Skip to content

Commit 293a4d9

Browse files
mushinlogitmushinlogit
authored
Rc 0.3.5 (#838)
* Fix docker compose (#743) * fixed docker-compose.yml, api explorer is being built locally * updated compose * checked in compiled UI files temporarily, serving them through nginx * Fix docker compose (#744) * deleted old uifiles * updated uifiles * Issue 755 (#756) * Fix docker compose (#743) * fixed docker-compose.yml, api explorer is being built locally * updated compose * checked in compiled UI files temporarily, serving them through nginx * Fix docker compose (#744) * deleted old uifiles * updated uifiles * fixes #755, updated sensors observable data, updated observable data in config * fixes #762, mongo auth (#767) * consistent newlines across dev platforms (#769) * updated deploy * changed mongo auth steps to use host enviromental variables * changed mongo auth steps to use host enviromental variables * removed mongo pw support * Issue 738 (#774) * made Dockerfile for gateway image * added build docker hub script, removed ui files * fixes #738, updated docker compose to match new docker ignore rules * Issue 772 (#788) * jwt timeout config * updated jwtDurationSeconds * Adds test data for campaign, observable data, threat actors and sightings (#799) * updated readme * added missing data for campaigns, threat actors, sightings and observable data * Issue 812 (#821) * added rollup ID to sample assessments, changed name * updated created by ref for assessment samples * more reports from cert (#818) * more reports from cert * updated docker compose files to process reports * bump version 0.3.5 (#836) * updated discover gateway
1 parent 8fb338a commit 293a4d9

File tree

140 files changed

+4002
-7300
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

140 files changed

+4002
-7300
lines changed

.gitattributes

+2
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
* text=auto
2+
*.sh text eol=lf

.gitignore

+1
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
certs/
22
.idea/
33
*.iml
4+
gateway/dist
45

56
# keep the data/db folder but not the files
67
data/db/*

build-docker-hub.sh

+41
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,41 @@
1+
#!/bin/bash
2+
3+
# This script is used to build the images that are pushed to Docker Hub
4+
# Requirements:
5+
# - `unfetter-ui` project in ../unfetter-ui directory
6+
# - docker-compose
7+
8+
if ! command -v docker-compose &>/dev/null; then
9+
echo "This script requires docker-compose";
10+
exit 1;
11+
fi
12+
13+
if [ -d '../unfetter-ui' ]; then
14+
15+
# Build UI
16+
cd ../unfetter-ui;
17+
if [[ "$(uname -s)" == "Darwin" ]]; then
18+
docker-compose -f docker-compose.build-ui.yml up;
19+
else
20+
sudo docker-compose -f docker-compose.build-ui.yml up;
21+
fi
22+
23+
if [ ! -d 'dist' ]; then
24+
echo "unfetter-ui did not build correctly";
25+
exit 1;
26+
fi
27+
28+
cp -r dist ../unfetter/gateway
29+
30+
cd ../unfetter
31+
32+
# Run docker compose
33+
cd ../unfetter;
34+
if [[ "$(uname -s)" == "Darwin" ]]; then
35+
docker-compose -f docker-compose.build-docker-hub.yml build;
36+
else
37+
sudo docker-compose -f docker-compose.build-docker-hub.yml build;
38+
fi
39+
else
40+
echo "This script requires the unfetter-ui to be present as a sibling directory to unfetter.";
41+
fi

config/examples/unfetter-db/config.json

+108-69
Original file line numberDiff line numberDiff line change
@@ -247,7 +247,8 @@
247247
"fqdn",
248248
"hostname",
249249
"image_path",
250-
"md5_hash_,module_name",
250+
"md5_hash",
251+
"module_name",
251252
"sha1_hash",
252253
"sh256_hash",
253254
"signer"
@@ -265,45 +266,76 @@
265266
"*"
266267
],
267268
"properties": [
268-
"hashes",
269-
"size",
270-
"name",
271-
"name_enc",
272-
"magic_number_hex",
273-
"mime_type",
274-
"created",
275-
"modified",
276-
"accessed",
277-
"parent_directory",
278-
"is_encrypted",
279-
"encryption_algorithm",
280-
"decryption_key"
269+
"company",
270+
"creation_time",
271+
"file_name",
272+
"file_path",
273+
"fqdn",
274+
"hostname",
275+
"image_path",
276+
"md5_hash",
277+
"pid",
278+
"ppid",
279+
"previous_creation_time",
280+
"sha1_hash",
281+
"sha256_hash",
282+
"signer",
283+
"user"
281284
]
282285
},
283286
{
284-
"name": "network-traffic",
287+
"name": "flow",
285288
"actions": [
286289
"end",
287290
"message",
288291
"start",
289292
"*"
290293
],
291294
"properties": [
292-
"start",
293-
"end",
294-
"is_active",
295-
"src_ref",
296-
"dst_ref",
295+
"content",
296+
"dest_fqdn",
297+
"dest_hostname",
298+
"dest_ip",
299+
"dest_port",
300+
"end_time",
301+
"exe",
302+
"flags",
303+
"fqdn",
304+
"hostname",
305+
"image_path",
306+
"packet_count",
307+
"pid",
308+
"ppid",
309+
"proto_info",
310+
"protocol",
311+
"src_fqdn",
312+
"src_hostname",
313+
"src_ip",
297314
"src_port",
298-
"dst_port",
299-
"protocols",
300-
"src_byte_count",
301-
"dst_byte_count",
302-
"src_packets",
303-
"dst_packets",
304-
"ipfix",
305-
"src_payload_ref",
306-
"dst_payload_ref"
315+
"start_time",
316+
"user"
317+
]
318+
},
319+
{
320+
"name": "module",
321+
"actions": [
322+
"load",
323+
"unload",
324+
"*"
325+
],
326+
"properties": [
327+
"base_address",
328+
"fqdn",
329+
"hostname",
330+
"image_path",
331+
"md5_hash",
332+
"module_name",
333+
"module_path",
334+
"pid",
335+
"sha1_hash",
336+
"sha256_hash",
337+
"signer",
338+
"tid"
307339
]
308340
},
309341
{
@@ -314,35 +346,42 @@
314346
"*"
315347
],
316348
"properties": [
317-
"is_hidden",
318-
"pid",
319-
"name",
320-
"created",
321-
"cwd",
322-
"arguments",
323349
"command_line",
324-
"environment_variables",
325-
"opened_connection_refs",
326-
"creator_user_ref",
327-
"binary_ref",
328-
"parent_ref",
329-
"child_refs"
350+
"exe",
351+
"fqdn",
352+
"hostname",
353+
"image_path",
354+
"md5_hash",
355+
"parent_exe",
356+
"parent_image_path",
357+
"pid",
358+
"ppid",
359+
"sha1_hash",
360+
"sha256_hash",
361+
"sid",
362+
"signer",
363+
"user"
330364
]
331365
},
332366
{
333-
"name": "windows-registry-key",
367+
"name": "registry",
334368
"actions": [
335369
"add",
336370
"edit",
337371
"remove",
338372
"*"
339373
],
340374
"properties": [
375+
"data",
376+
"fqdn",
377+
"hive",
378+
"hostname",
379+
"image_path",
341380
"key",
342-
"values",
343-
"modified",
344-
"creator_user_ref",
345-
"number_of_subkeys"
381+
"pid",
382+
"type",
383+
"user",
384+
"value"
346385
]
347386
},
348387
{
@@ -356,16 +395,17 @@
356395
"*"
357396
],
358397
"properties": [
359-
"service_name",
360-
"descriptions",
361-
"display_name",
362-
"group_name",
363-
"start_type",
364-
"service_dll_refs",
365-
"service_type",
366-
"service_status"
398+
"command_line",
399+
"exe",
400+
"fqdn",
401+
"hostname",
402+
"image_path",
403+
"name",
404+
"pid",
405+
"ppid",
406+
"user"
367407
]
368-
},
408+
},
369409
{
370410
"name": "thread",
371411
"actions": [
@@ -394,7 +434,7 @@
394434
]
395435
},
396436
{
397-
"name": "user-account",
437+
"name": "user-session",
398438
"actions": [
399439
"interactive",
400440
"local",
@@ -408,23 +448,22 @@
408448
"*"
409449
],
410450
"properties": [
411-
"user_id",
412-
"account_login",
413-
"account_type",
414-
"display_name",
415-
"is_service_account",
416-
"is_privileged",
417-
"can_escalate_privs",
418-
"is_disabled",
419-
"account_created",
420-
"account_expires",
421-
"password_last_changed",
422-
"account_first_login",
423-
"acount_last_login"
451+
"dest_ip",
452+
"dest_port",
453+
"hostname",
454+
"logon_id",
455+
"src_ip",
456+
"src_port",
457+
"user"
424458
]
425459
}
426460
]
427461

428462

463+
},
464+
{
465+
"_id": "905f4e32-528c-479a-bb20-aa36bb54be9f",
466+
"configKey": "jwtDurationSeconds",
467+
"configValue": 900
429468
}
430469
]

0 commit comments

Comments
 (0)