2.2.0-1

VMware Carbon Black EDR Yara Integration Changelog

v2.2.0

Bug Fixes / Changes

• Optimization, refactoring of codebase
• Standalone mode no longer requires a celery broker
• Improved EDR Modulestore Scanning

VMware Carbon Black EDR Yara Connector 2.1.2

Changelog

• In yara-connector configuration files, for the "mode" setting, the terms "master" and "worker" have been deprecated in favor of "primary" and "minion", respectively. The deprecated terms still work, to preserve backward compatibility for customer with existing installations, but are no longer documented.
• Product name, copyright statements, and so on have been updated to reflect VMware.
• Packages are now available for EL6, EL7, and EL8 systems.

Cb Yara Connector 2.1.1-2

Changelog

v2.1.1-2 is a re-release of the Yara 2.1.1 connector.

• It has been re-packaged with an updated service script for el6.
• The build environment for el6 has been stabilized.
• The service is now stopped on yum removal.

Cb Yara Connector 2.1.1

Changelog

v2.1.1 of the CB Yara Connector is a re-write of the Cb Yara Connector with vast improvements.

• Better handling of yara rules.
  • Rules are only compiled on change of rules on disk.
  • Clean up of rules on worker side.
• Connector is more robust and handles issues gracefully.
  • Tolerates missing metadata like missing logo file.
• Vast reduction of CbR db usage.
• Vast reduction of CbR API usage.
• Performance improvements.
• Proper rpm installers are built and added to the CbOpenSource repo.
  • Builds exist for both EL6 and EL7.

Yara Connector 2.0.2 BETA

New Features

• Improved Postgres performance with named cursors
• Added ability to disable rescanning for binaries previously scanned by ANY rule
• Configuration option to limit binaries by timestamp measured by days.

Yara Connector 2.0.1 BETA

BugFixes

• Fixed threat feed titles
• fixed yara rules location on remote workers

Changes

• yara rules can now end with .yara
• number of concurrent hashes sent to workers is now configurable

Yara Connector 2.0.0 BETA

Yara Connector has been completed redesigned. This connector will no longer be published as an RPM. It will be published with executables.

New Features

• Yara Connector pulls directly from Cb Response Database for binaries. This allows for faster binary enumeration.

• We have decided to go with an "agent" model with the ability to add remote workers for even faster scanning.

Cb Yara Connector 1.3.5

Changelog

• Improved logging
• Updated version of flask
• Improvements to imphash rules processing

Cb Yara Connector 1.3.4

Changelog

• Added support for imphash rules

Cb Yara Connector 1.3.3

Changelog

• Fixed issue with yara-python pe module functions not working properly