RunReveal Release Notes

Week of October 28, Release Notes

PR: #945 - Nov-01-2024 - backend - bugfix - add missing unique indexes for enrichments:
PR: #944 - Nov-01-2024 - backend - feature - Allow analyst role to read/edit enrichments
PR: #942 - Oct-30-2024 - backend - bugfix - sourceType: fix sourceType for OTLP logs
PR: #941 - Oct-30-2024 - backend - bugfix - Fix nil pointer in authentik log source
PR: #940 - Oct-30-2024 - backend - bugfix - otlp: use raw strings and bytes, json everything else
PR: #939 - Oct-30-2024 - backend - bugfix - otlp: fix value serialization
PR: #938 - Oct-30-2024 - backend - bugfix - OTLP format: fix handling of non-string log record Body values
PR: #934 - Oct-30-2024 - backend - bugfix - Update queries to match needed CF changes
PR: #932 - Oct-30-2024 - backend - feature - Add OTLP JSON Log Source
PR: #931 - Oct-29-2024 - backend - bugfix - Add authentik to sourceloader
PR: #930 - Oct-29-2024 - backend - feature - Authentik source
PR: #929 - Oct-29-2024 - backend - feature - Override google oauth creds
PR: #926 - Oct-29-2024 - backend - bugfix - aws/assumerole: more plumbing
PR: #924 - Oct-29-2024 - backend - bugfix - aws/s3: fix region specification for external s3
PR: #923 - Oct-29-2024 - backend - bugfix - Don't specify notification retry url
PR: #921 - Oct-28-2024 - backend - bugfix - fix missing headers initialization
PR: #920 - Oct-28-2024 - backend - feature - clickhouse: support separate read/write paths
PR: #919 - Oct-28-2024 - backend - feature - Added r2 jurisdiction for s3 access url.
PR: #728 - Nov-01-2024 - frontend - feature - Add volume widget by source name
PR: #726 - Oct-31-2024 - frontend - bugfix - Fix bugs with volume widget
PR: #725 - Oct-31-2024 - frontend - bugfix - Don't flash detection and overwrite them with empty detection results
PR: #724 - Oct-31-2024 - frontend - bugfix - Use primary key when loading detections, even when using ID
PR: #723 - Oct-30-2024 - frontend - feature - Add authentik to explore page
PR: #722 - Oct-31-2024 - frontend - feature - Allow ability to change rows per page
PR: #720 - Oct-30-2024 - frontend - feature - otlp: add frontend source
PR: #719 - Oct-30-2024 - frontend - bugfix - Fix oddities on the explore page with table list, and visible columns causing bugs when switching tables
PR: #716 - Oct-29-2024 - frontend - feature - Add authentik source to front end
PR: #715 - Oct-29-2024 - frontend - feature - r2 source image
PR: #713 - Oct-29-2024 - frontend - feature - Make selecting fields rewrite the query being run on explore
PR: #712 - Oct-29-2024 - frontend - bugfix - Fix front end bugs related to aggressive clickhouse queries.
PR: #711 - Oct-29-2024 - frontend - bugfix - Fix sources page queries that are too intense on loading.
PR: #710 - Oct-28-2024 - frontend - feature - Added fedramp to R2 settings
PR: #709 - Oct-28-2024 - frontend - bugfix - Fix bucket name we'll read from

Week of October 21, Release Notes

PR: #916 - Oct-27-2024 - backend - feature - Objectstorage: plumb errors back to user and source_errors table.
PR: #914 - Oct-26-2024 - backend - feature - Source Verification for R2 ingest type
PR: #911 - Oct-27-2024 - backend - feature - clickhouse: support headers in BYO clickhouse destination
PR: #910 - Oct-26-2024 - backend - feature - Add Support for Cloudflare R2 Blob Storage
PR: #909 - Oct-25-2024 - backend - bugfix - Fix polling sources not saving next_poll_time
PR: #908 - Oct-24-2024 - backend - bugfix - Refactor source name link in notification template
PR: #907 - Oct-24-2024 - backend - bugfix - Add detection type to signal/alert views
PR: #905 - Oct-23-2024 - backend - bugfix - Add missing gcs scope
PR: #903 - Oct-23-2024 - backend - feature - Add GCP Identity Federation
PR: #708 - Oct-26-2024 - frontend - bugfix - Add r2 missing icon
PR: #707 - Oct-26-2024 - frontend - feature - R2 generic blob source
PR: #706 - Oct-26-2024 - frontend - feature - Add R2 for CF HTTP logs
PR: #705 - Oct-26-2024 - frontend - feature - Add R2 source from Cloudflare HTTP and DNS Gateway
PR: #704 - Oct-24-2024 - frontend - bugfix - Fix UI colors in dark mode
PR: #703 - Oct-24-2024 - frontend - bugfix - Fix small UI bugs on home page
PR: #701 - Oct-23-2024 - frontend - feature - Add federated settings for GCP source
PR: #700 - Oct-21-2024 - frontend - bugfix - Fix race condition in new alert history page. New managed enrichment

Week of October 14, Release Notes

PR: #902 - Oct-16-2024 - backend - bugfix - Fix rare data race in enrichment query path
PR: #901 - Oct-14-2024 - backend - feature - Add pagerduty notification channel
PR: #697 - Oct-20-2024 - frontend - feature - Redo design of alert history page
PR: #695 - Oct-18-2024 - frontend - bugfix - Remove broken doc links
PR: #694 - Oct-18-2024 - frontend - bugfix - Fix crowdstrike source desc.
PR: #693 - Oct-18-2024 - frontend - bugfix - Fix alignment issues with splitview
PR: #692 - Oct-18-2024 - frontend - feature - Resizable splits for results view and alert view detections
PR: #690 - Oct-14-2024 - frontend - feature - Add pagerduty notification

Week of October 7, Release Notes

PR: #898 - Oct-10-2024 - backend - bugfix - Fix some events slipping through detections
PR: #895 - Oct-10-2024 - backend - feature - Add normalized to sigma detections
PR: #894 - Oct-08-2024 - backend - bugfix - visuals: restoration already run
PR: #691 - Oct-11-2024 - frontend - dependencies - Bump dompurify from 2.4.7 to 2.5.7
PR: #689 - Oct-11-2024 - frontend - bugfix - Fix 404 link to managed-enrichment
PR: #687 - Oct-10-2024 - frontend - bugfix - Replace missing workspace create button
PR: #686 - Oct-09-2024 - frontend - bugfix - Detection menu hidden on bottom rows
PR: #685 - Oct-08-2024 - frontend - bugfix - Fix Demo/Signup buttons that don't link anywhere
PR: #684 - Oct-09-2024 - frontend - feature - Make cli toggles show color
PR: #683 - Oct-08-2024 - frontend - feature - Added edit as sql button to explore page
PR: #682 - Oct-07-2024 - frontend - bugfix - fix error stacktraces being thrown in console

Week of September 30, Release Notes

PR: #892 - Oct-04-2024 - backend - feature - Change s3 sources to use multi ingest
PR: #891 - Oct-01-2024 - backend - bugfix - Log Crowdstrike rawLog from S3
PR: #888 - Sep-30-2024 - backend - bugfix - Don't log non-security related logs in GCP by default.
PR: #885 - Sep-30-2024 - backend - feature - Add a separate domain managed enrichment for crypto domains
PR: #680 - Oct-05-2024 - frontend - feature - Add comparison to alternative page template
PR: #679 - Oct-04-2024 - frontend - feature - dropdown: improve slightly
PR: #678 - Oct-04-2024 - frontend - bugfix - fix spelling
PR: #677 - Oct-04-2024 - frontend - feature - Changes for multi ingest on all object storage sources
PR: #676 - Oct-04-2024 - frontend - bugfix - Minor ux tweaks to the alert history.
PR: #675 - Oct-04-2024 - frontend - feature - Better user-experience for dropdown filter buttons.
PR: #673 - Oct-01-2024 - frontend - bugfix - Fix dark mode on source create
PR: #672 - Oct-01-2024 - frontend - bugfix - Fix dark mode not working on source card
PR: #671 - Oct-01-2024 - frontend - bugfix - fix data volume page (was querying logs? or rows? instead of bytes)
PR: #670 - Oct-01-2024 - frontend - bugfix - Update data volume query to fix CH error
PR: #668 - Oct-01-2024 - frontend - bugfix - Expand clickable sidebar to fill whole item

Week of September 23, Release Notes

PR: #887 - Sep-26-2024 - backend - performance - remove rules from enrichment list calls
PR: #886 - Sep-26-2024 - backend - performance - Add 'Get' routes for enrichment configs
PR: #883 - Sep-25-2024 - backend - bugfix - detections: faster save w/ validation (fixes RUN-501)
PR: #882 - Sep-25-2024 - backend - bugfix - Skip non-IP/CIDR threat feed rules:
PR: #881 - Sep-24-2024 - backend - bugfix - Skip GCP pub/sub notifications unless its OBJECT_FINALIZE
PR: #880 - Sep-23-2024 - backend - bugfix - Reduce memory usage for enrichments
PR: #878 - Sep-23-2024 - backend - bugfix - Exact -> CIDR for matching managed enrichments.
PR: #867 - Sep-24-2024 - backend - performance - Change how polling scheduler gets next source
PR: #666 - Sep-26-2024 - frontend - performance - Use Get instead of List for enrichment edit/create
PR: #665 - Sep-26-2024 - frontend - feature - Updated empty source state and add source card
PR: #663 - Sep-25-2024 - frontend - bugfix - Okta logs marketing page.
PR: #662 - Sep-25-2024 - frontend - bugfix - detections: don't pass to/from parameters to create
PR: #660 - Sep-25-2024 - frontend - feature - Managed enrichments
PR: #659 - Sep-25-2024 - frontend - feature - Alerts: improved filters for alerts page
PR: #652 - Sep-23-2024 - frontend - dependencies - Bump webpack from 5.91.0 to 5.94.0
PR: #650 - Sep-23-2024 - frontend - dependencies - Bump micromatch from 4.0.5 to 4.0.8
PR: #649 - Sep-23-2024 - frontend - feature - Alan/detections sorting filters

Week of September 16, Release Notes

PR: #876 - Sep-22-2024 - backend - bugfix - close rows in case of leak
PR: #875 - Sep-19-2024 - backend - bugfix - Update polling s3 sources to get correct session
PR: #874 - Sep-18-2024 - backend - feature - Allow wildcard source type for managed enrichments
PR: #873 - Sep-18-2024 - backend - feature - Managed Enrichment for IP based enrichments
PR: #872 - Sep-18-2024 - backend - bugfix - S3 ack if no events were sent
PR: #871 - Sep-18-2024 - backend - bugfix - Fix s3
PR: #870 - Sep-17-2024 - backend - bugfix - Fix issues with getting s3 region
PR: #869 - Sep-16-2024 - backend - bugfix - Re-enable managed enrichments
PR: #868 - Sep-16-2024 - backend - bugfix - Fix SSO to work with CLI
PR: #866 - Sep-16-2024 - backend - feature - Added detection as code support for sigma detections
PR: #861 - Sep-17-2024 - backend - feature - Set cloudtrail to use multi ingest
PR: #648 - Sep-20-2024 - frontend - feature - detections: improve list view
PR: #647 - Sep-19-2024 - frontend - feature - detections: add notification channels to detection list
PR: #646 - Sep-19-2024 - frontend - feature - New sources empty state
PR: #645 - Sep-19-2024 - frontend - bugfix - Alerts + Detections: refactor and fix "Run Detection" button.
PR: #644 - Sep-19-2024 - frontend - dependencies - Update dropdowns with new icons and styling.
PR: #641 - Sep-18-2024 - frontend - feature - New homepage.
PR: #640 - Sep-18-2024 - frontend - feature - clipboard/archive icons replaced with history icon
PR: #638 - Sep-20-2024 - frontend - bugfix - Fix format query with map columns
PR: #637 - Sep-18-2024 - frontend - feature - Require name when saving detection
PR: #636 - Sep-18-2024 - frontend - bugfix - Rename some links in sidebar
PR: #635 - Sep-17-2024 - frontend - feature - Added proper collapsing sidebar
PR: #634 - Sep-17-2024 - frontend - bugfix, feature - Clean up notifications copy:
PR: #633 - Sep-16-2024 - frontend - feature - Support minimizing the sidebar
PR: #632 - Sep-16-2024 - frontend - bugfix - Add SSO to CLI login
PR: #630 - Sep-16-2024 - frontend - feature - Update streaming detections
PR: #628 - Sep-17-2024 - frontend - feature - Added external s3 modal for ingest types update cloudtrail to support multi-ingest

Week of September 9, Release Notes

PR: #863 - Sep-12-2024 - backend - bugfix - Revert "Managed Enrichments (#846)"
PR: #862 - Sep-12-2024 - backend - bugfix - Remove visibility timeout on sqs
PR: #859 - Sep-11-2024 - backend - performance - Add watchdog timeout in config
PR: #858 - Sep-11-2024 - backend - bugfix - Only saving webhook settings for some sources
PR: #857 - Sep-10-2024 - backend - bugfix - Sigma should use Provider when looking at enrichments not the name
PR: #856 - Sep-11-2024 - backend - bugfix, performance - Change how azure sources poll for events
PR: #855 - Sep-10-2024 - backend - bugfix - Use PREWHERE when loading scheduled query runs results.
PR: #854 - Sep-09-2024 - backend - feature - Drop duplicate sqs messages, controllable with const
PR: #846 - Sep-11-2024 - backend - feature - Managed Enrichments
PR: #629 - Sep-11-2024 - frontend - bugfix - Fix some of the source items aren't strings
PR: #627 - Sep-11-2024 - frontend - bugfix - Display webhook settings and new webhook popup after creating
PR: #626 - Sep-10-2024 - frontend - bugfix - Simplify query pattern on detection results page
PR: #625 - Sep-10-2024 - frontend - bugfix - Dedupe IPs and actors to not display duplicates in list
PR: #624 - Sep-10-2024 - frontend - bugfix - Use localStorage for alert history time picker.

Week of September 2, Release Notes

PR: #853 - Sep-06-2024 - backend - performance - remove the watchdog timer from detection destination
PR: #852 - Sep-05-2024 - backend - bugfix - Update sigma package
PR: #850 - Sep-05-2024 - backend - bugfix - Missing comma in clickhouse view.
PR: #849 - Sep-05-2024 - backend - bugfix - Add textPayload to GCP log parsing.
PR: #848 - Sep-05-2024 - backend - performance - Change ack helper to not use wait group and not need a go func
PR: #845 - Sep-04-2024 - backend - bugfix - Fix crowdstrike fdr date parsing issues
PR: #844 - Sep-04-2024 - backend - bugfix - Change how nsg flow records are read
PR: #842 - Sep-03-2024 - backend - bugfix - Not telling k8s to continue to next bytes
PR: #840 - Sep-03-2024 - backend - performance - bump batch sizes
PR: #839 - Sep-03-2024 - backend - bugfix - Fix dnsfilter parsing issues
PR: #838 - Sep-03-2024 - backend - bugfix - Fix bugs with object storage readers and how they are acked
PR: #832 - Sep-02-2024 - backend - performance - Refactor Multi-Ingest Sources Slightly for Memory Efficiency
PR: #827 - Sep-05-2024 - backend - bugfix - Populate important okta risk debugContext fields.
PR: #622 - Sep-04-2024 - frontend - feature - Expose sigma links to users

Week of August 26, Release Notes

PR: #831 - Sep-01-2024 - backend - bugfix - Fix streaming clickhouse detection insert
PR: #830 - Aug-29-2024 - backend - feature - AppInfo view and fix AppInfo log format.
PR: #829 - Aug-29-2024 - backend - feature - Support parsing appinfo and userinfo crowdstrike fdr logs.
PR: #828 - Aug-28-2024 - backend - bugfix - Add no sso error message
PR: #826 - Aug-27-2024 - backend - bugfix - Error completely when receiving malformed logs.
PR: #825 - Aug-27-2024 - backend - bugfix - Update okta source to parse an array of RawMessage
PR: #824 - Aug-27-2024 - backend - feature - sso: migrate to list of approved domains
PR: #823 - Aug-27-2024 - backend - bugfix - Fix login bug for different cases.
PR: #820 - Aug-26-2024 - backend - bugfix - fix initialization of notificationListener
PR: #791 - Aug-26-2024 - backend - feature - Augment table schema requests with primary keys
PR: #621 - Sep-01-2024 - frontend - bugfix - Fix sigma 404 error
PR: #620 - Aug-31-2024 - frontend - bugfix - detections: don't export predefined parameters
PR: #619 - Aug-31-2024 - frontend - bugfix - Add parameters to detection view
PR: #618 - Aug-30-2024 - frontend - bugfix - Add padding to sources list page.
PR: #617 - Aug-29-2024 - frontend - feature - Add appinfo logs to front end.
PR: #616 - Aug-29-2024 - frontend - bugfix - Support map columns in the where clause builder (again)
PR: #615 - Aug-29-2024 - frontend - bugfix - Fix filter pattern not showing on filter page,.
PR: #614 - Aug-29-2024 - frontend - bugfix - Prevent filters page from crashing with new data model
PR: #613 - Aug-29-2024 - frontend - bugfix - Use correct cloudflare source type
PR: #612 - Aug-29-2024 - frontend - bugfix - Show entire description and notes fields without textarea
PR: #611 - Aug-29-2024 - frontend - feature - Support map columns in the where clause builder:
PR: #610 - Aug-28-2024 - frontend - bugfix - sidebar: don't full reload with anchor tags, use react's Link
PR: #609 - Aug-27-2024 - frontend - bugfix - Shading under detection frequency graph
PR: #608 - Aug-28-2024 - frontend - bugfix - detections: remove flashDetection from localstoage after loaded Fixes RUN-550
PR: #607 - Aug-27-2024 - frontend - feature - Toast login errors
PR: #602 - Aug-30-2024 - frontend - feature - Add sigma support to frontend
PR: #600 - Aug-26-2024 - frontend - bugfix - Update meeting links to demo page

Week of August 19, Release Notes

PR: #815 - Aug-23-2024 - backend - bugfix - Fix issue with missing azure logs
PR: #811 - Aug-22-2024 - backend - bugfix - fix ids
PR: #810 - Aug-22-2024 - backend - bugfix - Fix crowdstrike and notions normalized event IDs to use provider IDs
PR: #807 - Aug-21-2024 - backend - feature - Support CIDR matching enrichment rules
PR: #806 - Aug-20-2024 - backend - bugfix - Check for nil azure content length
PR: #805 - Aug-20-2024 - backend - bugfix - ack only if not nil
PR: #803 - Aug-20-2024 - backend - feature - Duplicate Event Source Middleware
PR: #798 - Aug-19-2024 - backend - feature - Add enrichment support to the backend
PR: #605 - Aug-23-2024 - frontend - feature - Allow sorting of sources
PR: #604 - Aug-22-2024 - frontend - bugfix - Don't clobber the webhook signing key. Don't alert on success.
PR: #603 - Aug-23-2024 - frontend - feature - Frontend support for CIDR matching rules
PR: #601 - Aug-20-2024 - frontend - bugfix - Make the detection results page not crash.
PR: #599 - Aug-21-2024 - frontend - feature - Frontend support for enrichments
PR: #597 - Aug-19-2024 - frontend - bugfix - Demo Form Update
PR: #596 - Aug-19-2024 - frontend - feature - Demo page

Week of August 12, Release Notes

PR: #802 - Aug-15-2024 - backend - feature - block login via oauth if sso configured
PR: #801 - Aug-15-2024 - backend - bugfix - Fix baseurl to use mktBase
PR: #799 - Aug-14-2024 - backend - feature - SSOReady for SAML Sign On
PR: #595 - Aug-16-2024 - frontend - feature - Add source add card to source list
PR: #594 - Aug-15-2024 - frontend - bugfix - sso: fix ⏎ navigating back instead of submitting
PR: #593 - Aug-15-2024 - frontend - feature - New source card.
PR: #592 - Aug-14-2024 - frontend - feature - SSO Support UI
PR: #591 - Aug-13-2024 - frontend - bugfix - Make back button on notifications work
PR: #590 - Aug-13-2024 - frontend - feature - Notification, creation, edit, and templates UI redo

Week of August 5, Release Notes

PR: #797 - Aug-10-2024 - backend - bugfix - Fix multi ingest issues
PR: #796 - Aug-07-2024 - backend - bugfix - Use correct azure ack function
PR: #795 - Aug-05-2024 - backend - bugfix - Use docker compose v2 syntax
PR: #789 - Aug-05-2024 - backend - bugfix - google_workspace source: limit events per poll
PR: #783 - Aug-06-2024 - backend - feature - Allow sources to ingest from multiple locations
PR: #580 - Aug-06-2024 - frontend - feature - Allow sources to ingest from multiple locations

Week of July 31, Release Notes

PR: #795 - Aug-05-2024 - backend - bugfix - Use docker compose v2 syntax
PR: #789 - Aug-05-2024 - backend - bugfix - google_workspace source: limit events per poll
PR: #787 - Aug-01-2024 - backend - feature - Detection Parameters
PR: #783 - Aug-06-2024 - backend - feature - Allow sources to ingest from multiple locations
PR: #773 - Aug-02-2024 - backend - bugfix - Add filter prometheus metric
PR: #588 - Aug-02-2024 - frontend - bugfix - Hotfix, detection page.
PR: #587 - Aug-02-2024 - frontend - feature - Slight page redesign
PR: #586 - Aug-02-2024 - frontend - feature - Reorganize settings to have a few dropdowns.
PR: #585 - Aug-01-2024 - frontend - bugfix - TiB -> TB. Show same unit we bill for.
PR: #584 - Aug-01-2024 - frontend - feature - Allow formatting detection in detection edit and create screen.
PR: #583 - Aug-01-2024 - frontend - feature - Parameters page, fully working
PR: #582 - Aug-01-2024 - frontend - bugfix - Fix dark mode font being impossible to see for Mediums
PR: #581 - Aug-01-2024 - frontend - feature - Can sort alert history by signal vs alert.
PR: #580 - Aug-06-2024 - frontend - feature - Allow sources to ingest from multiple locations

Week of July 22, Release Notes

PR: #781 - Jul-23-2024 - backend - bugfix - Remove lookup of amzID from cloudtrail source
PR: #780 - Jul-22-2024 - backend - bugfix - Notification result link update
PR: #779 - Jul-22-2024 - backend - bugfix - Ignore files/folders starting with .
PR: #778 - Jul-22-2024 - backend - feature - Generic Azure Blob Source
PR: #578 - Jul-25-2024 - frontend - feature - Table schema visual improvements
PR: #577 - Jul-23-2024 - frontend - feature - Allow format of sql query
PR: #576 - Jul-22-2024 - frontend - feature - Add generic azure blob source

Week of July 15, Release Notes

PR: #777 - Jul-18-2024 - backend - bugfix - Fix broken resources columns
PR: #775 - Jul-18-2024 - backend - feature - K8s Audit Log source
PR: #772 - Jul-17-2024 - backend - bugfix - Fix s3 destination update bug
PR: #771 - Jul-17-2024 - backend - bugfix - Rename json field for mitreAttacks
PR: #770 - Jul-16-2024 - backend - bugfix - Up okta limits
PR: #769 - Jul-15-2024 - backend - bugfix - Added parallelism to palo source
PR: #768 - Jul-16-2024 - backend - bugfix - Apple Silicon issues, ensure --no-keychain works
PR: #767 - Jul-17-2024 - backend - bugfix - Pano perms.
PR: #575 - Jul-18-2024 - frontend - feature - Add kubernetes audit logs source.
PR: #574 - Jul-18-2024 - frontend - bugfix - Fix render loop on detection view
PR: #573 - Jul-17-2024 - frontend - bugfix - Only show one version of api token.
PR: #572 - Jul-17-2024 - frontend - bugfix - Fix some UI issues with detection view
PR: #571 - Jul-15-2024 - frontend - bugfix - Palo alto table name bugfix
PR: #569 - Jul-17-2024 - frontend - bugfix - Fix bugs on alert list

Week of July 8, Release Notes

PR: #766 - Jul-11-2024 - backend - feature - Palo Panorama Source and Materialized View
PR: #765 - Jul-12-2024 - backend - bugfix - Fix rawLog field for runreveal audit events
PR: #764 - Jul-12-2024 - backend - feature - Add workspace name to daily report email
PR: #763 - Jul-10-2024 - backend - bugfix - Lookup backfill queue urls
PR: #762 - Jul-10-2024 - backend - bugfix - allow role based session for backfill
PR: #761 - Jul-10-2024 - backend - feature - Added Gitlab S3 streaming source
PR: #756 - Jul-09-2024 - backend - feature - Added hosted zone log source
PR: #570 - Jul-13-2024 - frontend - bugfix - Fix missing support and broken sla link.
PR: #568 - Jul-11-2024 - frontend - feature - Palo Alto panorama source
PR: #567 - Jul-10-2024 - frontend - bugfix - Add role arn and external id to backfill
PR: #566 - Jul-10-2024 - frontend - bugfix - Tweak padding and bg color on new text renderer
PR: #565 - Jul-10-2024 - frontend - feature - Added json viewer for vertical data
PR: #564 - Jul-10-2024 - frontend - bugfix - Alert history side by side view
PR: #563 - Jul-10-2024 - frontend - feature - Added gitlab source
PR: #561 - Jul-09-2024 - frontend - feature - Added hosted zone log source
PR: #560 - Jul-10-2024 - frontend - feature - Webhook signing

Week of July 1, Release Notes

PR: #760 - Jul-06-2024 - backend - bugfix - rrsch: write out logs in JSON w/ metadata
PR: #755 - Jul-05-2024 - backend - feature - Expose Destination Errors to Customers
PR: #754 - Jul-04-2024 - backend - bugfix - Max pages in cloudflare audit logs, undocumented api
PR: #753 - Jul-05-2024 - backend - feature - Sign webhooks if they have a key.
PR: #751 - Jul-05-2024 - backend - bugfix - Don't sync detections if no change to files
PR: #749 - Jul-01-2024 - backend - feature - Create azure activity logs view.
PR: #747 - Jul-01-2024 - backend - bugfix - Fix admin query with date picker
PR: #746 - Jul-01-2024 - backend - bugfix - Fix admin page query
PR: #745 - Jul-01-2024 - backend - feature - Allow runreveal cli to accept any format of token.
PR: #744 - Jul-01-2024 - backend - bugfix, feature - Add Test Verification for Crowdstrike FDR
PR: #558 - Jul-03-2024 - frontend - bugfix - Fix split view for explore / detection page
PR: #557 - Jul-02-2024 - frontend - feature - Show schemas on tab view alongside tabs.
PR: #555 - Jul-02-2024 - frontend - feature - Add line wrapping in sql box
PR: #554 - Jul-02-2024 - frontend - feature - Added autocomplete columns/tables for sql queries
PR: #553 - Jul-01-2024 - frontend - feature - Add azure activity view
PR: #552 - Jul-01-2024 - frontend - bugfix - Fix volume count with date picker
PR: #551 - Jul-01-2024 - frontend - bugfix - Remove isset check when getting size
PR: #550 - Jul-01-2024 - frontend - feature - Add time picker to admin page
PR: #549 - Jul-01-2024 - frontend - bugfix - Fix daisy issues
PR: #548 - Jul-01-2024 - frontend - bugfix - Fix color on explore page new btn

Week of June 24, Release Notes

PR: #743 - Jun-27-2024 - backend - bugfix - Handle destination kcrypt appropriately.
PR: #742 - Jun-27-2024 - backend - bugfix - Destinations management
PR: #741 - Jun-26-2024 - backend - feature - Added nsg flow logs source
PR: #740 - Jun-25-2024 - backend - bugfix - Alan was right ack messages in send or they don't ack
PR: #739 - Jun-27-2024 - backend - bugfix - Remove extra newline from destination files.
PR: #738 - Jun-24-2024 - backend - bugfix - Destinations secrets default of
PR: #737 - Jun-25-2024 - backend - feature - Resend notifications if failed
PR: #736 - Jun-24-2024 - backend - feature - S3 Destinations and ClickHouse update.
PR: #547 - Jun-28-2024 - frontend - feature - Add support for custom tables in explore.
PR: #546 - Jun-28-2024 - frontend - feature - Link to explore page for certain internal links
PR: #545 - Jun-28-2024 - frontend - bugfix - Add crowdstrike fdr docs. Fix "These docs" missing space.
PR: #544 - Jun-28-2024 - frontend - dependencies - Update daisyui
PR: #543 - Jun-27-2024 - frontend - bugfix - Appropriately display bucket verification status
PR: #542 - Jun-27-2024 - frontend - bugfix - Put menu above explore tabs (z-index)
PR: #541 - Jun-27-2024 - frontend - bugfix - Destinations / Detections UI
PR: #540 - Jun-26-2024 - frontend - feature - Added new nsg flow source
PR: #539 - Jun-25-2024 - frontend - bugfix - Fix loading of notification list in detection create
PR: #538 - Jun-25-2024 - frontend - bugfix - Destination repopulate externalID and minor UI bug
PR: #537 - Jun-24-2024 - frontend - bugfix - Handle byodb clickhouses.
PR: #536 - Jun-24-2024 - frontend - feature - S3 Destination Support
PR: #524 - Jun-24-2024 - frontend - bugfix - Fixed explore page to run query when state changes

Week of June 17, Release Notes

PR: #735 - Jun-17-2024 - backend - feature - Use the userIdentity Arn on assume role.
PR: #716 - Jun-17-2024 - backend - feature - Added test detection cli command
PR: #535 - Jun-19-2024 - frontend - bugfix - Fix destination routing error
PR: #534 - Jun-18-2024 - frontend - bugfix - Detection as code cleanup

Week of June 10, Release Notes

PR: #727 - Jun-11-2024 - backend - bugfix - Additional dropbox logging of hwm
PR: #726 - Jun-10-2024 - backend - bugfix - Return enabled state of destinations.
PR: #725 - Jun-10-2024 - backend - bugfix - Destinations tweak.
PR: #723 - Jun-10-2024 - backend - bugfix - Destination Settings column should have default
PR: #722 - Jun-10-2024 - backend - bugfix - Destinations Bugfix
PR: #720 - Jun-10-2024 - backend - dependencies - sources: s/kawa/reveald/
PR: #533 - Jun-16-2024 - frontend - feature - Support modifying time in data volume page.
PR: #532 - Jun-10-2024 - frontend - bugfix - Don't allow configuration of default destination
PR: #531 - Jun-10-2024 - frontend - feature - Destinations UI for ClickHouse Destinations and Framework for others

Week of June 3, Release Notes

PR: #719 - Jun-07-2024 - backend - feature - Dropbox polling source
PR: #529 - Jun-08-2024 - frontend - bugfix - crowdstrike misspelling leads to unrendered image
PR: #528 - Jun-07-2024 - frontend - bugfix, feature - Minor improvements to detections page.
PR: #526 - Jun-07-2024 - frontend - feature - Add dropbox source UI
PR: #525 - Jun-03-2024 - frontend - feature - Added filter input for explore saved queries

Week of May 28, Release Notes

PR: #708 - backend - bugfix - Missing semi-colons from sql migration (aidmaster & managed)
PR: #707 - backend - bugfix - Rename id field in view
PR: #706 - backend - feature - Add crowdstrike data table
PR: #705 - backend - feature - Add crowdstrike_aidmaster_logs
PR: #703 - backend - feature - Crowdstrike Falcon Data Replicator source
PR: #702 - backend - bugfix - keeper typo
PR: #701 - backend - bugfix - Fix keeper source mishandling empty HTTP request.
PR: #700 - backend - feature - Support keeper source.
PR: #698 - backend - bugfix - Fix where auth0 bearer token is set
PR: #697 - backend - feature - Add auth0 bearer token support
PR: #696 - backend - feature - Auth0 source and view.
PR: #684 - backend - feature - First cut of detection creation wizard
PR: #520 - frontend - feature - Add crowdstrike fdr tables to front end
PR: #519 - frontend - feature - Falcon Data Replicator source for frontend.
PR: #517 - frontend - feature - Update explore tab title with table that is selected
PR: #516 - frontend - feature - Add keeper to front end.
PR: #513 - frontend - feature - Add support for bearer tokens + auth0_logs table
PR: #512 - frontend - feature - Add auth0 source front-end.
PR: #509 - frontend - feature - Added detection export buttons

Week of May 17, Release Notes

PR: #692 - backend - feature - aad logs table
PR: #691 - backend - performance - cloudtrail: add parallelism to source
PR: #690 - backend - performance - sqs: more messages!
PR: #688 - backend - performance - tweaks to avoid idling on network i/o
PR: #687 - backend - performance - rrq: bump batch sizes and parallelism
PR: #686 - backend - feature - Added export detection command
PR: #685 - backend - bugfix - crm: don't run in test
PR: #683 - backend - dependencies - clickhouse: upgrade dependency. Next upgrade bumps otel and breaks
PR: #681 - backend - bugfix - Alan/spring cleaning
PR: #680 - backend - feature - Add teleport audit log source -- parquet
PR: #679 - backend - bugfix - triggers: remove deprecated wasm code
PR: #678 - backend - bugfix - only alert non-system health checks
PR: #677 - backend - feature - polish links / template
PR: #676 - backend - bugfix - more info slack template
PR: #675 - backend - feature - Alan/work
PR: #673 - backend - dependencies - Bump github.com/jub0bs/fcors from 0.5.0 to 0.9.0
PR: #672 - backend - feature - Add re-invite functionality for workspace members.
PR: #511 - frontend - feature - Add entra table to source list
PR: #510 - frontend - bugfix - Remove week numbers from time picker
PR: #508 - frontend - bugfix - Run sentry's setup wizard for next js
PR: #507 - frontend - bugfix - Fix timepicker issue
PR: #506 - frontend - bugfix - Revert "Created new date range picker (#505)"
PR: #505 - frontend - feature - Created new date range picker
PR: #503 - frontend - bugfix - Fix typo in teleport docs
PR: #502 - frontend - feature - Add teleport front end source.
PR: #501 - frontend - bugfix - Fix aggrivating secondary color
PR: #500 - frontend - bugfix - Update icons on home screen from Jaime.
PR: #498 - frontend - bugfix - Fix broken rawLog link on alert history
PR: #497 - frontend - bugfix - Fix dead link on sources upgrade button
PR: #495 - frontend - bugfix - Fixed errors identified with filtering
PR: #494 - frontend - bugfix - Fix tos, [email protected]
PR: #493 - frontend - bugfix - Hide query on explore page
PR: #492 - frontend - feature - Add filter for values in datagrid and bar graphs
PR: #491 - frontend - bugfix, feature - Home improvements
PR: #490 - frontend - bugfix - Correctly set gcs notify type when updating source
PR: #489 - frontend - bugfix - Hide when small.
PR: #488 - frontend - bugfix - Ej/bsides
PR: #487 - frontend - feature - BSides page
PR: #486 - frontend - bugfix - Improve filter UI
PR: #485 - frontend - feature - Fix state on Explore
PR: #484 - frontend - bugfix - Remove unused state variable causing memory leak
PR: #483 - frontend - feature - New testimonials
PR: #482 - frontend - feature, performance - Only show tables you have active sources to.
PR: #480 - frontend - bugfix, feature - Add reinvitation button.
PR: #479 - frontend - feature - Add alert history "empty state".
PR: #478 - frontend - feature - Add additional fields to alert history.
PR: #477 - frontend - bugfix - Forgot to check this in.

Week of April 26, Release Notes

PR: #671 - backend - bug - logsquery: return something on timeout, increase timeout
PR: #670 - backend - feature - Add a zendesk source
PR: #669 - backend - feature - signals group + network info
PR: #668 - backend - bug - Add signals grouped.
PR: #666 - backend - bug - Don't ack gcp subs unless we have messages
PR: #665 - backend - feature - Support GCS object notifications

Week of April 19, Release Notes

PR: #665 - backend - feature - Support GCS object notifications
PR: #664 - backend - bug - Fix github polling verification
PR: #663 - backend - dependencies - Bump golang.org/x/net from 0.22.0 to 0.23.0
PR: #662 - backend - performance - stop writing to default database
PR: #660 - backend - bug - syntax error in polling sources
PR: #659 - backend - bug - Don't schedule queries for unknown workspaces
PR: #658 - backend - bug - Fix: uninitialized map in logs query API endpoint for SQL query parameters map. 🚀🌏 don't panic 👍
PR: #657 - backend - bug - Fix rrsch crashes when ch store is nil
PR: #656 - backend - bug - Missing negative sign in duration
PR: #655 - backend - bug - KMS should also check for www-api url
PR: #654 - backend - performance - cloudtrail logs cleanup
PR: #653 - backend - feature - Add RiskScore to signals and alerts
PR: #652 - backend - feature - Update GCP source to Poll Storage buckets
PR: #635 - backend - bug - Fix from to not being set.

Week of April 12, Release Notes

PR: #649 - backend - feature - Added gcp logs view
PR: #648 - backend - feature - Add notion source.
PR: #647 - backend - bug - Fix webhookURLs so they don't go to www-api
PR: #643 - backend - bug - Add event filtering to rrq processor
PR: #460 - frontend - bug - Fix inability to edit Notion sources.
PR: #459 - frontend - feature - Add Notion Source
PR: #458 - frontend - feature - Test your filters prior to saving.
PR: #457 - frontend - feature - Mark old gsuite source as deprecated

Week of April 5, Release Notes

PR: #646 - backend - feature - Added atlassian source
PR: #645 - backend - bug - Fix nil ch store issue in scheduled query and threat feed insertion
PR: #644 - backend - bug - hotfix
PR: #642 - backend - feature - Add Filtering
PR: #641 - backend - bug - RUN-406 fix grafana 404 on setup
PR: #640 - backend - bug - bugfix: don't panic when cleaning up after connection proactively closed
PR: #639 - backend - feature - Add get-sql endpoint to just return sql from pql/ai query
PR: #638 - backend - bug - modules: update clickhouse-go
PR: #636 - backend - feature, performance - Respect is_active on GCP logs.
PR: #634 - backend - bug - Fix handling of failed queries in LogsQueryV2Results
PR: #633 - backend - bug - notifications: fix link to see query results
PR: #456 - frontend - bug - Make overflow behave properly.
PR: #455 - frontend - bug - Fix double click popup, only 1 portal per page.
PR: #454 - frontend - feature - Added atlassian source
PR: #453 - frontend - bug, feature - Detection create improvements
PR: #450 - frontend - bug - Don't render added sources as available when editing.
PR: #449 - frontend - bug - Update docs in filter page.
PR: #448 - frontend - bug - Fix filter links to use next routing
PR: #447 - frontend - bug - Remove filter flags that have no effect
PR: #446 - frontend - bug - Fix breadcrumb UI errors
PR: #445 - frontend - bug - Correctly show results when viewing schResult
PR: #444 - frontend - feature - Add data filters
PR: #443 - frontend - bug - Ej/fix 404 again
PR: #442 - frontend - bug - Add settings page.
PR: #441 - frontend - bug - Explore Bug-fix, res is not defined.
PR: #440 - frontend - bug - Quiet these errors.
PR: #439 - frontend - bug - fix settings 404
PR: #438 - frontend - feature - Added tabs for searching
PR: #437 - frontend - bug - Fix 404s on the docs in source pages.
PR: #436 - frontend - bug - Fix timepicker, timezones vs GMT
PR: #435 - frontend - bug - Set Parameters Correctly in Detection Edit View
PR: #434 - frontend - bug - hotfix, account->settings
PR: #433 - frontend - bug, performance - minor nits, fix alignment and styling of btns. Use Link for breadcrumb

Week of March 29, Release Notes

PR: #631 - backend - bug - Initialize column data when query executed
PR: #630 - backend - bug - update config
PR: #629 - backend - feature - querylog: add status column, remove canceled, add history
PR: #628 - backend - performance - github: enforce tags on PRs for release notes
PR: #432 - frontend - feature - Some updates to docs.
PR: #431 - frontend - feature - New hero image.
PR: #430 - frontend - feature - Provide homepage that contains platform high level metrics.
PR: #429 - frontend - bug - alerts: fix links from alert history to results
PR: #428 - frontend - performance - github: enforce labels on PRs
PR: #427 - frontend - bug - explore: fix erroneous space in table parameter
PR: #426 - frontend - feature - Support breadcrumbs throughout.
PR: #421 - frontend - feature - Search page style updates, Add Results View

Week of March 1-22, Release Notes

PR: #621 - backend - feature - Add sophos Source
PR: #620 - backend - bug - Don't send report if all queries return 0 records
PR: #616 - backend - feature - Add dnsfilter source.
PR: #615 - backend - performance - Slugify all names for configs
PR: #614 - backend - feature - Google Workspace 2 -- Workspaces Revenge
PR: #613 - backend - dependencies - Bump google.golang.org/protobuf from 1.31.0 to 1.33.0
PR: #612 - backend - bug - Remove level from aad log
PR: #611 - backend - bug - Convert aad log level to a string
PR: #610 - backend - bug - Fix azure logs saving array to rawLog instead of single event
PR: #609 - backend - feature - List destinations, for destinations marketing page.
PR: #604 - backend - bug - more minor fixes
PR: #603 - backend - bug - minor fixes after testing
PR: #599 - backend - bug - Fix mitreAttacks typo causing no updates.
PR: #598 - backend - feature - Add cloudentity source to RunReveal
PR: #597 - backend - feature - Store Query Log in postgres, Results in S3, Add Pagination and Retrieve Result Endpoint
PR: #420 - frontend - enhancement - Create sophos source
PR: #419 - frontend - bug - Fix ugly transform page.
PR: #414 - frontend - enhancement - Slugify all configs
PR: #409 - frontend - bug - Tweak sources page
PR: #407 - frontend - bug - Fix bug when group by columns are not strings for explore
PR: #406 - frontend - bug - Fix double-typing.
PR: #404 - frontend - enhancement - Add mitreAttacks to the detection mgmt page.
PR: #403 - frontend - enhancement - Add cloudentity source to frontend.
PR: #402 - frontend - enhancement - Add group by to histogram on explore

Logs API Role Based Access Control