Changes in 0.9.17:
==================
- Do not provide an exhaustive list of unreachable linked alert, rather,
tell the user how many linked alert are not reachable any more.
- String encoding fixes, do not mix unicode and bytestring, and more
generally, use unicode for internal string storage. This fixes a lot
of possible exception with particular specific user input, or with
localization enabled.
- Inline filter didn't work as expected when viewing events starting
with a specific offset, because the offset keyword wasn't removed
from the generated link.
- Error handling improvement (back / retry button weren't always
working as expected).
- Fix exception when no protocol was available.
- Improve navigation button link (make the link cover the whole button).
Changes in 0.9.16:
==================
- Multiples advanced filter within the same column wouldn't display
correctly.
- Correctly restore input field when switching between advanced/simple
filter mode.
- Fix multiple bug that would results in inconsistant filtered "state"
and reset button.
- Using the classification simple filter now also trigger a search on
impact.completion.
- Fix multiple alert deletion checkbox, (#357).
- Various bug fixes.
Changes in 0.9.15:
==================
- Make it obvious when a column is filtered by replacing the old sober
star with a big "[filtered]" red marker. If the column filter is
saved, then the marker color will go from red to black.
- Once the user filtered a given field by clicking on it, deny further
click so that it is clear that the filter is currently active.
- Re-write the inline filter implementation using Cheetah + Jquery, in
place of generating an enormous amount of javascript code. This
drastically reduce the size of the events listing HTML page, and will
allow for much easier modification of the inline-filters.
- Only propose filter operator relevant to the selected path.
- Inline filter now present a single input field (with no path and
operator selection). Using this field, the user can filter on what is
seen in the associated column. For example, in the classification
column, the filter will trigger a search on classification.text,
classification.reference.name and classification.reference.origin.
There is also an [advanced] button allowing the user to specify both
the path and the operator.
- Implement a reset button in each inline filter column, that allow to
switch between different version of the filter: last saved filters,
default filters, or current filters.
- The user can now click an alert completion to set an inline filter on
the completion value.
- Clicking on a port / protocol now trigger a CSS menu allowing to
filter on the port and protocol information, or to get information
concerning this port / protocol.
- Clicking on a classification reference now trigger a CSS menu which
allow to filter on the reference, or to get more information
concerning it.
- Clicking on classification now add a filter on the selected
classification (previously, it would have unfolded aggregated alerts
for the selected entry, which is now done clicking the alert count).
- Until now, the default user that was automatically created by Prewikka
if there was no administrative user was "admin". As of now you can
define the initial administrative username and password from the
configuration file. (fix#289).
- Fix escaping for reference details URI parameters.
- Fix ModPython content-type handling.
- Invalid variable name, fix#339.
- Update to JQuery 1.3.2, and fit small JQuery API change.
- If the installed libprelude or libpreludedb version is too old,
Prewikka will require the user to upgrade. Currently, Prewikka depend
on libpreludedb 0.9.12, and libprelude 0.9.23.
- Fix IDMEFDatabase exception on empty criteria string (fixes#346).
- Analyzer retrieval fixes and speedup (fixes#350).
on some platforms that lacked shared library support in the past. The
list hasn't been maintained at all and the gain is very limited, so just
get rid of it.
to trigger/signal a rebuild for the transition 5.8.8 -> 5.10.0.
The list of packages is computed by finding all packages which end
up having either of PERL5_USE_PACKLIST, BUILDLINK_API_DEPENDS.perl,
or PERL5_PACKLIST defined in their make setup (tested via
"make show-vars VARNAMES=...").
- Let the user choose the type of sorting (default to time descending,
available: time asc/desc, count asc/desc).
- Implement Prewikka Asynchronous DNS resolution in alert view
as well as message summary (require twisted.names and twisted.internet),
see the additional dns_max_delay settings parameters in prewikka.conf.
- In the alert summary view, handle portlist and ip_version service fields,
and show alert messageid.
- Fix exception when rendering ToolAlert.
- Fix double classification escaping (could result in non working link
for alert with classification containing escaped character).
- Improvement to heartbeat retrieval (heartbeat view speedup).
- Correct typo (fix#275), thanks Scott Olihovki <skippylou@gmail.com>
for pointing this out.
- Polish translation, by Konrad Kosmowski <konrad@kosmosik.net>.
- Update to pt_BR translation, by Edelberto Franco Silva <edeunix@edeunix.com>
- Various bug fixes and cleanup.
- assume that Python 2.4 and 2.5 are compatible and allow checking for
fallout.
- remove PYTHON_VERSIONS_COMPATIBLE that are obsoleted by the 2.3+
default. Modify the others to deal with the removals.
- Only perform additional database request when using Sensor localtime:
this bring a performance improvement of about 36% on aggregated query,
when using either frontend localtime (the default), or UTC time.
- JQuery support: Port most of the javascript code to make use of JQuery.
Add show/hide effect to CSS popup. More filtering functionality in the
SensorListing view.
- Cleanup the Authentication class, so that uper Prewikka layer can act
depending whether the backend support user creation / deletion. Anonymous
authentication is nowa plugin.
- Better integration of CGI authentication allowing user listing and deletion.
- Report template exception directly to the user.
- Fix exception if an alert analyzer name is empty.
- Fix problem when adding new Prewikka users (#262).
- Fix exception when user has no permission set.
- When changing password, we didn't try to match an empty 'current password'
(which is a minor issue since the user is already authenticated). Thanks
to Helmut Azbest <helmut.azbest@gmail.com> for the fix.
- Fix a typo making mod_python use the parent method (patch from
Helmut Azbest <helmut.azbest@gmail.com>).
- In the configuration file, recognize section even if there are whitespace
at the beginning of the line.
- Localization fixes, by Sebastien Tricaud <toady@gscore.org>, and
Bjoern Weiland.
- Implement an Auto-Refresh system (fix#231). (including code from
Paul Robert Marino <prmarino1@gmail.com>).
- Ability to filter on missing/offline/online/unknown agents. Make more easier
to read each agent status in collapsed mode.
- Fix filter load/save/delete issue with translation.
- New 'My account' tabs, under the Settings section (fix#241).
- New messageid and analyzerid parameters, allowing link to a Prewikka alert
from an external tool (previously required a database query in order to
retrieve the database event id).
- Don't redirect to user listing once an user preference are recorded. Fix
changing of another user language by an user with PERM_USER_MANAGEMENT.
Display target user language rather than current user language.
- Improve the timeline control table layout.
- Fix translation of string possibly using plural.
the owner of all installed files is a non-root user. This change
affects most packages that require special users or groups by making
them use the specified unprivileged user and group instead.
(1) Add two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to
unprivileged.mk. These two variables are lists of other bmake
variables that define package-specific users and groups. Packages
that have user-settable variables for users and groups, e.g. apache
and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP},
etc., should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS
so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER}
and ${UNPRIVILEGED_GROUP}.
(2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.
- Improve database performance by reducing the number of query. (Paul Robert Marino)
- Activate CleanOutput filtering (lot of escaping fixes).
- More action logging.
- Bug fixes with the error pages Back/Retry buttons.
- Fix error on group by user (#191).
- Fix template compilation error with Cheetah version 2 (#184).
- Save/load user configuration when using CGI authentication mode (#181).
- Show Prewikka version in the About page (#177).
- Use Python logging facility (available backend: stderr, file, smtp, syslog),
multiple simultaneous handler supported (#113).
- Fix anonymous authentication.
- Fix external process going into zombie state (#178).
- Display correct alertident for invalid CorrelationAlert analyzerid/messageid pair.
- prewikka-httpd should now log the source address.
- Thread safety fixes.
- Use preludedb_delete_(alert|heartbeat)_from_list(). Require
libpreludedb 0.9.9. Provide a deletion performance improvement
of around 3000%.
- Handle multiple listed source/target properly. Separate
source/target in the message listing.
- Make host command/Information link available from the Sensor
listing.
- Always take care of the "external_link_new_window" configuration
parameter.
- Make external command handling more generic. Allow to specify
command line arguments.
- Allow to define unlimited number of external commands rather than
only a defined subset (fix#134).
- Avoid toggling several popup at once in the HeartbeatListing.
- Only provide lookup capability for known network address type (fix#76).
- New address and node name lookup provided through prelude-ids.com service.
- Link to new prelude-ids.com port lookup instead of broken portsdb
database (fix#162).
- Various bug fixes.
- Replace patch with official fix 'Filter on Target' link (fix#148).
- Fix alert summary exception with alert including file permission (fix#149).
- Fix creation of an empty __init__.py file in lib/site-packages (#147).
- Print currently installed version on libpreludedb requirement error.
- Make sure /usr/bin/env is expanded.