Releases: google/timesketch
20250708
What's Changed
✨ New Features & Major Enhancements
- Allow batch editing of tags. by @Annoraaq in #3451
- Batch tags v3 by @Annoraaq in #3458
- Introduce unified SearchGuideCard to help users start exploring by @jkppr in #3454
- Adding SearchGuideCard to the v3 frontend by @jkppr in #3455
- Vue3 migration: Explore view (phase one) by @berggren in #3429
- Link Events with DFIQ conclusions by @dianakramer in #3357
📈 Improvements & Refinements
- Enable support for vue3 UI by @jkppr in #3445
- Update Admin CLI to reflect changes to User and Group commands by @Aevyz in #3437
- [DB] Changes to cascade within the Sketch object by @jaegeral in #3406
- Add bloom prefix to tags from bloom analyzer by @tomchop in #3443
- [tsctl] introduce read only access to a sketch via tsctl by @jaegeral in #3444
- Introduce a tsctl check-orphaned-objects command by @jaegeral in #3442
- Update timesketch.conf by @itsmvd in #3428
- V3 timeline chips by @Annoraaq in #3432
- Update README.md by @jkppr in #3460
🐛 Bug Fixes
- Fix UI issue with nl2q by @jkppr in #3461
- Fix Story bug when no DFIQ is used by @jkppr in #3435
- Various small changes by @jaegeral in #3440
- Update install.md by @itsmvd in #3448
- Update install.md by @itsmvd in #3447
- Update deploy_timesketch.sh by @itsmvd in #3450
- improvements to the deploy_timesketch.sh by @jaegeral in #3449
- Fix permission checks with the scenarios API by @jkppr in #3452
- Fix asset loading for v3 deployments by @jkppr in #3457
⬆️ Dependency Updates
- Bump requests from 2.32.3 to 2.32.4 in the pip group by @dependabot in #3446
- Bump pbkdf2 from 3.1.2 to 3.1.3 in /timesketch/frontend-ng in the npm_and_yarn group by @dependabot in #3456
Full Changelog: 2025052...2025070
20250521
What's Changed
✨ New Features & Major Enhancements
📈 Improvements & Refinements
- AI/LLM:
- Testing / Code quality:
- Add End-to-End Tests for
tsctl
by @jaegeral in #3383 - Update E2E / unit Test Matrix (drop Ubuntu20) by @jaegeral in #3384
- [Workflows] Add 30-minute timeouts to GitHub Actions workflow jobs by @jaegeral in #3396
- Improve OpenSearch search method docstring and error logging by @jaegeral in #3414
- Update scenarios.py by @jaegeral in #3420
- Replacing timeline descriptions or names with IDs in various log by @jaegeral in #3417
- [Workflows] Run unittests in paralell in github workflow by @jaegeral in #3400
- Timesketch CLI and E2E Test Enhancements by @jaegeral in #3399
- [API Client] Robustness and Readability Enhancements by @jaegeral in #3402
- Add End-to-End Tests for
- Others
🐛 Bug Fixes
- Fix DatastoreConnectionError AttributeError by @jkppr in #3404
- Fix TimelineChip failed mode by @jkppr in #3407
- Avoid calling run_timesketch_query twice in llm_summarize feature + update tests by @itsmvd in #3379
- Development sigma rules update by @jbaptperez in #3425
- Display search ID index on error by @emmanuel-ferdman in #3421
- Documentation fixes by @jbaptperez in #3424
⬆️ Dependency Updates
- Update docker release version by @jkppr in #3380
- Various updates to dependencies / versions by @jaegeral in #3391
- Bump vite from 5.4.17 to 5.4.19 in /timesketch/frontend-v3 in the npm_and_yarn group across 1 directory by @dependabot in #3392
- Bump vite from 5.4.17 to 5.4.19 in /timesketch/frontend-ng in the npm_and_yarn group by @dependabot in #3393
- bump pandas version by @jaegeral in #3418
Full Changelog: 2025040...2025052
20250408
What's Changed
✨ New Features & Major Enhancements
- Core Functionality & API:
- Add Support for Searching Processing Timelines by @jbaptperez in #3241
- Add Timeline, SearchIndex and Datasource creation to client api by @Tijnoz in #2919
- LLM Integration:
- Add nl2q and llm_summarize as LLM features by @itsmvd in #3311
- Add LLM features manager and interface by @itsmvd in #3308
- Introduce LLMResource API method, tests, and add it as a method for the frontend by @itsmvd in #3310
- Add Ollama provider with response schema support & create LLM provider directory by @itsmvd in #3306
- Enhance LLM configuration handling and settings UI by @itsmvd in #3366
- LLM provider fallback to default config by @itsmvd in #3307
- Vue3 Frontend Migration:
- tsctl (CLI Tool) Enhancements:
- Add timesketch-status to tsctl. by @jaegeral in #3303
- [tsclt] searchindex set get status by @jaegeral in #3328
- [tsctl] Add celery task management (list and cancel) by @jaegeral in #3354
- tsctl sketch-info enhancements by @jaegeral in #3367
- [tsctl] searchindex-info improvements by @jaegeral in #3368
- Changes to
tsctl.py
by @jaegeral in #3365
📈 Improvements & Refinements
- UI/UX:
- Make suggested queries the active questions tab by @dianakramer in #3313
- Improve snackbar.js: add support for custom timeouts & small refactor by @itsmvd in #3330
- Documentation:
- Testing:
- Code Health & Refactoring:
- Update pylint & astroid by @jkppr in #3329
- Update api_client code for new pylint version by @jkppr in #3336
- Update importer client for new pylint config by @jkppr in #3339
- Update cli client for new pylint config by @jaegeral in #3340
- Remove sketch.upload() from the api client (depracated for a long time) by @jaegeral in #3349
- Update dfiq_analyzer/manager.py logging level by @jkppr in #3309
- Update nginx.conf by @jkppr in #3318
- Build, CI & Deployment:
- Adding frontend-v3 build workflow automation by @jkppr in #3346
- Update Frontend-NG Build and Deployment Workflow by @jaegeral in #3345
- Prevent E2E / unit Tests on Documentation and Non-Code Changes by @jaegeral in #3347
- Update deploy_timesketch.sh by @Sh3b0 in #3371
- Update documentation.yml by @jaegeral in #3344
🐛 Bug Fixes
- Fix: Resolve race condition errors on first timeline upload with
SEARCH_PROCESSING_TIMELINES=True
by @jkppr in #3363 - bugfix when llm_summarize tries to summarize no events by @itsmvd in #3378
- Fix: Removal Logic Bug in Annotation Mixins by @jaegeral in #3323
- [API] Fix on how timelines are listed Two new test cases around timeline listing. by @jaegeral in #3359
- fix renaming in sidebar by @Annoraaq in #3326
- Filtered back-ticks and other trailing characters from the resulting query by @dianakramer in #3304
⬆️ Dependency Updates
- Bump vitest from 1.0.4 to 1.6.1 in /timesketch/frontend-ng in the npm_and_yarn group by @dependabot in #3280
- Bump the npm_and_yarn group in /timesketch/frontend-ng with 2 updates by @dependabot in #3338
- Bump the npm_and_yarn group in /timesketch/frontend-ng with 2 updates by @dependabot in #3361
- Bump vite from 5.4.14 to 5.4.17 in /timesketch/frontend-ng in the npm_and_yarn group by @dependabot in #3376
- Bump axios from 1.7.9 to 1.8.2 in /timesketch/frontend-v3 in the npm_and_yarn group across 1 directory by @dependabot in #3335
- Bump vite from 5.4.14 to 5.4.16 in /timesketch/frontend-v3 in the npm_and_yarn group across 1 directory by @dependabot in #3370
- Bump vite from 5.4.16 to 5.4.17 in /timesketch/frontend-v3 in the npm_and_yarn group across 1 directory by @dependabot in #3375
- Bump axios from 0.21.4 to 0.29.0 in /timesketch/frontend by @dependabot in #3337
- Bump the pip group with 2 updates by @dependabot in #3294
- Bump gunicorn from 22.0.0 to 23.0.0 in the pip group by @dependabot in #3355
New Contributors
- @jbaptperez made their first contribution in #3241
- @Tijnoz made their first contribution in #2919
- @Sh3b0 made their first contribution in #3371
Full Changelog: 2025011...2025040
20250112
What's Changed
-
add context menu and sketch creation to homepage by @Annoraaq in #3237
-
Feat(cli): Add field count to Timesketch index information by @jaegeral in #3274
-
Enhance tsctl with User Status and Group Membership Information by @jaegeral in #3264
-
Increase OpenSearch mapping limit dynamically during indexing of csv/jsonl data by @jkppr in #3257
-
Dynamically update Star/Comment label counts in the left panel by @jkppr in #3267
-
LLM interface & vertexai: add response_schema support, add location parameter and fix some bugs by @itsmvd in #3268
-
Fix: Ensure consistent datetime handling during CSV import by @jkppr in #3244
-
Fix problems with field selection for visualizations by @jkppr in #3249
-
Resolve unsoundness caught by pytype --strict-none-binding. by @hnbdgr379 in #3250
-
Adding postgres database connection to tsdev.sh by @jkppr in #3256
-
Fix: Handle "query_shard_exception" in OpenSearch error handling by @jaegeral in #3272
-
Refactor LLM manager so that users can configure an LLM provider per feature by @itsmvd in #3278
-
Add ability to delete a Story from the UI by @itsmvd in #3284
-
Refactor: Move ./test_data/ to dedicated ./tests/test_data/ directory by @jaegeral in #3270
-
Bugfix in llm_summarize and introduce initial tests by @itsmvd in #3296
New Contributors
- @hnbdgr379 made their first contribution in #3250
Full Changelog: 2024112...2025011
20241129
What's Changed
- Add document/page title for sketches by @itsmvd in #3210
- [Tagger Analyzer] AWS cloudtrail config by @raihalea in #3224
- Fix: Correctly handle dynamic tags without modifiers by @jkppr in #3211
- Frontend v3 Scaffold by @berggren in #3188
- Change icon for opening TI view. by @jkppr in #3213
- Provide actionable error message for complex search queries by @jkppr in #3233
- Update location of tsdev.sh in docs by @itsmvd in #3209
- Update getTimelineFields to return union of Timeline fields by @sydp in #3203
- Upgrade unfurl and aiplatform dependencies by @jkppr in #3215
- Fix broken unit test workflows by @jkppr in #3231
- Bump happy-dom from 12.10.3 to 15.10.1 in /timesketch/frontend-ng in the npm_and_yarn group by @dependabot in #3222
- Bump cryptography from 43.0.0 to 43.0.1 in the pip group by @dependabot in #3176
- Fix: Resolve pytype --strict-none-binding issue in the api client by @jkppr in #3214
- Added Sigma mapping for certificateservicesclient-lifecycle-system by @pyllyukko in #3223
- Add a warning snackbar by @jkppr in #3234
New Contributors
- @pyllyukko made their first contribution in #3223
Full Changelog: 2024100...2024112
20241009
⚠️ Note⚠️
Upgrading to this Timesketch version requires a database upgrade!
See https://timesketch.org/guides/admin/upgrade/ for more details.
What's Changed
- Add query string filtering to Visualizations by @sydp in #3182
- DFIQ Analyzer Implementation by @jkppr in #3178
- Add --skip-create-user option to enable non-interactive deployments by @raihalea in #3194
- Enable passing on auto-run analyzers parameter when using importer library by @YiChiCanCode in #3143
- Prevent opensearch from aggregating across all indices. by @jkppr in #3192
- [CLI] export archive and unarchive a sketch by @jaegeral in #3174
- Adding unittests for several csv import related timestamp / datetime edge cases by @jaegeral in #3177
- [tests] attempt to add more unit tests and e2e tests for import of vari… by @jaegeral in #3179
- Smaller refactoring, adding readmes to folders by @jaegeral in #3183
- move the tests_events folder to tests by @jaegeral in #3185
- [Tech dept] update contrib readme, update utils readme and move tsdev from contri… by @jaegeral in #3186
- Remove analyzer_run.py by @jaegeral in #3187
- 2024 09 spelling by @jaegeral in #3181
- Update the
sigma_events.csv
reference by @emmanuel-ferdman in #3196 - Fix analyzer parsing auth events by @dfjxs in #3190
New Contributors
- @YiChiCanCode made their first contribution in #3143
- @raihalea made their first contribution in #3194
- @emmanuel-ferdman made their first contribution in #3196
- @dfjxs made their first contribution in #3190
Full Changelog: 2024082...2024100
20240828
⚠️ Note⚠️
Upgrading to this Timesketch version requires a database upgrade!
See https://timesketch.org/guides/admin/upgrade/ for more details.
What's Changed
- DFIQ card redesign and AI query UI by @berggren in #3157
- Add visualizations to stories by @sydp in #3129
- Enable/Disable Scenarios via system settings by @jkppr in #3169
- Support for DFIQ v1.1 by @berggren in #3163
- Fix: Handle special characters in queries and filter chips by @jkppr in #3168
- API Client: Add investigative question handling. by @jkppr in #3144
- Bumping google-auth version from 1.7.0 to 2.32.0 by @yohandiaz in #3133
- Fix table row height in Firefox by @Annoraaq in #3139
- Bump the pip group across 1 directory with 4 updates by @dependabot in #3097
- Add timeline selection to visualization editor by @sydp in #3140
- Adding a dependabot.yml by @jkppr in #3142
- Add timeline rename functionality to timesketch cli tool by @jaegeral in #3156
- CLI client: timeline delete by @jaegeral in #3158
- CLI client: Change timeline color for a given timeline by @jaegeral in #3159
- tsctl - variable is referenced before assignment search_templates by @jaegeral in #3162
- API client: Update scenario handling for dfiq 1.1 schema by @jkppr in #3161
- API client: Adjust list/add scenarios & questions function for new dfiq 1.1 backend by @jkppr in #3165
- Error handling for DFIQ data import by @jkppr in #3170
New Contributors
- @yohandiaz made their first contribution in #3133
Full Changelog: 2024071...2024082
20240717
What's Changed
- ApexChart based visualizations by @sydp in #3040
- Create new NL2Q API. by @dianakramer in #3073
- Prompt V2 for NL2Q by @lrosique in #3122
- MISP analyzer update by @DavidCruciani in #3106
- Adding csv export to tsctl analyzer-stats by @jkppr in #3095
- Remove old style indexes (UI) by @Annoraaq in #3091
- Remove duplicative flush() call to address issue 2796. by @mari0d in #3115
- Correct timeline_name length error message by @itsmvd in #3099
- API Search Client max entries bug and standardize property usage by @jawilson0502 in #3101
- Add only tags created by an analyzer to the output by @jkppr in #3108
- Fix UI bug for archived sketches by @jkppr in #3110
- Merge multiple intelligence attributes if present by @tomchop in #3113
- yetiindicators.py: More precise queries when looking for SHA256 indicators by @tomchop in #3117
- Changes to the Yeti Indicators analyzer by @tomchop in #3118
- Improved error handling for closing index by @jkppr in #3123
- Update Opensearch to 2.15.0 by @jkppr in #3125
- Bump the npm_and_yarn group across 2 directories with 1 update by @dependabot in #3126
- UI build 20240717 by @jkppr in #3127
New Contributors
- @dianakramer made their first contribution in #3073
- @jawilson0502 made their first contribution in #3101
- @lrosique made their first contribution in #3122
- @mari0d made their first contribution in #3115
Full Changelog: 20240508.1...2024071
20240508.1
What's Changed
Full Changelog: 2024050...20240508.1
20240508
What's Changed
- Save searches without results by @jkppr in #3060
- Bump nginx version by @jkppr in #3077
- tsdev.sh update by @rocketeeer in #3081
- Support for observables in Yeti analyzers by @tomchop in #3061
- Added check to invalid API endpoints to close issue #3005 by @TedmanNguyen in #3058
- Updating the documentation by @jkppr in #3057
- Remove sigma_rule_status.csv from Installation Helper Scripts by @Aevyz in #3063
- Update api-upload-data.md by @berggren in #3068
- Fix tsctl on a prod deployment by @jkppr in #3088
- UI build 20240508 by @jkppr in #3089
New Contributors
- @Aevyz made their first contribution in #3063
- @rocketeeer made their first contribution in #3081
- @TedmanNguyen made their first contribution in #3058
Full Changelog: 2024032...2024050