["Log Analytics"]["Release Notes"]

ITRS Log Analytics 7.x Release Notes

Overview

Log Analytics release notes contain the list of all new or enhanced features and a list of all issues fixed in the current release.

To view the Log Analytics 6.x.x release notes, see ITRS Log Analytics 6.x Release Notes.

For more information, see Log Analytics documentation .

Log Analytics 7.0.4

Released: 15 December 2020

New features

These are the new features of this release:

Module or component Release description
Alert New Alert method for the OP5 Monitor added to GUI.
Alert New Alert method for Slack added to GUI.
Alert The ability to rename an already created rule was added.
Alert Groups for different alert types.
Alert Possibility to modify all alarms in a selected group.
Alert Calendar for managing notifications.
Alert Escalate the alarm after a specified time.
Alert The Hive integration.
Beats Beats added to the installation package.
Central Agents Management (masteragent) Stop, start, and restart for each registered agent.
Central Agents Management (masteragent) Status of detected beats and master agent in each registered agent.
Central Agents Management (masteragent) Tab with the list of agents can be grouped.
Central Agents Management (masteragent) Auto rolling documents from .agents index based on a Settings in the Config tab.
Dashboards Possibility to play a sound in the dashboard.
QualysGuard Integration with the dedicated dashboard.
Tenable.SC Integration with the dedicated dashboard.
Wazuh Added the installation package.
Other New plugin: Archive specified indices.
Other Applications access management based on roles.
   

Improvements

These are the improvements of this release:

Module or component Release description
Alert Added sorting of labels in comboxes.
Alert Chain/Logical Introduced a few improvements.
AD integration Domain selector on the login page.
Audit Cache for audit settings (performance).
Diagnostic-tool.sh Added cerebro to audit files.
Incidents New field was added: ToSkipForVerify. This is an option for skipping false-positives.
Installation script The setup script validates the license.
Installation script Support for CentOS 8.
Object permission When adding an object to a role in Object permission it is now possible to add related objects at the same time.
Skimmer New metric added: increase of documents in a specific index.
Skimmer New metric added: size of a specific index.
Skimmer New metric added: expected data nodes.
Skimmer New metric added: Kafka offset in Kafka cluster.
User roles Alphabetical, searchable list of roles.
User roles List of users assigned to a given role.
   

Issues fixed

These are the issues we have fixed in this release:

Module or component Release description
Alert Aggregation schedule time.
Alert Loading new_term fields.
Alert RecursionError: maximum recursion depth exceeded in comparison.
Alert Match_body.kibana_discover_url malfunction in aggregation.
Alert Dashboard Recovery from the Alert Status tab.
Dashboards Logserver_table removed in 7.x.x. It has been replaced with basic table.
Elasticsearch-auth Forbidden — not authorized when querying an alias with a wild card.
Logstash Mikrotik pipeline — failed to start pipeline.
Reports Black bars after JPEG dashboard export.
Reports Problems with Scheduled reports.
Other Role caching fix for working in multiple node setup.
   

Log Analytics 7.0.3

Released: 23 September 2020

New features

These are the new features of this release:

Module or component Release description
Alert New alert type: Chain. It creates alerts from underlying rules triggered in a defined order.
Alert New alert type: Logical. It creates alerts from underlying rules triggered with defined logic (OR,AND,NOR).
Alert Correlate alerts for Chain and Logical types. An alert is triggered only if each rule returns thesame value (for example, IP, username, process).
Alert Each triggered alert is indexed with unique alert_id — the field added to the default field schema.
Alert Processing Time visualization on Alert dashboard — it is now easier to identify badly designed alerts.
Alert Support for automatic search link generation.
Auditing Added an IP address field for each action.
Auditing Added the possibility to exclude values from auditing.
Input Added MikroTik parsing rules.
MasterAgent Added the possibility for beat agent restart and the master agent itself (GUI).
Skimmer Indexing rate visualization.
Skimmer New metric: offset in Kafka topics.
Skimmer New metric: expected-datanodes.
   

Improvements

These are the improvements of this release:

Module or component Release description
Alert Improved performance with multi thread support (now default).
Alert Validation of email addresses in the Alerts plugin.
Alert Difference rule description include examples for alert recovery function.
Blacklist Name field and Field names in the Fields column & Default field exclusions
Blacklist runOnce is now only terminated on a fatal Alert failure.
Blacklist IOC excludes threats marked as false-positive.
Incidents New design for Preview.
Incidents A new feature was added: Note. It provides the ability to add notes to incidents.
Logstash MasterAgent pipeline shipped by default
Logtrail Improved the beauty and readability of the plugin
MasterAgent Possibility to exclude older SSL protocols.
MasterAgent Now supports Centos 8 and related distros.
Risks Possibility to add new custom value for risk without the need to index that value.
Security jquery updated to 3.5.1.
Security Bootstrap updated to 4.5.0.
Skimmer Service status check was rewritten to dbus API.
XLSX import Updated to 7.6.1.
Other The Help button in Kibana now leads to the official product documentation.
Other Centralization of previous alert code changes to a single module.
Other Adding sample data and web sample dashboard from the home page was fixed. Changes were made in the default-base-template.
Other Copy/Sync now supports insecure mode (operations without certificates).
Other Search and sort support was added for the User List in the Config section.
   

Issues fixed

These are the issues we have fixed in this release:

Module or component Release description
Alert .alertrules is not a required index for proper system operation.
Alert /opt/alerts/testrules is not a required directory for proper system operation.
Alert .riskcategories is not a required index for proper system operation
Alert Overwriting an alert when trying to create a new alert with the same name.
Alert Wrong Alert status in the alert status tab.
Blacklist Removal of the doc type in blacklist template.
Blacklist Problem with generate_kibana_discover_url: true directive.
Reports Export to CSV supports the STOP action.
Reports Scroll errors CSV csv exports.
Reports When exporting dashboards, PDF generates only one page or cuts the page.
Skimmer Forcemerge caused under 0 values for cluster_stats_indices_docs_per_sec metric.
Other Individual special characters caused problems in user passwords.
Other Bad permissions for scheduler of Copy/Sync module has been corrected
Other diagnostic-tool.sh: wrong name for the archive in output..
Other Malfunction in Session Timeout.
Other Missing directives service_principal_name in bundled properties.yml.
Other Wrong product logo when viewing dashboards in full screen mode.
   

Log Analytics 7.0.2

Released: 29 June 2020

New features

These are the new features of this release:

  • Creating manual incidents from the Discovery section.

  • New Kibana plugin — Sync/Copy between clusters.

  • Analyzing historical data with a defined alert.

  • Indicators of compromise (IoC) — providing blacklists based on Malware Information Sharing Platform (MISP).

  • Automatic update of MaxMind GeoIP Databases [asn, city, country].

  • Extended LDAP support.

  • Cross cluster search.

  • Diagnostic script to collect information about the environment, log files, configuration files — utils/diagnostic-tool.sh.

  • New beat: op5beat — dedicated data shipper from OP5 Monitor.

Improvements

These are the improvements of this release:

  • Added _license API for Elasticsearch (it replaces the license path which is now deprecated and will stop working in future releases)

  • _license API now shows expiration_date and days_left.

  • Visual indicator on the Config tab for expiring license (for 30 days and less).

  • Creating a new user now requires re-entering the password.

  • Complexity check for password fields.

  • Incidents can be supplemented with notes.

  • Alert Spike: more detailed description of usage.

  • ElasticDump added to base installation — /usr/share/kibana/elasticdump.

  • Alert plugin updated — frontend.

  • Reimplemented session timeout for user activity.

  • Skimmer: new metrics and dashboard for Cluster Monitoring.

  • Wazuh config/keys added to the small_backup.sh script.

  • Logrotate definitions for Logtrail logfiles.

  • Incidents can be sorted by Risk value.

  • UTF-8 support for credentials.

  • Wazuh: wrong document_type and timestamp fields.

Issues fixed

These are the issues we have fixed in this release:

  • Audit: Missing Audit entry for successful SSO login

  • Report: "stderr maxBuffer length exceeded" — export to CSV.

  • Report: "Too many scroll contexts" — export to CSV.

  • Intelligence: incorrect work in updated environments.

  • Agents: fixed wrong document type

  • Kibana: "Add Data to Kibana" from Home Page.

  • Incidents: the preview button uses the wrong index-pattern.

  • Audit: Missing information about login errors of ad/ldap users.

  • Netflow: fix for netflow v9.

  • MasterAgent: none/certificade verification mode should work as intended.

  • Incorrect CSS injections for dark theme.

  • The role could not be removed in specific scenarios.

Log Analytics 7.0.1

Released: 19 March 2020

New features

These are the new features of this release:

  • Major update is now based on Elasticsearch 7.3.2, Kibana 7.3.2 and Logstash 6.8.6.

  • Migration of all existing features from version 6.1.8 and below.

  • New plugin for working with XLSX import.

  • Embedded curator for index management.

  • New design for system and underlying plugins.

Improvements

These are the improvements of this release:

  • All node_modules Kibana dependencies updated.

  • Report plugin redesigned.

Issues fixed

These are the issues we have fixed in this release:

  • Fixed the alert type description.

  • Fixed empty report.

 

Disclaimer: The information contained in this document is for general information and guidance on our products, services, and other matters. It is only for information purposes and is not intended as advice which should be relied upon. We try to ensure that the content of this document is accurate and up-to-date, but this cannot be guaranteed. Changes may be made to our products, services, and other matters which are not noted or recorded herein. All liability for loss and damage arising from reliance on this document is excluded (except where death or personal injury arises from our negligence or loss or damage arises from any fraud on our part).

Other releases

ITRS Log Analytics 7.x Release Notes

Released: 23 September 2020

Last updated: 19 March 2020

ITRS Log Analytics 6.x Release Notes

Released: 17 September 2018

Last updated: 3 February 2020

ITRS Log Analytics 2.x Release Notes

Released: 18 June 2018

Last updated: 27 August 2018