20250408

What's Changed

✨ New Features & Major Enhancements

• Core Functionality & API:
  • Add Support for Searching Processing Timelines by @jbaptperez in #3241
  • Add Timeline, SearchIndex and Datasource creation to client api by @Tijnoz in #2919
• LLM Integration:
  • Add nl2q and llm_summarize as LLM features by @itsmvd in #3311
  • Add LLM features manager and interface by @itsmvd in #3308
  • Introduce LLMResource API method, tests, and add it as a method for the frontend by @itsmvd in #3310
  • Add Ollama provider with response schema support & create LLM provider directory by @itsmvd in #3306
  • Enhance LLM configuration handling and settings UI by @itsmvd in #3366
  • LLM provider fallback to default config by @itsmvd in #3307
• Vue3 Frontend Migration:
  • V3 sketch empty state by @Annoraaq in #3269
  • V3 sketch page top bar by @Annoraaq in #3275
  • V3 introduce canvas by @Annoraaq in #3285
  • V3 sketch page share card by @Annoraaq in #3286
  • Update RestApiClient in frontend-v3 by @itsmvd in #3317
• tsctl (CLI Tool) Enhancements:
  • Add timesketch-status to tsctl. by @jaegeral in #3303
  • [tsclt] searchindex set get status by @jaegeral in #3328
  • [tsctl] Add celery task management (list and cancel) by @jaegeral in #3354
  • tsctl sketch-info enhancements by @jaegeral in #3367
  • [tsctl] searchindex-info improvements by @jaegeral in #3368
  • Changes to tsctl.py by @jaegeral in #3365

📈 Improvements & Refinements

• UI/UX:
  • Make suggested queries the active questions tab by @dianakramer in #3313
  • Improve snackbar.js: add support for custom timeouts & small refactor by @itsmvd in #3330
• Documentation:
  • Add initial admin & user documentation for LLM features by @itsmvd in #3301
  • Add instructions to load DFIQ templates to documentation by @jkppr in #3322
• Testing:
  • [tests] add sketch related tests to the API unit tests by @jaegeral in #3312
  • adding unit tests for archiving a sketch by @jaegeral in #3316
  • [e2e] sketch tests by @jaegeral in #3325
• Code Health & Refactoring:
  • Update pylint & astroid by @jkppr in #3329
  • Update api_client code for new pylint version by @jkppr in #3336
  • Update importer client for new pylint config by @jkppr in #3339
  • Update cli client for new pylint config by @jaegeral in #3340
  • Remove sketch.upload() from the api client (depracated for a long time) by @jaegeral in #3349
  • Update dfiq_analyzer/manager.py logging level by @jkppr in #3309
  • Update nginx.conf by @jkppr in #3318
• Build, CI & Deployment:
  • Adding frontend-v3 build workflow automation by @jkppr in #3346
  • Update Frontend-NG Build and Deployment Workflow by @jaegeral in #3345
  • Prevent E2E / unit Tests on Documentation and Non-Code Changes by @jaegeral in #3347
  • Update deploy_timesketch.sh by @Sh3b0 in #3371
  • Update documentation.yml by @jaegeral in #3344

🐛 Bug Fixes

• Fix: Resolve race condition errors on first timeline upload with SEARCH_PROCESSING_TIMELINES=True by @jkppr in #3363
• bugfix when llm_summarize tries to summarize no events by @itsmvd in #3378
• Fix: Removal Logic Bug in Annotation Mixins by @jaegeral in #3323
• [API] Fix on how timelines are listed Two new test cases around timeline listing. by @jaegeral in #3359
• fix renaming in sidebar by @Annoraaq in #3326
• Filtered back-ticks and other trailing characters from the resulting query by @dianakramer in #3304

⬆️ Dependency Updates

• Bump vitest from 1.0.4 to 1.6.1 in /timesketch/frontend-ng in the npm_and_yarn group by @dependabot in #3280
• Bump the npm_and_yarn group in /timesketch/frontend-ng with 2 updates by @dependabot in #3338
• Bump the npm_and_yarn group in /timesketch/frontend-ng with 2 updates by @dependabot in #3361
• Bump vite from 5.4.14 to 5.4.17 in /timesketch/frontend-ng in the npm_and_yarn group by @dependabot in #3376
• Bump axios from 1.7.9 to 1.8.2 in /timesketch/frontend-v3 in the npm_and_yarn group across 1 directory by @dependabot in #3335
• Bump vite from 5.4.14 to 5.4.16 in /timesketch/frontend-v3 in the npm_and_yarn group across 1 directory by @dependabot in #3370
• Bump vite from 5.4.16 to 5.4.17 in /timesketch/frontend-v3 in the npm_and_yarn group across 1 directory by @dependabot in #3375
• Bump axios from 0.21.4 to 0.29.0 in /timesketch/frontend by @dependabot in #3337
• Bump the pip group with 2 updates by @dependabot in #3294
• Bump gunicorn from 22.0.0 to 23.0.0 in the pip group by @dependabot in #3355

New Contributors

• @jbaptperez made their first contribution in #3241
• @Tijnoz made their first contribution in #2919
• @Sh3b0 made their first contribution in #3371

Full Changelog: 2025011...2025040

20250112

What's Changed

• Add AIStudio as a supported LLM library by @itsmvd in #3254

• Add LLM event summarization feature by @itsmvd in #3281

• add context menu and sketch creation to homepage by @Annoraaq in #3237

• [CLI] Sketch label management by @jaegeral in #3262

• Feat(cli): Add field count to Timesketch index information by @jaegeral in #3274

• Enhance tsctl with User Status and Group Membership Information by @jaegeral in #3264

• Increase OpenSearch mapping limit dynamically during indexing of csv/jsonl data by @jkppr in #3257

• Dynamically update Star/Comment label counts in the left panel by @jkppr in #3267

• LLM interface & vertexai: add response_schema support, add location parameter and fix some bugs by @itsmvd in #3268

• Add User Settings Menu to Home Page by @jaegeral in #3290

• Improvements to the threat intel view by @tomchop in #3289

• Fix: Ensure consistent datetime handling during CSV import by @jkppr in #3244

• Update SSH regex feature extraction by @jkppr in #3245

• Remove duplicate import by @Annoraaq in #3247

• Fix problems with field selection for visualizations by @jkppr in #3249

• Resolve unsoundness caught by pytype --strict-none-binding. by @hnbdgr379 in #3250

• Add nl2q config to dev container by @jkppr in #3253

• Fix pytype error in TS API client by @jkppr in #3255

• Adding postgres database connection to tsdev.sh by @jkppr in #3256

• Update frontend dependencies & UI build by @jkppr in #3266

• Fix: Handle "query_shard_exception" in OpenSearch error handling by @jaegeral in #3272

• Refactor LLM manager so that users can configure an LLM provider per feature by @itsmvd in #3278

• Add ability to delete a Story from the UI by @itsmvd in #3284

• UI frontend-ng build by @jkppr in #3288

• Upgrade frontend-ng node to v20 by @jkppr in #3292

• TagList bug fix by @jkppr in #3291

• Fix tests for intel metadata by @tomchop in #3293

• Refactor: Move ./test_data/ to dedicated ./tests/test_data/ directory by @jaegeral in #3270

• Bugfix in llm_summarize and introduce initial tests by @itsmvd in #3296

• V3 user avatar app bar by @Annoraaq in #3236

• V3 sketch list by @Annoraaq in #3240

• V3 sketch page by @Annoraaq in #3242

• V3 update tsdev by @Annoraaq in #3251

• V3 event bus by @Annoraaq in #3259

New Contributors

• @hnbdgr379 made their first contribution in #3250

Full Changelog: 2024112...2025011

20241129

What's Changed

• Add document/page title for sketches by @itsmvd in #3210
• [Tagger Analyzer] AWS cloudtrail config by @raihalea in #3224
• Fix: Correctly handle dynamic tags without modifiers by @jkppr in #3211
• Frontend v3 Scaffold by @berggren in #3188
• Change icon for opening TI view. by @jkppr in #3213
• Provide actionable error message for complex search queries by @jkppr in #3233
• Update location of tsdev.sh in docs by @itsmvd in #3209
• Update getTimelineFields to return union of Timeline fields by @sydp in #3203
• Upgrade unfurl and aiplatform dependencies by @jkppr in #3215
• Fix broken unit test workflows by @jkppr in #3231
• Bump happy-dom from 12.10.3 to 15.10.1 in /timesketch/frontend-ng in the npm_and_yarn group by @dependabot in #3222
• Bump cryptography from 43.0.0 to 43.0.1 in the pip group by @dependabot in #3176
• Fix: Resolve pytype --strict-none-binding issue in the api client by @jkppr in #3214
• Added Sigma mapping for certificateservicesclient-lifecycle-system by @pyllyukko in #3223
• Add a warning snackbar by @jkppr in #3234

New Contributors

• @pyllyukko made their first contribution in #3223

Full Changelog: 2024100...2024112

20241009

⚠️ Note ⚠️
Upgrading to this Timesketch version requires a database upgrade!
See https://timesketch.org/guides/admin/upgrade/ for more details.

What's Changed

• Add query string filtering to Visualizations by @sydp in #3182
• DFIQ Analyzer Implementation by @jkppr in #3178
• Add --skip-create-user option to enable non-interactive deployments by @raihalea in #3194
• Enable passing on auto-run analyzers parameter when using importer library by @YiChiCanCode in #3143
• Prevent opensearch from aggregating across all indices. by @jkppr in #3192
• [CLI] export archive and unarchive a sketch by @jaegeral in #3174
• Adding unittests for several csv import related timestamp / datetime edge cases by @jaegeral in #3177
• [tests] attempt to add more unit tests and e2e tests for import of vari… by @jaegeral in #3179
• Smaller refactoring, adding readmes to folders by @jaegeral in #3183
• move the tests_events folder to tests by @jaegeral in #3185
• [Tech dept] update contrib readme, update utils readme and move tsdev from contri… by @jaegeral in #3186
• Remove analyzer_run.py by @jaegeral in #3187
• 2024 09 spelling by @jaegeral in #3181
• Update the sigma_events.csv reference by @emmanuel-ferdman in #3196
• Fix analyzer parsing auth events by @dfjxs in #3190

New Contributors

• @YiChiCanCode made their first contribution in #3143
• @raihalea made their first contribution in #3194
• @emmanuel-ferdman made their first contribution in #3196
• @dfjxs made their first contribution in #3190

Full Changelog: 2024082...2024100

20240828

⚠️ Note ⚠️
Upgrading to this Timesketch version requires a database upgrade!
See https://timesketch.org/guides/admin/upgrade/ for more details.

What's Changed

• DFIQ card redesign and AI query UI by @berggren in #3157
• Add visualizations to stories by @sydp in #3129
• Enable/Disable Scenarios via system settings by @jkppr in #3169
• Support for DFIQ v1.1 by @berggren in #3163
• Fix: Handle special characters in queries and filter chips by @jkppr in #3168
• API Client: Add investigative question handling. by @jkppr in #3144
• Bumping google-auth version from 1.7.0 to 2.32.0 by @yohandiaz in #3133
• Fix table row height in Firefox by @Annoraaq in #3139
• Bump the pip group across 1 directory with 4 updates by @dependabot in #3097
• Add timeline selection to visualization editor by @sydp in #3140
• Adding a dependabot.yml by @jkppr in #3142
• Add timeline rename functionality to timesketch cli tool by @jaegeral in #3156
• CLI client: timeline delete by @jaegeral in #3158
• CLI client: Change timeline color for a given timeline by @jaegeral in #3159
• tsctl - variable is referenced before assignment search_templates by @jaegeral in #3162
• API client: Update scenario handling for dfiq 1.1 schema by @jkppr in #3161
• API client: Adjust list/add scenarios & questions function for new dfiq 1.1 backend by @jkppr in #3165
• Error handling for DFIQ data import by @jkppr in #3170

New Contributors

• @yohandiaz made their first contribution in #3133

Full Changelog: 2024071...2024082

20240717

What's Changed

• ApexChart based visualizations by @sydp in #3040
• Create new NL2Q API. by @dianakramer in #3073
• Prompt V2 for NL2Q by @lrosique in #3122
• MISP analyzer update by @DavidCruciani in #3106
• Adding csv export to tsctl analyzer-stats by @jkppr in #3095
• Remove old style indexes (UI) by @Annoraaq in #3091
• Remove duplicative flush() call to address issue 2796. by @mari0d in #3115
• Correct timeline_name length error message by @itsmvd in #3099
• API Search Client max entries bug and standardize property usage by @jawilson0502 in #3101
• Add only tags created by an analyzer to the output by @jkppr in #3108
• Fix UI bug for archived sketches by @jkppr in #3110
• Merge multiple intelligence attributes if present by @tomchop in #3113
• yetiindicators.py: More precise queries when looking for SHA256 indicators by @tomchop in #3117
• Changes to the Yeti Indicators analyzer by @tomchop in #3118
• Improved error handling for closing index by @jkppr in #3123
• Update Opensearch to 2.15.0 by @jkppr in #3125
• Bump the npm_and_yarn group across 2 directories with 1 update by @dependabot in #3126
• UI build 20240717 by @jkppr in #3127

New Contributors

• @dianakramer made their first contribution in #3073
• @jawilson0502 made their first contribution in #3101
• @lrosique made their first contribution in #3122
• @mari0d made their first contribution in #3115

Full Changelog: 20240508.1...2024071

20240508.1

What's Changed

• Bug-Fix analyzers fetching active sessions by @jkppr in #3093

Full Changelog: 2024050...20240508.1

20240508

What's Changed

• Save searches without results by @jkppr in #3060
• Bump nginx version by @jkppr in #3077
• tsdev.sh update by @rocketeeer in #3081
• Support for observables in Yeti analyzers by @tomchop in #3061
• Added check to invalid API endpoints to close issue #3005 by @TedmanNguyen in #3058
• Updating the documentation by @jkppr in #3057
• Remove sigma_rule_status.csv from Installation Helper Scripts by @Aevyz in #3063
• Update api-upload-data.md by @berggren in #3068
• Fix tsctl on a prod deployment by @jkppr in #3088
• UI build 20240508 by @jkppr in #3089

New Contributors

• @Aevyz made their first contribution in #3063
• @rocketeeer made their first contribution in #3081
• @TedmanNguyen made their first contribution in #3058

Full Changelog: 2024032...2024050

20240328

Note
Upgrading to this Timesketch version requires a database upgrade!
See https://timesketch.org/guides/admin/upgrade/ for more details.

What's Changed

• DFIQ new UI and navigation by @berggren in #3041
• User profile and settings support by @berggren in #3048
• Enhancements to Yeti indicators by @tomchop in #3038
• More precise field selection when searching by @tomchop in #3044
• Use subqueryload to make loading events with comments faster by @tomchop in #3049
• Improvements to the sigma handling by @tomchop in #3050
• Update run_analyzers in the api client by @jkppr in #3037
• Fix a bug in the feature_extraction analyzer by @jkppr in #3047

Full Changelog: 2024020...2024032

20240207

What's Changed

• Collapsable left panel by @berggren in #3008
• Support for Large Language Model (LLM) services by @berggren in #3019
• Implement user management (create, list, get) via API by @lo-chr in #3024
• Setup frontend unit tests with vitest by @Annoraaq in #3013
• Fix failing Plaso uploads after 6 months by @jkppr in #3017
• Fix error handling in the API client by @jkppr in #3006
• Add optional TLS verification by @tomchop in #3016
• Yeti analyzer fix: use session object by @tomchop in #3020
• Adjust query for Yeti indicators by @tomchop in #3009
• Mark events with indicator's relevant_tags (Yeti) by @tomchop in #3022
• Bump cryptography from 41.0.4 to 41.0.6 by @dependabot in #2998
• SQLalchemy upgrade - step one by @berggren in #2979
• Fix: get and use access token for Yeti by @tomchop in #3010
• Adding form validation to prevent names > 255 char. by @jkppr in #3026
• Update black formatting by @jkppr in #3031
• Timesketch API client: Adding type check to prevent error. by @jkppr in #3030
• Fix double escaping in sigma_util causing yaml.parser.ParserError by @lo-chr in #3028
• Move "old UI" button by @jkppr in #3033
• UI build 20240207 by @jkppr in #3035

New Contributors

• @lo-chr made their first contribution in #3028

Full Changelog: 2023120...2024020