Changelog for version 5.1.4#
Released 5 January 2023#
Actionables can now be launched in new browser tab with middle click.
Flow and script errors can now be cleared en masse.
Hostnames are now included in remote ingester list.
Added safety net on eval loops to reduce foot shooting.
Added field on error logs for failed flows to indicate which flow node caused the failure.
Debug messsages on flow logs now have timestamps.
All components now check capability flags and complain if they are missing.
Added kitctl to the gravwell-tools package.
Added ability to backfill flows to reschedule when runs are missed.
Added unary operators on the eval module.
Added global email config system to share an email relay and control destinations.
DirectAdmintimestamp format to TimeGrinder.
Multiple run results are now tracked in flows.
Allow word filters to be applied to all tags or specific tags when multiple tags exist.
Web UI Changes#
Added more clarity to the last run displays on Flows.
Fixed issue where slow networks could cause query results to get stuck in “Fetching data…”
Fixed issue where some dashboards wouldn’t stick in the favorites left nav.
Fixed data context menu for filtering and actionables on mobile.
Improved some cache busting for Safari when Gravwell is updated.
Fixed issue in systems and health page where multiple disks could cause the system to not display wells.
Improved responsiveness on DE2 when clicking through many entries.
Improved handling of word filters when a query contains multiple tags.
Fixed issue where shared flows were not rendering for non-owners.
Fixed issue where UI didn’t respond well when a query exceeded the configured result size.
Improved enumerated value panel on search results.
Fixed geolocation fencing on highly zoomed heatmaps.
Fixed issue where a the table renderer would not render columns if the table header had certain characters.
Removed confusing update time for Dashboards.
Fixed issue where an admin would assume ownership of a playbook when they edited it.
Fixed issue where executing a preview search while in a locked timeframe broke the side nav.
Fixed issue where filter toggle button was overlapping other buttons in the list component.
Improved data refresh when a user changes their group.
Fixed issue where it was possible to hide all table columns.
Fixed up some old documentation links.
Fixed issue where “big red bar of death” would overlap side nav and prevent nav expansion.
Fixed high resource usage when multiple emails are waiting in the output queue.
Fixed issue where the
uniqueoperator in the stats module was not binning properly.
Fixed issue where two successive sorts and the second sort used time did not properly sort.
Fixed issue where some some labels could be dropped from resources when packed into a kit.
Fixed issue where min/max operators would drop some other unrelated EVs on entries.
Fixed issues where wrapped
$characters in regular expressions could break some macros.
Fixed issue where
unique_countwasn’t binning correctly with temporal queries.
Improved responsiveness of distribution of very large resources.
Fixed issue where query rewriting on data explorer did not handle a words filter after multiple module filters.
Fixed an issue with kit config macros when sharing kits.
dup3so that we can build everything on ARM64.
Added startup checks on capability flags to help with debugging broken installs.
Fixed issue with Corelight JSON to TSV preprocessor where tabs were rendered in the output data.