Skip to content

Releases: mwielgoszewski/doorman

Doorman 0.6

05 Sep 11:48
@mwielgoszewski mwielgoszewski
v0.6
7548f8e
Compare
Choose a tag to compare
Doorman 0.6 Latest
Latest

This release introduces the ability to create rules to alert when new nodes are enrolled or existing nodes have gone offline. Knowing when nodes go offline is mainly useful in diagnosing issues with osquery installs, such as database corruption, process misbehavior, incompatibility, or uninstalls.

  • To notify when new nodes are enrolled, you can simply create a rule to alert on results with the query name doorman/tasks/node_enrolled and action equal to triggered.

  • To alert when a node goes offline, a separate task can be scheduled to run on a periodic basis using Celery Beat (by default, this is configured to run once per day, but must Beat must be running), which reports the time since last checkin, last result, and time between last checkin and last result. Rules can be created to alert on doorman/tasks/node_offline_checks, action equal to triggered, and any of since_last_result_days, since_last_result_seconds, since_last_checkin_days, since_last_checkin_seconds, since_last_checkin_to_last_result_days, since_last_checkin_to_last_result_seconds.

Changes:

  • Support for notifications when nodes newly enroll or have gone offline [#112 and #113]
  • Slack Alerter plugin [#121]
  • Support for Windows [#123]
  • Support for passing tags with enroll secrets [#128, #129]
  • Updated validation schema to be current with osquery v2.7.0 [#123]
  • Templated string emails [#124]
  • Vagrantfile for easy provisioning [#85]
  • Improved Docker support [#86, #96, #103, #107, #108]
  • Add interact.js as a dependency to bower [#93]
  • Support for custom osquery DDL validation [#94]
  • Support for osquery snapshot logs
  • Added Troubleshooting section to README
  • Flush after writing to log file in file logger plugin [#92]

Commits since last release

Commits to master since this release.

Assets 2
Loading

Doorman 0.5.1

25 Jul 13:33
@mwielgoszewski mwielgoszewski
v0.5.1
590da8e
Compare
Choose a tag to compare
Doorman 0.5.1

Fixes issue with CSV downloads on Python 3.

Commits since last release

Commits to master since this release.

Assets 2
Loading

Doorman 0.5

20 Jul 15:05
@mwielgoszewski mwielgoszewski
v0.5
472fb88
Compare
Choose a tag to compare
Doorman 0.5

This release adds an all new node learning capability that displays relevant information about a node. The information displayed about a node can be configured via the DOORMAN_CAPTURE_NODE_INFO setting, which accepts a list of tuples containing the column_name (as returned by osquery) and a label (what's displayed on the page). This learning functionality depends on nodes to execute and return results for queries containing those columns configured. Otherwise, missing values will be omitted from the node information page.

Additionally, the following is also included in this release:

  • An all new distributed query results view that shows the results of a distributed query (for all nodes) in single view
  • Added endpoint to download current node inventory (along with node information) as a CSV file
  • Doorman now captures the last IP address of a node
  • Support for marking a node as inactive
  • Support deploying Doorman to Heroku
  • Support for updating configured file paths for a file path category
  • Support for configuring a minimum status log level severity to retain via DOORMAN_MINIMUM_OSQUERY_LOG_LEVEL
  • Optional integration with Sentry via SENTRY_DSN to catch exceptions
  • Support for alerting to Sentry
  • Support for writing results to JSON log file, ready to be consumed by Logstash
  • Fix how integer/decimal column values were being compared by rules (Doorman now detects if compared values are numeric and coerces them to the appropriate number type)
  • Fix empty / not empty operator in rules
  • Fix greater / greater than / less / less than conditional logic (comparison needed to be flipped)
  • Fixed a bug that showed a node had not checked in for a while when in fact it had
  • Changed to a Bootstrap container-fluid layout, to take advantage of added screen real estate
  • Improved user experience by denoting with placeholders where tags may be entered in a free-form manner
  • Treat rule names and descriptions as string templates, allowing column and node information to supply values if applicable

Upgrading your Doorman instance:

  • Requires a database migration. Simply execute python manage.py db upgrade using the provided migration scripts.

Commits since last release

Commits to master since this release.

Assets 2
Loading

Doorman 0.4.2

07 Jun 12:49
@mwielgoszewski mwielgoszewski
v0.4.2
755fd4f
Compare
Choose a tag to compare
Doorman 0.4.2

This minor releases consists mainly bug fixes and enhancements:

  • Bug fix in rules and alerts when comparing column values with expected values
  • Docker support so you can get up and running even quicker
  • Included rule description in PagerDuty and Email alerts
  • Updated readme to include information on LDAP authentication
  • Display query results on nodes' recent activity page using vertical tabs
  • Sort tags alphabetically wherever they are displayed
  • Added scrollspy / sidebar navigation to Rules page

Commits since last release

Commits to master since this release.

Assets 2
Loading

Doorman 0.4.1 - security fix

31 May 13:40
@mwielgoszewski mwielgoszewski
v0.4.1
084b044
Compare
Choose a tag to compare
Doorman 0.4.1 - security fix

Doorman v0.4.1 release addresses a security flaw in Doorman. When using an authentication backend, an unauthenticated user may access a node's osquery status logs by browsing directly to the HTTP endpoint at https://<hostname>/manage/node/<node id>/logs.

  • Added @login_required decorator to the node logs endpoint

Commits since last release

Commits to master since this release.

Assets 2
Loading

Doorman 0.4

31 May 12:55
@mwielgoszewski mwielgoszewski
v0.4
7cd5c73
Compare
Choose a tag to compare
Doorman 0.4

Doorman v0.4 marks a pretty large release for us. In this release, we have:

  • Refactored rules with new operators, providing a more intuitive UI and experience when creating alerts.
  • Support for different authentication backends. Authentication may be now delegated to Doorman's builtin authentication, LDAP, or Google OAuth2.
  • Licensed the codebase as MIT.
  • Split the API and backend Manager components into their own separately deployable applications if one so desires.
  • Accept gzip content-encoding of messages via osquery's --logger_tls_compress command-line flag.
  • Accept HTTP PUT requests to API endpoints.
  • Configure a default set of tags to tag newly enrolled nodes with.
  • Friendlier error messages.
  • Pagination on the nodes and distributed query pages.
  • A view for reviewing status logs for nodes.
  • Fixed a bug with re-enrollment, due to misinterpretation of osquery docs (see #41).
  • Miscellaneous bug fixes.

Upgrading your Doorman instance:

  • Requires a database migration. Simply execute python manage.py db upgrade using the provided migration scripts.
  • Requires installing additional Javascript dependencies. Execute bower update to automatically install them.

Commits since last release

Commits to master since this release.

Assets 2
Loading

MVP Release

05 May 01:52
@mwielgoszewski mwielgoszewski
v0.3
307919e
Compare
Choose a tag to compare
MVP Release

In this release, we're rolling out with the following new features:

  • support for distributed queries
  • initial framework for rules and alerts
  • initial framework for logging plugins

Other features Doorman includes are:

  • osquery node enrollment
  • dynamic osquery configuration
  • tags support for nodes, packs, queries, and file_paths
Assets 2
Loading