1.0.15

Multiple PostgreSQL fixes:

• IncompatibleType/DependentObjectsStillExist exception when redefining a viewname
• port values of 0 turned into NULL
• STIX patterning NOT MATCHES operator not working (always returns nothing)

1.0.14

• postgresql: create UNLOGGED tables for faster insertion. Since the data is presumably stored elsewhere (i.e. either the files you pass to cache() or the original systems you got your data from) this seems like a reasonable tradeoff.
• markroot: mark entire trees; i.e. when a process references a file and another process (i.e. it's parent), mark both the child process AND it's binary_ref file as "roots". This is useful when trying to reconstruct the original observations (via SQL LEFT OUTER JOIN - when joining the observed-data table to the SCO tables, add the condition AND x_root IS NOT NULL. This, combined with the DISTINCT clause, should be enough to prevent any "duplicate" rows resulting from the join.

1.0.13

Performance improvement for cache() with PostgreSQL: use multirow VALUES syntax.

1.0.12

Minor updates:

• docs: updated Usage
• pgstorage: change from INTEGER to BIGINT. Fixes #12

1.0.11

pgstorage: rollback transaction in exception handlers

1.0.10

Fix for #10 psycopg2.errors.SyntaxError: each UNION query must have the same number of columns

1.0.9

Fix for #9 NameError: name 'InvalidAttr' is not defined

1.0.7

• added remove_view API to drop a view
• added rename_view API to rename a view
• added get_view_data API to get all (or a set) of view data, including names, types, and "appdata" blobs
• added new UnknownViewname exception
• map PostgreSQL/psycopg2 UndefinedColumn exception to InvalidAttr
• map PostgreSQL/psycopg2 UndefinedTable exception to UnknownViewname

1.0.6

query: support chaining Filters implicitly with AND

1.0.5

Minor improvements:

• Allow passing a STIX bundle as a python object in the cache API
• query: optionally use OR in Filter
• Don't auto-aggregate the column used for grouping