v0.16.0

Visit the Brim Download page to find the package for your OS platform.

• Update zq to v0.20.0
• Update Zeek to v3.2.0-dev-brim8 to take advantage of latest geolocation data (#1033)
• Fix an issue where the Back button brought the user to the wrong place (#1011)
• Fix an issue where opening/closing a Log Detail window during pcap import canceled the import (#1015)
• Sort field names in the column chooser alphabetically (#1012)
• Add a search tool in the column chooser to find field names (#1012)
• Fix an issue where clicking a link to ZQL docs opened an unusable window (#1030)
• Expand the wiki docs for troubleshooting pcap extraction issues (#1020)
• Fix an issue where the Packets button was not activating after scrolling down in the main events view (#1027)
• Add the ability to connect Brim to a remote zqd (#1007)
• Windows releases are signed, but you may see a warning popup when you run
  the installer (unlike our Mac/Linux releases). See Microsoft Windows beta limitations for details.

v0.15.1

Visit the Brim Download page to find the package for your OS platform.

• Update zq to v0.19.1 (fixes an issue with excess characters in Space names after upgrade)
• Fix an issue where opening Log Detail as the first action in a freshly-launched Brim threw an error (#1006)
• Windows releases are signed, but you may see a warning popup when you run
  the installer (unlike our Mac/Linux releases). See Microsoft Windows beta limitations for details.

v0.15.0

Visit the Brim Download page to find the package for your OS platform.

• Update zq to v0.19.0
• Update Zeek to v3.2.0-dev-brim7 to take advantage of latest geolocation data (#999)
• Use blue background color for clicked rows in main event view (#971)
• Fix an issue with brief white flashes during import auto-refresh (#972, #995)
• Fix an issue where double-clicking across two different rows acted like the second row had been double-clicked (#973)
• Adjust the amount of space consumed by the import progress bar (#980)
• Improve automatic Space naming during import (#984)
  • The .brim suffix is no longer added
  • If the presumed Space name already exists, a numeric suffix is added instead of rejecting the import due to the colliding Space name
• Add wiki docs for how to create a customized Zeek from Brim Zeek artifacts (#978)
• Fix an issue where right-click operations on field values containing backslashes produced invalid ZQL (#993, #996)
• Make links on the Import page tabbable (#997)
• Windows releases are signed, but you may see a warning popup when you run
  the installer (unlike our Mac/Linux releases). See Microsoft Windows beta limitations for details.

v0.14.0

Visit the Brim Download page to find the package for your OS platform.

• Update zq to v0.18.0
• Add geolocation data to Zeek conn logs generated from imported pcaps (#959, #957, #935)
• Add developer documentation for adding internal state migrations (#921)
• Restore the scroll position when going back to prior search results (#929)
• Add the Zealot Client for communicating with zqd via the REST API (#934)
• Add support documentation explaining where Brim stores debug logs (#939, #943)
• Fix an issue where records nested more than one level deep were not working correctly in Brim (#937)
• Improve the Column Chooser (#925, #953)
• Fix an issue where deleting a History entry incorrectly triggered its execution (#951)
• Expose React/Redux DevTools when in developer mode (#956)
• Windows releases are signed, but you may see a warning popup when you run
  the installer (unlike our Mac/Linux releases). See Microsoft Windows beta limitations for details.

v0.13.1

Visit the Brim Download page to find the package for your OS platform.

• Ensure left panel is open by default, even on upgrades (#918)
• Windows releases are signed, but you may see a warning popup when you run
  the installer (unlike our Mac/Linux releases). See Microsoft Windows beta limitations for details.

v0.13.0

Visit the Brim Download page to find the package for your OS platform.

• Update zq to v0.17.0
• Add a "View in context" right-click option to zoom out to unfiltered data (#894)
• Rework left panel to include Space selection and have it open by default (#903, #857, #909, #913)
• "New version" notification on Linux now points to the Brim website download page (#914)
• Windows releases are signed, but you may see a warning popup when you run
  the installer (unlike our Mac/Linux releases). See Microsoft Windows beta limitations for details.

v0.12.0

Visit the Brim Download page to find the package for your OS platform.

• Update zq to v0.16.0
• Windows releases are signed, but you may see a warning popup when you run
  the installer (unlike our Mac/Linux releases). See Microsoft Windows beta limitations for details.

v0.11.0

Visit the Brim Download page to find the package for your OS platform.

• Update zq to v0.15.0, which fixes an issue with ZNG export
• Update Zeek to v3.2.0-dev-brim3, which adds JA3 and HASSH support for pcaps imported into Brim (#861)
• Provide notification on Linux when a new Brim version is available for download (#870)
• Windows releases are signed, but you may see a warning popup when you run
  the installer (unlike our Mac/Linux releases). See Microsoft Windows beta limitations for details.

v0.10.0

Visit the Brim Download page to find the package for your OS platform.

• Update zq to v0.14.0
• Update Zeek to v3.2.0-dev-brim2, with the following platform specific changes:
  • Windows: importing pcaps is much faster than previous releases
  • macOS: importing pcaps no longer works on macOS versions prior to 10.14. (#819)
  • Linux: support importing pcapng formatted captures
• Allow processing of pcaps with a custom Zeek version (#771, #732, #807, #783, wiki)
• Format timestamps as IS08601 by default, and add a Preferences option to change format (#766)
• Fix an issue where spaces were not deleted when quitting during pcap import (#780)
• Migrate app state (such as Search History) upon upgrading rather than clearing it, starting with upgrades from v0.9.1 (#787, #793, #782, #821, #823)
• Add a Preferences option to change the Data Directory location (#794)
• Allow exporting of search results to a ZNG file (#802, #827)
• Fix an issue where clicking the Choose buttons in the Preferences menu would hang the app (#816)
• Add the ability to rename a Space via right-click (#806, #831)
• Fix an issue where a JSON typing configuration could not be selected in Preferences (#818)
• Fix an issue where old error messages were left behind after exiting Preferences (#829)
• Windows releases are signed, but you may see a warning popup when you run
  the installer (unlike our Mac/Linux releases). See Microsoft Windows beta limitations for details.

---

Here's a narrative version of the important highlights:

We're excited to introduce the new Zeek version. We did a lot of work getting our first Windows port of Zeek finished for the initial Brim release a couple months back, but it was a little rough around the edges because it was based on Cygwin. Because of that, it ran slow and had to use some clunky pcap libraries. This new release uses MinGW instead of Cygwin and hence runs much faster, and also is able to leverage modern libpcap. Our changes for Windows are also submitted upstream to Zeek and are starting to be merged in mini PRs, so we're hopeful one day we'll be able to bundle "a GA version of Zeek that happens to run on Windows" rather than our own port. Please track and 👍 zeek/zeek#951 if you're interested in the ongoing Windows efforts.

The "custom Zeek version" (aka "bring your own Zeek") is some cool stuff as well. While we bundle a specific Zeek release with Brim for ease of use, we've heard from users who want to run their own customized Zeek versions and/or use Brim to create/debug Zeek scripts that they're creating in their local Zeek dev environments. With this new support, you can go into the Preferences menu in Brim and point at a simple "Zeek runner" script that runs your pcaps through the Zeek of your choosing, and you're off and running. See the Zeek Customization wiki article for details.

The part about "migrating app state" should be a relief for anyone who was frustrated by having their Search History cleared out when they upgrade to new app versions. This only "kicks in" with users who are upgrading from Brim v0.9.1 (the prior GA release), so if you're running v0.8.0 or older today and upgrade straight to v0.10.0, you'll have to endure one more round of cleared state. But once you're on v0.9.1 or newer, you should have the state of your app (like Search History) preserved as you upgrade through v0.10.0 and other versions going forward.

The ISO8601 timestamps may be a small thing, but we know that not everyone in the world are weirdos with date formats like 05/29 to say May 29th, so now we're defaulting to formats like 2020-05-29T20:02:32Z that everyone can enjoy. 😉 Just go into the Preferences menu if you want to customize it to suit your local taste.

Finally, the "export" option should make it easier for you to save/share your data. If you've executed a search that gives you a narrower set of Zeek events you'd like to bring outside the app, just click the Export button or File->Export from the menu. The ZNG file you'll save can be queried with zq or re-imported into another Space on your Brim or someone else's.

v0.9.1

Visit the Brim Download page to find the package for your OS platform.

• NOTE: Prior state such as Search History will be lost on upgrade to this version
• Update zq to v0.13.1 (#756)
• Windows releases are signed, but you may see a warning popup when you run
  the installer (unlike our Mac releases). See Microsoft Windows beta limitations for details.