Skip to content

Release/v11.2.1#1602

Merged
osmontero merged 146 commits intov11from
release/v11.2.1
Jan 21, 2026
Merged

Release/v11.2.1#1602
osmontero merged 146 commits intov11from
release/v11.2.1

Conversation

@mjabascal10
Copy link
Contributor

@mjabascal10 mjabascal10 commented Jan 21, 2026

PLEASE READ BEFORE CONTINUING

To help us understand your contribution, please include the following in your pull request:

  • A detailed explanation of the changes you've made.
  • The reasoning behind these changes.
  • A reference to the issue that this pull request addresses.

elmilan06 and others added 30 commits December 30, 2025 18:55
@elmilan06
feat: add sql query hints to code editor
ffd4ea5
@elmilan06
feat: add SQL query suggestions to code editor
988c2cb
@elmilan06
Merge remote-tracking branch 'origin/v11' into backlog/add-sql-hints-…
0e8fb4d 
…to-code-editor
@mjabascal10
feat(application-event): enhance logging and update index for applica…
7356807 
…tion events
@JocLRojas
update windows-events filter
2ae1190
@JocLRojas
feat(plugins): add new CrowdStrike plugin to collect and process secu…
536049d 
…rity events from CrowdStrike Falcon platform
@elmilan06
feat: add sql query hints to code editor
48669ac
@elmilan06
feat: add SQL query suggestions to code editor
29ae488
@elmilan06
feat: enhance SQL query suggestions in code editor with limits and ag…
603aa81 
…gregation examples
@elmilan06
feat: enhance SQL query suggestions in code editor with limits and ag…
4f00f34 
…gregation examples
@elmilan06
Merge remote-tracking branch 'origin/backlog/add-sql-hints-to-code-ed…
74ca16f 
…itor' into backlog/add-sql-hints-to-code-editor

# Conflicts:
#	frontend/src/app/shared/components/code-editor/components/query-suggestions/query-suggestions.component.ts
@mjabascal10
feat(crowdstrike): add integration procedures and configuration for C…
a2fddcd 
…rowdStrike module
@mjabascal10
Merge remote-tracking branch 'origin/release/v11.2.0' into release/v1…
b59e62e 
…1.2.0
@mjabascal10
feat(crowdstrike): add integration procedures and configuration for C…
c9feb28 
…rowdStrike module
@mjabascal10
feat(crowdstrike): implement CrowdStrike integration guide and update…
cd0dc57 
… logs display

Signed-off-by: Manuel Abascal <mjabascal10@gmail.com>
@mjabascal10
Merge remote-tracking branch 'origin/release/v11.2.0' into release/v1…
2573211 
…1.2.0
@JocLRojas
add the CrowdStrike plugin build and push it into the event processor…
f48e2a5 
… image
@elmilan06
fix: Incorrect cursor behavior in SQL Query Editor
3328901
@elmilan06
fix: Incorrect cursor behavior in SQL Query Editor
293def6
@elmilan06
Merge remote-tracking branch 'origin/backlog/add-sql-hints-to-code-ed…
377193e 
…itor' into backlog/add-sql-hints-to-code-editor
@elmilan06
fix: Incorrect cursor behavior in SQL Query Editor
f9f2fdf
@mjabascal10
Merge pull request #1553 from utmstack/backlog/add-sql-hints-to-code-…
a022f65 
…editor

Backlog/add sql hints to code editor
@mjabascal10
fix(crowdstrike): standardize configuration keys for CrowdStrike module
f3a1ff0
@mjabascal10
feat(crowdstrike): implement CrowdStrike integration guide and update…
efca0f2 
… logs display

Signed-off-by: Manuel Abascal <mjabascal10@gmail.com>
@JocLRojas
fix(crowdStrike): fixed configuration parameter names to maintain com…
7645f19 
…patibility.
@JocLRojas
Merge branch 'release/v11.2.0' of https://github.com/utmstack/UTMStack
0378f3a 
…into release/v11.2.0
@mjabascal10
Merge remote-tracking branch 'origin/release/v11.2.0' into release/v1…
8330f12 
…1.2.0
@JocLRojas
Merge branch 'release/v11.2.0' of https://github.com/utmstack/UTMStack
959f122 
…into release/v11.2.0
@JocLRojas
fix(crowdStrike): fixed informational message to follow standard catcher
fed0e4b
@mjabascal10
Merge remote-tracking branch 'origin/v11' into release/v11.2.0
8bfedba
Kbayero and others added 25 commits January 20, 2026 10:44
@Kbayero
fix[ci/cd]: allow agent manager build
c85ec15
@mjabascal10
Merge remote-tracking branch 'origin/release/v11.2.1' into release/v1…
00b5780 
…1.2.1
@mjabascal10
Merge remote-tracking branch 'origin/release/v11.2.1' into release/v1…
1b958d6 
…1.2.1
@Kbayero
fix[plugins]: update threatwinds go-sdk to v1.1.7
70fa4e3
@mjabascal10
fix(compliance-export): update loading state class and enhance time f…
a1ccb23 
…ilter handling

Signed-off-by: Manuel Abascal <mjabascal10@gmail.com>
@mjabascal10
Merge remote-tracking branch 'origin/release/v11.2.1' into release/v1…
0e6bb01 
…1.2.1
@mjabascal10
feat(correlation-rules): add rule_group_by_def to support grouping in…
e9b4112 
… correlation rules
@mjabascal10
Merge remote-tracking branch 'origin/release/v11.2.1' into release/v1…
bf386ad 
…1.2.1
@mjabascal10
feat(rule-management): refactor deduplication fields into fields sele…
1977726 
…ctor component

Signed-off-by: Manuel Abascal <mjabascal10@gmail.com>
@mjabascal10
fix(app-management-sidebar): comment out unused links for user access…
f9dc7e9 
… audit and application logs

Signed-off-by: Manuel Abascal <mjabascal10@gmail.com>
@mjabascal10
feat(rule-management): refactor deduplication fields into fields sele…
f0bb9f7 
…ctor component

Signed-off-by: Manuel Abascal <mjabascal10@gmail.com>
@mjabascal10
Merge remote-tracking branch 'origin/release/v11.2.1' into release/v1…
21514d4 
…1.2.1
@mjabascal10
feat(correlation-rules): add rule_group_by_def to support grouping in…
210a378 
… correlation rules
@mjabascal10
Merge remote-tracking branch 'origin/release/v11.2.1' into release/v1…
229d8be 
…1.2.1
@osmontero
refactor(plugins): standardize error handling by replacing `fmt.Error…
8232fde 
…f` with `catcher.Error`, ensure functions return errors where applicable, and improve file resource management
@osmontero
refactor(plugins): enhance error handling for database operations and…
9f75aec 
… variable parsing in `config` plugin
@osmontero
Merge remote-tracking branch 'origin/release/v11.2.1' into release/v1…
6b1da4e 
…1.2.1
@osmontero
feat(plugins): add groupBy support to rules configuration and datab…
69d7629 
…ase queries
@osmontero
chore(docs): remove UTMStack/rules/README.md file
cbcbb44
@mjabascal10
feat(correlation-rules): update URLs and add rule status filter
afe2209
@mjabascal10
Revert "feat(correlation-rules): update URLs and add rule status filter"
01907ea 
This reverts commit afe2209.
@mjabascal10
feat(property-filter): add rule status to property filter options
a356075
@mjabascal10
Merge remote-tracking branch 'origin/release/v11.2.1' into release/v1…
48f1df1 
…1.2.1
@mjabascal10
feat(rule-filters): enhance rule filters with status and formatting o…
53dce17 
…ptions

Signed-off-by: Manuel Abascal <mjabascal10@gmail.com>
@mjabascal10
Merge remote-tracking branch 'origin/release/v11.2.1' into release/v1…
4a6d188 
…1.2.1
@mjabascal10 mjabascal10 requested a review from Copilot January 21, 2026 15:17
Copilot AI reviewed Jan 21, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request implements release v11.2.1, which introduces a new ThreadWinds ingestion plugin, updates multiple plugins to use the latest SDK version (v1.1.7), and modernizes the codebase with improved error handling and logging practices.

Changes:

  • Added ThreadWinds ingestion plugin for processing UTMStack incidents/alerts
  • Updated all plugins to use go-sdk v1.1.7 and Go 1.25.5
  • Standardized error logging across plugins with process identification
  • Enhanced alert correlation with GroupBy functionality

Reviewed changes

Copilot reviewed 179 out of 239 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
plugins/threadwinds-ingestion/* New plugin for ThreadWinds threat intelligence integration
plugins/*/go.mod Updated Go version to 1.25.5 and dependencies to latest versions
plugins/*/main.go Modernized plugin initialization and added process identifiers to logs
plugins/alerts/main.go Enhanced correlation logic with deduplication vs grouping support
plugins/soc-ai/* Removed custom logger in favor of SDK catcher
plugins/config/main.go Added GroupBy field support in correlation rules
plugins/stats/main.go Refactored statistics tracking to handle multiple topics

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

plugins/sophos/check.go
if err != nil && is(err, exception) {
if !xErrorWasLogged {
_ = catcher.Error("An error occurred (%s), will keep retrying indefinitely...", err, nil)
_ = catcher.Error("An error occurred, will keep retrying indefinitely...", err, map[string]any{"process": "plugin_com.utmstack.sophos"})
Copy link

Copilot AI Jan 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The error message is generic and doesn't specify what error occurred. Consider making it more descriptive, e.g., 'Connection error occurred, will keep retrying indefinitely...'

Suggested change
_ = catcher.Error("An error occurred, will keep retrying indefinitely...", err, map[string]any{"process": "plugin_com.utmstack.sophos"})
_ = catcher.Error(fmt.Sprintf("An error matching %q occurred, will keep retrying indefinitely...", exception), err, map[string]any{"process": "plugin_com.utmstack.sophos"})

Copilot uses AI. Check for mistakes.
plugins/bitdefender/server/server.go
Comment on lines 99 to 100
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
Copy link

Copilot AI Jan 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The removal of PreferServerCipherSuites: true on line 102 may affect security behavior. Ensure this change is intentional and doesn't compromise the TLS configuration security posture.

Copilot uses AI. Check for mistakes.
plugins/alerts/main.go
bb.FilterTerm("name.keyword", alert.Name)

// Compile regex for array index stripping
reArrayIndex := regexp.MustCompile(`\.[0-9]+(\.|$)`)
Copy link

Copilot AI Jan 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The regex is being compiled inside the function which is called for every alert. Consider compiling this regex once at package level as a variable to avoid repeated compilation overhead.

Copilot uses AI. Check for mistakes.
@osmontero osmontero merged commit bc56320 into v11 Jan 21, 2026
21 checks passed
@osmontero osmontero deleted the release/v11.2.1 branch January 21, 2026 15:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@osmontero osmontero osmontero approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@mjabascal10 @osmontero @elmilan06 @JocLRojas @yllada @Kbayero