Releases: opencybersecurityalliance/firepit
Releases · opencybersecurityalliance/firepit
1.0.15
1.0.14
- postgresql: create UNLOGGED tables for faster insertion. Since the data is presumably stored elsewhere (i.e. either the files you pass to
cache()
or the original systems you got your data from) this seems like a reasonable tradeoff. - markroot: mark entire trees; i.e. when a process references a file and another process (i.e. it's parent), mark both the child process AND it's binary_ref file as "roots". This is useful when trying to reconstruct the original observations (via SQL LEFT OUTER JOIN - when joining the
observed-data
table to the SCO tables, add the conditionAND x_root IS NOT NULL
. This, combined with the DISTINCT clause, should be enough to prevent any "duplicate" rows resulting from the join.
1.0.13
1.0.12
1.0.11
1.0.10
1.0.9
1.0.7
- added
remove_view
API to drop a view - added
rename_view
API to rename a view - added
get_view_data
API to get all (or a set) of view data, including names, types, and "appdata" blobs - added new
UnknownViewname
exception - map PostgreSQL/psycopg2
UndefinedColumn
exception toInvalidAttr
- map PostgreSQL/psycopg2
UndefinedTable
exception toUnknownViewname