CHANGELOG

Version 7.0.2

New Features

  • Manual incident - creating manual incidents from the Discovery section
  • New kibana plugin - Sync/Copy between clusters
  • Alert: Analyze historical data with defined alert
  • Indicators of compromise (IoC) - providing blacklists based on Malware Information Sharing Platform (MISP)
  • Automatic update of MaxMind GeoIP Databases [asn, city, country]
  • Extended LDAP support
  • Cross cluster search
  • Diagnostic script to collect information about the environment, log files, configuration files - utils/diagnostic-tool.sh
  • New beat: op5beat - dedicated data shipper from op5 Monitor

Improvements

  • Added _license API for elasticsearch (it replaces license path which is now deprecated and will stop working in future releases)
  • _license API now shows expiration_date and days_left
  • Visual indicator on Config tab for expiring license (for 30 days and less)
  • Creating a new user now requires reentering the passoword
  • Complexity check for password fields
  • Incidents can be supplemented with notes
  • Alert Spike: more detailed description of usage
  • ElasticDump added to base installation - /usr/share/kibana/elasticdump
  • Alert plugin updated - frontend
  • Reimplemented session timeout for user activity
  • Skimmer: new metrics and dashboard for Cluster Monitoring
  • Wazuh config/keys added to small_backup.sh script
  • Logrotate definitions for Logtrail logfiles
  • Incidents can be sorted by Risk value
  • UTF-8 support for credentials
  • Wazuh: wrong document_type and timestamp field

BugFixes

  • Audit: Missing Audit entry for succesfull SSO login
  • Report: “stderr maxBuffer length exceeded” - export to csv
  • Report: “Too many scroll contexts” - export to csv
  • Intelligence: incorrect work in updated environments
  • Agents: fixed wrong document type
  • Kibana: “Add Data to Kibana” from Home Page
  • Incidents: the preview button uses the wrong index-pattern
  • Audit: Missing information about login errors of ad/ldap users
  • Netflow: fix for netflow v9
  • MasterAgent: none/certificade verification mode should work as intended
  • Incorrect CSS injections for dark theme
  • The role could not be removed in specific scenarios

Version 7.0.1

  • init
  • migrated features from branch 6 [ latest:6.1.8 ]
  • XLSX import [kibana]
  • curator added to /usr/share/kibana/curator
  • node_modules updated! [kibana]
  • elasticsearch upgraded to 7.3.2
  • kibana upgraded to 7.3.2
  • dedicated icons for all kibana modules
  • eui as default framework for login,raports
  • bugfix: alerts type description fix