v1.7.0

• New Administrative HTTP API with following features:
  • Manage endpoints (list, create, delete)
  • Get basic statistics about the manager
  • Execute commands on endpoints and get results
    • Can drop files prior to execution, to execute binaries/scripts not present on endpoint. Dropped files are deleted after command was ran.
    • Can retrieve files (post command execution), to retrieve results of the command
  • Collect files from endpoints for forensic purposes
  • Contain / Uncontain endpoints by restricting any network traffic except communication to the manager.
  • Query endpoints logs
  • Query endpoints alerts
  • Pivot on a timestamp and retrieve logs/alerts around that time pivot
  • Access endpoint report
    • Scoring (relative to each environment) allowing to sort endpoints and spot the ones behaving differently from the others.
    • Alerts / TTPs observed on a given time frame
  • Manage rules (list, create, update, save, delete)
• Integration with Sysmon v12 and v13
  • Integrate ClipboardData events
    • Put the content of the clipboard data inside the event to allow creating rule on the content of the clipboard
  • Integrate ProcessTampering events
    • Enrich event with a diffing score between .text section on disk and in memory
• Implemented certificate pinning on client to enhance security of the communiaction channel between endpoints and management server
• Log filtering capabilities, allowing one to collect contextual events. Log filtering is achieved by creating Gene filtering rules (c.f. Gene Documentation).
• Configuration files in TOML format for better readability
• Better protection of the installation directory