Skip to content

Doorman 0.5
Compare
Choose a tag to compare
@mwielgoszewski mwielgoszewski released this 20 Jul 15:05
· 78 commits to master since this release
v0.5
472fb88

This release adds an all new node learning capability that displays relevant information about a node. The information displayed about a node can be configured via the DOORMAN_CAPTURE_NODE_INFO setting, which accepts a list of tuples containing the column_name (as returned by osquery) and a label (what's displayed on the page). This learning functionality depends on nodes to execute and return results for queries containing those columns configured. Otherwise, missing values will be omitted from the node information page.

Additionally, the following is also included in this release:

  • An all new distributed query results view that shows the results of a distributed query (for all nodes) in single view
  • Added endpoint to download current node inventory (along with node information) as a CSV file
  • Doorman now captures the last IP address of a node
  • Support for marking a node as inactive
  • Support deploying Doorman to Heroku
  • Support for updating configured file paths for a file path category
  • Support for configuring a minimum status log level severity to retain via DOORMAN_MINIMUM_OSQUERY_LOG_LEVEL
  • Optional integration with Sentry via SENTRY_DSN to catch exceptions
  • Support for alerting to Sentry
  • Support for writing results to JSON log file, ready to be consumed by Logstash
  • Fix how integer/decimal column values were being compared by rules (Doorman now detects if compared values are numeric and coerces them to the appropriate number type)
  • Fix empty / not empty operator in rules
  • Fix greater / greater than / less / less than conditional logic (comparison needed to be flipped)
  • Fixed a bug that showed a node had not checked in for a while when in fact it had
  • Changed to a Bootstrap container-fluid layout, to take advantage of added screen real estate
  • Improved user experience by denoting with placeholders where tags may be entered in a free-form manner
  • Treat rule names and descriptions as string templates, allowing column and node information to supply values if applicable

Upgrading your Doorman instance:

  • Requires a database migration. Simply execute python manage.py db upgrade using the provided migration scripts.

Commits since last release

Commits to master since this release.

Assets 2
Loading