This page list the Changelog for Kuiper project
- Bug Fix: Flask and Celery Docker Images (changed gevent to version 1.2.2) Pull Request #85
- Bug Fix: fixed system health scheduler script
- Changed the Elasticsearch Java options from
ES_JAVA_OPTS=-Xms512m -Xmx512mtoES_JAVA_OPTS=-Xms4g -Xmx4g
- Net Logon parser parser Pull Request #86
- Add machine select box to alerts page Pull Request #88
- Fixed the update of machines processing progress to be calculated in server side instead of client side
- PCAP parser
- iOS Mobile Forensics Parsers
ios_* - SDS parser (Security Descriptor Stream)
- build new docker image for
celeryandflaskversion2.3.2
- Fixed the Autoruns parsers files (thanks to @mayHamad)
- Add Search, Add extra column, and Group by for the Rhaegal alerts in browser artifacts
- Timeline views
- Autoruns parsers (thanks to @mayHamad)
- Fennec parser for linux artifacts (thanks to @AbdulRhmanAlfaifi)
- SEP (Symantec Endpoint Protection) logs parser (thanks to @mnr-hmm)
- Removed the NFS service, and use only docker volumes directly (if you want to run the services in different machines, enable the nfs service in docker-compose.yaml)
- Fixed dynamic add for folder
kuiper/app/parsers/temp - Fixed issue of uploading files to a previously created machine
- Fixed issue of handling error message in elasticsearch version 7.16.2 during the indexing
- Fixed issue to preserve the selected record in browse artifact table if detailed table clicked
- Fixes the system health for celery if the task has large number of arguments
- Export the browsed artifacts records from the interface (only the displayed columns).
- Add group by aggregation search query for specific fields.
- Search by machine group for artifacts from the list of machines.
- Added load spinner for browse artifacts interface during the load for artifacts.
- Export tagged records as a xlsx timeline based on previously built "views".
- Support multiple type of tags (malicious, suspicious, and legit) - use keyboard "M", "S", and "L" respectively.
- Add dynamic extra column to the browse artifact table.
- Support Elasticsearch query string regex format for browse artfacts search.
- Add configuration for timeline views (
Settings->Configuration->Timeline Views) - only few samples included in this version. - Added Rhaegal icon on the browse artifacts table as indication of Rhaegal alert triggered for each record (
red- triggered,white- not triggered) - Add ability to close Elasticsearch index to reduce the memory utilization (from the case card, click
edit, then selectNot Active, andSubmit) you will not be able to search for any records inside that case, and you cannot process the machines inside it. to open the case, change the case status toActive. - All Kuiper docker images (
flask,celery,nginx,NFS,es01,mongodb, andredis) has been pushed to (Dockerhub)[https://hub.docker.com/u/dfirkuiper]. To install Kuiper, simply rundocker-compose pullthendocker-compose up -d - Added new parsers
- IIS Access Logs: by @heck-gd (https://github.com/heck-gd)
- Exchange Logs: by @heck-gd (https://github.com/heck-gd)
- UserAccessLogging: by @muteb (https://github.com/muteb)
- osqueryIR (
34parsers for Linux): by @AbdulRhmanAlfaifi (https://github.com/AbdulRhmanAlfaifi/osqueryIR)
- Fixed bugs on search browse artifacts.
- Enhanced parsers.
- Fixed the timeline view export to support unicode data (error faced during exporting Recyclebin
Data.Pathwhich is unicode)