Changelog

Welcome to the deployment changelog! This page covers import configuration and deployment changes to keep your Triage instance up and running. New additions are added at the top.

  • [2024-08-14] Added Windows 11, localization instructions for Windows 10. Added new Linux VM YAMLs. The new files can be viewed here.

  • [2024-04-24] qemu was updated to version 8.2. It is recommended customers install qemu-hardened-8.2, run hatching-update, and run hatching-vms -newver build to regenerate their virtual machines. This update contains a number of bug and security fixes.

  • [2024-02-27] hatching-yara was updated from 4.0.5 to 4.3.2. Run the hatching-update command in case of dependency errors after upgrading the hatching-triage-processing package.

  • [2023-12-05] Updated Linux VM YAML script names. Multiple Linux VM YAML scripts have been renamed. The new files can be viewed here.

  • [2023-04-01] Ubuntu 18.04 is no longer supported. Support in the form of updates for Ubuntu 18.04 has ended. See Migrating from Ubuntu 18.04 for more information and help with migrating to Ubuntu 20.04.

  • [2023-02-15] The package repository public key expired on 2022-02-15. A new one must be downloaded and trusted to continue using the repository. See the documentation for the steps to follow.

  • [2022-10-06] Package repository signing key: the documentation now recommends that you download the public key to /etc/apt/trusted.gpg.d/hatching.gpg during installation, instead of using apt-key.

  • [2022-10-01] Ubuntu 18.04 will be deprecated at the end of March 2023. Support in the form of updates for Ubuntu 18.04 will then end. We recommend updating to 20.04. See Migrating from Ubuntu 18.04 for more information and help with migrating.

  • hatchvm: we've deprecated the use of "hatchvm generate" in favor of using hatching-vms. See Creating VM YAMLs and Deploying analysis VMs for the new method.

  • sandbox: the firewall implementation has migrated from iptables to nftables. On Ubuntu 18.04 this can cause issues if iptables rules exist that perform any NAT traffic actions. Ubuntu 18.04 users need to reboot or manually unload the iptables NAT kernel modules.

  • [2022-07-01] triage: we now ship recommended/built-in analysis profiles. Please remove the "profiles:" section from profiles.yaml for normal deployments. See Deprecated Triage profiles to migrate to the new format.

  • triage: backends should now be defined in backends.yaml instead of triage.yaml -> this change is backwards compatible. See Migrating backends to backends.yaml to migrate to the new backends.yaml.

  • triage: in triage.yaml auth/bind parameters should be set explicitly for each service (api_service / processing_service / metrics_service) instead of the deprecated api and processing keys. See also: Configuring Hatching Triage