The French chefs of TheHive Project code kitchen have been pretty busy as of late. After updating most Cortex analyzers and adding PassiveTotal, we have released TheHive4py 1.0.0 last week, shortly followed by a minor update to this new Python API client for you favorite Security Incident Response Platform. Last week, we have also published Cortex 1.0.1. And here comes Buckfast 1 (TheHive 2.10.1).
This new release fixes a regression introduced by the previous one where the Flow, our Twitter-like live stream feature, won’t open in a new window. Buckfast 1 also fixes an issue related to newly added observable datatypes that non-admins can’t use unless TheHive service is restarted.
Moreover, the OTXQuery analyzer will now display an error in the long report in case the job fails. Pagination buttons were also introduced at the top of a case’s task list to make it easier for analysts to sift through tasks. We have also removed the Run all analyzers button next to each observable in the observables tab. We deemed this change necessary to avoid cases where analysts would hit it without really thinking about what they are doing. For certain datatypes this could run all of the current 13 analyzers, some of which need a subscription and may eat the team’s query quota pretty fast.
Buckfast 1 can be run from any URL path and not just from the root directory. It will also close all open tasks in merged cases as they are absorbed in the new case resulting from the merge operation. We have fixed other things and added some additional minor features. Please consult the full changelog.
If you are running Buckfast 0 or a previous version, please follow the updating instructions. It is actually extremely simple to update TheHive. If you are doing a fresh installation, we have you covered as well.
Bon appétit !