Skip to content

Releases: vertexproject/synapse

Synapse v2.175.0

15 Jul 21:15
Compare
Choose a tag to compare

Automatic Migrations

  • Migrate existing ndef secondary properties to use the new ndef property
    indexing.
    (#3794 <https://github.com/vertexproject/synapse/pull/3794>)
    (#3809 <https://github.com/vertexproject/synapse/pull/3809>
    )
  • See :ref:datamigration for more information about automatic migrations.

Features and Enhancements

  • Update Cell with _getCellHttpOpts() method to allow for overriding default
    HTTP options.
    (#3770 <https://github.com/vertexproject/synapse/pull/3770>_)
  • Add additional indexing for ndef based secondary properties.
    (#3794 <https://github.com/vertexproject/synapse/pull/3794>)
    (#3809 <https://github.com/vertexproject/synapse/pull/3809>
    )
  • Implement --prs-from-git in synapse.tools.changelog.
    (#3800 <https://github.com/vertexproject/synapse/pull/3800>_)
  • Update the getCellInfo() API to include HTTPS listener addresses and
    ports.
    (#3802 <https://github.com/vertexproject/synapse/pull/3802>_)
  • Improve permissions checking performance in the Storm merge command.
    (#3804 <https://github.com/vertexproject/synapse/pull/3804>_)
  • Support multiple tags in the diff command, which also allows for more
    efficient deduplication (e.g. diff --tag foo bar
    versus diff --tag foo | diff --tag bar | uniq).
    (#3806 <https://github.com/vertexproject/synapse/pull/3806>_)
  • Add information about the remote link when logging common server side
    Telepath errors.
    (#3808 <https://github.com/vertexproject/synapse/pull/3808>_)

Bugfixes

  • Fix an AttributeError in synapse.tools.changelog.
    (#3798 <https://github.com/vertexproject/synapse/pull/3798>_)
  • Fix for large array props causing system lag.
    (#3799 <https://github.com/vertexproject/synapse/pull/3799>_)

Improved documentation

  • Remaining docs have been converted from Jupyter notebook format to RST.
    (#3803 <https://github.com/vertexproject/synapse/pull/3803>_)

Deprecations

  • Deprecate the use of the synapse.lib.jupyter library. This will be
    removed on 2024-08-26.
    (#3803 <https://github.com/vertexproject/synapse/pull/3803>_)

For complete changelog entries, see the following https://synapse.docs.vertex.link/en/latest/synapse/changelog.html

Synapse v2.174.0

09 Jul 16:22
Compare
Choose a tag to compare

Automatic Migrations

  • Renormalize ou:position:title, ou:conference:name, and
    ou:conference:names secondary properties.
    (#3701 <https://github.com/vertexproject/synapse/pull/3701>_)
  • Populate new econ:currency nodes from existing secondary properties.
    (#3790 <https://github.com/vertexproject/synapse/pull/3790>_)
  • Add a Cortex storage migration to set the correct View iden value on all
    Trigger definitions.
    (#3760 <https://github.com/vertexproject/synapse/pull/3760>_)
  • See :ref:datamigration for more information about automatic migrations.

Model Changes

  • Add a new model, entity, for modeling elements related to entity
    resolution.
    (#3781 <https://github.com/vertexproject/synapse/pull/3781>_)

  • Updates to the crypto, econ, files, ou, and pol models.
    (#3790 <https://github.com/vertexproject/synapse/pull/3790>)
    (#3781 <https://github.com/vertexproject/synapse/pull/3781>
    )

    New Forms

    econ:currency
    The name of a system of money in general use.

    entity:name
    A name used to refer to an entity.

    New Properties

    crypto:key
    The form had the following properties added to it:

    private:text
    Set only if the :private property decodes to ASCII.

    public:text
    Set only if the :public property decodes to ASCII.

    econ:acct:payment
    The form had the following properties added to it:

    from:cash
    Set to true if the payment input was in cash.

    to:cash
    Set to true if the payment output was in cash.

    place
    The place where the payment occurred.

    place:address
    The address of the place where the payment occurred.

    place:latlong
    The latlong where the payment occurred.

    place:loc
    The loc of the place where the payment occurred.

    place:name
    The name of the place where the payment occurred.

    pol:country
    The form had the following property added to it:

    currencies
    The official currencies used in the country.

    Updated Properties

    ou:position
    The form had the following property updated on it:

    title
    This property is now an entity:name type.

    ou:conference
    The form had the following properties updated on it:

    name
    This property is now an entity:name type.

    names
    This property is now an array of entity:name type.

    Light Edges

    refs
    When used with a files:bytes and an it:dev:str node, the edge
    indicates the source file contains the target string..

Features and Enhancements

  • Add additional context to structured log information when a long LMDB commit
    is detected.
    (#3747 <https://github.com/vertexproject/synapse/pull/3747>_)
  • Add support to synapse.lib.msgpack functions for handling integers
    requiring more than 64 bits to store them.
    (#3767 <https://github.com/vertexproject/synapse/pull/3767>)
    (#3780 <https://github.com/vertexproject/synapse/pull/3780>
    )
  • Add support for Storm variables in array filters.
    (#3775 <https://github.com/vertexproject/synapse/pull/3775>_)
  • Add a kill() API to the Storm cron objects.
    (#3787 <https://github.com/vertexproject/synapse/pull/3787>)
    (#3796 <https://github.com/vertexproject/synapse/pull/3796>
    )
  • Add log messages when a cron job is enabled or disabled.
    (#3793 <https://github.com/vertexproject/synapse/pull/3793>_)

Bugfixes

  • Trigger definitions now always have the View iden that they belong to set
    upon View creation. The Storm $lib.trigger.set() API now uses the trigger
    view instead of the current view when checking permissions.
    (#3760 <https://github.com/vertexproject/synapse/pull/3760>_)
  • Add missing item information when an error occurs while replaying a nexus
    change entry upon startup
    (#3778 <https://github.com/vertexproject/synapse/pull/3778>_)
  • Fix the startup order for the Cortex embedded JSONStor to avoid an issue with
    the nexus replay on startup.
    (#3779 <https://github.com/vertexproject/synapse/pull/3779>_)
  • Wrap the Nexus mirror loop setup code in a try/except block to handle
    unexpected errors.
    (#3781 <https://github.com/vertexproject/synapse/pull/3781>_)
  • Only fire the beholder pkg:add events when the contents of a Storm
    package change.
    (#3785 <https://github.com/vertexproject/synapse/pull/3785>_)

For complete changelog entries, see the following https://synapse.docs.vertex.link/en/latest/synapse/changelog.html

Synapse v2.173.1

25 Jun 21:02
Compare
Choose a tag to compare

This release also includes the changes from v2.173.0, which was not released
due to an issue with CI pipelines.

Model Changes

  • Updates to the ou, plan, and ps models.
    (#3772 <https://github.com/vertexproject/synapse/pull/3772>)
    (#3773 <https://github.com/vertexproject/synapse/pull/3773>
    )

    New Properties

    ou:conference
    The form had the following property added to it:

    names
    An array of alternate names for the conference.

    ps:contact
    The form had the following property added to it:

    titles
    An array of alternate titles for the contact.

    Light Edges

    uses
    When used with a plan:procedure:step node, the edge indicates the
    step in the procedure makes use of the target node.

Bugfixes

  • Fix a bug in the view.merge optimizations from v2.172.0 where deny
    rules were not properly accounted for when checking for fast paths on the
    node permission hierarchy.
    (#3771 <https://github.com/vertexproject/synapse/pull/3771>_)

For complete changelog entries, see the following https://synapse.docs.vertex.link/en/latest/synapse/changelog.html

Synapse v2.172.0

24 Jun 20:35
Compare
Choose a tag to compare

Model Changes

  • Updates to the biz, econ, inet, meta, ou risk,
    and transit models.
    (#3561 <https://github.com/vertexproject/synapse/pull/3561>)
    (#3756 <https://github.com/vertexproject/synapse/pull/3756>
    )

    New Interfaces

    inet:service:base
    Properties common to most forms within a service platform.

    inet:service:object
    Properties common to objects within a service platform. This inherits
    from the inet:service:base interface.

    New Forms

    inet:service:access
    Represents a user access request to a service resource.

    inet:service:account
    An account within a service platform. Accounts may be instance specific.

    inet:service:bucket
    A file/blob storage object within a service architecture.

    inet:service:bucket:item
    An individual file stored within a bucket.

    inet:service:channel
    A channel used to distribute messages.

    inet:service:channel:member
    Represents a service account being a member of a channel.

    inet:service:group
    A group or role which contains member accounts.

    inet:service:group:member
    Represents a service account being a member of a group.

    inet:service:instance
    An instance of the platform such as Slack or Discord instances.

    inet:service:login
    A login event for a service account.

    inet:service:message
    A message or post created by an account.

    inet:service:message:link
    A URL link included within a message.

    inet:service:message:attachment
    A file attachment included within a message.

    inet:service:login:method:taxonomy
    A taxonomy of inet service login methods.

    inet:service:object:status
    An object status enumeration.

    inet:service:permission
    A permission which may be granted to a service account or role.

    inet:service:permission:type:taxonomy
    A permission type taxonomy.

    inet:service:platform
    A network platform which provides services.

    inet:service:resource
    A generic resource provided by the service architecture.

    inet:service:resource:type:taxonomy
    A taxonomy of inet service resource types.

    inet:service:rule
    A rule which grants or denies a permission to a service account or role.

    inet:service:session
    An authenticated session.

    it:cmd:history
    A single command executed within a session.

    it:cmd:session
    A command line session with multiple commands run over time.

    it:host:tenancy
    A time window where a host was a tenant run by another host.

    it:network:type:taxonomy
    A taxonomy of network types.

    it:software:image:type:taxonomy
    A taxonomy of software image types.

    it:software:image
    The base image used to create a container or OS.

    it:storage:mount
    A storage volume that has been attached to an image.

    it:storage:volume
    A physical or logical storage volume that can be attached to a
    physical/virtual machine or container.

    it:storage:volume:type:taxonomy
    A taxonomy of storage volume types.

    New Properties

    biz:listing
    The form had the following properties added to it:

    count:remaining
    The current remaining number of instances for sale.

    count:total
    The number of instances for sale.

    econ:purchase
    The form had the following property added to it:

    listing
    The purchase was made based on the given listing.

    it:exec:proc
    The form had the following property added to it:

    cmd:history
    The command history entry which caused this process to be run.

    it:exec:query
    The form had the following property added to it:

    synuser
    The synapse user who executed the query.

    it:host
    The form had the following property added to it:

    image
    The container image or OS image running on the host.

    it:network
    The form had the following property added to it:

    type
    The type of network.

    meta:note
    The form had the following property added to it:

    replyto
    The note is a reply to the specified note.

    ou:campaign
    The form had the following property added to it:

    ext:id
    An external identifier for the campaign.

    ou:org
    The form had the following property added to it:

    ext:id
    An external identifier for the organization.

    ou:technique
    The form had the following property added to it:

    ext:id
    An external identifier for the technique.

    risk:extortion
    The form had the following properties added to it:

    paid:price
    The total price paid by the target of the extortion.

    payments
    Payments made from the target to the attacker.

    risk:leak
    The form had the following properties added to it:

    size:count
    The number of files included in the leaked data.

    size:percent
    The total percent of the data leaked.

    risk:threat
    The form had the following property added to it:

    ext:id
    An external identifier for the threat.

    Updated Types

    inet:web:hashtag
    Update the regex to allow the middle dot (U+00B7) character to be part of
    the hashtag after the first unicode word character.

    transport:air:flightnum
    Loosen the regex for flight number validation.

    Updated Forms

    it:host
    The form now inherits from the inet:service:object interface.

Features and Enhancements

  • Update the permission checking for View merging ( view.merge ) to
    optimize the permission checking based on user permissions and layer index
    data.
    (#3736 <https://github.com/vertexproject/synapse/pull/3736>)
    (#3750 <https://github.com/vertexproject/synapse/pull/3750>
    )
    (#3758 <https://github.com/vertexproject/synapse/pull/3758>_)
  • Add a hotfix that can be used to migrate risk:hasvuln nodes to
    risk:vulnerable nodes.
    (#3745 <https://github.com/vertexproject/synapse/pull/3745>_)
  • Add a Storm API, $lib.env.get(), to get environment variables from
    the Cortex process which start with the prefix SYN_STORM_ENV_.
    (#3761 <https://github.com/vertexproject/synapse/pull/3761>_)
  • Add a edited() API to the layer object in Storm. This API can be
    used to get the last time a given layer was edited. Add a reverse
    argument to the layer.edits() API to return the node edits in reverse
    order.
    (#3763 <https://github.com/vertexproject/synapse/pull/3763>_)
  • Add a setArchived() API to the auth:user object in Storm.
    (#3759 <https://github.com/vertexproject/synapse/pull/3759>_)
  • The synapse.tool.storm tool now returns a non-zero status code when
    it is invoked to execute a single command and the command encounters an
    error.
    (#3765 <https://github.com/vertexproject/synapse/pull/3765>_)
  • Add a nodup option to the slab.scanKeys() API. Use this to increase
    the efficiency of the the Storm model.edge.list command.
    (#3762 <https://github.com/vertexproject/synapse/pull/3762>_)
  • Add a synapse.common.trimText() API for trimming strings in a consistent
    fashion. Use that API to trim long text strings that may be included in
    exception messages.
    (#3753 <https://github.com/vertexproject/synapse/pull/3753>_)
  • When a Storm subquery assignment yields more than a single node, add the
    trimmed subquery text to the BadTypeValu exception that is raised.
    (#3753 <https://github.com/vertexproject/synapse/pull/3753>_)

Bugfixes

  • Fix a typo in the Storm gen.it.av.scan.result command help output.
    (#3766 <https://github.com/vertexproject/synapse/pull/3766>_)
  • Fix a typo in the Rapid Power-Up development documentation.
    (#3766 <https://github.com/vertexproject/synapse/pull/3766>_)

Improved Documentation

  • Add documentation for $lib.auth.easyperm.level constants and the
    $lib.dict.has() function.
    (#3706 <https://github.com/vertexproject/synapse/pull/3706>_)

For complete changelog entries, see the following https://synapse.docs.vertex.link/en/latest/synapse/changelog.html

Synapse v2.171.0

07 Jun 22:30
Compare
Choose a tag to compare

Features and Enhancements

  • Update synapse.test.utils.SynTest helpers to disable sysctl checks
    for test services by default.
    (#3741 <https://github.com/vertexproject/synapse/pull/3741>_)

Bugfixes

  • Fix a key positioning error in the LMDBSlab when scanning backwards
    by prefix.
    (#3739 <https://github.com/vertexproject/synapse/pull/3739>_)
  • Fix a bug in the str type normalization routine for handling floating
    point values. The floating point values are now also run through the
    string norming logic.
    (#3742 <https://github.com/vertexproject/synapse/pull/3742>_)
  • Add missing beholder messages for view layer modifications.
    (#3743 <https://github.com/vertexproject/synapse/pull/3743>_)

Improved Documentation

  • Update Devops documentation to add additional information about low downtime
    service updates, Rapid Power-Up updates, and release cadence information.
    Update references from docker-compose to use docker compose.
    (#3722 <https://github.com/vertexproject/synapse/pull/3722>_)

For complete changelog entries, see the following https://synapse.docs.vertex.link/en/latest/synapse/changelog.html

Synapse v2.170.0

04 Jun 15:55
Compare
Choose a tag to compare

Automatic Migrations

  • Populate an additional index of buids by form in Layers.
    (#3729 <https://github.com/vertexproject/synapse/pull/3729>_)
  • See :ref:datamigration for more information about automatic migrations.

Model Changes

  • Updates to the infotech and file models.
    (#3702 <https://github.com/vertexproject/synapse/pull/3702>)
    (#3725 <https://github.com/vertexproject/synapse/pull/3725>
    )
    (#3732 <https://github.com/vertexproject/synapse/pull/3732>_)

    New Forms

    file:mime:lnk
    Metadata pulled from a Windows shortcut or LNK file.

    it:mitre:attack:datasource
    A MITRE ATT&CK Datasource ID.

    it:mitre:attack:data:component
    A MITRE ATT&CK data component.

    New Properties

    it:mitre:attack:technique
    The form had the following property added to it:

    data:components
    An array of MITRE ATT&CK data components that detect the ATT&CK technique.

    it:prod:hardware
    The form had the following properties added to it:

    manufacturer
    The organization that manufactures this hardware.

    manufacturer:name
    The name of the organization that manufactures this hardware.

    Deprecated Properties

    it:prod:hardware
    The it:prod:hardware form had the following property marked as deprecated:

    • make

Features and Enhancements

  • Added $lib.model.migration.s.riskHasVulnToVulnerable migration helper
    to create risk:vulnerable nodes from risk:hasvuln nodes.
    (#3734 <https://github.com/vertexproject/synapse/pull/3734>_)
  • Added $lib.model.migration.s.itSecCpe_2_170_0() migration helper to update
    it:sec:cpe nodes created before this release. Details about the migration
    helper can be found in the help (help -v $lib.model.migration.s.itSecCpe_2_170_0)
    (#3515 <https://github.com/vertexproject/synapse/pull/3515>_)
  • Update Storm lift optimization for tag filters to also allow hinting
    based on runtsafe variable values.
    (#3733 <https://github.com/vertexproject/synapse/pull/3733>_)
  • Log an info message with the current Cell and Synapse version on startup.
    (#3723 <https://github.com/vertexproject/synapse/pull/3723>_)
  • Add per-Cell version checks to prevent accidental downgrades of services.
    (#3728 <https://github.com/vertexproject/synapse/pull/3728>_)
  • Add a check to Cells that will warn when performance related sysctl values
    are not configured correctly on the host. This warning can be disabled with
    the health:sysctl:checks configuration option.
    (#3712 <https://github.com/vertexproject/synapse/pull/3712>_)
  • Add forms and interfaces type options to the ndef type, which
    require the value to be one of the specified forms, or inherit one of the
    specified interfaces.
    (#3724 <https://github.com/vertexproject/synapse/pull/3724>_)
  • Add support for pivoting from an ndef secondary prop to specific form.
    (#3715 <https://github.com/vertexproject/synapse/pull/3715>_)
  • Add support for pivoting to or from ndef array properties.
    (#3720 <https://github.com/vertexproject/synapse/pull/3720>_)
  • Add an index of buids by form to Layers. A getStorNodesByForm() API has
    been added to Storm Layer objects to retrieve storage nodes using this index.
    (#3729 <https://github.com/vertexproject/synapse/pull/3729>_)
  • Storm Dmon APIs called on a Cortex mirror now call up to the leader to
    retrieve their result.
    (#3735 <https://github.com/vertexproject/synapse/pull/3735>_)
  • Add a insertParentFork() API on Storm View objects to insert a new
    View between an existing fork and its parent View.
    (#3731 <https://github.com/vertexproject/synapse/pull/3731>_)
  • Quorum merge requests are now allowed on Views which have forks.
    (#3738 <https://github.com/vertexproject/synapse/pull/3738>_)

Bugfixes

  • Fix a formatting issue in an error message that could be raised during
    JSON decoding in a Storm http:api:request object.
    (#3730 <https://github.com/vertexproject/synapse/pull/3730>_)
  • Fix an issue where inet:url norming did not handle IPv6 addresses
    in the host portion of the URL correctly.
    (#3727 <https://github.com/vertexproject/synapse/pull/3727>_)
  • Fix an issue where executing the view.exec command from within a
    privileged Storm runtime still checked user permissions for the specified
    view.
    (#3726 <https://github.com/vertexproject/synapse/pull/3726>_)
  • Update logic for parsing CPE 2.2 and CPE 2.3 strings to be more compliant with
    the specification. This resulted in better conversions from CPE 2.2 to CPE 2.3
    and CPE 2.3 to CPE 2.2.
    (#3515 <https://github.com/vertexproject/synapse/pull/3515>_)

For complete changelog entries, see the following https://synapse.docs.vertex.link/en/latest/synapse/changelog.html

Synapse v2.169.0

10 May 18:04
Compare
Choose a tag to compare

Features and Enhancements

  • Add a data migration helper library, $lib.model.migration. This
    contains functions to help with migrating data via Storm.
    (#3714 <https://github.com/vertexproject/synapse/pull/3714>_)
  • Add Extended HTTP API iden values to structured Storm query logs.
    (#3710 <https://github.com/vertexproject/synapse/pull/3710>_)
  • Add node.data.set and node.data.pop to the list of declared
    Cortex permissions.
    (#3716 <https://github.com/vertexproject/synapse/pull/3716>_)

Bugfixes

  • Restore cron iden values in structured Storm query logs.
    (#3710 <https://github.com/vertexproject/synapse/pull/3710>_)
  • The Storm APIs $lib.min() and $lib.max() now handle a single
    input. The Storm APIs $lib.min() and $lib.max() now raise a
    StormRuntimeError when there is no input provided to them. Previously
    these conditions caused a Python exception in the Storm runtime.
    (#3711 <https://github.com/vertexproject/synapse/pull/3711>_)
  • The onboot:optimize configuration now skips optimizing any LMDB files
    found in the Cell local backup storage.
    (#3713 <https://github.com/vertexproject/synapse/pull/3713>_)

Deprecations

  • Removed the Telepath APIs CoreApi.enableMigrationMode and
    CoreApi.disableMigrationMode. Remove support for the Cell
    hiveboot.yaml file. These had a removal date of 2025-05-05.
    (#3717 <https://github.com/vertexproject/synapse/pull/3717>_)

For complete changelog entries, see the following https://synapse.docs.vertex.link/en/latest/synapse/changelog.html

Synapse v2.168.0

03 May 20:45
Compare
Choose a tag to compare

Model Changes

  • Add a new model, plan, for modeling elements of plannings systems.
    (#3697 <https://github.com/vertexproject/synapse/pull/3697>_)

    New Forms

    plan:system
    A planning or behavioral analysis system that defines phases and
    procedures.

    plan:phase
    A phase within a planning system which may be used to group steps
    within a procedure.

    plan:procedure
    A procedure consisting of steps.

    plan:procedure:type:taxonomy
    A taxonomy of procedure types.

    plan:procedure:variable
    A variable used by a procedure.

    plan:procedure:step
    A step within a procedure.

    plan:procedure:link
    A link between steps in a procedure.

Features and Enhancements

  • Cortex data model migrations will now be checked and executed when the
    service is promoted to being a leader. This allows for Cortex updates
    which use mirrors to have minimal downtime. Cortex model migrations which
    are executed using Storm will always run directly on the Cortex leader.
    (#3694 <https://github.com/vertexproject/synapse/pull/3694>)
    (#3695 <https://github.com/vertexproject/synapse/pull/3695>
    )
  • The Storm aha:pool.del() method now returns the full name of the
    service that was removed.
    (#3704 <https://github.com/vertexproject/synapse/pull/3704>_)

Bugfixes

  • The Storm command aha.pool.svc.del now prints out the name of the
    service that was removed from the pool or notes that there were no
    services removed.
    (#3704 <https://github.com/vertexproject/synapse/pull/3704>_)
  • When setting a service "down" with AHA, conditionally clear the ready
    flag as well. Previously this flag was not cleared, and offline services
    could still report as ready.
    (#3705 <https://github.com/vertexproject/synapse/pull/3705>_)
  • Add misisng sleep statements to callers of Layer.syncNodeEdits2().
    (#3700 <https://github.com/vertexproject/synapse/pull/3700>_)

Improved Documentation

  • Update Storm command reference documentation to add additional examples
    for the uniq command. Update Storm command reference documentation to
    add gen.geo.place and gen.it.av.scan.result commands.
    (#3699 <https://github.com/vertexproject/synapse/pull/3699>_)
  • Update type specific documentation. Add additional information about loc
    and syn:tag behavior with prefixes and wlidcards. Add a section on the
    duration and taxonomy types.
    (#3703 <https://github.com/vertexproject/synapse/pull/3703>_)
  • Add documentation for $lib.auth.easyperm.level constants and the
    $lib.dict.has() function.
    (#3706 <https://github.com/vertexproject/synapse/pull/3706>_)

For complete changelog entries, see the following https://synapse.docs.vertex.link/en/latest/synapse/changelog.html

Synapse v2.167.0

19 Apr 15:00
Compare
Choose a tag to compare

Automatic Migrations

  • Set the protected flag on all Views in the Cortex, using the existing
    value of the nomerge flag.
    (#3681 <https://github.com/vertexproject/synapse/pull/3681>_)
  • See :ref:datamigration for more information about automatic migrations.

Model Changes

  • Updates to the base and file models.
    (#3674 <https://github.com/vertexproject/synapse/pull/3674>)
    (#3688 <https://github.com/vertexproject/synapse/pull/3688>
    )

    Updated Types

    file:path
    Normalizing paths such as ../.././.. previously failed. This now
    produces an empty path.

    Deprecated Types

    The following types have been marked as deprecated:

    • edge
    • timeedge

    Deprecated Forms

    The following forms have been marked as deprecated:

    • graph:cluster
    • graph:node
    • graph:event
    • edge:refs
    • edge:has
    • edge:wentto
    • graph:edge
    • graph:timeedge

Features and Enhancements

  • Add aha.svc.list and aha.svc.stat commands to enumerate the AHA
    services. Add $lib.aha Storm APIs to delete, get, and list the AHA
    services.
    (#3685 <https://github.com/vertexproject/synapse/pull/3685>)
    (#3692 <https://github.com/vertexproject/synapse/pull/3692>
    )
    (#3693 <https://github.com/vertexproject/synapse/pull/3693>_)
  • Add a protected option that can be set on Views to prevent
    merging and deletion. This replaces the nomerge option.
    (#3679 <https://github.com/vertexproject/synapse/pull/3679>_)
  • Add Beholder events for creating, deleting, and updating Macros.
    (#3681 <https://github.com/vertexproject/synapse/pull/3681>_)
  • Update the StormPkgTest.getTestCore() API to add a prepkghook
    callback option. This can be used to execute code prior to loading Storm
    packages. The getTestCore() API now waits for onload handlers to
    complete for each package it loads.
    (#3687 <https://github.com/vertexproject/synapse/pull/3687>_)
  • Ensure that the Cell.ahaclient is fully owned and managed by the
    Cell. It will no longer use a global client that may exist.
    (#3677 <https://github.com/vertexproject/synapse/pull/3677>_)
  • Update the stix2-validator library constraints to >=3.2.0,<4.0.0.
    Update the allowed range of the idna library to >=3.6,<3.8.
    (#3672 <https://github.com/vertexproject/synapse/pull/3672>)
    (#3684 <https://github.com/vertexproject/synapse/pull/3684>
    )

Bugfixes

  • Asyncio Tasks created by signal handlers on the Base object are now held
    onto, to ensure that they cannot be garbage collected before or during
    their task execution.
    (#3686 <https://github.com/vertexproject/synapse/pull/3686>_)
  • Update the Axon.postfiles and Axon.wput APIs to check for the
    existence of files before attempting to send them over an HTTP connection.
    (#3682 <https://github.com/vertexproject/synapse/pull/3682>_)
  • Fix an issue where pruning a non-existent tag mistakenly pruned related
    tags.
    (#3673 <https://github.com/vertexproject/synapse/pull/3673>_)
  • Ensure that macro names are at least 1 character in length.
    (#3679 <https://github.com/vertexproject/synapse/pull/3679>_)
  • Fix a bug where $lib.telepath.open() could leak Python exceptions into
    the Storm runtime.
    (#3685 <https://github.com/vertexproject/synapse/pull/3685>_)

Improved Documentation

  • Add documentation for $lib.aha, $lib.aha.pool, and the aha:pool
    type.
    (#3685 <https://github.com/vertexproject/synapse/pull/3685>_)

Deprecations

  • Deprecate the use of hiveboot.yaml to configure a Cell hive. This will be
    removed on 2024-05-05.
    (#3678 <https://github.com/vertexproject/synapse/pull/3678>_)
  • The nomerge option on views has been deprecated. It is automatically
    redirected to the protected option. This redirection will be removed in
    v3.0.0.
    (#3681 <https://github.com/vertexproject/synapse/pull/3681>_)
  • The Telepath APIs for interacting with a Cell Hive, listHiveKey,
    getHiveKeys, getHiveKey, setHiveKey, popHiveKey, and
    saveHiveTree have been deprecated. The tools synapse.tools.hive.load
    and synapse.tools.hive.save have been deprecated. These will be removed
    in v3.0.0.
    (#3683 <https://github.com/vertexproject/synapse/pull/3683>_)
  • The Telepath.Pipeline class has been marked as deprecated and will be
    removed in v3.0.0.
    (#3691 <https://github.com/vertexproject/synapse/pull/3691>_)

For complete changelog entries, see the following https://synapse.docs.vertex.link/en/latest/synapse/changelog.html

Synapse v2.166.0

05 Apr 23:06
Compare
Choose a tag to compare

Model Changes

  • Updates to the inet, ou, person and risk models.
    (#3649 <https://github.com/vertexproject/synapse/pull/3649>)
    (#3653 <https://github.com/vertexproject/synapse/pull/3653>
    )
    (#3657 <https://github.com/vertexproject/synapse/pull/3657>_)

    New Forms

    inet:tls:handshake
    An instance of a TLS handshake between a server and client.

    inet:tls:ja3:sample
    A JA3 sample taken from a client.

    inet:tls:ja3s:sample
    A JA3 sample taken from a server.

    inet:tls:servercert
    An x509 certificate sent by a server for TLS.

    inet:tls:clientcert
    An x509 certificate sent by a client for TLS.

    New Properties

    risk:extortion
    The form had the following property added to it:

    deadline
    The time that the demand must be met.

    risk:leak
    The form had the following properties added on it:

    extortion
    The extortion event which used the threat of the leak as leverage.

    size:bytes
    The approximate uncompressed size of the total data leaked.

    it:mitre:attack:technique
    The form had the following properties updated on it:

    name
    This property is now lower-cased and single spaced.

    Deprecated Forms

    The following forms have been marked as deprecated:

    inet:ssl:cert
    Please use inet:tls:clientcert or inet:tls:servercert.

    Column Display Hints

    The following forms had column display hints added to them:

    ou:campaign
    ou:conference
    ou:goal
    ou:org
    ou:team
    ou:technique
    ps:contact
    ps:skill
    ps:proficiency
    risk:threat
    risk:compromise
    risk:mitigation
    risk:tool:software

    Light Edges

    uses
    When used with a risk:extortion and an ou:technique node, the edge
    indicates the attacker used the technique to extort the victim.

Features and Enhancements

  • When setting a tag on a node, the tag value is now redirected based on
    parent tags having :isnow properties set.
    (#3650 <https://github.com/vertexproject/synapse/pull/3650>_)
  • Add a $lib.spooled.set() Storm API. This can be used to get a
    spooled:set object. This set will offload the storage of its members
    to a temporary location on disk when it grows above a certain size.
    (#3632 <https://github.com/vertexproject/synapse/pull/3632>_)
  • Add a $lib.cache.fixed() Storm API. This can be used to get a
    cache:fixed object. This cache will execute user provided callbacks
    written in Storm upon a cache miss.
    (#3661 <https://github.com/vertexproject/synapse/pull/3661>_)
  • Add a pool option to Cron jobs. This can be set to True to enable a
    Cron job storm query to be executed on a Storm pool member.
    (#3652 <https://github.com/vertexproject/synapse/pull/3652>_)
  • Add a pool option to Extended HTTP API handlers. This can be set to
    True to enable an HTTP request handler to be executed on a Storm pool member.
    (#3663 <https://github.com/vertexproject/synapse/pull/3663>)
    (#3667 <https://github.com/vertexproject/synapse/pull/3667>
    )
  • Add a new Storm API, $lib.cortex.httpapi.getByPath(), that can be
    used to get an http:api object by its path. The path value is
    evaluated in the same order that the HTTP endpoint resolves the handlers.
    (#3663 <https://github.com/vertexproject/synapse/pull/3663>_)
  • Add --list and --gate options to synapse.tools.modrole and
    synapse.tools.moduser.
    (#3632 <https://github.com/vertexproject/synapse/pull/3632>_)
  • Add a view.getMergingViews() Storm API. This returns a list of view
    idens that have open merge requests on a view.
    (#3666 <https://github.com/vertexproject/synapse/pull/3666>_)
  • The Storm API show:storage option now includes storage information for
    any embedded properties.
    (#3656 <https://github.com/vertexproject/synapse/pull/3656>_)
  • Update the LinkShutDown exception that a Telepath client may raise to
    indicate that the connection has been disconnected.
    (#3640 <https://github.com/vertexproject/synapse/pull/3640>_)
  • Add repr functions for printing the aha:pool and http:api objects
    in Storm.
    (#3663 <https://github.com/vertexproject/synapse/pull/3663>)
    (#3665 <https://github.com/vertexproject/synapse/pull/3665>
    )
  • The Telepath Pool object has been replaced with a new object,
    ClientV2. This is now the only object returned by the
    synapse.telepath.open() API. This is an AHA pool aware Client which
    can be used to connect to an AHA pool.
    (#3662 <https://github.com/vertexproject/synapse/pull/3662>_)
  • Remove the unused Provenance subsystem from the Cortex.
    (#3655 <https://github.com/vertexproject/synapse/pull/3655>_)
  • Constrain the stix2-validator library to 3.0.0,<3.2.0 due to
    an API change. This constraint is expected be changed in the next
    release.
    (#3669 <https://github.com/vertexproject/synapse/pull/3669>_)

Bugfixes

  • Fix a bug where a Cortex promote() call could hang when tearing down
    any running Cron jobs. Cron jobs cancelled during a promotion event will
    be logged but their cancelled status will not be recorded in the Nexus.
    (#3658 <https://github.com/vertexproject/synapse/pull/3658>_)
  • Fix a bug where the Storm pool configuration could cause a Cortex to fail
    to start up. The Storm pool is now configured upon startup but its use is
    blocked until the Storm pool is ready to service requests.
    (#3662 <https://github.com/vertexproject/synapse/pull/3662>_)
  • Ensure that the URL argument provided to cortex.storm.pool.set can be
    parsed as a Telepath URL. Previously any string input was accepted.
    (#3665 <https://github.com/vertexproject/synapse/pull/3665>_)

Improved Documentation

  • Update the list of Cortex permissions in the Admin Guide to include
    service.add, service.del, service.get, and service.list.
    (#3647 <https://github.com/vertexproject/synapse/pull/3647>_)
  • Update the docstring for the Storm cortex.storm.pool.del command to note
    the effects of removing a pool and the interruption of running queries.
    (#3665 <https://github.com/vertexproject/synapse/pull/3665>_)
  • Update the documentation for the Storm http:api object to include the
    methods attribute.
    (#3663 <https://github.com/vertexproject/synapse/pull/3663>_)

Deprecations

  • The Telepath task:init message format has been marked as deprecated and
    will be removed in v3.0.0. This should not affect any users using Synapse
    v2.x.x in their client code.
    (#3640 <https://github.com/vertexproject/synapse/pull/3640>_)
  • The authgate with the name cortex is not used for permission checking and
    will be removed in v3.0.0. At startup, the Cortex will now check for any
    use of this authgate and log warning messages. Attempts to set permissions
    with this gateiden via Storm will produce warn messages.
    (#3648 <https://github.com/vertexproject/synapse/pull/3648>_)

For complete changelog entries, see the following https://synapse.docs.vertex.link/en/latest/synapse/changelog.html