CHANGELOG¶

Version 6.1.6¶

###Added

BREAKING CHANGE: in order to upgrade alert* indices have to be reindexed. #TODO: instructions for this
Alert upgraded
System indices created automaticly durring install
Improved settings for system indices (priority, shard count, automatic replicas)
Validate playbooks button when updating alert rule
Order of plugins is no longer random
Reports plugin now takes roles into consideration when creating and browsing generated reports
Object permission lists are now sorted
Improved CSV export field list (sorting and bigger size)
DevTools enabled/disabled directive added to default kibana.yml
Timelion enabled/disabled directive added to default kibana.yml

BREAKING CHANGE: audit index is from now on created with type “doc” and date field “@timestamp”. Old index is not compatible and should be deleted before update:
Turn of audit logging. In Kibana -> Settings and unmark all in “Update Audit Setting” section.
- Delete the audit index
- Update elasticsearch-auth
- Turn on audit logging.

Risk Management for Alerts - User can create custo categories for field attributes like Hostname, Hostip, Username. Once the alert is triggred, the result get score amplification calculated from object categories.
Alert rule importance - introduction of new value for each alerts that is correlated with objedct category and helps identify
When creating alerts now we have the ability Test the rule before scheduling this
Playbook introduction - ability to create simple editible instructions(+scripts) that system oerator should follow when Alert is triggered
Verify IP on blacklists - if the Alerrt is triggred for IP, Verify button let us check its reputaion
When creating alerts operatos get ability to validate the alert and find most suitable playbook for it. Playbook list is automaticly sorted.
User get email notification when Incident is attached to them. New email field in user tab.
IP’s are correlated towards Bad IP reputation list
Introduction of Incidents. Alerts are now turned into Incidents, with assigned operator and its status
Regular user can configure own Alerts
Netflow, jflow, sflow support
Provided interface for running custom, external, AI jobs created in own programming language

Securing all the endpoints of elasticsearch APIs
New configuration option: elastfilter.proxytimeout
Cleaning unnecessary objects in kibana indices
Upgrade default logstash to 6.6.2
Mobile App for Energy Logserver that works with : Log Analytics, Energy Logsrver, pure ELK. x-pack is extra paid. Available for Android and ios. https://play.google.com/store/apps/details?id=com.logserver.mobile

bugfix: problem with creating scheduled reports
bugfix: SSO login not working due to more secure java.policy
bugfix: Performance issue while using non admin account
bugfix: Java exception while useing elasticsearch-plugin (ES_JAVA_OPTS moved to jvm.options)
bugfix: default encoding for es2csv changed to utf-8 (csv export with polish characters)

Intelligence API
Kibana API update
Caching for index list and roles for user to handle the high CPU usage on master node
Export task as HTML
Dashboard report as JPEG
Additional logging in debug mode in elasticsearch-auth plugin
GC1 used as default Garbage Collector
NioFS as default Store Type
Compression for http & transport enabled
Product Version tab in Config module
New Agents feature for central beats/agents management

bugfix: user session timeouts
bugfix: problem with reports generation using 5601->443 port redirection
bugfix: problem with removing a large number of objects from Kibana
bugfix: timepicker on export to csv reports
bugfix: special chars in passwords
bugfix: java.policy - binding elasticsearch to 0.0.0.0
bugfix: service_principal_name - is no longer required directive when configuring work with AD/LDAP