1
* 2007-04-05, prewikka-0.9.10:
3
- Don't show all source and target when they reach a predefined limit, instead
4
provide an expansion link.
6
- Add two new view in the Events section: CorrelationAlert and ToolAlert.
8
- Ability to filter and aggregate on all IDMEF path. If the filtered path is
9
an enumeration, automatically provide the list of possible value.
11
- Add a combo box for the user to choose which criteria operator to use.
13
- Provide an enumeration filter for the type of alert (Alert, CorrelationAlert,
14
ToolAlert, OverflowAlert).
16
- Prewikka can now aggregate by analyzer.
18
- When a session expire and the user login, the user is redirected to the page
19
he attempted to access when the session expired.
21
- When an error occur, the default Prewikka layout is now preserved.
23
- Correct handling of empty value for hash key generation. Fix #204.
25
- Use new libpreludedb function that return the results as well as the number
26
of results. This avoid using COUNT() in some places (namely, this speedup
27
non aggregated view by ~50%).
29
- Avoid iterating the list of database result more than needed.
31
- Support IDMEF Action, SNMPService, and WebService class.
33
- Improved support for small screen resolution.
37
* 2007-02-06, prewikka-0.9.9:
39
- Improve database performance by reducing the number of query. (Paul Robert Marino)
41
- Activate CleanOutput filtering (lot of escaping fixes).
43
- More action logging.
45
- Bug fixes with the error pages Back/Retry buttons.
47
- Fix error on group by user (#191).
49
- Fix template compilation error with Cheetah version 2 (#184).
52
* 2006-11-23, prewikka-0.9.8:
54
- Save/load user configuration when using CGI authentication mode (#181).
56
- Show Prewikka version in the About page (#177).
58
- Use Python logging facility (available backend: stderr, file, smtp, syslog),
59
multiple simultaneous handler supported (#113).
61
- Fix anonymous authentication.
63
- Fix external process going into zombie state (#178).
65
- Fix sqlite schema (#180).
67
- Display correct alertident for invalid CorrelationAlert analyzerid/messageid pair.
69
- prewikka-httpd should now log the source address.
71
- Thread safety fixes.
74
* 2006-08-18, prewikka-0.9.7.1:
76
- Fix filter interface bug introduced in 0.9.7.
78
- Improved error reporting on filter creation.
80
- Rename command configuration section to host_commands.
83
* 2006-08-16, prewikka-0.9.7:
85
- Use preludedb_delete_(alert|heartbeat)_from_list(). Require
86
libpreludedb 0.9.9. Provide a deletion performance improvement
89
- Handle multiple listed source/target properly. Separate
90
source/target in the message listing.
92
- Make host command/Information link available from the Sensor
95
- Always take care of the "external_link_new_window" configuration
98
- Make external command handling more generic. Allow to specify
99
command line arguments.
101
- Allow to define unlimited number of external commands rather than
102
only a defined subset (fix #134).
104
- Avoid toggling several popup at once in the HeartbeatListing.
106
- Only provide lookup capability for known network address type (fix #76).
108
- New address and node name lookup provided through prelude-ids.com service.
110
- Link to new prelude-ids.com port lookup instead of broken portsdb
116
* 2006-07-27, prewikka-0.9.6:
118
- CGI authentication module, from Tilman Baumann <tilman.baumann@collax.com>.
120
- Correct libpreludedb runtime version check.
122
- Show multiple source/target in message listing/summary.
124
- Fix invalid use of socket.inet_ntoa() to read ICMP Gateway Address,
125
which is stored as string (#156).
127
- Fix aggregation on IDMEF-Path that are not string.
129
- Fix setup.py --root option (#166).
133
* 2006-05-04, prewikka-0.9.5:
135
- Fix 'Filter on Target' link (fix #148).
137
- Fix alert summary exception with alert including file permission (fix #149).
139
- Fix creation of an empty __init__.py file in lib/site-packages (#147).
141
- Print currently installed version on libpreludedb requirement error.
143
- Make sure /usr/bin/env is expanded.
147
* 2006-04-13, prewikka-0.9.4:
149
- Intelligent display for CorrelationAlert. Include correlated
150
alert information in the alert listing.
152
- Intelligent printing of Network centric information.
154
- Fix Cheetah compilation for the heartbeat page.
156
- Correct handling of AdditionalData containing an integer 0.
158
- Handle ignore_atomic_event AdditionalData key (used by CorrelationAlert to
159
hide linked-in alert).
161
- Fix aggregation when done simultaneously on multiple fields.
163
- Aggregation on fields other than "address" was not working well.
167
* 2005-01-10, prewikka-0.9.3:
169
- Distribute SQLite schema.
171
- Fix exception in the heartbeat analysis view when the heartbeat_count
172
or heartbeat_error_margin settings are explicitly set (#124).
174
- Fix Cheetah 1.0 heartbeat listing exception (#119).
176
- Open external link in new windows by default. Add a configuration option
177
to disable opening external link in new window (#61).
179
- Provide the ability to specify the configuration file that Prewikka
182
- Sanitize the limit parameter in case the input value is not correct
183
instead of triggering an exception (#118).
185
- Handle the preludeDB "file" setting (for use with SQLite like database).
187
- Fix filter saving issue in the heartbeat listing.
189
- Fix unlimited timeline option in heartbeat listing.
195
* 2005-12-07, prewikka-0.9.2:
197
- Correct Analyzer path when unwiding aggregated alert.
199
- Add an "Unlimited" timeline option.
201
- Fix classification escaping problem that could lead to empty
202
listing when unwiding alert with classification text containing backslash.
204
- Don't print un-necessary separator when the protocol field is
205
empty in the alert listing.
207
- Improve Correlation Alert display. Allow focus both on the Correlation Alert
208
summary and on the correlated alert listing.
210
- Don't propagate the "save" parameter, so that the user don't end up saving
211
settings without knowing about it.
214
* 2005-11-30, prewikka-0.9.1:
216
- Resolve the protocol number from the message summary view.
218
- Separate port and protocol value, so that we don't end up
219
linking the protocol to portdb if there is no port.
221
- Ability to setup IDMEF filter using iana_protocol_name and iana_protocol_number.
223
- Sanitize timeline years value on system which does not support time
224
exceeding 2^31-1. Fix #104.
226
- Mark CorrelationAlert explicitly in the AlertListing.
228
- Make inline filter mark more visible.
230
- Ability for the user to save settings for the current view.
232
- New --address and --port option to prewikka-httpd.
234
- Fix a bug where clicking the IP address popup would cause
235
Firefox to go back to the top of the page. Fix #112.
237
- Don't hardcode path to /usr/bin/python, but resort to
238
/usr/bin/env to find it.
241
* 2005-09-20, prewikka-0.9.0:
245
- Minor rendering fix.
247
- Handle service.iana_protocol_name / service.iana_protocol_number
248
as well as service.protocol.
251
* 2005-09-05, prewikka-0.9.0-rc12:
253
- Correct Konqueror rendering.
255
- Minor bugfix with timeline selection.
260
* 2005-08-25, prewikka-0.9.0-rc11:
262
- The Summary view now support showing CorrelationAlert.
264
- Avoid mangling URL query string on form input.
266
- Handle possibly null AdditionalData properly.
268
- Don't default to 'low' severity.
270
- Allow the user to set analyzerID inline filter.
272
- Make sure we keep aggregation in per analyzer view.
274
- Keep inline filter object sorted, and merge them if there are duplicate.
276
- When the same object is specified more than once, OR both.
278
- Various cleanup, bugfix.
281
* 2005-08-17, prewikka-0.9.0-rc10:
283
- Allow configuration entry without space after the ':' separator.
285
- More operator (case insensitive operator, regex operator).
287
- Show target file in the message listing.
289
- Much more information in the alert summary view.
290
Especially useful for users of integrity checker.
293
* 2005-08-02, prewikka-0.9.0-rc9:
295
- New experimental mod_python handler.
297
- Use the same template for user creation as for user modification.
298
The interface is much cleaner, and more consistant.
300
- Fix Invalid parameters exception on 'delete all'.
302
- Print all analyzer, whether they have an analyzerID or not. This provide
303
more analyzer information.
305
- Show Analyzer Node location, Classification Ident, and Process path in the
308
- Correct SNMP/Web Service, and some other Process/File filter path.
310
- Allow for correct '\' escaping when creating filters.
312
- Internet Explorer rendering tweak.
318
* 2005-06-17, prewikka-0.9.0-rc8:
320
- Use relative path everywhere.
322
- Some escaping fixes.
324
- Fix Filter formula check.
326
- Ability to filter on alert.classification.ident.
328
- Fix aggregated classification link in expanded list entry.
330
- Various bugfix, English typo.
334
* 2005-06-16, prewikka-0.9.0-rc7:
336
- Prewikka now work and render perfectly with IE 6.0.
338
- XHTML conformance in most of the code.
340
- Fix possible exception with filtered classification text.
342
- Allow filtering on heartbeat.analyzer.name.
346
* 2005-06-01, prewikka-0.9.0-rc6:
348
- Implement alert/heartbeat select all for deletion.
350
- Fix handling of alert without classification.
352
- Fix HTML code problem. Try to make the W3C validator happy.
353
Fix Javascript warnings. Correct URL escaping. Make it work
354
better in Apple's Safari browser.
356
- More error checking when saving custom filter. Error out in case a
357
filter reference non existing criteria. Add the substr operator.
359
- Fix bug in the whole alert/heartbeat navigation system, simplify
360
and cleanup the code, always report the current filtered field 'action' to
363
- Make the mouse pointer behave like it does for javascript links on Alert
366
- Fix alert mixup when expanding an aggregated classification with different
369
- Fix low/mid/high/none severity filtering.
371
- Fix a bug where agents with multiple address would disappear.
373
- Avoid Authentication Failed message when the user didn't try to authenticate
374
(the session does not exist).
376
- UI tweak for the detailed alert/heartbeat view.
378
- Link source and destination port to portdb.
380
- Add an heartbeat_error_margin configuration keyword.
382
- Saving modification to an existing filter now work.
384
- Make prewikka.cgi catch exceptions that are raised during the prewikka
385
initialization step and display an error screen to the user instead of
386
a server internal error.
388
- Don't display message checkbox and delete button if the user don't
389
have the PERM_IDMEF_ALTER permission
391
- Fix module importation on MacOSX.
396
* 2005-04-17, prewikka-0.9.0-rc5:
398
- Fix classification filters in the alert listing.
400
- Let the user provide the path to external command (whois, traceroute).
402
- Fix prewikka exception on 'info' severity.
404
- Fix broken installation permission.
406
- Fix bad template variable initialization resulting in an exception
409
- Fix alert deletion in un-agreggated mode.
411
- Fix GMT offset calculation.
413
- Fix a problem when appending more filters in the alert list view.
415
- Update Auth cookie expiration time.
417
- Fix escaping issue.
420
* 2005-04-05, prewikka-0.9.0-rc4:
424
- Fix a problem when changing password.
426
- Remove trailling space from config entry.
428
- Display all analyzer address in agent listing.
430
- Fix some bug in the authentication system, that would refuse
431
login for no appearent reasons.
433
- Set default session expiration time to 60 minutes.
436
* 2005-03-31, prewikka-0.9.0-rc3:
438
- Installation cleanup / bugfix.
440
- Fix database authentication failure.
445
* 2005-03-31, prewikka-0.9.0-rc2
447
- Fix a loading problem when the database is not created.
450
* 2005-03-29, prewikka-0.9.0-rc1:
added
removed
NEWS
