Release Notes (2023-07)

July release notes detailing the evolution of the Stairwell platform

DateNew FeatureEnhancementBug Fix
July 28, 2023✔️✔️
July 27, 2023✔️
July 26, 2023✔️✔️
July 25, 2023✔️
July 24, 2023✔️
July 21, 2023✔️
July 20, 2023✔️✔️
July 18, 2023✔️
July 15, 2023✔️
July 13, 2023✔️
July 12, 2023✔️
July 11, 2023✔️✔️
July 09, 2023✔️
July 06, 2023✔️✔️

July 28, 2023

Software Enhancement

Team: General

Users can now search based on object size including KB, MB, and GB.

Example:

object.size > 50MB

Bug Fix

Team: Backend

Users can now see EDR notifications for files that we fail to download from SentinelOne, but where we have access to the file anyway (e.g. in malware feeds).

July 27, 2023

Asset Bug Fix

Team: Forwarder

Users can now expect to see asset names updated as assets are renamed in the environment if running the latest forwarder update. This was previously set to the original name upon registration but will now be dynamic with the hostname.

Windows: 1.3.5
MacOS: X.X.X
July 26, 2023

Search Enhancement

Team: Frontend

Users can now search time-relative criteria including "now" along with durations with units including "y, M, w, d, h, H, m, s".

📘

More info found on:

https://www.elastic.co/guide/en/elasticsearch/reference/current/common-options.html#date-math

Search Bug Fix

Team: General

Users can now expect consistent results when searching on filenames, regardless of case character inputted as Stairwell is converting all to lower.

Example:

pe.pdb_filename == r"C:\\Users\\Sam\\Desktop\\GetCookies\\Release\\GetCookies.pdb"

Library Enhancements

Team: Backend

Users can expect performance stability and future improvements to be more agile due to improved modularity efforts across the platform. (e.g. YARA)

Asset Enhancement

Team: Frontend

Users will now see assets sorted by last seen time by default.

July 25, 2023

API Bug Fix

Team: Frontend

Users can now expect to see matching MalEval data between the UI and the API.

July 24, 2023

New Forwarded Feature

Team: Forwarder

Users can now run an uninstall script that will remove Stairwell from MacOS.

New Threat Report Filter

Team: Frontend

Users can now select Microsoft as a Threat Report source filter.

July 21, 2023

Search Enhancement

Team: Frontend

Users can expect to see IOC result box auto-expand if results are greater than 5 and will now see a modal search form.

July 20, 2023

YARA Scanning Enhancement

Team: Frontend

Users can now start an on demand YARA scan from the objects pane.

Threat Report Bug Fix

Team: Frontend

Users can now expect to see visibility to which environments rule matches are applicable restored.

July 18, 2023

Registration Bug Fix

Team: Forwarder

Users can now expect to see WinOS and MacOS registration process more closely matching due to using a combination of MAC and Hostname to established a UID for the asset, helping mitigate issues where VMs are involved and using MAC addresses of hosts.

Sighting Enhancement

Team: Backend

Users can now expect to see additional information regarding virtual sightings that could be multiple layers deep/nested into other files.

Asset Enhancement

Team: Frontend

Users can now expect to see additional information about assets under the asset page vs the environment settings page.

IOC Enhancement

Team: Frontend

Users will now see a revised message "No matching hostnames/IPs found" when no results are returned.

Search Enhancement

Team: Frontend

Users will now be able to easily pivot to objects in the YARA preview pane.

July 15, 2023

Search Bug Fix

Team: General

Users can expect display number and listed object values to now match.

July 13, 2023

New API

Team: Frontend

Users can now trust and easily integrate with Stairwell's resource-oriented APIs served from https://api.stairwell.com/v1/. Users must use Google’s API design guide and must be rate limited and monitored.

July 12, 2023

Threat Report Enhancement

Team: Frontend

Users can now expect to see filter parameters remain present in the URL when looking at threat reports.

July 11, 2023

Swell Bug Fix

Team: General

Users can now expect to be able to upload password protected files using the Swell CLI utility without issues.

Example:

swell upload --format 7z --password $PASSWORD

Threat Report Enhancement

Team: Frontend

Users can now expect an improved experience to include refined colors, matching experience, call out for clickable items, and an overall change to a grid format.

July 09, 2023

Query Enhancement

Team: Backend

Elastic slow logging has been enabled to allow the team to identify queries exceeding time thresholds so they can be optimized for users moving forward.

July 06, 2023

Webhook and API Enhancement

Team: Frontend

Users can now expect to see additional information provided via webhook and api to include the following.

  • Magic
  • Hashes
  • Mime type
  • Size
  • Entropy
  • Imphash
  • Imphash sorted
  • tlsh
  • X509 cert data when applicable

Loading Bug Fix

Team: Frontend

Users can not expect to see the filename on the metaphor tab loading message