DRONE Release Notes




Version 2.2.1


  • Fixed minor memory leak in the Events of Interest analyzer




Version 2.2


  • Added Exclusions support for preventing the finding from being reported using their paths.


  • The events of Interests configuration file(DRONE.EventsOfInterest.yml) have now been migrated to the main configuration file(DRONE.Config.yml).

  • Improved YARA Scanning for Unicode containing filenames


  • Fixed an issue with Tower UI grid filter functionality.

  • Minor fixes and improvements


Version 2.1


  • Added Sigma Linux support

  • Added Device (Live) Event Record search with Sigma


  • Improved command keyword search

  • Improved Tower UI/UX

  • Improved Application Analyzer

  • Improved DRONE performance

  • Improved Prefetch Analyzer

  • Improved YARA Scanners


  • Fixed an issue with TOR usage checks

  • Fixed an issue with Sigma execution

  • Fixed an issue with Linux Process Analyzer

  • Fixed an issue with MFT Analyzer

  • Hash scanner verdict level changed from Dangerous to Matched



Version 2.0


  • Added a new mode; DiFFer - this brand new mode makes it possible to compare a DRONE analysis to a baseline and list the differences between the two

  • Added file import support to the Keyword Search and Hash Search

  • Added an option to the CLI for executing an external Sigma rule

  • Added Hash search capability on the file system and evidences

  • Added possible TOR usage checks

  • Added AWS S3 and Azure Storage usage checks


  • Improved Tower UI/UX

  • Improved Keyword search

  • Improved Process Analyzer

  • Improved Application Analyzer

  • Improved Vulnerability Analyzer

  • Improved Webshell Analyzer

  • Improved Ransomware Analyzer

  • Improved Browser History Analyzer

  • Improved Sync Sigma command - now supporting external Sigma repository URLs through the config file


  • Fixed an issue with the Event Record details UI/UX

  • Fixed an issue with the Event Record Analyzer

  • Fixed an issue with the Process Analyzer


Version 1.7.2

  • Added Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-42321) identifier to Vulnerability Analyzer



Version 1.7.1

  • Fixed an issue with the Package Manager Analyzer 

  • Fixed an issue with the auto selection of the available analyzers



Version 1.7.0

  • DRONE can now fly on Linux with the analyzers below;

    • Generic WebShell Analyzer

    • Vulnerability Analyzer

    • YARA Scanner

    • Process Analyzer

    • CronJob Analyzer

    • Package Manager Analyzer

    • Shell History Analyzer

  • Added support for 32-bit systems

  • Added Regex and Wildcard support on keyword search

  • Added SMB v1 identifier to Vulnerability Analyzer

  • Added minimum score to report option to the CLI

  • Added support for analyzing multiple MFT files

  • Improved YARA scanner performance

  • Fixed an issue on Sigma rule execution



Version 1.6.0

  • Blog News: DRONE v1.6.0

  • Added YARA Scanner

  • Added Ransomware Identifier

  • Added an option on CLI to synchronize Sigma public repository

  • Added an option on CLI to pull YARA repositories given from the config file

  • Added an option on CLI to specify the output directory

  • Added an option on CLI to specify of case id

  • Improved Process Analyzer

  • Webshell verdict level increased to Dangerous from Matched

  • Fixed an issue with the license usage

  • Fixed an issue with the process loader


Version 1.5.0

  • Added HTTP Proxy option to the CLI

  • Added Admin share usage detection via Shellbags

  • Added Provider filter option to the Events of Interest Analyzer

  • Improved Browser History Analyzer

  • Improved Tower's data transmission

  • Fixed an issue with the Tower's grid renderer




Version 1.4.1



Version 1.3.0

  • Blog News: v1.3.0

  • Added config file for saving settings and license (DRONE.Config.yml)

  • Added support for custom event list (DRONE.EventsOfInterest.yml)

  • Added -a parameter for enabling analyzers from the command line

  • Added attribution to Sigma Detections

  • Improved Syslog reporting

  • Improved HTML reporting

  • Updated VMProtect version

  • Updated Sigma Rules repository

  • Decreased file size to 17MB

  • Removed manual command line mission providing

  • Fixed an issue with Datetime parsing (credits: Chris Culina)

  • Fixed an issue with Syslog

  • Fixed an issue with the HTML report




DRONE was born on 13th May 2021 with our first public Beta release 1.2

Download the AIR Features Guide
New call-to-action
Providing Cyber Resilience to World-class Enterprises Globally
logo-customers-pwc logo-customers-garmin logo-customers-sophos logo-customers-thy logo-customers-kpmg logo-customers-ey logo-customers-deloitte logo-customers-turkcell logo-customers-integrity360