Changelog for version 3.3.6#

Released Feb 20 2020#

GUI Changes#

  • Fixed issue where very large stackgraphs could not scroll

  • Fixed issues where labels were not being set on newly-created resources

  • Fixed issue where color assignments would change when changing orientation of a stackgraph

Backend Changes#

  • Fixed issue where charting with SRC as a key was condensing improperly

  • SOAR scripts started using debug interface will not throw notification on failure

  • Integrated ingest throttling so that we throttle ingesters when out of disk space

  • Added additional shorthand fields for extraction on winlog ingester

  • Added ability to pull fields from UserData as well as EventData

  • Dramatically increased efficiency in winlog query module

  • Seeing between 10-100X speedup depending on query

  • Fixed bug where heavily loaded indexers could cause webserver timeouts

  • Fixed issue where installers did not properly extract complext secrets during install

  • Updated syscall interface to deal with upcoming Golang 1.14 release and more agressive interrupts

  • Updated CSV handlers to better deal with poorly formed headers

  • Should handle dangling quotes better now

  • Added label support to all data types

SOAR changes#

  • Added call to reset proof of life timer

  • Added functions to get stats about Gravwell deployment

  • List ingesters

  • List indexers

  • Get system descriptions

  • List indexer stats and well stats

  • Get Indexer health status

  • Fixed issue where failed debug scripts would not display errors

  • Added IPExist access calls

  • Can now build optimized IPexist data sets in the SOAR system

Ingester Changes#

  • Updated ingest protocol to better throttle in low disk situations

  • Updated protocol to better handle older ingesters using old ingest library

  • Updated protocol to ask indexer if ingest is possible prior to starting

  • Updated ingesters to engage local caches if ingester can connect but cannot send data

  • Due to license controls or low disk

  • Updated KAFKA ingester to support extracting a SOURCE ip from a header value