Changelog for version 4.0.1#

Released Aug 24 2020#

Web UI Changes#

  • Improved UI hints for actionable triggers

  • Improved Explore Kits UI

  • Improved content loading when exploring kits page

  • Playbook previews are appropriately updated after save

  • Added “last 6 months” and “last 9 months” search timeframes

  • Fixed issue where numbercard was showing a range when option disabled it

  • Fixed issue where launching a search from a dashboard “overview” tile was showing the overview, not the rendered data

  • Improved handling of labels

  • Fixed issue where overview on a query was not sizing appropriately

  • Added ability to delete a staged kit

  • Improved responsiveness of actionables menu

  • Improved filtering and interface when adding tiles to a dashboard

  • Fixed issue where searching query templates didn’t search template strings

  • Added ability to see all assets for a kit

  • Improved experimental IDE and search box drop down

Backend Changes#

  • New Dump module for performing searches against resources

  • Fixed issue where webserver ingest could miss the last line of a log file that did not include a trailing newline

  • Fixed issue were building a kit required an icon

  • Fixed issue where malformed JSON could fault the json search module

  • Fixed issue where IPv6 Localhost addresses were not in the PRIVATE group

  • Removed goroutines from the anko package to prevent panics

  • Improved error handling in distributed search when a single indexer fails mid search

  • Added keyed gauge which allows lots of gauges and numbercards

  • Fixed issue where entropy search module wasn’t properly informing about its enumerated value production

  • Fixed issue where loading a kit provided dashboard could improperly mark the dashboard as having been modified, causing a warning on upgrade

  • Improved some disk writeback efficiency for large indexes

  • Added logic to identify when poorly performing clock sources are in use on the host

  • Fixed issue that prevented admin users from assigning a kit to a group they are not a member of

Ingesters & Ingest Library Changes#

  • Added the Gravwell Forwarder ingest preprocessor

  • Fixed issue in Amazon Kinesis ingester were malformed configurations could cause overly aggressive log messages PR

  • Fixed issue where source IPs were improperly calculated with cache-mode always PR

  • Added proper cache flags to windows ingester PR


  • Implemented search functions on embedded wiki server

  • Updated zeek docker image to use Zeek version 3.1.5

  • Published additional docker containers