Skip to content

Tags: socfortress/CoPilot

Tags

v0.1.2

Toggle v0.1.2's commit message
precommit fixes

v0.1.1

Toggle v0.1.1's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
precommit fixes (#281)

v0.1.0

Toggle v0.1.0's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
Docker compose nuclei (#262)

* refactor: Add copilot-nuclei-module to docker-compose.yml

* Update docker-compose.yml to use CoPilot v0.1.0

v0.0.9

Toggle v0.0.9's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
Network connectors (#207)

* Refactor customer network connector processing in routes.py

* provision fortinet network connector things

* Fix client ID comparison in delete_agent function

* added network connectors api/types

* added external services pages

* add fortinet dashboards

* Add Fortinet dashboard schema and provisioning logic

* Add FortinetDashboard to provision_dashboards function

* Create fortinet dashboards during provisioning

* Refactor code to collect content pack ID by name in Graylog services

* Refactor content pack input ID retrieval in Graylog services

* decomission of network connector

* Update Docker workflow to notify Discord after successful image build and push

* Update Discord webhook version in Docker workflow

* Update branch name in Docker workflow from network-connectors to main

* Update Docker workflow messages for backend and frontend image updates

* Refactor database name format in create_grafana_datasource function

* crowdstrike content pack templates

* crowdstrike integration markdown

* Add Crowdstrike integration and authentication keys

* crowdstrike provisioning things

* provision and decom crowdstrike

* falconhose

* Update branch name in Docker workflow from network-connectors to main

* Add directory creation for customer docker compose and falconhose cfg

* Replace spaces with underscores in customer names

* Replace spaces with underscores in customer names

* Update Docker Compose volume path for CrowdStrike integration

* update o365 dashboards

* Update branch name in Docker workflow from network-connectors to main

* Add get_customer_default_settings_attribute function to provision.py

* build to fix grafana url in office365

* Update branch name in Docker workflow from network-connectors to main

* lower customer code in office365 index creation and grafana datasource creation

* add validator to customer code

* add grafana orgid to provision request for insert to DB

* Fix typo in create_office365_utc_rule function

* updated dependencies

* updated networkConnectors api

* added services components

* updated networkConnectors page

* updated customer integration components

* Update branch name in Docker workflow from network-connectors to main

* updated networkConnectors api/types

* added customer network connectors components

* updated dependencies

* added fortinet form

* move sap siem to modules

* Update branch name in Docker workflow from network-connectors to main

* Update URLs in SAP SIEM integration to use copilot-sap-module instead of localhost

* updated url check

* chore: Update available content packs overview in Graylog provision route

* chore: Refactor decommission network connector route and service

* refactor: Update Elasticsearch index retrieval to include open indices only

* chore: Update IndicesStats model with optional fields for docs_count and store_size

* added decommissionNetworkConnector feature

* chore: Refactor decommission network connector route and service

* precommit fixes

* chore: Update branch name in Docker workflow

---------

Co-authored-by: Davide Di Modica <[email protected]>

v0.0.8

Toggle v0.0.8's commit message
add packages for frontend

v0.0.7

Toggle v0.0.7's commit message
Delete FileType.vue component

v0.0.6

Toggle v0.0.6's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
Reporting (#179)

* Update type hints for monitoring alert creation

* Update index set and event stream titles and descriptions

* Refactor Office365 provision functions

* Update title and description formatting in build_index_set_config and build_event_stream_config

* Update index and event stream configuration

* Update index and event stream titles in SAP SIEM provision service

* Add data links to Grafana datasource

* Add dataLinks to GrafanaJsonData and create_grafana_datasource

* updated dependencies

* added reporting api/types

* added Report Creation page

* Add Grafana datasource URLs for data_vulnerability_cve and _id fields

* updated Report Creation page

* Add job functionality to scheduler

* Fix timestamp_utc fallback in create_alert_details function

* Add logging for agent details retrieval

* default to `timestamp` if timefield is None

* Update job time interval and add job metadata

* licensing test and github action docker build

* test reading auth secret

* updated Report Creation page

* license key checks

* Refactor code to enable browser testing using Playwright

* initial testing of reporting using playwright

* Add async support for agent synchronization. Remove the background task and run every 15 minutes

* Refactor sync_all_agents function to pass session parameter to sync_agents

* Add GenerateReportRequest to create_report function

* just use chromium browser

* Add GenerateReportResponse class and update create_report function signature

* migrage reporting to grafana connector

* updated Report Creation page

* license try catch

* added print media query

* updated connector form

* updated report page

* added playwrite test page

* added report template

* updated dependencies

* updated report page

* active response log analysis update

* sap siem analysis 10 minute window

* Update threshold and add time range parameter for SAP SIEM multiple logins analysis

* Update index names in sap_siem_multiple_logins.py

* same login failures multiple diff ips

* same user failed diff geo location

* Successful same user login from different locations

* brute force failed logins

* Refactor brute force failed logins route to handle multiple IPs

* brute_force_failed_logins_same_ip

* sap_siem_successful_login_after_failures

* change index name

* add sap siem to scheduler

* sap siem correction

for multiple IPs attempting to login with same user followed by a success. Added a correction to update the assets tab with the correct data

* pdf generation

* Update Jinja2 version to 3.1.2

* sort on the page number

* remove reportlab

* updated report page (added d&d)

* updated report panels drag & drop

* Update event stream configuration in graylog.py

* Update dashboard enum names

* Commented out Office365 related code

* Update Office365Dashboard enum value for SUMMARY

* Update index skipping logic in IndexConfigModel

* Update IndexConfigModel.is_valid_index method to allow non-"wazuh_" index names and exclude "deflector" index.

* Update Graylog schema for optional TLS and TCP keepalive

* updated report panels drag & drop

* updated report panels drag & drop

* modify wazuh agent config

* Refactor GenerateReportRequest schema in Grafana reporting module

* remodel report generation to fit new request schema

* use playwright for pdf generation

* Update custom_attributes field description in SingleCaseModel

* Add default value for custom_attributes in SingleCaseModel constructor

* Update custom_attributes field in SingleCaseModel

* test frontend auto build

* Add dependency installation step to Docker workflow

* Update dependencies in docker.yml and frontend/package-lock.json

* Fix template value for CUSTOMER_CODE in provision_custom_alert

* Fix incorrect client creation error message

* Add InfluxDB alerts fetching functionality to verification check. the ping and version will return true even if API token is not valid

* Update YouTube Tutorial link in README

* Fix cover-box typo and adjust screenshot styling

* Update Wazuh group configuration and replace placeholder with cluster name

* Fix placeholder replacement in wazuh_manager.py

* Add wazuh_worker_hostname field to default settings and schema

* Add wazuhWorkerHostname field to ProvisioningDefaultSettingsPayload and CustomerProvisioningDefaultSettings

* updated report panels drag & drop

* updated report template

* haproxy provisioning connector

* Add Grafana data link for O365 datasource

* Add feature enum and API endpoint to add a feature to a license

* Add feature check for reporting

* Update error message for disabled feature

* office365 fix

all office365 api keys now added to same office365 block

* delete wazuh_config.xml

* Add optional field for event definition configuration

* Refactor Config class in graylog/schema/events.py

* Add HAPROXY_PROVISIONING_URL to .env.example

* Add ExpressionItem class to handle complex expressions in Conditions

* Add SeriesItem model to Config class

* Add logging for Graylog alert definition provisioned response

* Add event_limit field to GraylogAlertProvisionConfig

* Add event limit to provision functions

* Commented out license check in create_report function

* Add panel width and height to RequestPanel model

* updated report api

* Update generate_panel_urls to include a theme parameter

* Add license-related API endpoints and models

* Update edr av malware ioc dashboard template

* Add ProvisionHaProxyRequest to customer_provisioning schema

* Add EDR_NETWORK_CONNECTIONS dashboard

* update grafana dashboard templates

* Add wazuh_agent_status field to WazuhAgent model and Agents table

* Update wazuh_agent_status default value

* updated report editor

* Add company name, timerange text, and logo to GenerateReportRequest

* Add theme field to GrafanaGenerateIframeLinksRequest and RequestPanel models

* Update report template and remove unnecessary files

* Update headless option in browser launch

* Add playwright dependencies installation step

* Update Grafana login handling and launch browser in headless mode

* Fix login issue in Grafana service

* precommit fixes

* RSA PUB KEY into build as env

* Add RSA_PUBLIC_KEY to build-args in docker.yml

* more precommit fixes

* Add PRODUCT_ID environment variable

* added report panel height settings

* Update branch name in Docker workflow

* Add HTTPException for feature not enabled

* precommit fixes

---------

Co-authored-by: Davide Di Modica <[email protected]>

v0.0.5

Toggle v0.0.5's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
Stack provisioning (#167)

* Update provision_content_pack_route description

* added stack provisioning api/types

* Fix customer_meta retrieval and use dictionary key access for field values

* added stack provisioning form

* precommit fixes

---------

Co-authored-by: Davide Di Modica <[email protected]>

v0.0.4

Toggle v0.0.4's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
updated overview page (#164)

Co-authored-by: Davide Di Modica <[email protected]>

v0.0.3

Toggle v0.0.3's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
Sapi siem integration (#149)

* Fix integration name with spaces and add SAP SIEM integration and auth keys

* Add SAP SIEM integration router

* Refactor auth key extraction for Mimecast and SAP SIEM integrations

* Refactor SAP SIEM route and collect SAP SIEM request

* Refactor SAP SIEM integration code to support multiple API keys

* Add SAP SIEM schema and services for collecting and checking suspicious logins

* Add event_timestamp and case_created fields to Result model and SapSiemSource model

* Update index name in find_suscpicious_logins function

* Refactor fetch_and_validate_data function to accept keyword arguments

* Add asset schema and update case with asset information

* Remove temporary code for testing

* Add customer_code field to SapSiemSource and SuspiciousLogin models

* Add errDetails field to SapSiemSource and SuspiciousLogin models

* Add SAP SIEM suspicious logins analysis route

* Add scroll functionality for retrieving search results

* Add event_analyzed flag to Elasticsearch document

* Add SAP SIEM multiple logins analysis route

* Convert loginID to lowercase before adding to ip_to_login_ids

* Add event_analyzed_multiple_logins field to Result class

* Add SapSiemMultipleLogins model and update sap_siem_multiple_logins_same_ip function

* Refactor code to improve performance and readability

* Add function to update event_analyzed_multiple_logins flag in Elasticsearch document

* Add update_event_analyzed_multiple_logins_flag function call

* Update customer code and handle exception in sap_siem_multiple_logins.py

* docs

* precommit fixes

* Update SAP SIEM integration and scheduler***

* Add new columns to existing tables

* Add optional extra_data parameter to update_job function

* Add optional threshold parameter to run_sap_siem_suspicious_logins_analysis and run_sap_siem_multiple_logins_same_ip_analysis

* Refactor invoke_sap_siem_integration_suspicious_logins_analysis() to use a default threshold value

* Add scheduler jobs for SAP SIEM integration

* Fix scroll clearing in SAP SIEM services

* grafana sap siem user dashboard

* Add SapSiemDashboard and provision_sap_siem function

* Update SapSiemDashboard enum and provision function

* Grafana dashboard change

* Remove alert creation provisiong from connectors table

* Update docker-compose.yml to version v0.0.3