Changelog for version 4.1.4#

Released March 4 2021#

Backend Changes#

  • Updated syslog module to better handle messages with multiple structured data payloads.

  • Added -x flag to the json module to support expansion of arrays in JSON entries.

  • Exposed the open source client package in scripts using the getClient function.

  • Updated the kv module to better handle delimeters for the default case.

  • Updated the kv module to better handle empty values and also enable the as reassignment keyword.

  • Added additional metadata to saved searches to support upload tagging.

  • Updated indexing system to trim unused file space on very small indexes.

Frontend Changes#

  • Added search import functionality to allow importing saved search archives into persistent searches.

  • Added ability to stop a long running search and keep existing results.

  • Fixed issue where downloading a remote kit could fail.

  • Improved responsiveness to kit install monitoring and notifications.

  • Fixed issue where timeframe locking could drift with multiple tabs open.

  • Fixed issue where queries imported into templates and macros were sanitized and expanded.

  • Fixed issue where saving a query to the library caused query macros to be expanded.

  • Fixed issue where custom timeframe durations in dashboards could cause tiles to not render.

  • Fixed issue where non-temporal tiles in a dashboard would not draw when the timeframe was updated.

  • Fixed issue where numbercard renderer precision settings were incorrect.

  • Fixed issue where live update setting on searches was lost when the query string was modified.

  • Fixed issue where adding multiple actions to an actionable required manual saves.

  • Fixed issue where hiding columns on the table renderer caused the column settings to persist across new searches.

  • Fixed issue where custom duration dialog was allowing invalid duration values.

  • Fixed issue where text renderer would sometimes fail to draw enumerated values for entries.

  • Improved handling of investigative dashboards so that new tiles will not prompt for variable if it is already set.

  • Updated timeframe selector to allow for other timezones.

Ingesters & API Changes#

  • Updated zeek docker container to Zeek 3.2.3 and added several ICS plugins.

  • Added ability to specify custom time formats in ingester configs.

  • Updated search API to include Addendum member in all message types.

  • Added Preview member flag to start search requests to allow for rapid data previews.