Releases: redcanaryco/surveyor
Releases · redcanaryco/surveyor
v2.5.0
What's Changed
Definition Files
- Added support for network connection port field in definition files by @pmichaudrc in #116
- Added support for registry field in definition files by @xC0uNt3r7hr34t in #117
EDR
- Updated Cortex XDR query building logic by @rc-csmith in #113
General
- New feature to limit returned results by @TreWilkinsRC in #118
New Contributors
- @TreWilkinsRC made their first contribution in #118
Full Changelog: v2.4.1...v2.5.0
Contributors
pmichaudrc, xC0uNt3r7hr34t, and 2 other contributors
Assets 2
v2.4.1
What's Changed
Definition Files
- No changes
EDR
- No changes
General
- Add Support for Sigma Rules by @rc-csmith in #106
Full Changelog: v2.4.0...v2.4.1
Contributors
rc-csmith
Assets 2
v2.4.0
What's Changed
Definition Files
- Updated
remote-admin.jsonby @rc-benbernstein in #102 - Added
cve-2023-34362-iocs.jsonfor MOVEit vulnerability public IOCs by @RCWCates in #108
EDR
- Updated Microsoft Defender for Endpoint Query Building Logic by @rc-csmith in #104
General
- Bug Fix for IOC File Processing Errors by @rc-csmith in #98
- Added Unit Tests by @rc-csmith in #107
New Contributors
- @rc-benbernstein made their first contribution in #102
- @RCWCates made their first contribution in #108
Full Changelog: v2.3.0...v2.4.0
Contributors
rc-csmith, RCWCates, and rc-benbernstein
Assets 2
v2.3.0
What's Changed
Definition Files
- No changes
EDR
- Implemented Support for Cortex XDR by @rc-csmith in #89
General
- No changes
Full Changelog: v2.2.0...v2.3.0
Contributors
rc-csmith
Assets 2
v2.2.0
What's Changed
Definition Files
- Existing definition files updated to use new
queryfield by @rc-csmith in #100
EDR
- Added support for regex and full query options within definition files. Expanded parameter mappings and output fields for SentinelOne by @xC0uNt3r7hr34t in #87
- Added Support for "Query" Field in Definition Files for VMware Carbon Black Response, VMware Carbon Black Cloud and Microsoft Defender for Endpoint by @rc-csmith in #93
- Implemented PowerQuery support for SentinelOne by @jholtmann in #94
General
- No changes
Full Changelog: v2.1.0...v2.2.0
Contributors
jholtmann, xC0uNt3r7hr34t, and rc-csmith
Assets 2
v2.1.0
What's Changed
Definition Files
- Updated active-directory.json by @rcZachDiehl in #64
- Updated remote-admin.json by @rc-zfink in #63
- Updated system-utils.json by @alafrenz42 in #66
- Created wdac-app-block.json by @rc-csmith in #70
EDR
- Made siteID optional for SentinelOne by @rc-csmith in #72
- Fixed query options and added support for process name for SentinelOne by @xC0uNt3r7hr34t in #74
- Added base_query filters to merged queries for all command line argument scenarios for SentinelOne by @xC0uNt3r7hr34t in #78
- Allowed siteID and/or accountID in commandLine for SentinelOne by @rc-csmith in #79
- Implemented VMware Carbon Black Cloud SDK by @rc-csmith in #69
- Added enhancements to VMware Carbon Black Response & VMware Carbon Black Cloud by @rc-csmith in #84
General
- Patched cbapi import issue in Python 3.10+ by @jholtmann in #68
- Upgraded cbapi to support Python 3.10+ by @jholtmann in #91
New Contributors
- @rcZachDiehl made their first contribution in #64
- @rc-zfink made their first contribution in #63
- @rc-csmith made their first contribution in #72
- @xC0uNt3r7hr34t made their first contribution in #74
- @alafrenz42 made their first contribution in #66
Full Changelog: v2.0...v2.1.0
Contributors
jholtmann, rc-zfink, and 4 other contributors
Assets 2
v2.0 - SentinelOne Support
Merge pull request #54 from redcanaryco/dev-v2 Update documentation and click version string for v2.0