide deleted Management Centers in the connected Management Centers table.
+  - Updated menu items for the sandbox.
+  - Showed actual values instead of numeric values in event charts (e.g., for case type).
+  - Improved change history for cases, showing the diff of conditions.
+  - Added THOR key highlighting in Guided Baselining.
+  - Rearranged menu items in the settings section.
+  - Enhanced cosmetics for the 'similar cases' dropdown in the 'Create Case' dialog.
+  - Optionally hide all non-favorite THOR keys.
+  - Moved manuals and API documentation to the navbar.
+  - Highlighted searched terms in the Event table.
 
 ----
 
 * **Bugfixes**
 
-  - Fixed an issue where bulk updating cases with many events would fail. (AC-87)
-  - Fixed an error when creating a case without a name. (AC-95)
-  - Corrected the event count in the detailed view of the most frequent event values. (AC-35)
-  - Fixed sorting of the level by criticality instead of alphabetically. (AC-70)
-  - Fixed issues with hiding columns in the column preferences. (AC-157)
-  - Reduced occurrence of MariaDB deadlock errors. (AC-161)
-  - Fixed 'could not create GUI notification file' error. (AC-163)
-  - Resolved errors when downloading sandbox files. (AC-173)
-  - Made the 'Re-link' button visible in the connected Management Centers table. (AC-198)
-  - Corrected the event count in some Group Scans. (AC-203)
-  - Fixed typos in success and error messages. (AC-207, AC-208)
-  - Improved report generation speed by eliminating unnecessary data. (AC-25)
-  - Ensured the green loading indicator is always visible. (AC-220)
-  - Fixed the backup script. (AC-315)
-  - Resolved cut-off elements in the UI. (AC-326, AC-327)
-  - Corrected a typo in the version number in /etc/issue. (AC-217)
-  - Fixed issues with the http proxy configuration on fresh installations. (AC-545)
+  - Fixed an issue where bulk updating cases with many events would fail.
+  - Fixed an error when creating a case without a name.
+  - Corrected the event count in the detailed view of the most frequent event values.
+  - Fixed sorting of the level by criticality instead of alphabetically.
+  - Fixed issues with hiding columns in the column preferences.
+  - Reduced occurrence of MariaDB deadlock errors.
+  - Fixed 'could not create GUI notification file' error.
+  - Resolved errors when downloading sandbox files.
+  - Made the 'Re-link' button visible in the connected Management Centers table.
+  - Corrected the event count in some Group Scans.
+  - Fixed typos in success and error messages.
+  - Improved report generation speed by eliminating unnecessary data.
+  - Ensured the green loading indicator is always visible.
+  - Fixed the backup script.
+  - Resolved cut-off elements in the UI.
+  - Corrected a typo in the version number in /etc/issue.
+  - Fixed issues with the http proxy configuration on fresh installations.
 
 ----
 
 * **Chore**
 
-  - Reduced the time range of signature feedback collection from 90 days to 30 days. (AC-131)
+  - Reduced the time range of signature feedback collection from 90 days to 30 days.

changelog/log2.rst

@@ -0,0 +1,73 @@
+.. Index:: 4.2 Changes
+
+Analysis Cockpit v4.2
+---------------------
+
+Analysis Cockpit 4.2.0
+######################
+
+Release Date: Mon,  2 Dec 2024 11:49:00 +0100
+
+----
+
+* Features
+
+  - Introduced a new notification type to alert users on events without case assignments
+  - Added a new notification type that triggers when a new asset is affected by a case
+  - Added an option to run event retention based on the ``time`` field instead of ``@timestamp``
+  - Enhanced the Overview page with connectivity details for Management Center and Security Center
+  - Enabled Management Center to connect with Security Center via a reverse proxy, eliminating the need for direct access
+  - Cases can now be assigned directly to specific users, supporting user-specific workflows
+  - Added LDAP users to the User Management table for improved user administration
+
+----
+
+* Improvements
+
+  - Converted 'Started' and 'Duration' graphs in the scan table to more intuitive line charts
+  - Established a real-time sync API between Management Center and Analysis Cockpit for Thunderstorm events
+  - Added "Expunge Deleted Events" setting for complete event deletion in retention settings
+  - Made the 'Assets' column in the Management Centers table sortable
+  - Implemented a fallback in event table filters to truncate search terms over 1000 characters
+  - Improved ``rsyslog`` configuration by switching to ``imptcp`` from ``imtcp``
+  - Cases can now be sorted correctly by their status in the case table
+
+----
+
+* UX
+
+  - Automatically clear empty condition fields in the 'Create Case' condition builder
+  - Added a 'Back' button in the 'Create Scheduled Report' dialog for easier navigation
+  - Added a loading indicator when testing proxy connections
+  - Enabled ChatGPT prompt submission with the 'Enter' key
+  - Expanded THOR event right-click context menu to additional views
+  - Adjusted retention settings page to use full-width layout
+  - Added THOR's 'Archive' field as an option for file collection from assets
+  - Removed the option to delete oneself from the User table
+  - Restricted creation of THOR dashboards for Aurora and vice versa
+  - Enhanced handling of ElasticSearch error messages for better troubleshooting
+  - Made the right sidebar resizable for flexible layout adjustment
+
+----
+
+* Bugfixes
+
+  - Resolved an issue with event assignments to already merged cases; this update will automatically correct any prior mis-assignments
+  - Restored missing example events for certain findings in the Security Center
+  - Added missing API key in curl examples within API documentation
+  - Addressed timezone issues in MariaDB by setting the timezone in configuration
+  - Correctly display negation filters in the 'Save Dashboard' dialog
+  - Validated 'Run at' field in retention settings before submission
+  - Increased Elasticsearch's ``max_nested_depth`` to 100 to prevent query failures
+  - Corrected a typo in API documentation for ``GET /events/search`` endpoint
+  - Fixed processing of Bifrost file names
+  - Ensured UUIDs are generated for new suggested cases
+  - Added a ``.gitignore`` file to the config directory to avoid certain files from being backed up
+  - Fixed updates in the 'Actual events' column
+  - Addressed empty entries in case change logs when adding comments without other changes
+
+----
+
+* Chore
+
+  - Corrected a typo in the licensing section