release-4.7.1

This is primarily a bug fix release based off of the master branch, which will remain at 4.8-pre.

• [FIXED] jinja2 import namespaces for newer versions
• [FIXED] TLS connection issue with Python 3.9+
• [FIXED] Multi-line handling of audit parameters (i.e. hashes) in the Script Builder
• [FIXED] Missing processPath token for imageLoadEvent
• [FIXED] Missing parentProcessPath token for fileWriteEvent
• [ADDED] Proxy PAC file support. Requires PyPAC
• [CHANGED] Upgraded jQuery to 3.6.0
• [CHANGED] Disable TLSv1.1 - thanks @moshekaplan

release-4.7

• [IMPORTANT] HXTool now requires the Python keyring module
• [FIXED] Missing json import when adding a new profile - resolves #49
• [FIXED] Schedule widget now displays properly on small screens
• [FIXED] Booleans and integers are properly cast when parsing audit data for task modules
• [FIXED] Multi-file file acquisitions silently failing when using TinyDB
• [FIXED] An intermittent issue with the Task Scheduler where tasks would run outside their scheduled time
• [ADDED] Indicator creation support for Endpoint Security IOC Streaming module - thanks @z3k3z
• [ADDED] MongoDB backed Audit Explorer
• [ADDED] OpenIOC 1.1 support for real-time and streaming rule import - thanks @matthewdunwoody
• [ADDED] MD5 hash filtering for file listings in the multi-file acquisition feature
• [ADDED] Mandiant Advantage query button (MA) for observables when viewing alerts
• [ADDED] OpenIOC jobfilter support to the script builder
• [ADDED] Retry for bulk acquisition task modules when intermittent connection issues occur
• [CHANGED] iSIGHT query button has been renamed FTI
• [CHANGED] Markdown formatted readme - thanks @milesflo
• [CHANGED] Task scheduler credentials are now stored using the keyring module
• [CHANGED] Default log size to 5MB before rolling the log
• [CHANGED] Docker build file now uses the 'python-slim' image instead of Alpine Linux. This is due to the lack of glibc on Alpine, which caused several build issues. Image build times are much faster, but the resulting image will be a bit larger.
• [CHANGED] Docker run command, see README.DOCKER

release-4.6

Release Notes:

• [IMPORTANT] As of this HXTool release, we will no longer be supporting Python 2.x, as it has been deprecated by the Python Software Foundation.
• [FIXED] Compatibility with Endpoint Security (HX) 5.0+
• [FIXED] Condition test terms are no longer reset when editing or cloning indicators
• [FIXED] Proxy configuration validation code no longer rejects a valid proxy configuration
• [FIXED] Compatibility with TinyDB 4.0
• [FIXED] username element for fileWriteEvent is no longer missing in the IOC editor
• [FIXED] Indicator export is no longer limited to 50 conditions
• [FIXED] Indicators with long names or non-URL characters in their name will export properly
• [FIXED] Scheduler thread pool is set cpu_count() + 1 to prevent thread exhaustion
• [SECURITY] Disable TLSv1 for Flask's internal web server
• [ADDED] MongoDB support
• [ADDED] Multi-indicator upload
• [ADDED] Process-api stacking model for all OSs
• [ADDED] Convert "event only" OpenIOCs to eventItem format for Enterprise Search - Thanks @0xF2EDCA5A
• [ADDED] Support for generic (module) alerts
• [CHANGED] Port stacking model now works on all OSs
• [CHANGED] Exporting multiple indicators now packages them up in a zip file as opposed to a single JSON file
• [CHANGED] Multi-file acquisition now works on all OSs. Note: RAW files listing is only supported on Windows