CHANGELOG

Version 6.1.8

Added

  • Enhancements in Netflow support
  • Logtrail feature for covering all system components logs [kibana]
  • Cerebro Management tool support [kibana]
  • Automation for Bad IP reputation lists
  • Default Role integrated dynamically when working with AD accounts [elasticsearch-auth]
  • Explained additional logging class for elasticsearch in log4j
  • Detailed restore process of functional indexes [elasticsearch-auth]
  • AD/LDAP/SSO API - new endpoint /role-mapping/_reload [elasticsearch-auth]
  • License API - new endpoint /license/_reload [elasticsearch-auth]
  • Better radius integration with NAS-Identifier and NAS-IP-Address [elasticsearch-auth]
  • Skimmer components updated to 1.0.8
  • Backup script updated - utils/small_backup.sh
  • Java environment updated to branch v11
  • Network graph/corellation - new vizualization type [kibana]

CHANGED

  • bugfix: CSV Export not working due to wrong binary definition
  • bugfix: Error when trying to delete alert rule with an apostrophe in the name
  • bugfix: Reading of configuration variables in the Config tab [kibana]

Version 6.1.7

Added

  • Elasticsearch nodes encryption using transport layer
  • DevTools Support
  • Wazuh support
  • Non Root deployment support
  • Auditing provide more detailed information on user activities
  • Comprehensive Windows AD Reporting
  • SIEM security rules - Windows
  • Netflow support and reporting
  • Syslog support and reporting
  • Windows Remote Management [winrm] support
  • Improved query support in CSV export
  • Cookie session TTL options can be set in kibana.yml. Default TTL: 10 min, Keep Alive: true:
    • login.cookiettl
    • login.cookieKeepAlive
  • GeoLite2 database used by the geoip plugin in logstash updated
  • Hostname visible in Kibana Config tab
  • Index.translog.durability set to async as default in default-base-template
  • New alert rules:
    • ConsecutiveGrowth - Rule matches when there are values of compare_key in each checked timeframe.
    • Difference - Rule matches for value difference between two aggregations calculated for different periods in time.
    • FindMatch - Rule matches when in defined period of time, two correlated documents match certain strings.
    • Recovery - This rule works generically and can cancel any previously triggered alarm.
    • UniqueLongTerm - Rule matches when there are values of compare_key in each checked timeframe.

CHANGED

  • bugfix: Issue #113 - Intelligence mutliply fix
  • bugfix: Broken Access Control in config tab
  • bugfix: Token expires after user logout
  • bugfix: Lack of security enhancements HTTP headers.
  • bugfix: ANTI-CSRF mechanism
  • bugfix: Unnecessary API call for users list when accessing Report plugin
  • bugfix: Duplicated requests made by Kibana Alerts plugin
  • bugfix: Disable export of empty CSV files

Version 6.1.6

Added

  • BREAKING CHANGE: Support of simple upgrade procedure alert indices have to be reindexed
  • Alerting module upgraded
  • System indices created automaticly durring install
  • Improved settings for system indices (priority, shard count, automatic replicas)
  • Validate playbooks button when updating alert rule
  • Order of plugins is no longer random
  • Reports plugin now takes roles into consideration when creating and browsing generated reports
  • Object permission lists are now sorted
  • Improved CSV export field list (sorting and bigger size)
  • DevTools enabled/disabled directive added to default kibana.yml
  • Timelion enabled/disabled directive added to default kibana.yml

CHANGED

  • bugfix: CVE-2019-7608
  • bugfix: CVE-2019-7609
  • bugfix: CVE-2018-3830
  • bugfix: CVE-2019-14521
  • bugfix: filtering logo extension during upload and report generation
  • bugfix: improved verification for Create User
  • bugfix: report scheduling for AD users
  • bugfix: downloading jpeg exports now returns correct response header
  • bugfix: could not set risk category to zero
  • bugfix: IE11 compability fix when creating new alert
  • bugfix: Admin users see all alerts
  • bugfix: Error message if you try create new alert but it already exists

Version 6.1.5

  • BREAKING CHANGE: audit index is from now on created with type “doc” and date field “@timestamp”. Old index is not compatible and should be deleted before update:
  • Turn of audit logging. In Kibana -> Settings and unmark all in “Update Audit Setting” section.
    • Delete the audit index
    • Update elasticsearch-auth
    • Turn on audit logging.
  • Risk Management for Alerts - User can create custo categories for field attributes like Hostname, Hostip, Username. Once the alert is triggred, the result get score amplification calculated from object categories.
  • Alert rule importance - introduction of new value for each alerts that is correlated with objedct category and helps identify
  • When creating alerts now we have the ability Test the rule before scheduling this
  • Playbook introduction - ability to create simple editible instructions(-scripts) that system oerator should follow when Alert is triggered
  • Verify IP on blacklists - if the Alerrt is triggred for IP, Verify button let us check its reputaion
  • When creating alerts operatos get ability to validate the alert and find most suitable playbook for it. Playbook list is automaticly sorted.
  • User get email notification when Incident is attached to them. New email field in user tab.
  • IP’s are correlated towards Bad IP reputation list
  • Introduction of Incidents. Alerts are now turned into Incidents, with assigned operator and its status
  • Regular user can configure own Alerts
  • Netflow, jflow, sflow support
  • Provided interface for running custom, external, AI jobs created in own programming language
  • Audit index is from now created with type “doc” and date field “@timestamp”
  • Better Radius authentication supoort
  • System auditing corrections

CHANGED

  • bugfix: in intelligence module api
  • bugfix: fixes in sorting alerts

Version 6.1.3

Added

  • Securing all the endpoints of elasticsearch APIs
  • New configuration option: elastfilter.proxytimeout
  • Cleaning unnecessary objects in kibana indices
  • Upgrade default logstash to 6.6.2
  • Mobile App for Energy Logserver that works with : Log Analytics, Energy Logsrver, pure ELK. x-pack is extra paid. Available for Android and ios. https://play.google.com/store/apps/details?id=com.logserver.mobile

CHANGED

  • bugfix: problem with creating scheduled reports
  • bugfix: SSO login not working due to more secure java.policy
  • bugfix: Performance issue while using non admin account
  • bugfix: Java exception while useing elasticsearch-plugin (ES_JAVA_OPTS moved to jvm.options)
  • bugfix: default encoding for es2csv changed to utf-8 (csv export with polish characters)

Version 6.1.2

Added

  • Intelligence API
  • Kibana API update
  • Caching for index list and roles for user to handle the high CPU usage on master node
  • Export task as HTML
  • Dashboard report as JPEG
  • Additional logging in debug mode in elasticsearch-auth plugin
  • GC1 used as default Garbage Collector
  • NioFS as default Store Type
  • Compression for http & transport enabled
  • Product Version tab in Config module
  • New Agents feature for central beats/agents management

CHANGED

  • bugfix: user session timeouts
  • bugfix: problem with reports generation using 5601->443 port redirection
  • bugfix: problem with removing a large number of objects from Kibana
  • bugfix: timepicker on export to csv reports
  • bugfix: special chars in passwords
  • bugfix: java.policy - binding elasticsearch to 0.0.0.0
  • bugfix: service_principal_name - is no longer required directive when configuring work with AD/LDAP

Version 6.1.1

Added

  • Default template with compression only [elasticsearch]
  • Secured LDAP/AD password in configuration files [elasticsearch]

CHANGED

  • bugfix: filter config - linux-geoip [logstash]
  • bugfix: intelligence template

Version 6.1.0

  • Upgrade core to 6.2.4 [elasticsearch,kibana,logstash]
  • Support for all beats agents in filters and dashboards
  • Providing default Audit and Alert dashboard
  • Change in Intelligence Spark data provide - 1:20 speed improvement
  • Intelligence not sensitive on data types
  • Better Intelligence preview capabilities·
  • Intelligence Count & Trend improvement
  • Technology specific dashboards : Windows, Linux, Network
  • Technology specific alerts : Windows, Linux, Network
  • Energy Logserver Monitor perf data support with filtering and dashboard
  • UTF-8 support in custom PDF reports

CHANGED

  • bugfix: logo/title/comment in reports module now as optional
  • bugfix: java.policy·
  • bugfix: Alert Status in Alert module
  • bugfix: Percentagematch and Metricaggregation rules fix in Alert module
  • bugfix: Deleting Alert rule cause Alert Disable

Version 6.0.2

Added

  • SSO onboarded to 6.x stack
  • Custom Logo on PDF Reports including title and comment
  • Data Table Head - new visualization type·
  • Controls Plus - new vizualization type·
  • “Count in Time” as type in Intelligence module
  • Nasted.fields support in Intelligence module
  • GUI for Scheduler module
  • support for all beats agents in filters and dashboards
  • providing default audit dashboard

CHANGED

  • bugfix: Removed ‘:’ from escaped characters - “Boo” message
  • bugfix: Missing directories for reports
  • bugfix: Removed unessesary files from deps

Version 6.0.1

Added

  • Functional indexess with dots .kibana, .security, .auth
  • Login module onboarded to 6.x stack
  • License module onboarded to 6.x stack
  • Default roles: alert, intelligence, kibana·
  • Export to CSV [Task Management] onboarded to 6.x stack
  • Export do PDF [Reports] onboarded to 6.x stack
  • PDF Scheduler onboarded to 6.x stack
  • AD integrations onboarded to 6.x stack·