Release/v11.2.9#2234
Merged
Merged
Conversation
* refactor(filters): update macOS filter configuration * chore(rules): remove Office365 brute force detection rule * chore(rules): remove PowerShell Empire detection rule * chore(rules): remove RDP brute force attacks rule
#2087) * fix[frontend](soar/create-rule): added fixed create/edit rule undefined id error * chore[](): updated go packages * fix[frontend](environment):environments on gitignore and removed the actual local dev environment * chore[](): updated go packages
#2090) * feat[backed](elasticSearchService): added batch processing of requests and auto rebuild on IO errors * chore[backend](): updated go dependencies * fix[backend](elastic-service): sanitized csv before exportation and changed error messages
…es on region map visualizations (#2098) Co-authored-by: Osmany Montero <osmontero@icloud.com>
* fix[frontend](socai): added default template for empty previous socai config (#2092) * fix[frontend](socai): added default template for empty previous socai configuration * fix[frontend](socai): setted customHeaders as password key type * fix[frontend](socai): dont let empty description on modules * fix[backend](socai): generate the modulegroup with new keys if no other exists on db * fix[backend](changeset): added customHeader entries as password type
Remediate 22 known CVEs including CVE-2026-42945 (actively exploited in the wild for RCE). nginx:1.19.5 (Oct 2020) was affected by buffer overflows, memory disclosure, HTTP/2 injection, SSL session reuse, and multiple other vulnerabilities patched in the 1.30.1 stable release.
* fix[backend](socai): changed socai default module keys * fix[backend](modules): added default keys on module creation response * fix[frontend](socai): handled empty (disabled) module configuration
* fix[frontend](rules): improved post event count validation * fix[frontend](tag_rules): added events related fields on tag rule creation --------- Co-authored-by: Osmany Montero <osmontero@icloud.com>
…st filtering reinforcement (#2107) * fix[frontend](alerts-view): added a loading indicator and improved fast filtering reinforcement * chore[](): updated go packages
…medium) (#2103) - google.golang.org/grpc: 1.78.0 -> 1.79.3 (GHSA-p77j-4mvh-x3m3, critical) - github.com/jackc/pgx/v5: 5.8.0 -> 5.9.2 (GHSA-9jj7-4m8r-rfcm critical, GHSA-j88v-2chj-qfwx low) - go.opentelemetry.io/otel: 1.39.0 -> 1.41.0 (GHSA-mh2q-q3fh-2475, high) - com.itextpdf:itext7-core: 7.1.7 -> 7.2.0 (GHSA-hhh6-cm2m-3fhc, GHSA-8c9h-4q7g-fp7h, GHSA-c32g-2mgr-cfq7, medium x3) - org.postgresql:postgresql: 42.7.2 -> 42.7.11 (GHSA-98qh-xjc8-98pq, high) Signed-off-by: Osmany Montero <osmontero@icloud.com>
* fix(rules/windows): tighten bruteforce_attack correlation scope * fix(rules/windows): scope multi-failure-then-success rule by source * chore(rules/windows): remove pass_the_hash_detection rule * fix(rules/windows): fix of the redundant field 'origin.host' that appears twice in the deduplicateBy array.
* feat(filters/gcp): add Cloud Audit Logs (protoPayload) support * fix(filters/sophos-xg): guard renames and actionResult against missing fields * chore(filters/windows): rename log.data.SubStatus field * fix(filters/sophos-xg): correct operator precedence in actionResult guard
* feature(rules/google): add rule IAM Policy Changed - Privilege Escalation * fix(rule/google): changing 'exists(log.protoPayload.request.policy.auditConfigs)' to 'exists(log.protoPayload.request.policy.bindings) to improve detection logic
…/definitions from AI review
…into release/v11.2.9
…se se from 5mins to 15 seconds (#2230) * fix[backend](alert_responses): reduces schedule time to executeResponse from 5mins to 15 seconds * fix[backend](go_deps): updated go dependencies
#2228) * fix[backend](alert_responses): fixed powershell commands syntax errors * fix[backend](go_deps): updated go dependencies
… command query (#2226) * fix[backend](incident_response_audit): enabled filters on agents-with-command query * fix[backend](go_deps): updated go dependencies --------- Signed-off-by: Yorjander Hernandez Vergara <99102374+Kbayero@users.noreply.github.com> Co-authored-by: Yorjander Hernandez Vergara <99102374+Kbayero@users.noreply.github.com>
#2232) * fix[backend](compilance_reports): migrated compilance reports from old table to new one * fix[backend](compilance_reports): added rollback marker robustness and unconditional sentinel deletion
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
PLEASE READ BEFORE CONTINUING
To help us understand your contribution, please include the following in your pull request: