Changelog for version 5.1.4#

Released 5 January 2023#

New Additions#

  • Actionables can now be launched in new browser tab with middle click.

  • Flow and script errors can now be cleared en masse.

  • Hostnames are now included in remote ingester list.

  • Added safety net on eval loops to reduce foot shooting.

  • Added field on error logs for failed flows to indicate which flow node caused the failure.

  • Debug messsages on flow logs now have timestamps.

  • All components now check capability flags and complain if they are missing.

  • Added kitctl to the gravwell-tools package.

  • Added ability to backfill flows to reschedule when runs are missed.

  • Added unary operators on the eval module.

  • Added global email config system to share an email relay and control destinations.

  • Added DirectAdmin timestamp format to TimeGrinder.

  • Multiple run results are now tracked in flows.

  • Allow word filters to be applied to all tags or specific tags when multiple tags exist.

Web UI Changes#

Bug Fixes#

  • Added more clarity to the last run displays on Flows.

  • Fixed issue where slow networks could cause query results to get stuck in “Fetching data…”

  • Fixed issue where some dashboards wouldn’t stick in the favorites left nav.

  • Fixed data context menu for filtering and actionables on mobile.

  • Improved some cache busting for Safari when Gravwell is updated.

  • Fixed issue in systems and health page where multiple disks could cause the system to not display wells.

  • Improved responsiveness on DE2 when clicking through many entries.

  • Improved handling of word filters when a query contains multiple tags.

  • Fixed issue where shared flows were not rendering for non-owners.

  • Fixed issue where UI didn’t respond well when a query exceeded the configured result size.

  • Improved enumerated value panel on search results.

  • Fixed geolocation fencing on highly zoomed heatmaps.

  • Fixed issue where a the table renderer would not render columns if the table header had certain characters.

  • Removed confusing update time for Dashboards.

  • Fixed issue where an admin would assume ownership of a playbook when they edited it.

  • Fixed issue where executing a preview search while in a locked timeframe broke the side nav.

  • Fixed issue where filter toggle button was overlapping other buttons in the list component.

  • Improved data refresh when a user changes their group.

  • Fixed issue where it was possible to hide all table columns.

  • Fixed up some old documentation links.

  • Fixed issue where “big red bar of death” would overlap side nav and prevent nav expansion.

Backend Changes#

Bug Fixes#

  • Fixed high resource usage when multiple emails are waiting in the output queue.

  • Fixed issue where the unique operator in the stats module was not binning properly.

  • Fixed issue where two successive sorts and the second sort used time did not properly sort.

  • Fixed issue where some some labels could be dropped from resources when packed into a kit.

  • Fixed issue where min/max operators would drop some other unrelated EVs on entries.

  • Fixed issues where wrapped $ characters in regular expressions could break some macros.

  • Fixed issue where unique_count wasn’t binning correctly with temporal queries.

  • Improved responsiveness of distribution of very large resources.

  • Fixed issue where query rewriting on data explorer did not handle a words filter after multiple module filters.

  • Fixed an issue with kit config macros when sharing kits.

Ingester Changes#

Bug Fixes#

  • Changed dup2 syscall to dup3 so that we can build everything on ARM64.

  • Added startup checks on capability flags to help with debugging broken installs.

  • Fixed issue with Corelight JSON to TSV preprocessor where tabs were rendered in the output data.