Changelog for version 5.0.0#
Released April 5 2022#
Web UI Changes#
Generate PDF reports.
Send emails, Slack/Teams messages, hit HTTP endpoints.
Simpler automation interface as compared to scripts.
Added kit rebuild interface to simplify updating of previously-built kits.
New systems and health interface:
Improved indexer and well tracking.
New calendar view for overview data.
Improved storage and actual data metrics.
Topology view to show ingester connectivity.
Ingester listener interface to better show ingester feeds.
Improved text, hex, and raw rendering interface.
Improved table renderer for column sizing.
Direct management of license purchases for specific license types.
Fixed an issue with pivoting off IP address actionables.
Fixed an issue where resources could not be updated.
Improved strategy for refreshing list of tags.
Fixed a permissions display issue.
Fixed an issue with forward/back button behavior in search results.
Fixed an issue related to storage quotas in certain browsers.
Fixed a UX concern with the search date range picker.
Fixed issues related to column ordering in table search results.
Implemented new search modules:
New API token system.
Improved user space compression performance.
Added user space compression mode to optionally improve storage space at the cost of ingest and query performance.
Improved syslog module to better handle abnormal process IDs.
Fixed issue where syslog was not properly filtering on message priority.
Fixed issue where charts could not render unique_count stats results.
Updated scripting system to be able to ingest entries from table renderers.
Improved error handling with SAML based SSO.
Added notification alert in GUI when X509 certificates are near expiration.
Added new REST interface to execute queries using external tools.
Implemented configuration overlays.
Improved performance of eval module.
Fixed globbing issue in grep.
Fixed issue where two groups could be given the same name.
Fixed hinting issue langfind.
Added notification to warn on under specced hardware.
Various winlog fixes:
Better handle XML name collisions.
Fixed accelerator hinting.
Fixed scope issue in xml.
Added some additional safety parameters in downloadSearch script API.
Fixed issue with kv, winlog, and slice modules when downloading results.
Search Agent now executes automations in containers for better isolation and termination.
Anonymize module now prefixes anonymized strings with “anonymized_” (configurable with -prefix flag) and supports filtering.
Improved indexer startup time by improving shard validation intelligence.
Added new shard compression options.
Limit module now supports “by” keyword.
Improved persistent search and history UX by removing scheduled queries.
Improved session handling for searchagent.
Added ABAC status to deployment API response.
Ingesters & Ingest Library Changes#
Implemented configuration overlays for all published ingesters.
Added migrate ingester.
Improved efficiency of file follower when starting up with significant existing data.
Improved resiliency of file follower with underspecced inotify kernel parameters.
Added -ignore-glob functionality on file follow.
Added Flow API methods.
Added GetSearchLibrary API methods.
Added PurgeUser method.
Added tag name to new file watch announcements.
Added config and runtime info to stats reporting block:
Tags, uptime, and running size.
New Palo Alto Next Generation Firewall Kit.
All production installers now create and support a conf.d overlay.