3.5.0-RC1 (2020-08-12)
Implemented enhancements:
Closed issues:
- OAuth2 not working : Authentication failure #946
Fixed bugs:
- [Bug] OAuth2/OpenIDC Authentication failure #1291
- [Feature Request] OAuth support for Basic authentication to authorization server's tokenUrl #1294
- [Bug] Can't auth with SSO/OAuth with FusionAuth #1342
- [Bug] TheHive is stalled while importing Alerts with a large number of observables #1416
3.4.2 (2020-04-25)
Implemented enhancements:
- [Feature Request] Providing output details for Responders #962
Fixed bugs:
- Analyzer's artifacts tags and message are not kept when importing observables #1285
- [Bug] File observables in alert are not created in case #1292
3.4.1 (2020-04-17)
Implemented enhancements:
- docker: TheHive fails to connect to elasticsearch (NoNodeAvailableException) #854
- Improved support for OpenID connect and OAuth2 #1110
- TheHive's Docker entrypoint logs the Play secret key at startup #1177
- [Q] Configure TheHive's first run using Docker Compose #1199
- TheHive's docker containers should be orchestration-ready #1204
- MISP synchronisation: map to_ids to ioc #1273
Closed issues:
- Include Dockerfile in root of project #1222
- Docker user daemon with id 1 causes permission issues with local #1227
Fixed bugs:
- MISP & TheHive out of sync? #866
- Owner is case-sensitive on api calls #928
- Bug: Observable without data breaks display of observables #1080
- Docker-Compose ElasticSearch incompatibility #1140
- [Bug] Analyzers that take more than 10 Minutes run into timeout #1156
- TheHive 3.4.0 migration logs errors ([error] m.Migration - Failed to create dashboard) #1202
- Computed metrics is not compatible with painless scripting language #1210
- OAuth2 Bearer header should be of the format "Authorization Bearer" ? #1228
- Health API endpoint returns warning when everything is OK #1233
- [Bug] Job submission sometimes fails when multiple Cortex servers #1272
3.4.0 (2019-09-09)
Implemented enhancements:
- Removing custom fields #954
Fixed bugs:
- Can't secure ElasticSearch connection #1046
- Case statistics dashboard loads with an error message and the case over time panel fails to display any data #1050
- Cannot setup TheHive 3.4.0-RC2 using Docker #1051
- Incorrect tag filter results when observables with tags are added then deleted #1061
- Incorrect number of related observables returned #1062
- bulk merge alerts into case lose description's alert #1065
- Update Database button does not appear in training appliance #1067
- Cosmetic Bug: wrong number of exported observables displayed #1071
- 3.4 RC2 doesn't prompt to update/create the database when one doesn't exist #1107
3.4.0-RC2 (2019-07-11)
Implemented enhancements:
- Alerts are not getting deleted as expected #974
- API not recognizing the attribute 'sighted' of artifacts on alert creation #1003
- Merge Observable tags with existing observables during importing alerts into case #1014
- Display ioc and sighted attributes in Alert artifact list #1035
Closed issues:
- can't add custom fields to case in 3.4.0-RC1 #1026
- sample hive does not connect to cortex and prints no helpful error message #1028
Fixed bugs:
- /api/alert/{}/createCase does not use caseTemplate #929
- javascript error in tasks #979
- Dashboard based on observables not refreshing correctly #996
- TLP:WHITE for observable not shown, not editable #1025
- thehive prints error messages on first run ("Authentication failure" / "user init not found") #1027
- Update case owner field validation to handle null value #1036
3.4.0-RC1 (2019-06-05)
Implemented enhancements:
- Support Elasticsearch 6.x clusters #623
- Communication to ElasticSearch via HTTP API 9200 #913
- Cortex AddArtifactToCase AssignCase #922
- Upgrade frontend libraries #966
- Remove metrics module #975
- Allow to import file from Cortex report #982
Closed issues:
- Have AlertFilter for "New&Updated" #952
Fixed bugs:
- Donut dashboard metric values are not transformed to searches #972
- Fix search page base filter #983
- Failure to load datatypes #988
- Java 11 build crash #990
- Bulk merge of alerts does not merge the tags #994
3.3.1 (2019-05-22)
Fixed bugs:
- THP-SEC-ADV-2017-001: Privilege Escalation in all Versions of TheHive #408
3.3.0 (2019-03-19)
Fixed bugs:
- Merge case by CaseID Broken #930
3.3.0-RC6 (2019-03-19)
Implemented enhancements:
- Support for filtering Tags by prefix (using asterisk, % or something) in search dialog #666
- Empty case still available when disabled #901
- Dashboards - Add text widget #908
- Add Tags to an Alert with Responder #912
3.3.0-RC5 (2019-02-23)
Implemented enhancements:
- Mouseover text for alert preview #897
Fixed bugs:
3.3.0-RC4 (2019-02-22)
Implemented enhancements:
- Use empty case modal when merging alerts and no templates are defined #893
Fixed bugs:
- Hide Empty Case Button Broken #890
- Issue with navigation from dashboard clickable donuts to search page #894
3.3.0 RC3 (2019-02-21)
Implemented enhancements:
- Ability to disable "New Case" -> "Empty case" #449
- Disable clickable widgets in dashboard edit mode #485
- Feature Request: link to and from Hive to MISP #820
- Improvement: Upload of observables seem to fail "silently" #829
- Feature: Add "auto-completion" to the UI #831
- Related artifacts: IOC/not IOC #838
- [BUG] Audit trail for alert ignore #863
- Provide a quick link to copy alert id #870
- Update Copyright with year 2019 #879
- Add a Related Alerts link to case details view #884
- Add a UI configuration admin section #888
Fixed bugs:
- Alert updates and tracking (follow) #856
- Cortex responders with DataType
thehive:case_artifact
do not show up within thehive when attempting to run them for observables. #869 - Log message related to MISP synchronization is confusing #871
- Label Typo in Updated Alerts #874
- AKKA version missmatch #877
- Drone build fails on pull-requests #882
3.3.0 RC2 (2019-02-12)
Fixed bugs:
- Java dependency of DEB package is broken #867
3.3.0 RC1 (2019-02-06)
Implemented enhancements:
- Bulk Merge Alerts into Case #271
- Improve case template selection for case creation #769
- sorting in alerts #824
- Merge alerts directly to a case #826
- MISP - Add an Event Tag instead of/additionnally to Attribute Tag #836
- Add support to Java versions, higher than 8 #861
- [BUG] Session cookie received with API token #864
Fixed bugs:
- Delete user from Thehive: DELETE /api/user/user1 returned 500 org.elastic4play.InternalError: user can't be removed #844
- Assigned Tasks do not show up in 'My Tasks' before they are started #845
3.2.1 (2019-01-02)
Fixed bugs:
- Tag order is reversed if a case is created from an alert #810
- Potential Regression: Case templates cannot be exported in 3.2.0 #823
- Can't unset case template when alert is imported #825
- Bug UI "Tooltip" / Hint is cropped by window borders #832
3.2.0 (2018-12-11)
Implemented enhancements:
- Add configuration for drone continuous integration #803
Fixed bugs:
- Error when uploading password protected zips as observables #805
- Lowercase user ID coming from HTTP header #808
3.2.0-RC1 (2018-11-21)
Implemented enhancements:
- Whitelist of tags for MISP alerts #481
- Support header variable authentication #554
- Add confirmation dialogs when running a responder #762
- Observable Value gets cleared when changing its type (importing it from an analyser result) #763
- Show tags of observables in Alert preview #778
- Update Play #791
- Show observable description on mouseover observables #793
- Add responder actions in dashboard #794
- Add ability to add a log in responder operation #795
Fixed bugs:
- Intermittently losing Cortex #739
- Case search from dashboard clic "invalid filters error" #761
- Basic authentication method should be disabled by default #772
- A user with "write" permission can delete a case using API #773
- Observable creation doesn't allow multiline observables #790
- MISP synchronization fails if event contains attachment with invalid name #801
3.1.2 (2018-10-12)
Fixed bugs:
- Cortex polling settings break startup #754
3.1.1 (2018-10-12)
Implemented enhancements:
- url category to MISP: poll for default #732
- Publish stable versions in beta package channels #733
- Change Debian dependencies #751
- Allow TheHive to use a custom root context #752
Fixed bugs:
- UPN attribute is not correctly lowercased #736
- Observable Result Icons Not Displaying #738
- Update breaks RHEL #743
- Console output should not be logged in syslog #749
3.1.0 (2018-09-25)
Implemented enhancements:
- 3.1.0RC3: Browsing to negative case ids is possible #713
- AddCustomField responder operation #724
- Add MarkAlertAsRead action to responders #729
Closed issues:
- TheHive:Alerts don't send observables to Responders #725
Fixed bugs:
- Fix PAP labels #711
- 3.0.1RC3: certificate based authentication failes as attributes are not correctly lowercased #714
- API allows alert creation with duplicate artifacts #720
- Multiple responder actions does not seem to be handled #722
- TheHive Hyperlinking #723
3.1.0-RC3 (2018-09-06)
Implemented enhancements:
- Filter on computedHandlingDuration in SearchDialog fails #688
- Search section: Search for a string over all types of objects #689
- Related Cases: See (x) more links #690
- Make task group input optional #696
- Display task group in global task lists #705
- Allow task group auto complete in case template admin section #707
- Display task description via a collapsible row #709
Fixed bugs:
- Start waiting tasks when adding task logs #695
- Error handling deletion and re creation of file observables #699
- PKI authentication fails if user name in certificate has the wrong case #700
- .sbt build of current git version fails with x-pack-transport error #710
3.1.0-RC2 (2018-08-30)
Implemented enhancements:
- Observable type boxes doesn't line break on alert preview pane #593
- Application.conf needs clarifications #606
- Ability to set custom fields as mandatory #652
- TheHive 3.1RC1: Add Username that executes an active response to json data field of responder #662
- TheHive 3.1RC1: Add status to cases and tasks in new search page #663
- TheHive 3.1RC1: Slow reaction if Cortex is (unclear) unreachable #664
- x509 certificate authentication option 'wantClientAuth' #667
- Remember task list configuration (grouped/list) #681
- MISP Exports in livestream miss hyperlink to caseid #684
- Add a search box to quickly search for case by caseId #685
Fixed bugs:
- Dashboard visualizations do not work with custom fields #478
- Horizontal Scrolling and Word-Wrap options for Logs #573
- 'Tagged as' displayed in Related Cases even if cases are untagged #594
- play.crypto.secret is depecrated #671
- WebUI inaccessible after upgrading to 3.1.0-0-RC1 (elastic4play and Play exceptions) #674
- 3.1.0-RC1- Tasks list is limited to 10 items. #679
3.1.0-RC1 (Cerana 1) (2018-08-20)
Implemented enhancements:
- Ability to have nested tasks #148
- Output of analyzer as new observable #246
- Single-Sign On support #354
- MISP Sharing Improvements #366
- Make The Hive MISP integration sharing vs pull configurable #374
- StreamSrv: Unexpected message : StreamNotFound #414
- Assign Tasks to users from the Tasks tab #426
- Auto-refresh for Dashboards #476
- Handling malware as zip protected file #538
- Start Task - Button #540
- Consider providing checksums for the release files #590
- Ability to execute active response on any element of TheHive #609
- Add PAP to case to indicate which kind of action is allowed #616
- New TheHive-Project repository #618
- Revamp the search section capabilities #620
- Check Cortex authentication in status page #625
- Custom fields in Alerts? #635
- Display drop-down for custom fields sorted alphabetically #653
Closed issues:
Fixed bugs:
- Previewing alerts fails with "too many substreams open" due to case similarity process #280
- File upload when /tmp is full #321
- If cortex modules fails in some way, it is permanently repolled by TheHive #324
- Artifacts reports are not merged when merging cases #446
- Error with Single Sign-On on TheHive with X.509 Certificates #600
- Dashboards contain analyzer IDs instead of correct names #608
- Session does not expire correctly #640
- Attachments with character "#" in the filename are wrongly proceesed #645
- Default value of custom fields are not saved #649
3.0.10 (2018-06-09)
Implemented enhancements:
- Time Calculation for individual tasks #546
- Sort related cases by related artifacts amount #548
- Poll for connectors status and display #563
- Send caseId to Cortex analyzer #564
- Rotate logs #579
Fixed bugs:
- Short Report is not shown on observables (3.0.8) #512
- MISP Synchronisation error #522
- Making dashboards private makes them "invisible" #555
- Open cases not listed after deletion of merged case in UI #557
- Merge case by ID brings red error message if not a number in textfield #583
- Invalid searches lead to read error messages #584
- Analyzer name not reflected in modal view of mini-reports #586
- Wrong error message when creating a observable with invalid data #592
3.0.9 (2018-04-13)
Closed issues:
- Dropdown menu for case templates doesnt have scroll #541
Fixed bugs:
- TheHive MISP cert validation, the trustAnchors parameter must be non-empty #452
- Artifacts' sighted flags are not merged when merging cases #518
- Long Report isn't shown #527
- Error when trying to analyze a filename with the Hybrid Analysis analyzer #530
- Naming inconsistencies in Live-Channel #531
- PhishTank Cortex Tag is transparent #535
- Cortex connection can fail without any error log #543
3.0.8 (2018-04-04)
Fixed bugs:
- Job Analyzer is no longer named in 3.0.7 with Cortex2 #521
- Error on displaying analyzers name in report template admin page #523
- "Run all" in single observable context does not work #524
- Session collision when TheHive & Cortex 2 share the same URL #525
- Mini reports is not shown when Cortex 2 is used #526
3.0.7 (2018-03-29)
Implemented enhancements:
- Delete Case #100
Fixed bugs:
- Can't save case template in 3.0.6 #502
- Display only cortex servers available for each analyzer, in observable details page #513
3.0.6 (2018-03-02)
Implemented enhancements:
- Add compatibility with Cortex 2 #466
Fixed bugs:
- Tasks are stripped when merging cases #489
3.0.5 (2018-02-08)
Fixed bugs:
3.0.4 (2018-02-08)
Implemented enhancements:
- Filter MISP Events Using MISP Tags & More Before Creating Alerts #370
- Case metrics sort #418
- MISP feeds cause the growing of ES audit docs #450
- Make counts on Counter dashboard's widget clickable #455
- Make alerts searchable through the global search field #456
Closed issues:
- Add query capability to visualization elements #395
Fixed bugs:
- Observable report taxonomies bug #409
- Bug: Case metrics not shown when creating case from template #417
- Refresh custom fields on open cases by background changes #440
- Make dashboard donuts clickable #453
- Fix link to default report templates #454
- Type is not used when generating alert id #457
- More than 20 users prevents assignment in tasks #459
- Fix MISP export error dialog column's wrap #460
- "too many substreams open" on alerts #462
- Fix the alert bulk update timeline message #463
- Remove uppercase filter on template name #464
2.13.3 (2018-01-19)
3.0.3 (2018-01-04)
3.0.2 (2018-01-04)
Implemented enhancements:
- Can not configure ElasticSearch authentication #384
- Add multiline/multi entity graph to dashboards #399
Fixed bugs:
- "Mark as Sighted" Option not available for "File" observable type #400
3.0.1 (2017-12-13)
Fixed bugs:
- Error when configuring multiple ElasticSearch nodes #383
- During migration, dashboards are not created #386
- MISP Event Export Error #387
3.0.0 (Cerana) (2017-12-06)
Implemented enhancements:
- Feature Request: Webhooks #20
- Display Cortex Version, Instance Name, Status and Available Analyzers #130
- Show already known observables in Import MISP Events preview window #137
- Assign default metric values #176
- Export Statistics/Metrics #197
- Statistics: Observables and IOC over time #215
- Templates can not be cloned #226
- Alerts in Statistics #274
- Statistics - Saved Filters #279
- Add health check in status API #306
- Export and Import Case Templates #310
- Dynamic dashboard #312
- Export to MISP: add TLP #314
- Deleted cases showing in statistics #317
- Keep the alert date when creating a case from it #320
- [Minor] Add user dialog title issue #345
- Display more than 10 users per page and sort them by alphanumerical order #346
- Remove the From prefix and template suffix around a template name in the New Case menu #348
- Add Autonomous Systems to the Default Datatype List #359
- Set task assignee in case template #362
- Alert id should not be used to build case title when using case templates #364
- Add a sighted flag for IOCs #365
- Add the Ability to Import and Export Case Templates #369
- Assign default values to case templates' custom fields #375
Closed issues:
- Single Sign-On with X.509 certificates #297
- Remove the deprecated "user" property #316
- caseTemplate should be kept when creating a case from a template #325
Fixed bugs:
- Merge of cases overrides task log owners #303
- Validate alert's TLP and severity attributes values #326
- Share a case if MISP is not enabled raise an error #349
- [Bug] Merging an alert into case with duplicate artifacts does not merge descriptions #357
2.13.2 (2017-11-08)
Fixed bugs:
- Error on custom fields format when merging cases #331
- Statistics on metrics doesn't work #342
- Deleted Observables, Show up on the statistics tab under Observables by Type #343
- Incorrect stats: non-IOC observables counted as IOC and IOC word displayed twice #347
- Security issue on Play 2.6.5 #356
2.13.1 (2017-09-18)
Fixed bugs:
- Tasks Tab Elasticsearch exception: Fielddata is disabled on text fields by default. Set fielddata=true on [title] #311
2.13.0 (2017-09-15)
Implemented enhancements:
- Export cases in MISP events #52
- Specify multiple AD servers in TheHive configuration #231
- Alert Pane: Catch Incorrect Keywords #241
- Fine grained user permissions for API access #263
- Add Support for Play 2.6.x and Elasticsearch 5.x #275
- Add basic authentication to Stream API #291
- Add a basic support for webhooks #293
- Improve the content of alert flow items #304
- Group ownership in Docker image prevents running on OpenShift #307
Closed issues:
Fixed bugs:
- A colon punctuation mark in a search query results in 500 #285
- File name is not displayed in observable conflict dialog #295
- Undefined threat level from MISP events becomes severity "4" #300
- Download attachment with non-latin filename #302
2.12.1 (2017-08-24)
Implemented enhancements:
- Merging alert into existing case does not merge alert description into case description #255
- Fix warnings in debian package #267
Fixed bugs:
- Renaming of users does not work #249
- TheHive doesn't send the file name to Cortex #254
- Add multiple attachments in a single task log doesn't work #257
- Can't get logs of a task via API #259
- API: cannot create alert if one alert artifact contains the IOC field set #268
- Closing a case with an open task does not dismiss task in "My tasks" #269
- Case similarity reports merged cases #272
2.12.0 (2017-07-06)
Implemented enhancements:
- Custom fields for case template #12
- Display short reports on the Observables tab #131
- Ability to Reopen Tasks #156
- Choose case template while importing events from MISP #175
- Specifying tags on statistics page or performing a search #186
- Observable analyzers view reports. #191
- Open External Links in New Tab #228
- Show case status and category (FP, TP, IND) in related cases #229
- Alert Preview and management improvements #232
- More options to sort cases #243
- Sort the analyzers list in observable details page #245
- Use local font files #250
Fixed bugs:
- report status not updated after finish #212
- Search do not work with non-latin characters #223
- Alert can contain inconsistent data #234
- files in alerts are limited to 32kB #237
- Alerting Panel: Typo Correction #240
- Sorting alerts by severity fails #242
- Fix case metrics malformed definitions #248
- A locked user can use the API to create / delete / list cases (and more) #251
2.11.3 (2017-06-14)
Fixed bugs:
- MISP synchronization doesn't retrieve all events #236
- Problem Start TheHive on Ubuntu 16.04 #238
- Unable to add tasks to case template #239
2.11.2 (2017-05-31)
Implemented enhancements:
- Show case severity in lists #188
- Add Description Field to Alert Preview Modal #218
- Visually distinguish between analyzed and non analyzer observables #224
Fixed bugs:
- Cortex jobs from thehive fail silently #219
- MISP synchronization - Alerts are wrongly updated #220
- MISP synchronization - attributes are not retrieve #221
2.11.1 (2017-05-17)
Implemented enhancements:
Closed issues:
- No API Alert documentation #203
Fixed bugs:
- Error updating case templates #204
- Observable of merged cased might have duplicate tags #205
- Case templates not applied when converting an alert to a case #206
2.11.0 (2017-05-12)
Implemented enhancements:
- Reordering Tasks #21
- MISP import filter / filtering of events #86
- Ignored MISP events are no longer visible and cannot be imported #107
- Feature request: Autocomplete tags #119
- Improve logs browsing #128
- Proxy authentication #143
- Add support of case template in back-end API #144
- Refresh the UI's skin #145
- Disable field autocomplete on the login form #146
- Connect to Cortex instance via proxy #147
- Add pagination component at the top of all the data lists #151
- Show severity on the "Cases Page" #165
- Update the datalist filter previews to display meaningful values #166
- Make the flow collapsible, in case details page #167
- Implement the alerting framework feature #170
- Connect to Cortex protected by Basic Auth #173
- Cannot distinguish which analysers run on which cortex instance #179
- Add support to .deb and .rpm package generation #193
- Sort the list of report templates #195
- TheHive send to many information to Cortex when an analyze is requested #196
- Display the logos of the integrated external services #198
Closed issues:
Fixed bugs:
- Job status refresh #171
- Duplicate HTTP calls in case page #187
- Fix the success message when running a set of analyzers #199
- Authentication fails with wrong message if database migration is needed #200
2.10.2 (2017-04-18)
Implemented enhancements:
- Persistence for task viewing options #157
- Add CSRF protection #158
- Run all analyzers on multiple observables from observables view #174
Closed issues:
- Observable Tags not displayed in 2.10.1 #155
Fixed bugs:
- Pagination does not work with 100 results per page #152
- Secure the usage of angular-ui-notification library #159
- Disable readonly access to admin pages, for users without 'admin' role #160
- Unauthenticated access to some pages doesn't redirect to login page #161
- MISP import fails #169
2.10.1 (2017-03-08)
Implemented enhancements:
- Upgrade to the last version of UI-Bootstrap UI library #79
- Misleading MISP Event Date and Time #101
- Make The Hive working on any URL path and not only / #114
- Disable buttons in MISP event's preview dialog #115
- Add pagination component at the top of the task log #116
- Restyle avatar's upload button #126
- Display a warning when trying to merge an already merged case #129
- Typo in quick filters #134
- Remove duplicate stream callbacks registration #138
- Remove the "Run all analyzers" option from observables list #141
Fixed bugs:
- Observables password hint does not reflect backend change #83
- Cannot add an observable which datatype has been added by an admin #106
- Open log in new windows #108
- Web UI doesn't refresh once a report template is deleted #113
- Case merge does not close tasks in merged cases #118
- Flow is not shown #127
- Fix a JS issue related to inactivity dialog #139
- 401 HTTP responses don't trigger redirection to login page #140
- Fix OTXQuery report template #142
2.10.0 (2017-02-03)
Implemented enhancements:
- Newly created case template not visible in NEW case until logout/login #26
- Make release process easier #28
- Changeable case owner #30
- Externalize observable analysis #53
- Load the Current Cases View when Closing a Case #61
- When closing a task, close the associated tab as well #66
- Allow (un)set observable as IOC from the observable's page #68
- Use avatars in user profiles #69
- Feature Request - Add Case Statistics by Severity #70
- Improve cases listing page #76
Closed issues:
- OTX Analyzer #32
- PhishTank Analyzer #40
- Unable to use SSL on AD auth #50
- Create an analyzer to get information about PE file #51
- Add support for more filetypes to PE_info analyser #54
- Database schema update (v8) #67
Fixed bugs:
- Missing markdown editor in case close dialog #42
- Make sure to clear new task log editor #57
- MISP events counter is not refreshed #58
- Locked users are still able to log in #59
- Assign a default role to new users and remove the ability to assign empty roles #60
- Don't use deleted obserables to link cases #62
- Add an already exist observable returns an unexpected error #63
- Task descriptions from case templates are not applied #65
- Locked users cannot be assignee of cases #77
- User is not notified on MISP error #88
- Case TLP should be set to AMBER by default #96
- Bug related case #97
- Hippocampe Analyzer #104
- Template Limit Bug #105
2.9.2 (2017-01-19)
Fixed bugs:
- docker image: $.post(...).success is not a function #95
2.9.1 (2016-11-28)
Implemented enhancements:
- Case merging #14
- Don't update imported case from MISP if it is deleted or merged #22
- MaxMind Analyzer 'Short Report' has hard-coded language #23
- Inconsistent wording between the login and user management pages #44
- Update logo and favicon #45
Fixed bugs:
- Tags not saving when creating observable. #4
- chrome on os x - header alignment #5
- Metric Labels Not Showing in Case View #10
- Description becomes empty when you cancel an edition #13
- The Action button of observables list is blank #15
- Phantom tabs #18
- MISP event parsing error when it doesn't contain any attribute #25
- Systemd startup script does not work #29
- NPE occurs at startup if conf directory doesn't exists #41