Evebox Versions Save

0.17.2 - 2023-05-27

• [elastic] Fixing negation queries using '-': https://github.com/jasonish/evebox/issues/266
• [server] Don't error out if authentication enabled but no users exist, instead just log an error: https://github.com/jasonish/evebox/issues/267
• [webapp] Use relative login URL: https://github.com/jasonish/evebox/issues/268
• [packaging] Fix quotes in systemd unit files: https://github.com/jasonish/evebox/issues/270

0.17.1 - 2023-03-27

• [elastic] Fix timestamp used in archive queries: https://github.com/jasonish/evebox/issues/263

• Move to SolidJS for frontend development.
• New special query string keywords:
  • @ip: match src_ip or dest_ip, and other fields known to be IP addresses
  • @earliest:TIMESTAMP
  • @latest:TIMESTAMP
• Feature parity between SQLite and Elasticsearch. This means that some reports were removed, but should come back for both SQLite and Elasticsearch: https://github.com/jasonish/evebox/issues/95
• [sqlite] Enable event retention by default to a value of 7 days. If an SQLite database becomes too large, it can be hard to trim back down to a usable size without significant downtime.
• Start on a new overview report.
• Fix issue where alert report graph didn't refresh over time change: https://github.com/jasonish/evebox/issues/247
• Don't allow the agent to send a payload larger than the server can receive: https://github.com/jasonish/evebox/issues/248
• [webapp] Fix broken filter on SIDs search: https://github.com/jasonish/evebox/issues/251
• [packaging] Add default configuration file: https://github.com/jasonish/evebox/pull/221
• [webapp] Alert graph failing to refresh on time range change: https://github.com/jasonish/evebox/issues/247
• [agent] Add Elasticsearch as the submission endpoint for events.
• [elastic-import] Deprecated, use the agent instead.
• [sqlite] Database file size based event retention: https://github.com/jasonish/evebox/issues/256
• [server] Fix PCAP downloads when authentication fails: https://github.com/jasonish/evebox/issues/262

• [server] Fix authentication: https://github.com/jasonish/evebox/issues/227, https://github.com/jasonish/evebox/issues/230
• [server] Auto archive: https://github.com/jasonish/evebox/issues/52
• [webapp] Update to Bootstrap 5
• [webapp] Update to Angular 14
• [sqlite] Typo when opening sqlite database: https://github.com/jasonish/evebox/issues/226
• Many cleanups from 0.15.0

0.15.0 - 2022-02-27

• [sqlite] Remove full text search engine. It provided little benefit on search and was very expensive to add events to.
• Add a stats view.
• [webapp] Update to Angular 13.
• [server] Move from Warp to Axum.
• [webapp] Remove Brace editor for pretty printing of JSON and replace with a JSON pretty printer module.
• [elastic] Fixes to Elastic field name mappings that should address issues with ECS. Most things seem to work.

0.14.0 - 2021-06-16

• Relicense under MIT, oops.
• Server: Wait for Elasticsearch to be ready: https://github.com/jasonish/evebox/issues/170
• Fix add users command to take parameters from command line as documented: https://github.com/jasonish/evebox/issues/173
• Rule parser: Fix stripping of quotes: https://github.com/jasonish/evebox/issues/177
• Angular plus other dependency updates.

0.13.1 - 2021-04-09

• Fix http request logging, and logging the remote IP address when behind a reverse proxy: https://github.com/jasonish/evebox/issues/163
• Fix client side authentication issue: https://github.com/jasonish/evebox/issues/160
• Fix initialization of SQLite events database: https://github.com/jasonish/evebox/issues/166

0.13.0 - 2021-03-18

Fixes

• Flow report fixes.
• Netflow report fixes.
• Capitalization of app_proto's in web.
• When converting a packet to pcap, use the linktype from the packet info if available. If not available use ethernet. Fixes the case where the packet is from nfqueue, where its DLT_RAW.
• Unfocus time range selector after a new range is selected allowing keyboard shortcuts to work again without having to click somewhere in the page.
• Fix issue where the input section in the configuration file was being used even if enabled was set to false. This only happened when using a configuration file with an input section: https://github.com/jasonish/evebox/issues/159

Changes

• Server: Allow wildcard in input filename to allow the usage of threaded eve output. For example: /var/log/suricata/eve.*.json.
• Agent: Allow multiple input paths to be specified.
• New keyboard shortcut, '\' to open time range selector.

Features

• New DHCP report that attempts to give you a picture of the devices that have been assigned an IP(v4) address over the requested period of time.

0.12.0 - 2020-09-25

Changes

• Server rewritten in Rust. Ideally this should not be noticed.
• Stop tagging events with "archived" and "escalated", and only use "evebox.archived" and "evebox.escalated". This should not be noticed as EveBox has been using both tags for a very long.
• The Docker image is now based on Alpine Linux. Scratch could be used, but it would break compatibility with previous images.
• Agent: The baheaviour of using the log filename suffixed with ".bookmark has been removed. The agent will prefer to use the configured bookmark directory (aka data-directory) instead, or if not set, the current directory where EveBox is being run from. However, if these deprecated bookmark filenames exist (like after an upgrade), they will continue to be used.
• The command "esimport" has been renamed to "elastic-import".

Fixes

• Fix the index_pattern when adding a template to Elasticsearch with a non logstash index.
• Fix disabling of certificate checks for connecting to an Elasticsearch server with a self-signed certificate. https://github.com/jasonish/evebox/issues/144

Breaking Changes

• License: AGPL
• LetsEncrypt support has been removed.

Known Issues

• When using a self-signed certificate, the hostname being connected to must match the hostname in the certificate.

0.11.1 - 2020-03-31

• Fix file permissions in RPM and Debian packaging. https://github.com/jasonish/evebox/issues/128