4.0.0

SentiBuddy v4.0.0

✨ New Features

Central Configuration

• Added support for loading configuration from an External **JSON ** via URL
• Allows teams to distribute shared:
  • queue filters
  • dashboard links
  • API Keys
  • client reference tables
• Config values originating from the central config display a lock icon in the UI

Client / Development Reference Tabs

• Added Client Info and Development tabs
• Tables in these tabs are generated from config:
  • tableData.data → Client Info tab
  • tableData.devData → Development tab
• Tables are not stored locally and must come from the central
  config

Manual OSINT Input

• OSINT queries can now be run by typing IPs or hashes directly
• Clipboard detection still supported

Dashboard Button

• Added configurable dashboard button
• dashboardTitle → button label
• dashboardLink → destination URL

---

🔐 Security

• Added stricter input validation and sanitization
• Restricted external URLs to trusted Microsoft domains
• Various internal security hardening fixes

---

⚙ Improvements

UI

• Rebuilt SentiBuddy menu from ground up with new tab layout
  • Operations -- existing SentiBuddy tools
  • Client Info -- client reference table
  • Development -- infrastructure reference table
• Redesigned Options panel
• Added Light Mode / Dark Mode
• Added Logo to main page
• Colors and Emojis!
• Added hover descriptions to all buttons to give better clarity on what they can do.

Queue Safety

• Sentinel "Select All" checkbox is hidden while queue filtering
  is enabled
  Prevents accidental bulk selection when filters are active.

Timer / Incident Counter

• Timer and incident counter can now be enabled or disabled from the
  menu

---

⚠ Breaking Changes

• API keys are no longer included when exporting configuration
• External URL validation now restricts links to
  Microsoft/Azure/SharePoint domains
• Experimental note-taking feature removed

---

❌ Removed

• Experimental note-taking functionality

---

Example: Custom Tables (Client Info / Development Tabs)

The tableData object allows teams to define custom tables that
appear in the SentiBuddy interface.

• tableData.data → displayed in the Client Info tab
• tableData.devData → displayed in the Development tab

Each object in the array becomes one row in the table.

Column headers are derived from the keys of the first object in the
array. The fields used in that first object determine the table
headers.

Example: Client Info Table

"tableData": {
  "data": [
    {
      "code": "AppB2",
      "client": "Apple Bank",
      "department": "Banking",
      "lead": "Jimbo",
      "edr": "CrowdStrike",
      "edrLink": "https://example.com",
      "contact": "https://example.com/contact"
    },
    {
      "code": "FinX",
      "client": "FinTech Corp",
      "department": "Finance",
      "lead": "Sarah",
      "edr": "SentinelOne",
      "edrLink": "https://example.com",
      "contact": "https://example.com/contact"
    }
  ]
}

This produces headers:

code | client | department | lead | edr | edrLink | contact

Example: Development Table

"devData": [
  {
    "client": "Apple Bank",
    "sentinelName": "apple-prod",
    "sentinelLink": "https://portal.azure.com/",
    "rgName": "apple-security-rg",
    "rgLink": "https://portal.azure.com/",
    "subscription": "Apple Security",
    "subscriptionLink": "https://portal.azure.com/",
    "location": "eastus"
  }
]

This table appears in the Development tab with headers derived from
the first object.

Recommendations

• Limit tables to ~6--7 columns for readability in the extension
  popup
• Keep field names short since they become the column headers
• URLs can be used for quick navigation to dashboards or portals

---

Central Config Schema

All fields are optional. Missing values fall back to local
configuration.

{
  "type": "object",
  "properties": {
    "desktopNotifications": { "type": "boolean" },
    "abuseipdbAPIkey": { "type": "string" },
    "ipInfoKey": { "type": "string" },
    "scamalyticsURL": { "type": "string" },
    "vtkey": { "type": "string" },
    "configDataURL": { "type": "string" },
    "doRemoveFromFilteredFromQueue": { "type": "boolean" },
    "filterOwnerRegexPatterns": { "type": "array" },
    "filterTagsRegexPatterns": { "type": "array", "items": { "type": "string" } },
    "filterTitleRegexPatterns": { "type": "array", "items": { "type": "string" } },
    "onlyAlertOnLatest": { "type": "boolean" },
    "dashboardTitle": { "type": "string" },
    "dashboardLink": { "type": "string" },
    "tableData": {
      "type": "object",
      "properties": {
        "data": { "type": "array" },
        "devData": { "type": "array" }
      }
    }
  }
}

Full Changelog: 3.0.1...4.0.0

3.0.1 - SentiBuddy 3.0

• Queue Filtering now starts immediately upon activation (No longer requires ambiguous clicking)
• Queue Filtering can be initiated directly via a Button in the Extension Menu
• Move all configuration storage to chrome local storage.
• Extension data will be completely removed on removing the extension so make sure to Import/Export configurations as needed.
• Desktop Notifications now default to off.
• Desktop Notifications can be toggled in the quick menu.
• Major Graphical Overhauls and underlying backend functionality changes.
• Add an Incident Counter on the queue page. This counts all the unfiltered incidents on the current page.
  • Clicking on this will cycle between Total Count, Count by Severity, and Count by Workspace/client
  • Hidden when filtering is disabled
• Add a Timer to the queue page.
  • Hidden with filtering is disabled
• Settings can be accessed from the quick menu.
• Add hidden experimental options, only accessible if this option is enabled:
  • Experimental - Add an "htmlify" button to the quick menu
  • Experimental - Integrate Note Taking Functionality from @lizb-sra
  • Experimental - Add a Note Management window for viewing and editing notes and creating templates.
  • Experimental - Note Management can be accessed via the Note icon in the Extension Menu if Experimental features is enabled.

Get the Extension: https://chromewebstore.google.com/detail/senti-buddy/endfocdaohkjegpcppdkealfjkldippk
Full Changelog: 2.4.1...3.0.1

3.0 - SentiBuddy 3.0

• Queue Filtering now starts immediately upon activation (No longer requires ambiguous clicking)
• Queue Filtering can be initiated directly via a Button in the Extension Menu
• Move all configuration storage to chrome local storage.
• Extension data will be completely removed on removing the extension so make sure to Import/Export configurations as needed.
• Desktop Notifications now default to off.
• Desktop Notifications can be toggled in the quick menu.
• Major Graphical Overhauls and underlying backend functionality changes.
• Add an Incident Counter on the queue page. This counts all the unfiltered incidents on the current page.
• Add a Timer to the queue page.
• Settings can be accessed from the quick menu.
• Experimental - Integrate Note Taking Functionality from @lizb-sra
• Experimental - Add a Note Management window for viewing and editing notes and creating templates.
• Experimental - Note Management can be accessed via the Note icon in the Extension Menu if Experimental features is enabled.

Full Changelog: 2.4.1...3.0

2.4.1 - In and Out

This is a quick update to add the ability to Import and Export configs as JSON.
Additionally the configuration page has had some tidying up.

As always once the version has been approved it will be available on the web store here:
https://chromewebstore.google.com/detail/senti-buddy/endfocdaohkjegpcppdkealfjkldippk

2.4

What's Changed

• Add Defang Clipboard button which will defang all URLs in your clipboard with the exception of: VirusTotal, scamlytics, spur, abuseipdb, ibmcloud, portal.azure, and urlscan links.
• Add the ability to filter out alerts by Owner

Full Changelog: 2.3...2.4

2.3 - OSINT Buddy

What's Changed

Further expand support for OSINT tools.

• Add support for scamlytics, ip info, and virustotal apis.
• Add full support for searching IPs and hashes
• Hashes are done via VirusTotal, IPs use ipInfo, scamlytics, and abuseipdb
• Redesign popup page.
• New config options
• Additional error handling (Primarily in situations where a user doesn't have a certain api, or certain information isn't returned)
• Display a circular graphic that depicts the community score for VT hashes.
  Full Changelog: 2.1.1...2.3

2.1.1 - Configuration Page, Basic OSINT capabilities

• Shiny New Icon
• Removed the config.json file.
• Configurations are now stored locally in chrome storage.
• Configurations can be managed through the extension's options page or via ALT+C
• "Only Notify On Latest" - If this is enabled, you will only receive desktop notifications for the latest new entry in the queue. If this is disabled, the extension will process the entire queue and send notifications accordingly (new or modified incidents)
• AbuseIPDB API Key - Needed to give OSINT results in the popup window.
• VirusTotal API Key - Currently unused.
• Clicking on the extension icon will bring you to a small popup window allowing you to perform OSINT on the Ip currently in your clipboard.
• Supports both IPv4 and IPv6.

Full Changelog: 2.1...2.1

2.0 - Full Queue Evaluation

• Evaluate all incidents in the queue rather than just the ones at the top.

• As all incidents in queue are evaluated, filtering occurs live

• Add the ability to filter alerts from the queue based on Tags.

• Add a config option filterTagsRegexPatterns for Regex to control tag filtering

• Add a config option onlyAlertOnLatest - currently with no function.

• Rename filterRegexPatterns to filterTitleRegexPatterns

Full Changelog: 1.2...2.0

Initial Release

The extension will give desktop notifications for events in the queue. You will need a new tab dedicated exclusively to the queue (It does not always need to be viewable).

v. 1.2 - Fix extension not working due to sentinel's renamed columns