Changelog for version 4.1.0#
Released January 6 2021#
Web UI Changes#
Allow multiple variables and default values in templates
Actionables now support templates with multiple variables
Add Web UI based data ingester
The Web UI has been upgraded to use Angular 8
Added indexer/webserver API version negotiation - SEE NOTE BELOW - THIS HAS POTENTIAL DEPLOYMENT CONSIDERATIONS
Implemented Compound Queries, enabling sequential, in-order, queries that share data
Added enrich module
dumpmodule to support a temporal mode
Queries now skip bad/corrupted blocks in shards, continue searching, issue a warning instead of just aborting the query
repackcommand to the CLI
CEFmodule to not require non-header values to be prefixed with
Enhanced query recovery when a back storage block is encountered, queries will no longer fail.
Updated SAML system to address protential security issue related to Golang XML parsing.
Added Archive download time for saving query results in importable form.
Enhanced reliability to search modules when encountering an unknown fault, query modules will not halt the search and inform the user.
Fixed issue in anko scripts where
toDurationwas not handling some types correctly.
categorizeflag to the ip module.
Ingesters & Ingest Library Changes#
Implemented a Cisco ISE log preprocessor
Windows installers are now fully signed
Beginning in version 4.1.0, the Gravwell indexer and webserver now negotiate and enforce API versioning. This means that a 4.1.0 webserver cannot connect to an older indexer and vice versa. Consider all indexer and webserver versions before upgrading.