Current ThreatQ Version Filter

Change Log

Component	Version	Updates
App	3.0.2	Added support for Splunk 10.0.x (Enterprise and Cloud).
Add-On	3.0.2	Added support for Splunk 10.0.x (Enterprise and Cloud).
App	3.0.1	Removed the `sort` parameter for the attributes API call used in threatqconsumeindicatorsnew and threatqconsumeindicators custom commands.
Add-On	3.0.1	Resolved an issue with the App dashboard where the 24 hour count widget always displayed 0.
App	3.0.0	Resolved Splunk cloud compatibility issues. Added support to perform bulk indicator lookup. Added two new configuration tabs: Splunk Custom Fields Splunk Forwarder Added the ability to fetch latest indicators from ThreatQ to Splunk through the App - see the Splunk Forwarder section under Configuration chapter for further details. Renamed the Custom Attributes and Custom Fields parameters to ThreatQ Custom Attributes and ThreatQ Custom Fields. Relocated these updated fields to the new Splunk Custom Fields tab. Added ThreatQ Custom Attributes Added support to send custom fields to ThreatQ from Splunk. Added support to send Datamodel name and latest raw event to ThreatQ. Added support for Splunk Enterprise and Cloud versions 9.3.x and 9.4.x. Updated the minimum ThreatQ version to 5.11.0
Add-On	3.0.0	Resolved cloud compatibility issues. Resolved a data case sensitivity issue. Added support for Splunk Enterprise and Cloud versions 9.3.x and 9.4.x. Updated the minimum ThreatQ version to 5.11.0
Guide Update	2.8.0 rev-A	Added User Capabilities section to the Role-Based Permissions chapter.
App	2.8.0	Resolved a connectivity issue by using requests library. Updated Splunk compatibility versions to Splunk (Enterprise or Cloud) 9.1.x and 9.2.x.
Add-On	2.8.0	Upgraded Add-on Builder framework version to 4.2.0. Resolved a KV Store connectivity issue by replacing session key with credentials and requests library. Updated Splunk compatibility versions to Splunk (Enterprise or Cloud) 9.1.x and 9.2.x.
App	2.7.0	Updated the app for Splunk SDK updates. Resolved application inspection warnings.
Add-On	2.7.0	Updated the Builder framework version to 4.1.3. Updated the Splunk compatibility versions for the add-on to Splunk Enterprise 9.0.x and 9.1.x.
App	2.6.0	Added new Configuration tab for ThreatQ Account and App settings. The app can be configured to communicate directly with your ThreatQ instance. Previously, authentication with your ThreatQ instance was performed by the add-on. Added Splunk Web URL field to the ThreatQ Account tab. Added two new Threat Dashboard widgets: Indicators Malware Family Distribution and Indicators with Sightings Malware Family Distribution. Resolved an issue where Add-on logs could not be viewed in the app. Added Workflow Actions and Alert Actions from the add-on to the app. Added new workflow action: ThreatQ: Update Indicator Status with options from the lookup. Options for the ThreatQ Update Indicator Status alert action will now populate from the lookup. This action supports all statuses, including custom, that can be pulled from the ThreatQ instance. Removed the ThreatQ: Add to Whitelist workflow action. Removed the Verify SSL Certificate checkbox under Configuration. Splunk version 8.2.x has been removed from the compatibility list as it is no longer supported by Splunk.
Add-On	2.6.0	Migrated Workflow Actions and Alert Actions to the app. The Add-on is no longer required to be installed on the search head as a dependency for the app. Removed usage of Proxy while checking KVStore status. Restricted initial data collection to last 90 days. Removed the Verify SSL Certificate checkbox under the KVStore configuration.
Add-On	2.5.1	Minor bug fix.
App	2.5.0	Upgraded the JQuery bundled with the app to version 3.5.0. Fixed an issue where `threatq_update_retired_indicators` failed if ingested object attributes included the `$` and `.` special characters. Additional data validation has been added to the custom fields/attributes on the configuration page. Updated app to support Splunk versions to 8.1.x and 8.2.x.
Add-On	2.5.0	Updated the add-on to AOB 4.1.0. Fixed an issue where indicators with null values would cause kvstore data to be belated. Updated add-on to support Splunk versions to 8.1.x and 8.2.x.
App	2.4.1	Fixed the following issues: Updated_at information was not being populated in the kvstore. The tstats search failed to execute in certain instances due to a typo in a search variable. Updating the search to the Datamodel tstats search failed to disable older searches. Custom fields with spaces were not handled correctly in the kvstore. In some instances, existing custom attributes failed to load upon upgrading to version 2.4.1. If you encounter this issue, you should re-save your app configuration. The UI text in the Setup Dashboard page had a small typo.
Add-On	2.4.1	The Whitelisted status has been removed as a default status when creating a new input configuration. The default status is now Active.
App	2.4.0	Added Datamodel tstat Search option for Matching Algorithm Configuration. Added new macro, `threatq_match_fields`, that will allow you to match on specific fields. Added new macro for Raw Matching, `threatq_match_base_query`, that allows you to alter the base query for matching. Added two new fields to the Splunk Setup Dashboard: Custom Attributes Configuration - Allows you to include custom attributes that will be exported from ThreatQ using a comma-separated list. Custom Fields Configuration - Allows you to include custom fields that will be exported from ThreatQ using a comma-separated list. Updated the datamodel search queries to support chunking. The default chunk size is 50,000.
Add-On	2.4.0	Fixed an issue where attempting to fetch import-timeout resulted in a 401 error in the heavy forwarder. Added custom fields and custom attributes support to the KVStore.
App	2.3.0	Fixed an issue which caused certain datamodel searches to not complete. Fixed an issue where saved searches would fail if events had Chinese characters. Upgraded the Splunklib.
App	2.2.0	A Hostname configuration field has been added to the Setup page. This value will be used as a Source Attribute when calling consume endpoints. Saved Searches have been staggered to prevent encountering concurrent search limitations. Added a Malware family attribute field to the KVStore. Added partial URL matching support for Datamodel searches. Combined saved searches for Datamodel to have only a single search per Datamodel.
Add-On	2.3.0	Fixed an authentication issue with the KVStore configuration. Malware family data, if available for ThreatQ indicators, will now be stored in the KVStore. The localhost Username and Password dependency for the KVStore data collection has been removed.
App	2.1.0	Added new Indicator Dashboard. Added ability to use KVStore for saving data. Added Info tab to dashboards page with the following options/shortcuts: Add Indicator Lookup Indicator View Application Logs Edit App Configurations Fixed an issue where no sightings were generated for domain object types within Splunk. Fixed an issue with data listed in multi-valued fields.
Add-On	2.2.0	Added new Splunk KVStore Rest configuration tab. This configuration tab is required if users save data to KVStore. Additional options Enable Index and Pull all Indicators available under input configuration.
Add-On	2.1.0	Import timeout is now configurable from UI. Pagination support for initial import of ThreatQ data. Updated default frequency for ThreatQ Exports from 300 to 900.
App	2.0.0	Python 3 Support - ThreatQuotient App for Splunk is now compatible with Python 3. Supported versions include: Splunk 7.2.x Splunk 7.3.x Splunk 8.X (Python 2) Splunk 8.X (Python 3)
Add-On	2.0.0	Python 3 Support - ThreatQuotient Add-on for Splunk is now compatible with Python 3. Supported versions include: Splunk 7.2.x Splunk 7.3.x Splunk 8.X (Python 2) Splunk 8.X (Python 3) Resolved an issue where creating an indicator in Splunk would occasionally result in the creation of an indicator with an incorrect type within the ThreatQ platform.