Table of Contents
PVX API — Changelog #
Version 0.7.0
[0.7] #
Added #
- Support flatten function for
urltype. - Added new VLAN related fields. It is possible now to use the
operator
INwith a list of VLANs, For example,traffic FROM tcp WHERE 5 IN server.vlans.- Added new field client.vlans.
- Added new field server.vlans.
- Added new field source.vlans.
- Added new field dest.vlans.
- Added new field client.vlans.outer.
- Added new field server.vlans.outer.
- Added new field source.vlans.outer.
- Added new field dest.vlans.outer.
- Added new field client.vlans.inner.
- Added new field server.vlans.inner.
- Added new field source.vlans.inner.
- Added new field dest.vlans.inner.
- Added new field client.vlans.count.
- Added new field server.vlans.count.
- Added new field source.vlans.count.
- Added new field dest.vlans.count.
- Added new fields for time window exclusion:
- Added new field time_exclusion.business_hours.
- Added new field time_exclusion.maintenance_windows.
- Added new field time_exclusion.any.
- Added new fields for DNS-issued hostnames:
- Added new field client.hostname.
- Added new field server.hostname.
- Added new field source.hostname.
- Added new field dest.hostname.
- Added new field netflow.hostname.
Deprecated #
- Single VLAN fields are deprecated by fields containing lists of
VLANs.
- Deprecated field client.vlan.
- Deprecated field server.vlan.
- Deprecated field source.vlan.
- Deprecated field dest.vlan.
[0.6] #
Added #
- Added new endpoint query-cancel
- Support flatten function for
zone_idtype. - Added new time related fields:
- Added new field begin.
- Added new field end.
- Added new field request.begin.
- Added new field request.end.
- Added new field query.begin.
- Added new field query.end.
- Added new field page.begin.
- Added new field page.end.
Removed #
pointsfunction has been removed, field points should be used instead.
[0.5.1] #
Added #
- Added new field smb.md5
- Added new endpoint get-degradations
- Added new endpoint get-layers
[0.5] #
Added #
- Added new zone related fields:
- Added new field client.zone.id.
- Added new field server.zone.id.
- Added new field source.zone.id.
- Added new field dest.zone.id.
- Added new field client.error.zone.id.
- Added new field server.error.zone.id.
- Added new field source.error.zone.id.
- Added new field dest.error.zone.id.
- Added new field caller.zone.id.
- Added new field callee.zone.id.
- Added new field application.id.
- Add fields related to MD5 for HTTP
- Add new field request.payload.md5
- Add new field response.payload.md5
Changed #
- Add support for extended IP and MAC masks (
<ip>/<ip>,<mac>/<mac>). - Fix using
#(count) operator on complex fields. - Zone related changes:
- Renamed field
client.zoneto client.zone.name. - Renamed field
server.zoneto server.zone.name. - Renamed field
source.zoneto source.zone.name. - Renamed field
dest.zoneto dest.zone.name. - Renamed field
client.error.zoneto client.error.zone.name. - Renamed field
server.error.zoneto server.error.zone.name. - Renamed field
source.error.zoneto source.error.zone.name. - Renamed field
dest.error.zoneto dest.error.zone.name. - Renamed field
caller.zoneto caller.zone.name. - Renamed field
callee.zoneto callee.zone.name.
- Renamed field
- Renamed field
applicationto application.name.
[0.4] - 2020-05-27 #
Added #
- Added new field capture.hostname.
- Added new field caller.label.
- Added new field callee.label.
- Added new field client.ja3.
- Added new field server.ja3.
- Added new field source.ja3.
- Added new field dest.ja3.
Changed #
- Renamed field
captureto capture.id. - Clause
FROMis now mandatory. - Improve support for mac address querying:
- Able to match a mac address using both a continuous and non continuous mask.
- Create non continuous mask filtering for mac address.
- Implement
INoperation for mac address using a continuous mask.
- Order results in PVQL distinct sets.
- Add PVQL setting
limit_size_set = 100. - Implement
glob/iglobfunctions for applications. - Ignoring case when sorting by a string field.
- Fix can’t query dicts as values.
Removed #
- Removed field
storagefrom public API.