Changelog for version 5.4.8#

Released 03 May 2024#

Gravwell#

Additions#

  • Added the ability for an admin to change ownership for Query Library, Alerts, Flows, Scheduled Searches, Scripts, Playbooks, and Macros.

  • Added the ability to share write access with a group for Scripts, Playbooks, Kits, and Macros.

  • Added more execution context options to allow users to debug Flows in an Alert context prior to associating with the Alert.

  • Added support for rich formatting blocks in Slack Message node.

  • Added a new “method” field (password, sso, sudo) to logs related to login events.

  • Added summary stats to the search finished log messages.

  • Added logging for 503 responses on the direct query API.

  • Changed the behavior when duplicating a Flow to disable scheduling by default.

Bug Fixes#

  • Fixed an issue where an admin could enumerate resources by name in query autocomplete but could not actually read resources owned by others.

  • Fixed an issue where an API token could not be used after restore without restarting the web server.

  • Fixed an issue where creating a new Flow as an admin with a different user set as the owner would still result in a Flow owned by the admin.

  • Fixed an issue where creating a new Macro as an admin with a different user set as the owner would still result in a Macro owned by the admin.

  • Fixed an issue where the number on the ingest graph was not updated after switching indexers.

  • Fixed an issue where the Search Group Visibility selector in preferences was not disabled for users lacking the necessary CBAC capability.

  • Fixed an issue where required fields were not enforced when starting a query with a Template.

  • Fixed an issue where the preview would not update after an Actionable trigger expression was changed.

  • Fixed an issue where saving a new Actionable with an action could cause multiple Actionables to be created.

  • Fixed an issue where the Flow context menu would not show Alerts.

  • Fixed an issue where the name field in Flows would warn about a duplicate name when saving a Flow for the first time.

  • Fixed an issue where vertically tall data calendars would reload on scroll.

  • Fixed an issue where Dashboard tile colors would shift incorrectly after deleting a search.

  • Fixed an issue where Query Studio Fields values would not show with the table renderer.

  • Fixed an issue where a very long URL would overflow the modal to Share a URL.

  • Fixed an issue where timeframes from a shared query URL would not be used.

  • Fixed an issue where an admin’s search History in Query Studio would display the search History for all users.

  • Fixed an issue where Persistent Search filters would reset on refresh.

  • Fixed an issue where 404 errors were not displayed to users when attempting to attach to a Persistent Search.

  • Fixed an issue where “Fetching data…” message would not disappear after launching a search on a timeframe with no data.

  • Fixed an issue where selecting a custom timeframe would not automatically unlock a locked timeframe.

  • Fixed an issue with the Throttle node that would prevent flows that existed prior to 5.4.7 from running.

  • Fixed an issue with referential integrity on shared assets after a group is deleted.

  • Improved performance on very large cracked entries in Query Studio.

  • Reduced the delay between starting a replication listener and accepting connections.

Ingesters#

Bug Fixes#

  • Fixed an issue where File Follower would not start if a state file was unreadable.