Changelog for version 5.0.0

Released April 5 2022

Web UI Changes

• Implemented Flows:

  • Drag-and-drop automations.

  • Generate PDF reports.

  • Send emails, Slack/Teams messages, hit HTTP endpoints.

  • Simpler automation interface as compared to scripts.

• New renderers:

  • wordcloud.

• Added kit rebuild interface to simplify updating of previously-built kits.

• New systems and health interface:

  • Improved indexer and well tracking.

  • New calendar view for overview data.

  • Improved storage and actual data metrics.

  • Topology view to show ingester connectivity.

  • Ingester listener interface to better show ingester feeds.

• Improved text, hex, and raw rendering interface.

• Improved table renderer for column sizing.

• Direct management of license purchases for specific license types.

• Tokens interface.

• Fixed an issue with pivoting off IP address actionables.

• Fixed an issue where resources could not be updated.

• Improved strategy for refreshing list of tags.

• Fixed a permissions display issue.

• Fixed an issue with forward/back button behavior in search results.

• Fixed an issue related to storage quotas in certain browsers.

• Fixed a UX concern with the search date range picker.

• Fixed issues related to column ordering in table search results.

Backend Changes

• Implemented new search modules:

  • fuse module.

  • geodist module.

  • location module.

  • awk module.

  • printf module.

  • unescape module.

• New API token system.

• Improved user space compression performance.

• Added user space compression mode to optionally improve storage space at the cost of ingest and query performance.

• Improved syslog module to better handle abnormal process IDs.

• Fixed issue where syslog was not properly filtering on message priority.

• Fixed issue where charts could not render unique_count stats results.

• Updated scripting system to be able to ingest entries from table renderers.

• Improved error handling with SAML based SSO.

• Added notification alert in GUI when X509 certificates are near expiration.

• Added new REST interface to execute queries using external tools.

• Implemented configuration overlays.

• Improved performance of eval module.

• Fixed globbing issue in grep.

• Fixed issue where two groups could be given the same name.

• Fixed hinting issue langfind.

• Added notification to warn on under specced hardware.

• Various winlog fixes:

  • Better handle XML name collisions.

  • Fixed accelerator hinting.

• Fixed scope issue in xml.

• Added some additional safety parameters in downloadSearch script API.

• Fixed issue with kv, winlog, and slice modules when downloading results.

• Search Agent now executes automations in containers for better isolation and termination.

• Anonymize module now prefixes anonymized strings with “anonymized_” (configurable with -prefix flag) and supports filtering.

• Improved indexer startup time by improving shard validation intelligence.

• Added new shard compression options.

• Limit module now supports “by” keyword.

• Improved persistent search and history UX by removing scheduled queries.

• Improved session handling for searchagent.

• Added CBAC status to deployment API response.

Ingesters & Ingest Library Changes

• Implemented configuration overlays for all published ingesters.

• Added migrate ingester.

• Improved efficiency of file follower when starting up with significant existing data.

• Improved resiliency of file follower with underspecced inotify kernel parameters.

• Added -ignore-glob functionality on file follow.

• Added Flow API methods.

• Added GetSearchLibrary API methods.

• Added PurgeUser method.

• Added tag name to new file watch announcements.

• Added config and runtime info to stats reporting block:

  • Configuration info.

  • Tags, uptime, and running size.

Kits

• New Palo Alto Next Generation Firewall Kit.

General/Miscellaneous

• All production installers now create and support a conf.d overlay.