20250708

What's Changed

✨ New Features & Major Enhancements

• Allow batch editing of tags. by @Annoraaq in #3451
• Batch tags v3 by @Annoraaq in #3458
• Introduce unified SearchGuideCard to help users start exploring by @jkppr in #3454
• Adding SearchGuideCard to the v3 frontend by @jkppr in #3455
• Vue3 migration: Explore view (phase one) by @berggren in #3429
• Link Events with DFIQ conclusions by @dianakramer in #3357

📈 Improvements & Refinements

• Enable support for vue3 UI by @jkppr in #3445
• Update Admin CLI to reflect changes to User and Group commands by @Aevyz in #3437
• [DB] Changes to cascade within the Sketch object by @jaegeral in #3406
• Add bloom prefix to tags from bloom analyzer by @tomchop in #3443
• [tsctl] introduce read only access to a sketch via tsctl by @jaegeral in #3444
• Introduce a tsctl check-orphaned-objects command by @jaegeral in #3442
• Update timesketch.conf by @itsmvd in #3428
• V3 timeline chips by @Annoraaq in #3432
• Update README.md by @jkppr in #3460

🐛 Bug Fixes

• Fix UI issue with nl2q by @jkppr in #3461
• Fix Story bug when no DFIQ is used by @jkppr in #3435
• Various small changes by @jaegeral in #3440
• Update install.md by @itsmvd in #3448
• Update install.md by @itsmvd in #3447
• Update deploy_timesketch.sh by @itsmvd in #3450
• improvements to the deploy_timesketch.sh by @jaegeral in #3449
• Fix permission checks with the scenarios API by @jkppr in #3452
• Fix asset loading for v3 deployments by @jkppr in #3457

⬆️ Dependency Updates

• Bump requests from 2.32.3 to 2.32.4 in the pip group by @dependabot in #3446
• Bump pbkdf2 from 3.1.2 to 3.1.3 in /timesketch/frontend-ng in the npm_and_yarn group by @dependabot in #3456

Full Changelog: 2025052...2025070

20250521

What's Changed

✨ New Features & Major Enhancements

• Efficient Bulk Export with Opensearch using PIT and Slicing by @jkppr in #3409
• tsctl:
  • Add tsctl export-sketch command for sketch data archival by @jaegeral in #3397
  • Add tsctl list-config Command by @jaegeral in #3382
  • type=int in click argument in various commands by @jaegeral in #3395
  • searchindex_status show all values (if available) by @jaegeral in #3412
• cli client:
  • Add generate-dummy-csv command by @jaegeral in #3405
  • Add sketch export-only-with-annotations command by @jaegeral in #3398

📈 Improvements & Refinements

• AI/LLM:
  • Avoid needlessly calling the llm_summarize feature by @itsmvd in #3386
  • Initial Gemini Github Code Review bot config / Styleguide by @jaegeral in #3381
• Testing / Code quality:
  • Add End-to-End Tests for tsctl by @jaegeral in #3383
  • Update E2E / unit Test Matrix (drop Ubuntu20) by @jaegeral in #3384
  • [Workflows] Add 30-minute timeouts to GitHub Actions workflow jobs by @jaegeral in #3396
  • Improve OpenSearch search method docstring and error logging by @jaegeral in #3414
  • Update scenarios.py by @jaegeral in #3420
  • Replacing timeline descriptions or names with IDs in various log by @jaegeral in #3417
  • [Workflows] Run unittests in paralell in github workflow by @jaegeral in #3400
  • Timesketch CLI and E2E Test Enhancements by @jaegeral in #3399
  • [API Client] Robustness and Readability Enhancements by @jaegeral in #3402
• Others
  • Add ability to add and use Investigative Questions in Stories by @jkppr in #3348
  • .gitignore enhancement by @jbaptperez in #3423
  • [tsdev] a few addtions to tsdev.sh by @jaegeral in #3422
  • Add Yeti bloom check analyzer by @tomchop in #3372

🐛 Bug Fixes

• Fix DatastoreConnectionError AttributeError by @jkppr in #3404
• Fix TimelineChip failed mode by @jkppr in #3407
• Avoid calling run_timesketch_query twice in llm_summarize feature + update tests by @itsmvd in #3379
• Development sigma rules update by @jbaptperez in #3425
• Display search ID index on error by @emmanuel-ferdman in #3421
• Documentation fixes by @jbaptperez in #3424

⬆️ Dependency Updates

• Update docker release version by @jkppr in #3380
• Various updates to dependencies / versions by @jaegeral in #3391
• Bump vite from 5.4.17 to 5.4.19 in /timesketch/frontend-v3 in the npm_and_yarn group across 1 directory by @dependabot in #3392
• Bump vite from 5.4.17 to 5.4.19 in /timesketch/frontend-ng in the npm_and_yarn group by @dependabot in #3393
• bump pandas version by @jaegeral in #3418

Full Changelog: 2025040...2025052

20250408

What's Changed

✨ New Features & Major Enhancements

• Core Functionality & API:
  • Add Support for Searching Processing Timelines by @jbaptperez in #3241
  • Add Timeline, SearchIndex and Datasource creation to client api by @Tijnoz in #2919
• LLM Integration:
  • Add nl2q and llm_summarize as LLM features by @itsmvd in #3311
  • Add LLM features manager and interface by @itsmvd in #3308
  • Introduce LLMResource API method, tests, and add it as a method for the frontend by @itsmvd in #3310
  • Add Ollama provider with response schema support & create LLM provider directory by @itsmvd in #3306
  • Enhance LLM configuration handling and settings UI by @itsmvd in #3366
  • LLM provider fallback to default config by @itsmvd in #3307
• Vue3 Frontend Migration:
  • V3 sketch empty state by @Annoraaq in #3269
  • V3 sketch page top bar by @Annoraaq in #3275
  • V3 introduce canvas by @Annoraaq in #3285
  • V3 sketch page share card by @Annoraaq in #3286
  • Update RestApiClient in frontend-v3 by @itsmvd in #3317
• tsctl (CLI Tool) Enhancements:
  • Add timesketch-status to tsctl. by @jaegeral in #3303
  • [tsclt] searchindex set get status by @jaegeral in #3328
  • [tsctl] Add celery task management (list and cancel) by @jaegeral in #3354
  • tsctl sketch-info enhancements by @jaegeral in #3367
  • [tsctl] searchindex-info improvements by @jaegeral in #3368
  • Changes to tsctl.py by @jaegeral in #3365

📈 Improvements & Refinements

• UI/UX:
  • Make suggested queries the active questions tab by @dianakramer in #3313
  • Improve snackbar.js: add support for custom timeouts & small refactor by @itsmvd in #3330
• Documentation:
  • Add initial admin & user documentation for LLM features by @itsmvd in #3301
  • Add instructions to load DFIQ templates to documentation by @jkppr in #3322
• Testing:
  • [tests] add sketch related tests to the API unit tests by @jaegeral in #3312
  • adding unit tests for archiving a sketch by @jaegeral in #3316
  • [e2e] sketch tests by @jaegeral in #3325
• Code Health & Refactoring:
  • Update pylint & astroid by @jkppr in #3329
  • Update api_client code for new pylint version by @jkppr in #3336
  • Update importer client for new pylint config by @jkppr in #3339
  • Update cli client for new pylint config by @jaegeral in #3340
  • Remove sketch.upload() from the api client (depracated for a long time) by @jaegeral in #3349
  • Update dfiq_analyzer/manager.py logging level by @jkppr in #3309
  • Update nginx.conf by @jkppr in #3318
• Build, CI & Deployment:
  • Adding frontend-v3 build workflow automation by @jkppr in #3346
  • Update Frontend-NG Build and Deployment Workflow by @jaegeral in #3345
  • Prevent E2E / unit Tests on Documentation and Non-Code Changes by @jaegeral in #3347
  • Update deploy_timesketch.sh by @Sh3b0 in #3371
  • Update documentation.yml by @jaegeral in #3344

🐛 Bug Fixes

• Fix: Resolve race condition errors on first timeline upload with SEARCH_PROCESSING_TIMELINES=True by @jkppr in #3363
• bugfix when llm_summarize tries to summarize no events by @itsmvd in #3378
• Fix: Removal Logic Bug in Annotation Mixins by @jaegeral in #3323
• [API] Fix on how timelines are listed Two new test cases around timeline listing. by @jaegeral in #3359
• fix renaming in sidebar by @Annoraaq in #3326
• Filtered back-ticks and other trailing characters from the resulting query by @dianakramer in #3304

⬆️ Dependency Updates

• Bump vitest from 1.0.4 to 1.6.1 in /timesketch/frontend-ng in the npm_and_yarn group by @dependabot in #3280
• Bump the npm_and_yarn group in /timesketch/frontend-ng with 2 updates by @dependabot in #3338
• Bump the npm_and_yarn group in /timesketch/frontend-ng with 2 updates by @dependabot in #3361
• Bump vite from 5.4.14 to 5.4.17 in /timesketch/frontend-ng in the npm_and_yarn group by @dependabot in #3376
• Bump axios from 1.7.9 to 1.8.2 in /timesketch/frontend-v3 in the npm_and_yarn group across 1 directory by @dependabot in #3335
• Bump vite from 5.4.14 to 5.4.16 in /timesketch/frontend-v3 in the npm_and_yarn group across 1 directory by @dependabot in #3370
• Bump vite from 5.4.16 to 5.4.17 in /timesketch/frontend-v3 in the npm_and_yarn group across 1 directory by @dependabot in #3375
• Bump axios from 0.21.4 to 0.29.0 in /timesketch/frontend by @dependabot in #3337
• Bump the pip group with 2 updates by @dependabot in #3294
• Bump gunicorn from 22.0.0 to 23.0.0 in the pip group by @dependabot in #3355

New Contributors

• @jbaptperez made their first contribution in #3241
• @Tijnoz made their first contribution in #2919
• @Sh3b0 made their first contribution in #3371

Full Changelog: 2025011...2025040

20250112

What's Changed

• Add AIStudio as a supported LLM library by @itsmvd in #3254

• Add LLM event summarization feature by @itsmvd in #3281

• add context menu and sketch creation to homepage by @Annoraaq in #3237

• [CLI] Sketch label management by @jaegeral in #3262

• Feat(cli): Add field count to Timesketch index information by @jaegeral in #3274

• Enhance tsctl with User Status and Group Membership Information by @jaegeral in #3264

• Increase OpenSearch mapping limit dynamically during indexing of csv/jsonl data by @jkppr in #3257

• Dynamically update Star/Comment label counts in the left panel by @jkppr in #3267

• LLM interface & vertexai: add response_schema support, add location parameter and fix some bugs by @itsmvd in #3268

• Add User Settings Menu to Home Page by @jaegeral in #3290

• Improvements to the threat intel view by @tomchop in #3289

• Fix: Ensure consistent datetime handling during CSV import by @jkppr in #3244

• Update SSH regex feature extraction by @jkppr in #3245

• Remove duplicate import by @Annoraaq in #3247

• Fix problems with field selection for visualizations by @jkppr in #3249

• Resolve unsoundness caught by pytype --strict-none-binding. by @hnbdgr379 in #3250

• Add nl2q config to dev container by @jkppr in #3253

• Fix pytype error in TS API client by @jkppr in #3255

• Adding postgres database connection to tsdev.sh by @jkppr in #3256

• Update frontend dependencies & UI build by @jkppr in #3266

• Fix: Handle "query_shard_exception" in OpenSearch error handling by @jaegeral in #3272

• Refactor LLM manager so that users can configure an LLM provider per feature by @itsmvd in #3278

• Add ability to delete a Story from the UI by @itsmvd in #3284

• UI frontend-ng build by @jkppr in #3288

• Upgrade frontend-ng node to v20 by @jkppr in #3292

• TagList bug fix by @jkppr in #3291

• Fix tests for intel metadata by @tomchop in #3293

• Refactor: Move ./test_data/ to dedicated ./tests/test_data/ directory by @jaegeral in #3270

• Bugfix in llm_summarize and introduce initial tests by @itsmvd in #3296

• V3 user avatar app bar by @Annoraaq in #3236

• V3 sketch list by @Annoraaq in #3240

• V3 sketch page by @Annoraaq in #3242

• V3 update tsdev by @Annoraaq in #3251

• V3 event bus by @Annoraaq in #3259

New Contributors

• @hnbdgr379 made their first contribution in #3250

Full Changelog: 2024112...2025011

20241129

What's Changed

• Add document/page title for sketches by @itsmvd in #3210
• [Tagger Analyzer] AWS cloudtrail config by @raihalea in #3224
• Fix: Correctly handle dynamic tags without modifiers by @jkppr in #3211
• Frontend v3 Scaffold by @berggren in #3188
• Change icon for opening TI view. by @jkppr in #3213
• Provide actionable error message for complex search queries by @jkppr in #3233
• Update location of tsdev.sh in docs by @itsmvd in #3209
• Update getTimelineFields to return union of Timeline fields by @sydp in #3203
• Upgrade unfurl and aiplatform dependencies by @jkppr in #3215
• Fix broken unit test workflows by @jkppr in #3231
• Bump happy-dom from 12.10.3 to 15.10.1 in /timesketch/frontend-ng in the npm_and_yarn group by @dependabot in #3222
• Bump cryptography from 43.0.0 to 43.0.1 in the pip group by @dependabot in #3176
• Fix: Resolve pytype --strict-none-binding issue in the api client by @jkppr in #3214
• Added Sigma mapping for certificateservicesclient-lifecycle-system by @pyllyukko in #3223
• Add a warning snackbar by @jkppr in #3234

New Contributors

• @pyllyukko made their first contribution in #3223

Full Changelog: 2024100...2024112

20241009

⚠️ Note ⚠️
Upgrading to this Timesketch version requires a database upgrade!
See https://timesketch.org/guides/admin/upgrade/ for more details.

What's Changed

• Add query string filtering to Visualizations by @sydp in #3182
• DFIQ Analyzer Implementation by @jkppr in #3178
• Add --skip-create-user option to enable non-interactive deployments by @raihalea in #3194
• Enable passing on auto-run analyzers parameter when using importer library by @YiChiCanCode in #3143
• Prevent opensearch from aggregating across all indices. by @jkppr in #3192
• [CLI] export archive and unarchive a sketch by @jaegeral in #3174
• Adding unittests for several csv import related timestamp / datetime edge cases by @jaegeral in #3177
• [tests] attempt to add more unit tests and e2e tests for import of vari… by @jaegeral in #3179
• Smaller refactoring, adding readmes to folders by @jaegeral in #3183
• move the tests_events folder to tests by @jaegeral in #3185
• [Tech dept] update contrib readme, update utils readme and move tsdev from contri… by @jaegeral in #3186
• Remove analyzer_run.py by @jaegeral in #3187
• 2024 09 spelling by @jaegeral in #3181
• Update the sigma_events.csv reference by @emmanuel-ferdman in #3196
• Fix analyzer parsing auth events by @dfjxs in #3190

New Contributors

• @YiChiCanCode made their first contribution in #3143
• @raihalea made their first contribution in #3194
• @emmanuel-ferdman made their first contribution in #3196
• @dfjxs made their first contribution in #3190

Full Changelog: 2024082...2024100

20240828

⚠️ Note ⚠️
Upgrading to this Timesketch version requires a database upgrade!
See https://timesketch.org/guides/admin/upgrade/ for more details.

What's Changed

• DFIQ card redesign and AI query UI by @berggren in #3157
• Add visualizations to stories by @sydp in #3129
• Enable/Disable Scenarios via system settings by @jkppr in #3169
• Support for DFIQ v1.1 by @berggren in #3163
• Fix: Handle special characters in queries and filter chips by @jkppr in #3168
• API Client: Add investigative question handling. by @jkppr in #3144
• Bumping google-auth version from 1.7.0 to 2.32.0 by @yohandiaz in #3133
• Fix table row height in Firefox by @Annoraaq in #3139
• Bump the pip group across 1 directory with 4 updates by @dependabot in #3097
• Add timeline selection to visualization editor by @sydp in #3140
• Adding a dependabot.yml by @jkppr in #3142
• Add timeline rename functionality to timesketch cli tool by @jaegeral in #3156
• CLI client: timeline delete by @jaegeral in #3158
• CLI client: Change timeline color for a given timeline by @jaegeral in #3159
• tsctl - variable is referenced before assignment search_templates by @jaegeral in #3162
• API client: Update scenario handling for dfiq 1.1 schema by @jkppr in #3161
• API client: Adjust list/add scenarios & questions function for new dfiq 1.1 backend by @jkppr in #3165
• Error handling for DFIQ data import by @jkppr in #3170

New Contributors

• @yohandiaz made their first contribution in #3133

Full Changelog: 2024071...2024082

20240717

What's Changed

• ApexChart based visualizations by @sydp in #3040
• Create new NL2Q API. by @dianakramer in #3073
• Prompt V2 for NL2Q by @lrosique in #3122
• MISP analyzer update by @DavidCruciani in #3106
• Adding csv export to tsctl analyzer-stats by @jkppr in #3095
• Remove old style indexes (UI) by @Annoraaq in #3091
• Remove duplicative flush() call to address issue 2796. by @mari0d in #3115
• Correct timeline_name length error message by @itsmvd in #3099
• API Search Client max entries bug and standardize property usage by @jawilson0502 in #3101
• Add only tags created by an analyzer to the output by @jkppr in #3108
• Fix UI bug for archived sketches by @jkppr in #3110
• Merge multiple intelligence attributes if present by @tomchop in #3113
• yetiindicators.py: More precise queries when looking for SHA256 indicators by @tomchop in #3117
• Changes to the Yeti Indicators analyzer by @tomchop in #3118
• Improved error handling for closing index by @jkppr in #3123
• Update Opensearch to 2.15.0 by @jkppr in #3125
• Bump the npm_and_yarn group across 2 directories with 1 update by @dependabot in #3126
• UI build 20240717 by @jkppr in #3127

New Contributors

• @dianakramer made their first contribution in #3073
• @jawilson0502 made their first contribution in #3101
• @lrosique made their first contribution in #3122
• @mari0d made their first contribution in #3115

Full Changelog: 20240508.1...2024071

20240508.1

What's Changed

• Bug-Fix analyzers fetching active sessions by @jkppr in #3093

Full Changelog: 2024050...20240508.1

20240508

What's Changed

• Save searches without results by @jkppr in #3060
• Bump nginx version by @jkppr in #3077
• tsdev.sh update by @rocketeeer in #3081
• Support for observables in Yeti analyzers by @tomchop in #3061
• Added check to invalid API endpoints to close issue #3005 by @TedmanNguyen in #3058
• Updating the documentation by @jkppr in #3057
• Remove sigma_rule_status.csv from Installation Helper Scripts by @Aevyz in #3063
• Update api-upload-data.md by @berggren in #3068
• Fix tsctl on a prod deployment by @jkppr in #3088
• UI build 20240508 by @jkppr in #3089

New Contributors

• @Aevyz made their first contribution in #3063
• @rocketeeer made their first contribution in #3081
• @TedmanNguyen made their first contribution in #3058

Full Changelog: 2024032...2024050