Changelog for version 3.3.1#

Released Dec 4 2019#

Backend Changes#

  • Added new iplookup search module

  • Added new fist/last modules

  • Added new unique_count operators for the stats module

  • Fixed issue where the pointmap renderer wasn’t handling text based lag/long coordinates

  • Added version control in SOAR scripting system

  • Added library imports and version control to SOAR scripting

  • Fixed issue where the JSON search module wasn’t handing malformed JSON appropropriately

  • Added START and END time parameters to anko search module

  • Fixed issue where search scripts could use the panic() member

  • Fixed issue where the searchagent was not cleaning up HTTP connections during abnormal shutdowns

  • Added newEntry funtion to SOAR system

  • Added UUID library to SOAR system

  • Fixed issue where replication could live-lock after repeated rapid process aborts

  • Added compression controls to offline replicator

  • Fixed issue where passing a non-number value to count in stats caused entry misses

  • Fixed issue in search downloading that could break when timestamps contained a “plus” character

  • Fixed issue where navigating away from a search when downloading caused the search to terminate

  • Fixed issue with strict flag on the CSV search module where it was not behaving as expected

  • Updated the syslog cracker to make it more flexible in handling strange syslog formats

GUI Changes#

  • Enhanced logic around time zooming when in a live renderer

  • Fixed issue where barcharts were not saving the orientation on dashboards

  • Added system to generate URLs for queries

  • Enhanced to support live update and time specifications

  • Reworked dashboard to better use screen real estate

  • Added debugging system to the SOAR system to make development easier

  • Updated handling of “others” in charts to be able to include or exclude

  • Fixed issue where searches that did not contain any data would show “data loading”

  • Fixedd issues with the FDG renderer

  • Enhnaced performance

  • Fixed animation corruption

  • Improved renderer resizing

  • Fixed issues with some charts not scaling appropriately

  • Memory and CPU optimizations to consume less resources

  • Fixed issue where stackgraph controls for horizontal vs. vertical alignment were not responding

  • Fixed issue where adding tiles to a dashboard could cause the dashboard to not save tile locations

  • Fixed issue where error messages were not cleared when launching a new search

  • Improved handling of magnitudes with the guage renderer

Ingester Changes#

  • Added new Office365 audit ingester

  • Added additional ingester preprocessors

  • Regex router to route to different tags based on a regular expression

  • JSON extractor to extract specific fields

  • JSON splitter to split a JSON array into individual entries

  • Fixed a critical bug where timezone overrides were not respected in the SimpleRelay ingester

  • Fixed a critical bug where the RFC5424 reader could drop entries on a UDP listener

  • Added reporting of name, version, and UUID to federator ingester

  • Added rate limiting to Federator

  • Fixed issue where collectd ingester could spam stderr