Splunk Enterprise App Change Log

# Change Log

All notable changes to the Recorded Future Splunk add-on will be documented in this file.

 

## [3.0.5] - 2017-08-15

### Changed

- IP/Domain risk lists download once an hour

 

## [3.0.4] - 2017-05-26

### Changed

- Risk Lists do not download to /tmp first

- Single risklist.py scrip to download

- Commands to download risk list (Splunk Macros)

- Reduced size of demo data

- Layout of enrichment dashboards

- Default values for enrichment dashboards

 

### Removed

- Conifg dashboards

 

## [3.0.3] - 2017-05-02

### Changed

## Addressed Certification Issues

   - Removed error key log of Session Key

   - Updated documentation for API Token entry to be more explicit

 

## [3.0.2] - 2017-04-25

### Changed

## Addressed Certification Issues

   - Validate user proxy input

 

## [3.0.1] - 2017-04-17

### Changed

## Addressed Certification Issues

   - Removed Javascript from setup.xml

- Renamed the folder for the example log files



## [3.0.0] - 2017-03-17

### Changed

## Addressed Key Certification Issues

   - API Token is encrypted

   - Risk Lists are downloaded first to tmp then lookups not bin to lookups

- Getting Started has been updated to reflect new additions

- Installation Guide has been updated to reflect changes

- Proxy can be added through the UI

- Default frequency of Risk List downloads (IP/Domain 4hrs, Vuln/Hash 1 day)

- Updated layout of Enrichment dashboards

- Threat Landscape is changed to Monitor

- Changed naming conventions of .py files to fit with multiple entity types

- Updated download commands to take arguments

- Gave users permission to access stored passwords (encrypted api token)

- Refactored to take advantage of the new API

- Use Requests instead of urllib2

- Updated to new logo

- IP Correlate dashboard no longer references Wordpress demo data

- Changed version numbers to major.minor.bugfix

- Recorded Future link is now app.recordedfuture.com

- Scheduled Reports return current date when completed successfully

- Added example logs files for Correlation dashboards

 

### Added

- Enrichment dashboards for Vulnerabilities

- Correlate dashboards for Vulnerabilities, Domains, and Hashes

- Config dashboards to filter Risk Lists by Risk Rule

- Package sample Risk Lists and correlation data

 

### Removed

- Current Threat Trends Dashboard

- Deleted deprecated code

- Removed unused macros and commands

 

## [2.12.13] - 2016-12-13

### Changed

- Altered read/write/execute rights on bin folder

 

### Added

- Addition of ‘lib’ folder with Python modules for encryption of key

 

### Removed

- Removal of Recorded Future - Threatfeed from savedsearches.conf

 

### Added

- Heatmap color-coding has been added to table panels in the following dashboards:

 

Log Correlations

IP Monitoring

Domain Monitoring

Current Threat Trends

 

### Changed

- Altered dashboards to use rf_threatfeed.csv lookup.

 

## [2.2.4] - 2016-02-04

### Changed

- IP enrichment dashboard API query uses IpAddress data_group

- Domain enrichment dashboard API query uses InternetDomainName data_group

- Hash enrichment dashboard API query uses Hash data_group

- The three changes above now give accurate risk scores and match RF Intelligence Cards

- /bin/rf_observablequery.py altered to handle API query changes to enrichment dashboards

- v3.0 now rf_threatfeed used as a lookup and for correlation

- Risk Score metric added to IP Enrichment dashboard

- Font size change of metrics in summary panel on enrichment dashboards

- Name changed from 'Add-on' to 'App'

 

### Added

- IP monitoring dashboard includes input field for IP address

- /appserver/static/rf_enrich_kpi.css to over-ride default font sizes in summary panels

- Sample threat feed included in lookups directory

 

## [1.11.11] - 2015-11-1

### Changed

- Added |localop to dashboards to address. Note: in some distributed environment cases, having just the ‘localop’ keyword is not enough. A pipe (|) is needed before.

 

## [1.10.29] - 2015-10-29

### Changed

- Added ‘localop’ keyword to search string in IP Enrichment dashboard.

 

## [1.10.16] - 2015-10-16

### Changed

- Removed 'Threatfeed URL' requirement from installation setup screen.

- Code altered to download Recorded Future's threatfeed using API token only (for added security).

- Splunk add-on documentation updated to reflect changes.

- Disabled drilldown feature - which re-directed to Splunk search - on the following dashboards:

 

Current Threat Trends

IP Enrichment

Domain Enrichment

Hash Enrichment

 

### Added

- Heatmap color-coding has been added to table panels in the following dashboards:

 

Log Correlations

IP Monitoring

Domain Monitoring

Current Threat Trends

 

## [1.10.09] - 2015-10-09

### Fixed

- Corrected rf_hits macro syntax within macros.conf file

 

## [1.08.17] - 2015-08-17

### Added

- Addition of rf_threatfeed.csv threatfeed lookup to evaluate risk of IP addresses.

 

### Changed

- Altered dashboards to use rf_threatfeed.csv lookup.

Was this article helpful?
0 out of 0 found this helpful

The content of this article is confidential and intended solely for the use of individuals with authorized access to the Recorded Future service. Do not download or distribute this article.
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment. Please note that your name will be displayed. If you would like to change how your name appears, please update your profile name.