Release Notes (2023-07)
July release notes detailing the evolution of the Stairwell platform
| Date | New Feature | Enhancement | Bug Fix |
|---|---|---|---|
| July 28, 2023 | ✔️ | ✔️ | |
| July 27, 2023 | ✔️ | ||
| July 26, 2023 | ✔️ | ✔️ | |
| July 25, 2023 | ✔️ | ||
| July 24, 2023 | ✔️ | ||
| July 21, 2023 | ✔️ | ||
| July 20, 2023 | ✔️ | ✔️ | |
| July 18, 2023 | ✔️ | ||
| July 15, 2023 | ✔️ | ||
| July 13, 2023 | ✔️ | ||
| July 12, 2023 | ✔️ | ||
| July 11, 2023 | ✔️ | ✔️ | |
| July 09, 2023 | ✔️ | ||
| July 06, 2023 | ✔️ | ✔️ |
July 28, 2023
Software Enhancement
Team: General
Users can now search based on object size including KB, MB, and GB.
Example:
object.size > 50MB
Bug Fix
Team: Backend
Users can now see EDR notifications for files that we fail to download from SentinelOne, but where we have access to the file anyway (e.g. in malware feeds).
July 27, 2023
Asset Bug Fix
Team: Forwarder
Users can now expect to see asset names updated as assets are renamed in the environment if running the latest forwarder update. This was previously set to the original name upon registration but will now be dynamic with the hostname.
Windows: 1.3.5
MacOS: X.X.X
July 26, 2023
Search Enhancement
Team: Frontend
Users can now search time-relative criteria including "now" along with durations with units including "y, M, w, d, h, H, m, s".
More info found on:
https://www.elastic.co/guide/en/elasticsearch/reference/current/common-options.html#date-math
Search Bug Fix
Team: General
Users can now expect consistent results when searching on filenames, regardless of case character inputted as Stairwell is converting all to lower.
Example:
pe.pdb_filename == r"C:\\Users\\Sam\\Desktop\\GetCookies\\Release\\GetCookies.pdb"
Library Enhancements
Team: Backend
Users can expect performance stability and future improvements to be more agile due to improved modularity efforts across the platform. (e.g. YARA)
Asset Enhancement
Team: Frontend
Users will now see assets sorted by last seen time by default.
July 25, 2023
API Bug Fix
Team: Frontend
Users can now expect to see matching MalEval data between the UI and the API.
July 24, 2023
New Forwarded Feature
Team: Forwarder
Users can now run an uninstall script that will remove Stairwell from MacOS.
New Threat Report Filter
Team: Frontend
Users can now select Microsoft as a Threat Report source filter.
July 21, 2023
Search Enhancement
Team: Frontend
Users can expect to see IOC result box auto-expand if results are greater than 5 and will now see a modal search form.
July 20, 2023
YARA Scanning Enhancement
Team: Frontend
Users can now start an on demand YARA scan from the objects pane.
Threat Report Bug Fix
Team: Frontend
Users can now expect to see visibility to which environments rule matches are applicable restored.
July 18, 2023
Registration Bug Fix
Team: Forwarder
Users can now expect to see WinOS and MacOS registration process more closely matching due to using a combination of MAC and Hostname to established a UID for the asset, helping mitigate issues where VMs are involved and using MAC addresses of hosts.
Sighting Enhancement
Team: Backend
Users can now expect to see additional information regarding virtual sightings that could be multiple layers deep/nested into other files.
Asset Enhancement
Team: Frontend
Users can now expect to see additional information about assets under the asset page vs the environment settings page.
IOC Enhancement
Team: Frontend
Users will now see a revised message "No matching hostnames/IPs found" when no results are returned.
Search Enhancement
Team: Frontend
Users will now be able to easily pivot to objects in the YARA preview pane.
July 15, 2023
Search Bug Fix
Team: General
Users can expect display number and listed object values to now match.
July 13, 2023
New API
Team: Frontend
Users can now trust and easily integrate with Stairwell's resource-oriented APIs served from https://api.stairwell.com/v1/. Users must use Google’s API design guide and must be rate limited and monitored.
July 12, 2023
Threat Report Enhancement
Team: Frontend
Users can now expect to see filter parameters remain present in the URL when looking at threat reports.
July 11, 2023
Swell Bug Fix
Team: General
Users can now expect to be able to upload password protected files using the Swell CLI utility without issues.
Example:
swell upload --format 7z --password $PASSWORD
Threat Report Enhancement
Team: Frontend
Users can now expect an improved experience to include refined colors, matching experience, call out for clickable items, and an overall change to a grid format.
July 09, 2023
Query Enhancement
Team: Backend
Elastic slow logging has been enabled to allow the team to identify queries exceeding time thresholds so they can be optimized for users moving forward.
July 06, 2023
Webhook and API Enhancement
Team: Frontend
Users can now expect to see additional information provided via webhook and api to include the following.
- Magic
- Hashes
- Mime type
- Size
- Entropy
- Imphash
- Imphash sorted
- tlsh
- X509 cert data when applicable
Loading Bug Fix
Team: Frontend
Users can not expect to see the filename on the metaphor tab loading message