[Breaking change] mquery now users typedconfig library instead of the previous config.py file.
- if you deployed mquery using docker (configurable by environment variables) then no action is required and this is backwards-compatible for you
- if you deployed mquery natively using the default configuration, no action is required
- finally, if you deploy mquery natively and changed the default config.py, you will have to create a mquery.ini file with your config. The format is very simple. Example of a complete config file (there are only 4 possible configuration keys supported currently. All are optional):
[redis]
host=localhost
port=6379
[mquery]
backend=tcp://localhost:9281
plugins=
- It's now possible to limit the number of YARA-scanned files (#339)
- It's now possible to disallow running slow queries (#315, #312)
- Added a configurable /about page, to describe your instance (#341)
- Daemon now has a --scale flag, to automatically fork into mutliple processes (#298)
- More flexible user roles (#350, #314)
- Mquery component documentation (#334)
- YARA support documentation (#333)
- S3 support documentation (#327)
- Progress bar now shows more information (#345)
- Counter race condition fixed (#348)
- Bootstrap update and following fixes (#346,
- A big backend improvement - jobs are now scheduled using the RQ framework (#317)
- Exceptions thrown during filtering with plugins are now handled correctly (#317)
- Login is now faster - there are no unnecessary redirects (#322)
- /about route fixed (#343)
- Indexing script won't skip the last few files anymore (#328)
- Actually raise errors from the API (#311)
- Fix multi-agent job completion (#282)
- Dockerignore and Gitignore updated (#344)
- Some obsolete features removed from the codebase (#330, #313, #306)
- User accounts with OIDC (#250, #251, #252, #253, #255, #258, #266, #265, #274, #276, #278, #280)
- Multiselect for sample tags (#164)
- Ctrl+enter now submits a job in the query window (#217)
- Added a button to copy all matched hashes (#239)
- A bit better support for Yara rules:
- Remove ursadb repository as a submodule (#277)
- Automatically build and push docker images on merge (#262)
- Various refactoring changes, like (#199) or #245
- Results streaming (first results appear faster) (#59)
- Support for distributed Ursadb in the backend (#119)
- Powerful plugin support (See the documentation)
- Configurable from the web UI (#132)
- Support for Ursadb tags (for example, to tag collections as benign or malicious) (#44)
- Use Monaco IDE as yara editor (#109)
- Results view improvements issue #82
- Status page improvements:
- Display file count along with dataset size (#91)
- Filter jobs by author, status and others (#152)
- Show number of errors (for example, missing files) per job (#148)
- Much better Yara support (issue #41):
- Use FastAPI framework, instead of Flask to improve performance and get API documentation for free
- Document the API and add swagger UI to
/docs
endpoint - Cache parsed Yara rules
- Batch files when matching yara rules, to improve performance
- Much better workflow for new contributors (#47)
- Various utility scripts (#134), including command line query tool (#168)
- Improved documentation
Web interface was rewritten in React
First public release