Releases: vertexproject/synapse
Synapse v2.175.0
Automatic Migrations
- Migrate existing ndef secondary properties to use the new ndef property
indexing.
(#3794 <https://github.com/vertexproject/synapse/pull/3794>
)
(#3809 <https://github.com/vertexproject/synapse/pull/3809>
) - See :ref:
datamigration
for more information about automatic migrations.
Features and Enhancements
- Update Cell with
_getCellHttpOpts()
method to allow for overriding default
HTTP options.
(#3770 <https://github.com/vertexproject/synapse/pull/3770>
_) - Add additional indexing for ndef based secondary properties.
(#3794 <https://github.com/vertexproject/synapse/pull/3794>
)
(#3809 <https://github.com/vertexproject/synapse/pull/3809>
) - Implement
--prs-from-git
insynapse.tools.changelog
.
(#3800 <https://github.com/vertexproject/synapse/pull/3800>
_) - Update the
getCellInfo()
API to include HTTPS listener addresses and
ports.
(#3802 <https://github.com/vertexproject/synapse/pull/3802>
_) - Improve permissions checking performance in the Storm
merge
command.
(#3804 <https://github.com/vertexproject/synapse/pull/3804>
_) - Support multiple tags in the diff command, which also allows for more
efficient deduplication (e.g.diff --tag foo bar
versusdiff --tag foo | diff --tag bar | uniq
).
(#3806 <https://github.com/vertexproject/synapse/pull/3806>
_) - Add information about the remote link when logging common server side
Telepath errors.
(#3808 <https://github.com/vertexproject/synapse/pull/3808>
_)
Bugfixes
- Fix an AttributeError in
synapse.tools.changelog
.
(#3798 <https://github.com/vertexproject/synapse/pull/3798>
_) - Fix for large array props causing system lag.
(#3799 <https://github.com/vertexproject/synapse/pull/3799>
_)
Improved documentation
- Remaining docs have been converted from Jupyter notebook format to RST.
(#3803 <https://github.com/vertexproject/synapse/pull/3803>
_)
Deprecations
- Deprecate the use of the
synapse.lib.jupyter
library. This will be
removed on 2024-08-26.
(#3803 <https://github.com/vertexproject/synapse/pull/3803>
_)
For complete changelog entries, see the following https://synapse.docs.vertex.link/en/latest/synapse/changelog.html
Synapse v2.174.0
Automatic Migrations
- Renormalize
ou:position:title
,ou:conference:name
, and
ou:conference:names
secondary properties.
(#3701 <https://github.com/vertexproject/synapse/pull/3701>
_) - Populate new
econ:currency
nodes from existing secondary properties.
(#3790 <https://github.com/vertexproject/synapse/pull/3790>
_) - Add a Cortex storage migration to set the correct View iden value on all
Trigger definitions.
(#3760 <https://github.com/vertexproject/synapse/pull/3760>
_) - See :ref:
datamigration
for more information about automatic migrations.
Model Changes
-
Add a new model,
entity
, for modeling elements related to entity
resolution.
(#3781 <https://github.com/vertexproject/synapse/pull/3781>
_) -
Updates to the
crypto
,econ
,files
,ou
, andpol
models.
(#3790 <https://github.com/vertexproject/synapse/pull/3790>
)
(#3781 <https://github.com/vertexproject/synapse/pull/3781>
)New Forms
econ:currency
The name of a system of money in general use.entity:name
A name used to refer to an entity.New Properties
crypto:key
The form had the following properties added to it:private:text
Set only if the:private
property decodes to ASCII.public:text
Set only if the:public
property decodes to ASCII.econ:acct:payment
The form had the following properties added to it:from:cash
Set to true if the payment input was in cash.to:cash
Set to true if the payment output was in cash.place
The place where the payment occurred.place:address
The address of the place where the payment occurred.place:latlong
The latlong where the payment occurred.place:loc
The loc of the place where the payment occurred.place:name
The name of the place where the payment occurred.pol:country
The form had the following property added to it:currencies
The official currencies used in the country.Updated Properties
ou:position
The form had the following property updated on it:title
This property is now anentity:name
type.ou:conference
The form had the following properties updated on it:name
This property is now anentity:name
type.names
This property is now an array ofentity:name
type.Light Edges
refs
When used with afiles:bytes
and anit:dev:str
node, the edge
indicates the source file contains the target string..
Features and Enhancements
- Add additional context to structured log information when a long LMDB commit
is detected.
(#3747 <https://github.com/vertexproject/synapse/pull/3747>
_) - Add support to
synapse.lib.msgpack
functions for handling integers
requiring more than 64 bits to store them.
(#3767 <https://github.com/vertexproject/synapse/pull/3767>
)
(#3780 <https://github.com/vertexproject/synapse/pull/3780>
) - Add support for Storm variables in array filters.
(#3775 <https://github.com/vertexproject/synapse/pull/3775>
_) - Add a
kill()
API to the Stormcron
objects.
(#3787 <https://github.com/vertexproject/synapse/pull/3787>
)
(#3796 <https://github.com/vertexproject/synapse/pull/3796>
) - Add log messages when a cron job is enabled or disabled.
(#3793 <https://github.com/vertexproject/synapse/pull/3793>
_)
Bugfixes
- Trigger definitions now always have the View iden that they belong to set
upon View creation. The Storm$lib.trigger.set()
API now uses the trigger
view instead of the current view when checking permissions.
(#3760 <https://github.com/vertexproject/synapse/pull/3760>
_) - Add missing item information when an error occurs while replaying a nexus
change entry upon startup
(#3778 <https://github.com/vertexproject/synapse/pull/3778>
_) - Fix the startup order for the Cortex embedded JSONStor to avoid an issue with
the nexus replay on startup.
(#3779 <https://github.com/vertexproject/synapse/pull/3779>
_) - Wrap the Nexus mirror loop setup code in a try/except block to handle
unexpected errors.
(#3781 <https://github.com/vertexproject/synapse/pull/3781>
_) - Only fire the beholder
pkg:add
events when the contents of a Storm
package change.
(#3785 <https://github.com/vertexproject/synapse/pull/3785>
_)
For complete changelog entries, see the following https://synapse.docs.vertex.link/en/latest/synapse/changelog.html
Synapse v2.173.1
This release also includes the changes from v2.173.0, which was not released
due to an issue with CI pipelines.
Model Changes
-
Updates to the
ou
,plan
, andps
models.
(#3772 <https://github.com/vertexproject/synapse/pull/3772>
)
(#3773 <https://github.com/vertexproject/synapse/pull/3773>
)New Properties
ou:conference
The form had the following property added to it:names
An array of alternate names for the conference.ps:contact
The form had the following property added to it:titles
An array of alternate titles for the contact.Light Edges
uses
When used with aplan:procedure:step
node, the edge indicates the
step in the procedure makes use of the target node.
Bugfixes
- Fix a bug in the
view.merge
optimizations fromv2.172.0
where deny
rules were not properly accounted for when checking for fast paths on the
node
permission hierarchy.
(#3771 <https://github.com/vertexproject/synapse/pull/3771>
_)
For complete changelog entries, see the following https://synapse.docs.vertex.link/en/latest/synapse/changelog.html
Synapse v2.172.0
Model Changes
-
Updates to the
biz
,econ
,inet
,meta
,ou
risk
,
andtransit
models.
(#3561 <https://github.com/vertexproject/synapse/pull/3561>
)
(#3756 <https://github.com/vertexproject/synapse/pull/3756>
)New Interfaces
inet:service:base
Properties common to most forms within a service platform.inet:service:object
Properties common to objects within a service platform. This inherits
from theinet:service:base
interface.New Forms
inet:service:access
Represents a user access request to a service resource.inet:service:account
An account within a service platform. Accounts may be instance specific.inet:service:bucket
A file/blob storage object within a service architecture.inet:service:bucket:item
An individual file stored within a bucket.inet:service:channel
A channel used to distribute messages.inet:service:channel:member
Represents a service account being a member of a channel.inet:service:group
A group or role which contains member accounts.inet:service:group:member
Represents a service account being a member of a group.inet:service:instance
An instance of the platform such as Slack or Discord instances.inet:service:login
A login event for a service account.inet:service:message
A message or post created by an account.inet:service:message:link
A URL link included within a message.inet:service:message:attachment
A file attachment included within a message.inet:service:login:method:taxonomy
A taxonomy of inet service login methods.inet:service:object:status
An object status enumeration.inet:service:permission
A permission which may be granted to a service account or role.inet:service:permission:type:taxonomy
A permission type taxonomy.inet:service:platform
A network platform which provides services.inet:service:resource
A generic resource provided by the service architecture.inet:service:resource:type:taxonomy
A taxonomy of inet service resource types.inet:service:rule
A rule which grants or denies a permission to a service account or role.inet:service:session
An authenticated session.it:cmd:history
A single command executed within a session.it:cmd:session
A command line session with multiple commands run over time.it:host:tenancy
A time window where a host was a tenant run by another host.it:network:type:taxonomy
A taxonomy of network types.it:software:image:type:taxonomy
A taxonomy of software image types.it:software:image
The base image used to create a container or OS.it:storage:mount
A storage volume that has been attached to an image.it:storage:volume
A physical or logical storage volume that can be attached to a
physical/virtual machine or container.it:storage:volume:type:taxonomy
A taxonomy of storage volume types.New Properties
biz:listing
The form had the following properties added to it:count:remaining
The current remaining number of instances for sale.count:total
The number of instances for sale.econ:purchase
The form had the following property added to it:listing
The purchase was made based on the given listing.it:exec:proc
The form had the following property added to it:cmd:history
The command history entry which caused this process to be run.it:exec:query
The form had the following property added to it:synuser
The synapse user who executed the query.it:host
The form had the following property added to it:image
The container image or OS image running on the host.it:network
The form had the following property added to it:type
The type of network.meta:note
The form had the following property added to it:replyto
The note is a reply to the specified note.ou:campaign
The form had the following property added to it:ext:id
An external identifier for the campaign.ou:org
The form had the following property added to it:ext:id
An external identifier for the organization.ou:technique
The form had the following property added to it:ext:id
An external identifier for the technique.risk:extortion
The form had the following properties added to it:paid:price
The total price paid by the target of the extortion.payments
Payments made from the target to the attacker.risk:leak
The form had the following properties added to it:size:count
The number of files included in the leaked data.size:percent
The total percent of the data leaked.risk:threat
The form had the following property added to it:ext:id
An external identifier for the threat.Updated Types
inet:web:hashtag
Update the regex to allow the middle dot (U+00B7) character to be part of
the hashtag after the first unicode word character.transport:air:flightnum
Loosen the regex for flight number validation.Updated Forms
it:host
The form now inherits from theinet:service:object
interface.
Features and Enhancements
- Update the permission checking for View merging (
view.merge
) to
optimize the permission checking based on user permissions and layer index
data.
(#3736 <https://github.com/vertexproject/synapse/pull/3736>
)
(#3750 <https://github.com/vertexproject/synapse/pull/3750>
)
(#3758 <https://github.com/vertexproject/synapse/pull/3758>
_) - Add a hotfix that can be used to migrate
risk:hasvuln
nodes to
risk:vulnerable
nodes.
(#3745 <https://github.com/vertexproject/synapse/pull/3745>
_) - Add a Storm API,
$lib.env.get()
, to get environment variables from
the Cortex process which start with the prefixSYN_STORM_ENV_
.
(#3761 <https://github.com/vertexproject/synapse/pull/3761>
_) - Add a
edited()
API to thelayer
object in Storm. This API can be
used to get the last time a given layer was edited. Add areverse
argument to thelayer.edits()
API to return the node edits in reverse
order.
(#3763 <https://github.com/vertexproject/synapse/pull/3763>
_) - Add a
setArchived()
API to theauth:user
object in Storm.
(#3759 <https://github.com/vertexproject/synapse/pull/3759>
_) - The
synapse.tool.storm
tool now returns a non-zero status code when
it is invoked to execute a single command and the command encounters an
error.
(#3765 <https://github.com/vertexproject/synapse/pull/3765>
_) - Add a
nodup
option to theslab.scanKeys()
API. Use this to increase
the efficiency of the the Stormmodel.edge.list
command.
(#3762 <https://github.com/vertexproject/synapse/pull/3762>
_) - Add a
synapse.common.trimText()
API for trimming strings in a consistent
fashion. Use that API to trim long text strings that may be included in
exception messages.
(#3753 <https://github.com/vertexproject/synapse/pull/3753>
_) - When a Storm subquery assignment yields more than a single node, add the
trimmed subquery text to theBadTypeValu
exception that is raised.
(#3753 <https://github.com/vertexproject/synapse/pull/3753>
_)
Bugfixes
- Fix a typo in the Storm
gen.it.av.scan.result
command help output.
(#3766 <https://github.com/vertexproject/synapse/pull/3766>
_) - Fix a typo in the Rapid Power-Up development documentation.
(#3766 <https://github.com/vertexproject/synapse/pull/3766>
_)
Improved Documentation
- Add documentation for
$lib.auth.easyperm.level
constants and the
$lib.dict.has()
function.
(#3706 <https://github.com/vertexproject/synapse/pull/3706>
_)
For complete changelog entries, see the following https://synapse.docs.vertex.link/en/latest/synapse/changelog.html
Synapse v2.171.0
Features and Enhancements
- Update
synapse.test.utils.SynTest
helpers to disable sysctl checks
for test services by default.
(#3741 <https://github.com/vertexproject/synapse/pull/3741>
_)
Bugfixes
- Fix a key positioning error in the LMDBSlab when scanning backwards
by prefix.
(#3739 <https://github.com/vertexproject/synapse/pull/3739>
_) - Fix a bug in the
str
type normalization routine for handling floating
point values. The floating point values are now also run through the
string norming logic.
(#3742 <https://github.com/vertexproject/synapse/pull/3742>
_) - Add missing beholder messages for view layer modifications.
(#3743 <https://github.com/vertexproject/synapse/pull/3743>
_)
Improved Documentation
- Update Devops documentation to add additional information about low downtime
service updates, Rapid Power-Up updates, and release cadence information.
Update references fromdocker-compose
to usedocker compose
.
(#3722 <https://github.com/vertexproject/synapse/pull/3722>
_)
For complete changelog entries, see the following https://synapse.docs.vertex.link/en/latest/synapse/changelog.html
Synapse v2.170.0
Automatic Migrations
- Populate an additional index of buids by form in Layers.
(#3729 <https://github.com/vertexproject/synapse/pull/3729>
_) - See :ref:
datamigration
for more information about automatic migrations.
Model Changes
-
Updates to the
infotech
andfile
models.
(#3702 <https://github.com/vertexproject/synapse/pull/3702>
)
(#3725 <https://github.com/vertexproject/synapse/pull/3725>
)
(#3732 <https://github.com/vertexproject/synapse/pull/3732>
_)New Forms
file:mime:lnk
Metadata pulled from a Windows shortcut or LNK file.it:mitre:attack:datasource
A MITRE ATT&CK Datasource ID.it:mitre:attack:data:component
A MITRE ATT&CK data component.New Properties
it:mitre:attack:technique
The form had the following property added to it:data:components
An array of MITRE ATT&CK data components that detect the ATT&CK technique.it:prod:hardware
The form had the following properties added to it:manufacturer
The organization that manufactures this hardware.manufacturer:name
The name of the organization that manufactures this hardware.Deprecated Properties
it:prod:hardware
Theit:prod:hardware
form had the following property marked as deprecated:make
Features and Enhancements
- Added
$lib.model.migration.s.riskHasVulnToVulnerable
migration helper
to createrisk:vulnerable
nodes fromrisk:hasvuln
nodes.
(#3734 <https://github.com/vertexproject/synapse/pull/3734>
_) - Added
$lib.model.migration.s.itSecCpe_2_170_0()
migration helper to update
it:sec:cpe
nodes created before this release. Details about the migration
helper can be found in the help (help -v $lib.model.migration.s.itSecCpe_2_170_0
)
(#3515 <https://github.com/vertexproject/synapse/pull/3515>
_) - Update Storm lift optimization for tag filters to also allow hinting
based on runtsafe variable values.
(#3733 <https://github.com/vertexproject/synapse/pull/3733>
_) - Log an info message with the current Cell and Synapse version on startup.
(#3723 <https://github.com/vertexproject/synapse/pull/3723>
_) - Add per-Cell version checks to prevent accidental downgrades of services.
(#3728 <https://github.com/vertexproject/synapse/pull/3728>
_) - Add a check to Cells that will warn when performance related sysctl values
are not configured correctly on the host. This warning can be disabled with
thehealth:sysctl:checks
configuration option.
(#3712 <https://github.com/vertexproject/synapse/pull/3712>
_) - Add
forms
andinterfaces
type options to thendef
type, which
require the value to be one of the specified forms, or inherit one of the
specified interfaces.
(#3724 <https://github.com/vertexproject/synapse/pull/3724>
_) - Add support for pivoting from an
ndef
secondary prop to specific form.
(#3715 <https://github.com/vertexproject/synapse/pull/3715>
_) - Add support for pivoting to or from
ndef
array properties.
(#3720 <https://github.com/vertexproject/synapse/pull/3720>
_) - Add an index of buids by form to Layers. A
getStorNodesByForm()
API has
been added to Storm Layer objects to retrieve storage nodes using this index.
(#3729 <https://github.com/vertexproject/synapse/pull/3729>
_) - Storm Dmon APIs called on a Cortex mirror now call up to the leader to
retrieve their result.
(#3735 <https://github.com/vertexproject/synapse/pull/3735>
_) - Add a
insertParentFork()
API on Storm View objects to insert a new
View between an existing fork and its parent View.
(#3731 <https://github.com/vertexproject/synapse/pull/3731>
_) - Quorum merge requests are now allowed on Views which have forks.
(#3738 <https://github.com/vertexproject/synapse/pull/3738>
_)
Bugfixes
- Fix a formatting issue in an error message that could be raised during
JSON decoding in a Stormhttp:api:request
object.
(#3730 <https://github.com/vertexproject/synapse/pull/3730>
_) - Fix an issue where
inet:url
norming did not handle IPv6 addresses
in the host portion of the URL correctly.
(#3727 <https://github.com/vertexproject/synapse/pull/3727>
_) - Fix an issue where executing the
view.exec
command from within a
privileged Storm runtime still checked user permissions for the specified
view.
(#3726 <https://github.com/vertexproject/synapse/pull/3726>
_) - Update logic for parsing CPE 2.2 and CPE 2.3 strings to be more compliant with
the specification. This resulted in better conversions from CPE 2.2 to CPE 2.3
and CPE 2.3 to CPE 2.2.
(#3515 <https://github.com/vertexproject/synapse/pull/3515>
_)
For complete changelog entries, see the following https://synapse.docs.vertex.link/en/latest/synapse/changelog.html
Synapse v2.169.0
Features and Enhancements
- Add a data migration helper library,
$lib.model.migration
. This
contains functions to help with migrating data via Storm.
(#3714 <https://github.com/vertexproject/synapse/pull/3714>
_) - Add Extended HTTP API iden values to structured Storm query logs.
(#3710 <https://github.com/vertexproject/synapse/pull/3710>
_) - Add
node.data.set
andnode.data.pop
to the list of declared
Cortex permissions.
(#3716 <https://github.com/vertexproject/synapse/pull/3716>
_)
Bugfixes
- Restore cron iden values in structured Storm query logs.
(#3710 <https://github.com/vertexproject/synapse/pull/3710>
_) - The Storm APIs
$lib.min()
and$lib.max()
now handle a single
input. The Storm APIs$lib.min()
and$lib.max()
now raise a
StormRuntimeError
when there is no input provided to them. Previously
these conditions caused a Python exception in the Storm runtime.
(#3711 <https://github.com/vertexproject/synapse/pull/3711>
_) - The
onboot:optimize
configuration now skips optimizing any LMDB files
found in the Cell local backup storage.
(#3713 <https://github.com/vertexproject/synapse/pull/3713>
_)
Deprecations
- Removed the Telepath APIs
CoreApi.enableMigrationMode
and
CoreApi.disableMigrationMode
. Remove support for the Cell
hiveboot.yaml
file. These had a removal date of 2025-05-05.
(#3717 <https://github.com/vertexproject/synapse/pull/3717>
_)
For complete changelog entries, see the following https://synapse.docs.vertex.link/en/latest/synapse/changelog.html
Synapse v2.168.0
Model Changes
-
Add a new model,
plan
, for modeling elements of plannings systems.
(#3697 <https://github.com/vertexproject/synapse/pull/3697>
_)New Forms
plan:system
A planning or behavioral analysis system that defines phases and
procedures.plan:phase
A phase within a planning system which may be used to group steps
within a procedure.plan:procedure
A procedure consisting of steps.plan:procedure:type:taxonomy
A taxonomy of procedure types.plan:procedure:variable
A variable used by a procedure.plan:procedure:step
A step within a procedure.plan:procedure:link
A link between steps in a procedure.
Features and Enhancements
- Cortex data model migrations will now be checked and executed when the
service is promoted to being a leader. This allows for Cortex updates
which use mirrors to have minimal downtime. Cortex model migrations which
are executed using Storm will always run directly on the Cortex leader.
(#3694 <https://github.com/vertexproject/synapse/pull/3694>
)
(#3695 <https://github.com/vertexproject/synapse/pull/3695>
) - The Storm
aha:pool.del()
method now returns the full name of the
service that was removed.
(#3704 <https://github.com/vertexproject/synapse/pull/3704>
_)
Bugfixes
- The Storm command
aha.pool.svc.del
now prints out the name of the
service that was removed from the pool or notes that there were no
services removed.
(#3704 <https://github.com/vertexproject/synapse/pull/3704>
_) - When setting a service "down" with AHA, conditionally clear the
ready
flag as well. Previously this flag was not cleared, and offline services
could still report asready
.
(#3705 <https://github.com/vertexproject/synapse/pull/3705>
_) - Add misisng sleep statements to callers of
Layer.syncNodeEdits2()
.
(#3700 <https://github.com/vertexproject/synapse/pull/3700>
_)
Improved Documentation
- Update Storm command reference documentation to add additional examples
for theuniq
command. Update Storm command reference documentation to
addgen.geo.place
andgen.it.av.scan.result
commands.
(#3699 <https://github.com/vertexproject/synapse/pull/3699>
_) - Update type specific documentation. Add additional information about
loc
andsyn:tag
behavior with prefixes and wlidcards. Add a section on the
duration
andtaxonomy
types.
(#3703 <https://github.com/vertexproject/synapse/pull/3703>
_) - Add documentation for
$lib.auth.easyperm.level
constants and the
$lib.dict.has()
function.
(#3706 <https://github.com/vertexproject/synapse/pull/3706>
_)
For complete changelog entries, see the following https://synapse.docs.vertex.link/en/latest/synapse/changelog.html
Synapse v2.167.0
Automatic Migrations
- Set the
protected
flag on all Views in the Cortex, using the existing
value of thenomerge
flag.
(#3681 <https://github.com/vertexproject/synapse/pull/3681>
_) - See :ref:
datamigration
for more information about automatic migrations.
Model Changes
-
Updates to the
base
andfile
models.
(#3674 <https://github.com/vertexproject/synapse/pull/3674>
)
(#3688 <https://github.com/vertexproject/synapse/pull/3688>
)Updated Types
file:path
Normalizing paths such as../.././..
previously failed. This now
produces an empty path.Deprecated Types
The following types have been marked as deprecated:
edge
timeedge
Deprecated Forms
The following forms have been marked as deprecated:
graph:cluster
graph:node
graph:event
edge:refs
edge:has
edge:wentto
graph:edge
graph:timeedge
Features and Enhancements
- Add
aha.svc.list
andaha.svc.stat
commands to enumerate the AHA
services. Add$lib.aha
Storm APIs to delete, get, and list the AHA
services.
(#3685 <https://github.com/vertexproject/synapse/pull/3685>
)
(#3692 <https://github.com/vertexproject/synapse/pull/3692>
)
(#3693 <https://github.com/vertexproject/synapse/pull/3693>
_) - Add a
protected
option that can be set on Views to prevent
merging and deletion. This replaces thenomerge
option.
(#3679 <https://github.com/vertexproject/synapse/pull/3679>
_) - Add Beholder events for creating, deleting, and updating Macros.
(#3681 <https://github.com/vertexproject/synapse/pull/3681>
_) - Update the
StormPkgTest.getTestCore()
API to add aprepkghook
callback option. This can be used to execute code prior to loading Storm
packages. ThegetTestCore()
API now waits foronload
handlers to
complete for each package it loads.
(#3687 <https://github.com/vertexproject/synapse/pull/3687>
_) - Ensure that the
Cell.ahaclient
is fully owned and managed by the
Cell
. It will no longer use a global client that may exist.
(#3677 <https://github.com/vertexproject/synapse/pull/3677>
_) - Update the
stix2-validator
library constraints to>=3.2.0,<4.0.0
.
Update the allowed range of theidna
library to>=3.6,<3.8
.
(#3672 <https://github.com/vertexproject/synapse/pull/3672>
)
(#3684 <https://github.com/vertexproject/synapse/pull/3684>
)
Bugfixes
- Asyncio Tasks created by signal handlers on the Base object are now held
onto, to ensure that they cannot be garbage collected before or during
their task execution.
(#3686 <https://github.com/vertexproject/synapse/pull/3686>
_) - Update the
Axon.postfiles
andAxon.wput
APIs to check for the
existence of files before attempting to send them over an HTTP connection.
(#3682 <https://github.com/vertexproject/synapse/pull/3682>
_) - Fix an issue where pruning a non-existent tag mistakenly pruned related
tags.
(#3673 <https://github.com/vertexproject/synapse/pull/3673>
_) - Ensure that macro names are at least 1 character in length.
(#3679 <https://github.com/vertexproject/synapse/pull/3679>
_) - Fix a bug where
$lib.telepath.open()
could leak Python exceptions into
the Storm runtime.
(#3685 <https://github.com/vertexproject/synapse/pull/3685>
_)
Improved Documentation
- Add documentation for
$lib.aha
,$lib.aha.pool
, and theaha:pool
type.
(#3685 <https://github.com/vertexproject/synapse/pull/3685>
_)
Deprecations
- Deprecate the use of
hiveboot.yaml
to configure a Cell hive. This will be
removed on 2024-05-05.
(#3678 <https://github.com/vertexproject/synapse/pull/3678>
_) - The
nomerge
option on views has been deprecated. It is automatically
redirected to theprotected
option. This redirection will be removed in
v3.0.0
.
(#3681 <https://github.com/vertexproject/synapse/pull/3681>
_) - The Telepath APIs for interacting with a Cell Hive,
listHiveKey
,
getHiveKeys
,getHiveKey
,setHiveKey
,popHiveKey
, and
saveHiveTree
have been deprecated. The toolssynapse.tools.hive.load
andsynapse.tools.hive.save
have been deprecated. These will be removed
inv3.0.0
.
(#3683 <https://github.com/vertexproject/synapse/pull/3683>
_) - The
Telepath.Pipeline
class has been marked as deprecated and will be
removed inv3.0.0
.
(#3691 <https://github.com/vertexproject/synapse/pull/3691>
_)
For complete changelog entries, see the following https://synapse.docs.vertex.link/en/latest/synapse/changelog.html
Synapse v2.166.0
Model Changes
-
Updates to the
inet
,ou
,person
andrisk
models.
(#3649 <https://github.com/vertexproject/synapse/pull/3649>
)
(#3653 <https://github.com/vertexproject/synapse/pull/3653>
)
(#3657 <https://github.com/vertexproject/synapse/pull/3657>
_)New Forms
inet:tls:handshake
An instance of a TLS handshake between a server and client.inet:tls:ja3:sample
A JA3 sample taken from a client.inet:tls:ja3s:sample
A JA3 sample taken from a server.inet:tls:servercert
An x509 certificate sent by a server for TLS.inet:tls:clientcert
An x509 certificate sent by a client for TLS.New Properties
risk:extortion
The form had the following property added to it:deadline
The time that the demand must be met.risk:leak
The form had the following properties added on it:extortion
The extortion event which used the threat of the leak as leverage.size:bytes
The approximate uncompressed size of the total data leaked.it:mitre:attack:technique
The form had the following properties updated on it:name
This property is now lower-cased and single spaced.Deprecated Forms
The following forms have been marked as deprecated:
inet:ssl:cert
Please useinet:tls:clientcert
orinet:tls:servercert
.Column Display Hints
The following forms had column display hints added to them:
ou:campaign
ou:conference
ou:goal
ou:org
ou:team
ou:technique
ps:contact
ps:skill
ps:proficiency
risk:threat
risk:compromise
risk:mitigation
risk:tool:software
Light Edges
uses
When used with arisk:extortion
and anou:technique
node, the edge
indicates the attacker used the technique to extort the victim.
Features and Enhancements
- When setting a tag on a node, the tag value is now redirected based on
parent tags having:isnow
properties set.
(#3650 <https://github.com/vertexproject/synapse/pull/3650>
_) - Add a
$lib.spooled.set()
Storm API. This can be used to get a
spooled:set
object. This set will offload the storage of its members
to a temporary location on disk when it grows above a certain size.
(#3632 <https://github.com/vertexproject/synapse/pull/3632>
_) - Add a
$lib.cache.fixed()
Storm API. This can be used to get a
cache:fixed
object. This cache will execute user provided callbacks
written in Storm upon a cache miss.
(#3661 <https://github.com/vertexproject/synapse/pull/3661>
_) - Add a
pool
option to Cron jobs. This can be set to True to enable a
Cron job storm query to be executed on a Storm pool member.
(#3652 <https://github.com/vertexproject/synapse/pull/3652>
_) - Add a
pool
option to Extended HTTP API handlers. This can be set to
True to enable an HTTP request handler to be executed on a Storm pool member.
(#3663 <https://github.com/vertexproject/synapse/pull/3663>
)
(#3667 <https://github.com/vertexproject/synapse/pull/3667>
) - Add a new Storm API,
$lib.cortex.httpapi.getByPath()
, that can be
used to get anhttp:api
object by its path. Thepath
value is
evaluated in the same order that the HTTP endpoint resolves the handlers.
(#3663 <https://github.com/vertexproject/synapse/pull/3663>
_) - Add
--list
and--gate
options tosynapse.tools.modrole
and
synapse.tools.moduser
.
(#3632 <https://github.com/vertexproject/synapse/pull/3632>
_) - Add a
view.getMergingViews()
Storm API. This returns a list of view
idens that have open merge requests on a view.
(#3666 <https://github.com/vertexproject/synapse/pull/3666>
_) - The Storm API
show:storage
option now includes storage information for
any embedded properties.
(#3656 <https://github.com/vertexproject/synapse/pull/3656>
_) - Update the
LinkShutDown
exception that a Telepath client may raise to
indicate that the connection has been disconnected.
(#3640 <https://github.com/vertexproject/synapse/pull/3640>
_) - Add repr functions for printing the
aha:pool
andhttp:api
objects
in Storm.
(#3663 <https://github.com/vertexproject/synapse/pull/3663>
)
(#3665 <https://github.com/vertexproject/synapse/pull/3665>
) - The Telepath
Pool
object has been replaced with a new object,
ClientV2
. This is now the only object returned by the
synapse.telepath.open()
API. This is an AHA pool aware Client which
can be used to connect to an AHA pool.
(#3662 <https://github.com/vertexproject/synapse/pull/3662>
_) - Remove the unused Provenance subsystem from the Cortex.
(#3655 <https://github.com/vertexproject/synapse/pull/3655>
_) - Constrain the
stix2-validator
library to3.0.0,<3.2.0
due to
an API change. This constraint is expected be changed in the next
release.
(#3669 <https://github.com/vertexproject/synapse/pull/3669>
_)
Bugfixes
- Fix a bug where a Cortex
promote()
call could hang when tearing down
any running Cron jobs. Cron jobs cancelled during a promotion event will
be logged but their cancelled status will not be recorded in the Nexus.
(#3658 <https://github.com/vertexproject/synapse/pull/3658>
_) - Fix a bug where the Storm pool configuration could cause a Cortex to fail
to start up. The Storm pool is now configured upon startup but its use is
blocked until the Storm pool is ready to service requests.
(#3662 <https://github.com/vertexproject/synapse/pull/3662>
_) - Ensure that the URL argument provided to
cortex.storm.pool.set
can be
parsed as a Telepath URL. Previously any string input was accepted.
(#3665 <https://github.com/vertexproject/synapse/pull/3665>
_)
Improved Documentation
- Update the list of Cortex permissions in the Admin Guide to include
service.add
,service.del
,service.get
, andservice.list
.
(#3647 <https://github.com/vertexproject/synapse/pull/3647>
_) - Update the docstring for the Storm
cortex.storm.pool.del
command to note
the effects of removing a pool and the interruption of running queries.
(#3665 <https://github.com/vertexproject/synapse/pull/3665>
_) - Update the documentation for the Storm
http:api
object to include the
methods
attribute.
(#3663 <https://github.com/vertexproject/synapse/pull/3663>
_)
Deprecations
- The Telepath
task:init
message format has been marked as deprecated and
will be removed inv3.0.0
. This should not affect any users using Synapse
v2.x.x
in their client code.
(#3640 <https://github.com/vertexproject/synapse/pull/3640>
_) - The authgate with the name
cortex
is not used for permission checking and
will be removed inv3.0.0
. At startup, the Cortex will now check for any
use of this authgate and log warning messages. Attempts to set permissions
with this gateiden via Storm will producewarn
messages.
(#3648 <https://github.com/vertexproject/synapse/pull/3648>
_)
For complete changelog entries, see the following https://synapse.docs.vertex.link/en/latest/synapse/changelog.html