CHANGELOG

v7.0.3

NewFeatures

  • Alert: new type - Chain - create alert from underlying rules triggered in defined order
  • Alert: new type - Logical - create alert from underlying rules triggered with defined logic (OR,AND,NOR)
  • Alert: correlate alerts for Chain and Logical types - alert is triggered only if each rule return same value (ip, username, process etc)
  • Alert: each triggered alert is indexed with uniqe alert_id - field added to default field schema
  • Alert: Processing Time visualization on Alert dashboard - easy to identify badly designed alerts
  • Alert: support for automatic search link generation
  • Input: added mikrotik parsing rules
  • Auditing : added IP address field for each action
  • Auditing : possibility to exclude values from auditing
  • Skimmer: indexing rate visualization
  • Skimmer: new metric: offset in Kafka topics
  • SKimmer: new metric: expected-datanodes
  • MasterAgent: added possibility for beats agents restart and the master agent itself (GUI)

Improvements

  • Search and sort support for User List in Config section
  • Copy/Sync: now supports “insecure” mode (operations without certificates)
  • Fix for “add sample data & web sample dashboard” from Home Page -> changes in default-base-template
  • Skimmer: service status check rewriteen to dbus api
  • Masteragent: possibility to exclude older SSL protocols
  • Masteragent: now supports Centos 8 and related distros
  • XLSX import: updated to 7.6.1
  • Logstash: masteragent pipeline shipped by default
  • Blacklist: Name field and Field names in the Fields column & Default field exclusions
  • Blacklist: runOnce is only killed on a fatal Alert failure
  • Blacklist: IOC excludes threats marked as false-positive
  • Incidents: new design for Preview
  • Incidents: Note - new feature, ability to add notes to incidents
  • Risks: possibility to add new custom value for risk, without the need to index that value
  • Alert: much better performance with multithread support - now default
  • Alert: Validation of email addresses in the Alerts plugin
  • Alert: “Difference” rule description include examples for alert recovery function
  • Logtrail: improved the beauty and readability of the plugin
  • Security: jquery updated to 3.5.1
  • Security: bootstrap updated to 4.5.0
  • The HELP button (in kibana) now leads to the official product documentation
  • Centralization of previous alert code changes to single module

BugFixes

  • Individual special characters caused problems in user passwords
  • Bad permissions for scheduler of Copy/Sync module has been corrected
  • Wrong Alert status in the alert status tab
  • Skimmer: forcemerge caused under 0 values for cluster_stats_indices_docs_per_sec metric
  • diagnostic-tool.sh: wrong name for the archive in output
  • Reports: export to csv support STOP action
  • Reports: scroll errors in csv exports
  • Alert: .alertrules is not a required index for proper system operation
  • Alert: /opt/alerts/testrules is not a required directory for proper system operation
  • Alert: .riskcategories is not a required index for proper system operation
  • Malfunction in Session Timeout
  • Missing directives service_principal_name in bundled properties.yml
  • Blacklist: Removal of the doc type in blacklist template
  • Blacklist: Problem with “generate_kibana_discover_url: true” directive
  • Alert: Overwriting an alert when trying to create a new alert with the same name
  • Reports: When exporting dashboards, PDF generates only one page or cuts the page
  • Wrong product logo when viewing dashboards in full screen mode

Version 7.0.2

New Features

  • Manual incident - creating manual incidents from the Discovery section
  • New kibana plugin - Sync/Copy between clusters
  • Alert: Analyze historical data with defined alert
  • Indicators of compromise (IoC) - providing blacklists based on Malware Information Sharing Platform (MISP)
  • Automatic update of MaxMind GeoIP Databases [asn, city, country]
  • Extended LDAP support
  • Cross cluster search
  • Diagnostic script to collect information about the environment, log files, configuration files - utils/diagnostic-tool.sh
  • New beat: op5beat - dedicated data shipper from op5 Monitor

Improvements

  • Added _license API for elasticsearch (it replaces license path which is now deprecated and will stop working in future releases)
  • _license API now shows expiration_date and days_left
  • Visual indicator on Config tab for expiring license (for 30 days and less)
  • Creating a new user now requires reentering the passoword
  • Complexity check for password fields
  • Incidents can be supplemented with notes
  • Alert Spike: more detailed description of usage
  • ElasticDump added to base installation - /usr/share/kibana/elasticdump
  • Alert plugin updated - frontend
  • Reimplemented session timeout for user activity
  • Skimmer: new metrics and dashboard for Cluster Monitoring
  • Wazuh config/keys added to small_backup.sh script
  • Logrotate definitions for Logtrail logfiles
  • Incidents can be sorted by Risk value
  • UTF-8 support for credentials
  • Wazuh: wrong document_type and timestamp field

BugFixes

  • Audit: Missing Audit entry for succesfull SSO login
  • Report: “stderr maxBuffer length exceeded” - export to csv
  • Report: “Too many scroll contexts” - export to csv
  • Intelligence: incorrect work in updated environments
  • Agents: fixed wrong document type
  • Kibana: “Add Data to Kibana” from Home Page
  • Incidents: the preview button uses the wrong index-pattern
  • Audit: Missing information about login errors of ad/ldap users
  • Netflow: fix for netflow v9
  • MasterAgent: none/certificade verification mode should work as intended
  • Incorrect CSS injections for dark theme
  • The role could not be removed in specific scenarios

Version 7.0.1

  • init
  • migrated features from branch 6 [ latest:6.1.8 ]
  • XLSX import [kibana]
  • curator added to /usr/share/kibana/curator
  • node_modules updated! [kibana]
  • elasticsearch upgraded to 7.3.2
  • kibana upgraded to 7.3.2
  • dedicated icons for all kibana modules
  • eui as default framework for login,raports
  • bugfix: alerts type description fix