Release Notes Version 3.1.80-20

  • Release date: 01/July/2022

  • Type: Standard

  • Main changes: redborder manager.

This is the release notes for version 3.1.80-20.

What’s new

  • Improve security by updating some essentials system services.

Improvements

  • Improvement #14003: Add RPM RSA/SHA256 signature.

  • Improvement #14040: Disable TLS 1.0 and 1.1 in service application layer.

Resolved Issues

  • BugFix #13141: Solve radius database update after change of Access Point Mac Address.

  • BugFix #13399: Solve social module service not running in proxy.

  • BugFix #13383: Solve namespace enrichment for scanner sensors.

  • BugFix #13395: Solve restarting problem for scanner service.

  • BugFix #13459: Fix missing CVE vulnerabilities data after installation.

  • BugFix #13491: Fix scanner sensor not draggable on sensor tree view.

  • BugFix #13573: Adapt system memory for sflow service.

  • BugFix #13592: Fix mongod.pid exists during rb_sysconf manager wizard.

  • BugFix #13656: Fix social module service property in proxy.

  • BugFix #13678: Fix GeoIP update links.

Release Notes Version 3.1.80-19

  • Release date: 20/December/2021

  • Type: Standard

  • Main changes: redborder manager.

This is the release notes for version 3.1.80-19.

What’s new

  • There is nothing new on this version, we had been working on fixing multiple bugs.

Improvements

  • Improvement #13295: Change order of default Vault Tabs.

  • Improvement #13203: New default alarms on the platform.

Resolved Issues

  • BugFix #13326: Fix problem with timestamp in vault sensor on proxy.

  • BugFix #13330: Fix adding default flow monitors cause a problem on the sensor creation affecting to the license system.

  • BugFix #13333: Fix adding default monitors in flow sensors.

  • BugFix #13341: Fix filter by sensor name on modules.

  • BugFix #13342: Fix filter by organization in monitor widgets.

  • BugFix #13343: Remove some rsyslog templates that were not needed in proxy.

  • BugFix #13346: Fix filters on Monitor Tops view.

  • BugFix #13353: Fix add monitor for device sensors.

  • BugFix #13281: Fix installing vault plugins on all nodes.

  • BugFix #13286: Fix translation error on filter sensor name, monitor module.

  • BugFix #13306: Fix custom monitors that were not working.

  • BugFix #13309: Fix missing device chef role.

  • BugFix #13380: Fix duplicate info in rb-scanner pipeline.

  • BugFix #13195: Fix alarms that cointains the character % in their title.

  • BugFix #13204: Fix logstash-plugin where not update after a cluster update.

  • BugFix #13212: Fix faling mongod virtual-ip setup on Cluster Setting.

  • BugFix #13215: Fix filter bug on mobility module after going to the map sensor view.

  • BugFix #13216: Fix missing translation on RAW Table widget.

  • BugFix #13220: Fix missing zone uuid on mobility pipeline.

  • BugFix #13223: Fix Location logstash filter doint counter_store and flow_counter causing the pipeline to act slow.

  • BugFix #13256: Fix custom snmp monitor operation cant be blank error.

  • BugFix #13257: Fix logstash pipelines activation in a cluster setup.

  • BugFix #13263: Fix missing translation on add widget (Infraestructure sensor) view.

  • BugFix #13264: Fix missing translation on Tools Overlay Maps view.

  • BugFix #13277: Fix missing client_id dimension on Vault module.

  • BugFix #13274: Fix empty plugin dimension caused druid realtime and rb-webui service stop working.

Release Notes Version 3.1.80-18

  • Release date: 04/Novemeber/2021

  • Type: Standard

  • Main changes: redborder manager.

This is the release notes for version 3.1.80-18.

What’s new

  • There is nothing new on this version, we had been working expanding our audits area.

Improvements

  • Improvement #13148: Audit General Settings

  • Improvement #13149: Audit http ssl certificates

  • Improvement #13150: Audit relay and ntp servers settings

  • Improvement #13151: Audit monitor and logs settings

  • Improvement #13152: Audit amazon cloudwatch settings

  • Improvement #13153: Audit network routes settings

  • Improvement #13154: Audit fixed Hosts settings

  • Improvement #13155: Audit geoIP file settings

  • Improvement #13157: Audit session timeout

  • Improvement #13158: Audit trap server settings

  • Improvement #13159: Audit radius accounting settings

  • Improvement #13160: Audit radius proxy authentication settings

  • Improvement #13166: Audit user login attempts and lockout user

Resolved Issues

  • BugFix #13161: Fix missing tabs modules for monitor that cause problems on saving settings

  • BugFix #13177: Fix redBorder Community Webui

Release Notes Version 3.1.80-17

  • Release date: 25/October/2021

  • Type: Standard

  • Main changes: redborder manager.

This is the release notes for version 3.1.80-17.

What’s new

  • There is nothing new on this version, we had been working on the audit area.

Improvements

  • Improvement #13124: Now the system can export the audits table using the normal external syslog feature

  • Improvement #13127: Add audit for alarms module

  • Improvement #13128: Add audit for reputation and signature policies

  • Improvement #13133: Add audit for add/delete white/black networks on General Settings

  • Improvement #13134: Add audit entry when an alarm is triggered

  • Improvement #13136: Add audit when use check rule sources and updates a signature policy

Resolved Issues

  • BugFix #13117: Fix issue with letsencrypt certificate and the Centos updates, now remote update is working again

  • BugFix #13121: Fix error on recreate RSA key

Release Notes Version 3.1.80-16

  • Release date: 19/October/2021

  • Type: Standard

  • Main changes: redborder manager.

This is the release notes for version 3.1.80-16.

What’s new

  • New Vulnerability Scanner module (that its disabled by default)

Improvements

  • Improvement #13033: Register the logout of users in Audit section

  • Improvement #13034: Register change of credentials in Audit section

  • Improvement #13035: Register change of RSA key in Audit section

  • Improvement #13036: Now users can customize the lock session time

  • Improvement #13037: Improve the security requirments for users passwords

Resolved Issues

  • BugFix #13057: Rsyslog fix on IDS/IPS sensor

  • BugFix #13062: Fix CheckAlarmsJob running when reactive Alarms

  • BugFix #12966: Fix error on rb-register in Proxy

Release Notes Version 3.1.80-15

  • Release date: 12/August/2021

  • Type: Standard

  • Main changes: redborder manager.

This is the release notes for version 3.1.80-15.

What’s new

  • Support for Captive Portal using Flow Sensors

  • Alarms using Slack

  • New Apache plugin for Vault module

  • New Dnsmasq plugin for Vault module

  • New Business Intelligence module

Improvements

  • Improvement #12946: Update of rmagick gem

Resolved Issues

  • BugFix #12841: Multiple fixes in Report module

  • BugFix #12892: Fixing druid feed for Intrusion module

  • BugFix #12904: Getting back darklist on Flow module

  • BugFix #12925: Clean cache for event enrichment process

  • BugFix #12958: Add vlan id support for proxy flow exporter

  • BugFix #12960: Fix netflow dimension (cisco_src_vlan)

  • BugFix #12962: Fix security issue on Monitor Categories

  • BugFix #12977: Fix bug on Vault Items View

  • BugFix #12989: Fix advance filters on Vault module

  • BugFix #12995: Fix API call with namespaces

Release Notes Version 3.1.80-14

  • Release date: 03/March/2021

  • Type: Standard

  • Main changes: redborder manager.

This is the release notes for version 3.1.80-14.

What’s new

  • Nothing new on this release.

Release Notes Version 3.1.80-13

  • Release date: 28/Feb/2021

  • Type: Standard

  • Main changes: redborder manager.

This is the release notes for version 3.1.80-13. Multiple bugs has been reported and fixed.

What’s new

  • Nothing new on this release.

Improvements

  • Improvement #12758: Reports: Selecting Widgets Buttons

  • Improvement #12702: Rotate logstash logs with logrotate

Resolved Issues

  • BugFix #12546: Failed to import rules in CEP

  • BugFix #12754: Badly formatted text on screen when password entered is wrong in User Settings

  • BugFix #12762: Full translation of error messages not implemented in User Settings

  • BugFix #12784: The email is not sent to the users listed in the Report

  • BugFix #12547: Importing CSV file in Sensors, Error 500!

  • BugFix #12607: Default tab not selected when swap view from tops on mobility

  • BugFix #12653: Sensors IP Variables (IDS/IPS)

  • BugFix #12656: Sensors Port Variables (IDS/IPS)

  • BugFix #12658: Sensor Group IP Variables (IDS/IPS)

  • BugFix #12660: Sensor Group Port Variables (IDS/IPS)

  • BugFix #12662: Sensor Group Binding IP Variables (IDS/IPS)

  • BugFix #12664: Sensor Group Binding Port Variables (IDS/IPS)

  • BugFix #12667: Sensor Event Rules Search Bar (Limits & Suppress)

  • BugFix #12707: Error with redfish on redBorder-proxy

  • BugFix #12711: Unable to update Shape / Image widget without uploading a new image

  • BugFix #12719: Multiple multilanguage missins translations and errores fixes

  • BugFix #12458: Advanced Search and Alarm Creation Error

  • BugFix #12481: Creating a ticket in Zendesk using the Redborder Manager

  • BugFix #12512: Addign a tier in Default Rules, General settigns

  • BugFix #12518: Error 500! in IP Variables, General Settings

  • BugFix #12538: Can’t save a new filter in Advanced Search category (Social module)

  • BugFix #12541: Hanging Screen In Reports while Removing Page

Release Notes Version 3.1.80-12

  • Release date: 13/Jan/2021

  • Type: Standard

  • Main changes: redborder manager.

This is the release notes for version 3.1.80-12. Multiple bugs has been reported and fixed.

If you want to update from a version prior to 3.1.80-12, please download and execute first this script in the node where you will make the cluster update process: http://repo.redborder.com/utils/rb_preupdate_80-12.sh

What’s new

  • Nothing new on this release.

Improvements

  • Improvement #12649: install npdi 3.4 for pmacctd in proxy

Resolved Issues

  • BugFix #12544: CEP: Validation doesn´t work in 'New Rule Wizard'

  • BugFix #12545: CEP: Failed to export rules created using the wizard

  • BugFix #12709: CEP: Translation missing on import rule

  • BugFix #12263: CEP: error messages have weird characters

  • BugFix #12542: CEP: Cannot add new output when creation a rule.

  • BugFix #12492: CEP: Creation error on default rules

  • BugFix #12550: Alarms: Not allowing null search values when creating filter

  • BugFix #12696: Alarms: Missing translation en.monitor2 on formulary

  • BugFix #12569: Social: Tiles view giving druid error

  • BugFix #12698: Social: Please Wait hangs on RAW info view with error 500

  • BugFix #12570: Dashboards: Error 500 when importing dashboard from other manager

  • BugFix #12536: Reports: Error 500 when a wrong file is inserted

  • BugFix #12540: Reports: Generate PDF button not working

  • BugFix #12567: Reports: Error when a future date is selected

  • BugFix #12609: Reports/Dashboards: Problem when a different file is uploaded

  • BugFix #12671: Reports/Dashboards: Problem uploading a file that is not an image in the widget EDITOR

  • BugFix #12632: Cluster Settings: Save button is not working

  • BugFix #12513: Cluster Settings: Delete all the default rules problem

  • BugFix #12520: Cluster Settings: Broken time period value on Historial Rules

  • BugFix #12524: Cluster Setting: Rule title docs not change when the rule type is changed

  • BugFix #12526: General Settings: Delete button in port variables not working

  • BugFix #12516: General Settings: "Disappearing" categories

  • BugFix #12525: General Settings: Error 500 in Port Variables

  • BugFix #12527: General Settings: Grey box in GEoIP

  • BugFix #12502: General Settings: Not numeric limit for "Autoreload Dashboard time" and "Autoreload Raw Time"

  • BugFix #12514: General Settings: Broken default druid rules

  • BugFix #12690: Intrussion: tr.ips translation error on RAW view

  • BugFix #12684: Traffic: tr.flow translation error on RAW view

  • BugFix #12686: Vault: tr.vault translation error on RAW view

  • BugFix #12688: Sensors: Reputation Policies Import CSV Sensor

  • BugFix #12666: Sensors: Signature Policies Import CSV Sensor

  • BugFix #12489: Sensors: cloud registration problem

  • BugFix #12519: Sensors: IP Variables import not adding correctly

  • BugFix #12551: Sensors: Device sensor error when clicking on Hardware Info returns Error 500.

  • BugFix #12678: Widgets: The name of the uploaded image file does not appear

  • BugFix #12692: Widgets: Columns translation error on RAW Streams / Table widgets for Intrussion, Social and Vault

  • BugFix #12694: Widgets: Error translation Hardware info widget

  • BugFix #12538: Monitor Categories: missing OID information

  • BugFix #12534: Monitor Categories: Importation error

  • BugFix #12583: Proxy: missing rb-ale sensor

  • BugFix #12700: Rule Versions: help information not showing correctly

  • BugFix #12532: Licenses: Wrong format request

  • BugFix #12574: NMSP: plugin filter retrieves stores without checking on existence

  • BugFix #12501: Mobility: Applying a filter on the fields in the status tab does not work

  • BugFix #12497: Mobility: Save Current Filter does not do anything

Release Notes Version 3.1.80-11

  • Release date: 14/Oct/2020

  • Type: Standard

  • Main changes: redborder manager.

This is the release notes for version 3.1.80-11. Multiple bugs has been reported and fixed.

What’s new

  • Add more languages to webui (We support English and Spanish)

  • Vault plugins can be manage from the webui

  • Shodan.io on default lookup sources

  • Configurable login banner on webui and CLI

  • Many security improvements on the webui and CLI

Improvements

  • Improvement #12155: Creating CEP rule in a more graphical/user friendly way

  • Improvement #12328: User notification on the last access to the system

  • Improvement #12329: Increase strong passwords on users

  • Improvement #12330: Add maximum number of attempts to sign in to the webui.

  • Improvement #12337: Add an experiration time on users passwords

  • Improvement #12341: Remove tftp from manager and proxy for security reasons

  • Improvement #12344: Root and Admin users get block for 5 minutes after a 3 time fail login (CLI)

  • Improvement #12346: Add an inactivity time for SSH connections of 30 days.

  • Improvement #12360: Users can search on tabs in every module now

  • Improvement #12362: Add a close, close all and close to right tab button on modules

  • Improvement #12379: You can now import and export correatlion engine rules.

  • Improvement #12419: Default certification version of webui to version 3

  • Improvement #12434: New openssl 1.0.1e-58

Resolved Issues

  • BugFix #11790: Cleaning segments on namespaces.

  • BugFix #12067: Fix on reports with new hardware status widgets

  • BugFix #12159: Atop logs filling up the disk

  • BugFix #12224: Workers timeout on destroying IPS/IDS rules.

  • BugFix #12259: Error on registration when DNS is not set.

  • BugFix #12323: Missing bulkstats and refish columns from monitor module

  • BugFix #12349: Root and admin cannot be disable from users on webui

  • BugFix #12351: Update RPM in IPS now is working

  • BugFix #12365: Sync problem on webui when clicking too fast

  • BugFix #12370: Application, and other objects default list was remove after creating a new one

  • BugFix #12372: Object vlan was not working on IPS enrichment

  • BugFix #12429: Wrong web redirection after creating widgets from a module

Release Notes Version 3.1.80-10

  • Release date: 30/May/2020

  • Type: Standard

  • Main changes: redborder manager.

This is the release notes for version 3.1.80-10. Multiple bugs has been reported and fixed.

What’s new

  • None in this release

Improvements

  • Improvement #12174: A new way to clean memcache system

  • Improvement #12189: Eject the disk after installation

Resolved Issues

  • BugFix #12222: Edit button hide to non admin users on flow and vault sensors

  • BugFix #12224: Increase time of workers to complete rule db versions

  • BugFix #12228: Device sensor was not draggable.

  • BugFix #12230: Edit organizations affects to megabytes_limit and http2k service

  • BugFix #12205: Darklist not in memcache after installation

  • BugFix #12205: On widgets title is overwritten byt columnname

  • BugFix #11790: rb_clean_segments only taking into account the last rule apply

  • BugFix #12067: reports fix and integration with new widgets

  • BugFix #12097: Audition on flow sensors not showing up

  • BugFix #12192: Same vault sensor name in different organizations

  • BugFIx #12198: Remove dashes from bulkstats directories

Release Notes Version 3.1.80-9

  • Release date: 11/May/2020

  • Type: Standard

  • Main changes: redborder manager.

This is the release notes for version 3.1.80-9. Multiple bugs has been reported and fixed.

What’s new

  • None in this release

Improvements

  • Improvement #12033 Update logstash to 7.4.2

  • Improvement #12040 New full enrichment with logstash/realtime and namespaces support

  • Improvement #12137 Add support for rb_radius on realtime

Resolved Issues

  • BugFix #12053: Fix error on rb_get_bulkstats_columns script

  • BugFix #12120: Fix rb_state default with realtime in manager role

  • BugFix #12127: Add missing dst_mac field on rb-exporter

Release Notes Version 3.1.80-7

  • Release date: 06/Dec/2019

  • Type: Standard

  • Main changes: redborder manager.

This is the release notes for version 3.1.80-7. Multiple bugs has been reported and fixed.

What’s new

  • None in this release

Improvements

  • Device Sensor support in proxy/exporter

Resolved Issues

  • BugFix #11802: rb-exporter grey out managment interface

  • BugFix #11804: console port not working on new kernel version

  • BugFix #11804: console port not working on new kernel version

  • BugFix #11837: Error 500 on advance filters in Mobility module

  • BugFix #11842: Monitor Categories creation permissions

  • BugFix #11854: Unique menu not showing correctly

  • BugFix #11857: rb-sociald log rotation

  • BugFix #11872: Error on memory calculation for druid historical threads

  • BugFix #11873: Error 500 on AP view

  • BugFix #11878: SNMP monitor unit interger Error

  • BugFix #11884: Widget is empty in some timezones

Release Notes Version 3.1.80-6

  • Release date: 30/Oct/2019

  • Type: Standard

  • Main changes: redborder manager.

This is the release notes for version 3.1.80-6. Multiple bugs has been reported and fixed. If you want to update from a version prior to 3.1.80-6, please download and execute first this script in the node where you will make the cluster update process:

What’s new

  • New kernel update to 2.6.32-754.

  • New druid version 0.12.3.

  • New keepalived version 2.0.18.

  • Exporter functionality in proxy.

  • Arpwatch integration with the exporter.

  • Vault plugins support.

  • Redfish, IPMI, SNMP custom monitors.

  • Sflow support in proxy.

Improvements

  • Improved groupBy query to v2 with the new version of druid.

  • Support new hardware with the new version of the linux kernel.

  • Set a default druid rule of one month when install using the wizard.

  • Add sflow to the load balance via keepalived.

  • GUI improvements.

  • HTTPS support for Meraki.

Resolved Issues

  • BugFix #11659: Fix bug on pretag sFlow service.

  • BugFix #11676: Fix bug on default dashboard.

  • BugFix #11703: Fix bug on kill scripts druid services.

  • BugFix #11727: Fix export zones in sensors.

  • BugFix #11729: Fix logstash limit logs storage.

  • BugFix #11731: Fix on metadata cron job script.

  • BugFix #11736: Fix keepalived not working correctly.

  • BugFix #11748: Fix Meraki not working properly.

  • BugFix #11750: Fix snort preprocessor IIS Unicode map error.

  • BugFix #11752: Fix filters on gui not working.

  • BugFix #11652: Fix on VirtualIP GUI integration not working properly.

Release Notes Version 3.1.80-4

  • Release date: 10/Aug/2018

  • Type: Standard

  • Main changes: redborder manager.

This is the release notes for version 3.1.80-4. Multiple bugs has been reported and fixed.

What’s new

  • None in this release

Improvements

  • None in this release

Resolved issues

  • BugFix #10774: Fix problem with s3cmd.

  • BugFix #10775: Fix problem on check licenses daily.

  • BugFix #10776: Fix problem on check licenses weekly.

  • BugFix #10840: Fix spaces names problem on vault sensors.

  • BugFix #10961: Fix mobility filters problem.

  • BugFix #10962: Fix mobility widgets problem.

  • BugFix #10965: Matching rails version with redBorder version.

  • BugFix #11011: Fix adding a Vault/Flow with the same IP problem.

  • BugFix #11014: Fix dashboard pictures aspect ratio problem.

  • BugFix #11013: Fix bug updating ip on flow was not really updated.

  • BugFix #11027: Fix import sensors vault/social and error on the job helper.

  • BugFix #11032: Removing loggly option on the website.

  • BugFix #11068: Fix problem on rsyslog mmrfc5424addhmacm problem.

Release Notes Version 3.1.80-2

  • Date of release: 19/Jan/2018

  • Type: LTS

  • Main changes: redborder manager.

This is the release notes for version 3.1.80-2 LTS. Multiple bugs has been reported and fixed. If you want to update from a version prior to 3.1.79-15, please download and execute first this script in the node where you will make the cluster update process:

What’s new

  • New sflow support.

  • Notice when license is about to expire.

Improvements

  • VAULT documentation.

  • New logstash pipeline support.

Resolved Issues

  • BugFix #10573: Update logstash to 6.1.1 due to bugs in pipeline processing.

Release Notes Version 3.1.80-1

  • Date of release: 15/Dec/2017

  • Type: LTS

  • Main changes: redborder manager.

This is the release notes for version 3.1.80-1 LTS. Multiple bugs has been reported and fixed. If you want to update from a version prior to 3.1.79-15, please download and execute first this script in the node where you will make the cluster update process:

What’s new

  • New Community edition.

  • Introduction to VAULT/logstash documentation.

  • New dimension ACTION on VAULT.

  • Support for IPS proxy policy assigment with new licensing model.

  • Disable rules using CSV file import.

  • DNS resolution on widgets.

  • Help for dashboard view.

  • New documentation IPS Administration.

  • Filter by organization on CSV consumption file.

  • New set of rules for VAULT and CEP.

  • New datasources in CEP (monitor, VAULT, flow, events).

Improvements

  • Improved backup cluster process.

  • Better SSL Certificate handler.

  • Improved bypass action from web interface.

  • Fast search in regex expression.

  • Hourly update rules support.

  • Show local URL by default for Web URL parameter in General settings.

  • Improvements for removing rules versions.

Resolved Issues

  • BugFix #10524: Error in category for VAULT

  • BugFix #10362: Last-check-in pointer appears in flow sensors with no APs.

  • BugFix #10488: Community: Wrong ET rules classification.

  • BugFix #10489: Community: IPS Rules’s actions are missed.

  • BugFix #10486: Community: Rules version sources missing.

  • BugFix #10422: In organization mode, licenses error listing.

  • BugFix #10312: Fix adding widget in reports.

  • BugFix #10425: Missing UUIDs in VAULT data.

  • BugFix #9940: Error in rb_sysconf creating multiple bondings.

  • BugFix #10401: Wrong datasources getting info from licenses view.

  • BugFix #10275: Error in Social sensor configured only fintering by text.

  • BugFix #10354: Error in events-counter with SIGUSR1 signals.

  • BugFix #10318: Map widget error exporting to PDF in reports with "Past Period".

  • BugFix #10313: Issues with reports (more than one page).

  • BugFix #10335: Flow sensors set product_type attribute as integer when is imported from CSV.

  • BugFix #10310: Map widget dissapears when PDF report is generated.

  • BugFix #10317: Error exporting multiserie widget in PDF reports.

Release Notes Version 3.1.79-16

  • Date of release: 19/Oct/2017

  • Type: Standard

  • Main changes: redborder manager.

This is the release notes for version 3.1.79-16. Multiple bugs and security bugs has been reported and fixed, prior the next release LTS. If you want to update from a version prior to 3.1.79-15, please download and execute first this script in the node where you will make the cluster update process:

What’s new

  • Correlation rules from factory.

  • Availability of extended information about license usage (MB/Day) in graphical and text (CSV) format.

  • Audit of RAW logs (VAULT) from S3.

  • New dimensions ip_country_code and public_ip

Improvements

  • New set of columns for raw VAULT view.

  • Removed obsolete notify to mobile option in Alarms.

  • Disabled session redirection after login.

  • Extended CEP documentation in the knowledgebase from http://support.redborder.com.

  • RAW view show only last hour by default. You need to use 'Filter → Advanced Search' to change window time.

Resolved Issues

  • BugFix #9939: Add sensors button must be removed in organization mode cluster.

  • BugFix #10195: Scaterplot overwrite elements from the limits.

  • BugFix #10111: IPS rb_sysconf can’t register against a manager domain.

  • BugFix #9946: Report block doesn’t load just after creation.

  • BugFix #10196: Inconsistent license status from web and from CLI.

  • BugFix #9125: Graphic issue with null values.

  • BugFix #10064: Proxy register fails when URL is not an IP address.

  • BugFix #10205: Sensor filter string overflow in global filters.

  • BugFix #10281: events-counter stop working after few days.

  • BugFix #10347: Load new rows in RAW tables doesn’t work.

  • BugFix #10342: Error modifying licenses in sensor removed.

  • BugFix #10270: Empty file download for event details at Vault RAW view.

  • BugFix #10320: dswatcher panics with no product type in sensor.

  • BugFix #10267: CheckAlarmJob doesn’t start with alarms assigned to disabled users.

  • BugFix #10323: Wrong help image in dashboard.

  • BugFix #10274: Different values from raw view and from widget in traffic module.

  • BugFix #10206: Error in RAW widgets.

  • BugFix #10276: Error enabling/disabling users in User view.

  • BugFix #10232: Error disabling CEP rules from webGUI.

Release Notes Version 3.1.79-15

  • Date of release: 31/July/2017

  • Type: Standard

  • Main changes: redborder manager and IPS.

This is the release notes for version 3.1.79-15. Multiple bugs and security bugs has been reported and fixed, prior the next release LTS. If you want to update from a version prior to 3.1.79-15, please download and execute first this script in the node where you will make the cluster update process:

What’s new

  • New normalization and dimensions for VAULT.

  • Syslog messages go through manager and they can be relay to an external syslog server.

Improvements

  • SSl certificate deletion confimation.

Resolved Issues

  • BugFix #10004: Regex validation for web URL in initial and General settings.

  • BugFix #9769: Error creating sensor flow via API.

  • BugFix #10098: Rake task to assign product type.

  • BugFix #9060: Wrong values in alarms.

  • BugFix #10112: Wrong images in email templates.

  • BugFix #10101: Error on CEP migration.

  • BugFix #10033: Java downgrades after manager update.

  • BugFix #10035: Wrong values in normalized dimensions in VAULT

  • BugFix #10005: Error rendering cluster diagram widget.

  • BugFix #9964: All filters are rmoved after apply an Advanced Search.

  • BugFix #9976: Incorrect sensor name in VAULT sensor tab.

  • BugFix #10086: Overview widgets are not rendered in some situations.

  • BugFix #10006: SedReportJob fails.

Release Notes Version 3.1.79-14

  • Date of release: 14/July/2017

  • Type: Standard

  • Main changes: redborder manager and IPS.

This is the release notes for version 3.1.79-14. Multiple bugs and security bugs has been reported and fixed, prior the next release LTS.

What’s new

  • New use cases in CEP.

  • New normalization and dimensions for VAULT.

Improvements

  • Improvement for IPS and managers update process.

  • Improvement for licensing model.

Resolved Issues

  • BugFix #8990: Wrong rules number for IPS.

  • BugFix #9053: Too much time enabling/disabling IPS rules.

  • BugFix #9952: Fix dimensions in rb-samza-bi.

  • BugFix #9536: Can’t create monitor widgets.

  • BugFix #10019: IPS proxy fails registering process.

Release Notes Version 3.1.79-13

  • Date of release: 30/June/2017

  • Type: Standard

  • Main changes: redborder manager and IPS.

This is the release notes for version 3.1.79-13. The main goal for this version has been the new logs system engine based on logstash and the integration for correlation rules editor in the web interface. Multiple bugs and security bugs has been reported and fixed, prior the next release LTS.

What’s new

  • Integration for CEP rules in webUI

  • Basic use cases for correlation.

  • Support for VAULT licensing.

  • New parser engine integration for VAULT.

  • First parser rules for VAULT.

Improvements

  • Integration of VAULT with middlemanager (cluster with data enrichment)

  • hostname definition based on RFC 1123 and 952.

  • Improvement for syslog collector.

  • Improvement for VAULT storage.

Resolved Issues

  • BugFix #9766: Sensors help view updated.

  • BugFix #9806: Fix loop in event-counter configuration.

  • BugFix #9884: Fix Bytes/Day counter in Licenses view.

  • SecFix #9573: Obtaining dashboard configuration for any user.

  • BugFix #9559: Duplicated checkalarmJob.

  • SecFix #9588: Information exposure through an error message.

  • BugFix #9821: Changing user settings to "Administrator" does not work.

  • SecFix #9575: Obtaining user ID of active users.

  • BugFix #9885: Reaching of license limits does not work.

  • BugFix #9510: Fix quickstart documentation.

  • BugFix #9446: Error loading default monitors for flow sensors.

Release Notes Version 3.1.79-12

  • Date of release: 14/June/2017

  • Type: Standard

  • Main changes: redborder manager and IPS.

This is the release notes for version 3.1.79-12. Multiple bugs and security bugs has been reported and fixed, prior the next release LTS.

What’s new

  • VAULT indexing with middlemanager.

  • Store raw logs in S3.

  • Full hashing for all types of logs.

Improvements

  • None in this release

Resolved Issues

  • SecFix #9581: Adding domains of differnt type.

  • BugFix #9684: Traffic received with no license.

  • SecFix #9572: Domain and probe creation for any domain/user.

  • BugFix #9552: Error in widget compare.

  • SecFix #9584: Unofficial domains disclosure.

  • SecFix #9579: Loading malicious URL to any user dashboard.

  • BugFix #9675: Trial license doesn’t allow create and assign IPS rules.

  • BugFix #9660: rb-monitor check incorrect kafka server.

  • BugFix #9341: Indexing task logs are not configured correctly.

  • BugFix #9678: Chef nprobe template is incorrect.

  • BugFix #9563: Forgot password issue and infinite redirection at login page.

  • SecFix #9571: Obtaining list and config all from domains and probes.

  • BugFix #9779: CEP can’t parse multiple zk or kafka servers in config.yml file.

  • SecFix #9580: Modification and deletion of user alarms.

  • BugFix #9680: Manager reinstalled still accept events from IPS previously registered.

Release Notes Version 3.1.79-11

  • Date of release: 01/June/2017

  • Type: Standard

  • Main changes: redborder manager and IPS.

This is the release notes for version 3.1.79-11. The main goal for this version has been a new licensing model, including IPS sensors, and a first approach to LDAP authentication. Multiple bugs and security bugs has been reported and fixed, prior the next release LTS.

What’s new

  • New licensing model for IPS sensors.

  • Basic LDAP integration: you can authenticate using your LDAP server.

  • Support for event counter in organization licenses.

  • Timestamping for syslog events in vault module.

Improvements

  • None in this release

Resolved Issues

  • BugFix #9589: Invalid option in snort initscript environment for IPS and IPS_TEST mode.

  • BugFix #9029: No statistics in monitor for IDS/IPS metrics (perfmonitor stats).

  • BugFix #9557: Units in license do not match.

  • SecFix #9590: Administrator privilege escalation.

  • BugFix #9586: Error loading VRT rules 2.9.8.x.

  • BugFix #9564: Incorrect module Vault in main menu.

  • BugFix #9052: Widget IPS "Grouped Unique" does not work correctly.

  • SecFix #9578: Malicious file upload for all users accounts.

  • SecFix #9576: Obtaining list of all users.

  • SecFix #9574: Modification of user dashboards and reports.

  • BugFix #9525: Wrong repo in client proxy.

  • BugFix #9521: Wrong domain for support center webui.

  • BugFix #9543: Invalid value from flow crahes samza enrichment

  • BugFix #9555: Fix logo in error view.

  • BugFix #9556: Error in description for bps.

  • BugFix #9138: No graphs in Traffic view for big interval queries.

Release Notes Version 3.1.79-10

This is the release notes for version 3.1.79-10.

What’s new

  • Support for organization licenses.

  • New framework for trial version licenses (30 days).

  • Vault module for syslog and CEP messages.

  • Alternatives http port for webUI.

  • CEP (Complex Event Processing) correlation engine.

Improvements

  • Create rule.json to allow better backups in OLAP.

Resolved Issues

  • BugFix #9465: Bad reindexing configuration.

  • BugFix #9286: No IP address for flow sensor associated to proxy client.

  • BugFix #9531: Error connection to chef from dswatcher.

  • BugFix #9329: Wrong cdomain in slave nodes.

  • BugFix #9509: Chef-client service stopped during register.

  • BugFix #9350: big queries problem in historical.

  • BugFix #9308: Issue with shared dashboards after lock/unlock action.

  • BugFix #9338: Issue running map widgets.

Release Notes Version 3.1.79-9

This is the release notes for version 3.1.79-9.

What’s new

  • New licensing model.

Improvements

  • Better reports documents.

Resolved Issues

  • BugFix #9166: Wrong data bag values for monitors.

  • BugFix #9158: Byte limit overflow in license.

  • BugFix #8518: Disabled manager actions after proxy and snort generic registering.

  • BugFix #9061: Events accepted from previous IPS registered in a reinstalled manager.

  • BugFix #9287: Incorrect nprobe configuration in client proxy.

  • SecFix #5152: AWS Keys contained in sensors deployments.

  • BugFix #8634: Verification error in client proxy registering process.

  • BugFix #8577: Service rb-apspoller init fails in client proxy.

Release Notes Version 3.1.79-8

This is the release notes for version 3.1.79-8.

What’s new

  • New framework for next licensing model.

  • Support for serial number for teldat routers.

Improvements

  • Add sensors to the global filters.

  • New application name by default.

  • User-Agent dimension activated by default.

Resolved Issues

  • BugFix #9159: Error on first login settings information.

  • BugFix #9193: No sensor UUID dimension in realtime.

  • BugFix #9059: Incorrect services objects decoding.

  • BugFix #9006: Remove dimension "Group Name" in monitor.

  • Bugfix #9023: Incorrect reverse resolution for WAN IP Name.

  • BugFix #9028: Incorrect data in monitor’s graph.

  • BugFix #9058: Incorrect traffic values.

  • BugFix #9057: Error creatin sensor after removing it.

  • BugFix #8393: Incorrect view of menu button.

  • BugFix #8656: k2hhtp always set insecure option as false in client proxy.

Release Notes Version 3.1.79 - 3.1.79-7

This is the release notes for version 3.1.79 to 3.1.79-7.

What’s new

  • Update librdkafka to version 0.9.4

  • New dimensions for live versions

  • Remove dimensions

  • Show help for dashboard view.

  • When adding sensor add link to license if there is no license available

  • First login should request some parameters

  • Disable Auto and None license

  • Add checkbox to enable/disable filters on global filter section

  • Apply changes on global filter pressing ENTER to be faster

  • Allow create application objects for super admins

  • New dimension called Product Type

  • Add new dimension for url

  • New format of Applications data bag

  • Change Client DNS resolution to LAN DNS resolution

  • Delete dimensions from config init.rb

  • Add wan_interface_description and lan_interface_description at lib/modules/flow/config/init.rb

  • Update license process

  • Change label for observation id putting (optional) too

  • Validation to prevent that a license use more bucket that allowed

  • Move CheckAPStatusJob to ap_state module

  • License request view

  • Change email / password for first login

  • New default dashboard

  • Create a rake task for creating applications databag

  • Persist association of sensors and licenses in Chef

  • Associate sensors creation with license buckets.

  • Licenses with limits per sensor’s type

  • Show sensor’s limit from license in the GUI

  • Define license format

  • Change email layout to new one

  • Disable MAC and VLAN objects

  • New dimension product_type

  • Set the pie data details optional on the widget properties

  • Once the user is created a default dashboard will be copied for this user

  • Delete current default dashboard and add new default dashboard

  • Change sensor flow icon

  • Create new dimensions called lan_description and wan_description on Interface category

  • New overview widgets

  • Add product type as a property for Flow Sensors

  • Allow change service port objects by users

  • Update default application list

  • Hide workers and job for non admin users

  • New dimension exporting_process_id

  • New lan_l4_port and wan_l4_port

  • Graph representing the bytes uptake on the cluster

  • Add specific filters at globals filters

  • Rename/add flow dimensions

  • Add observation_id to flow sensors

  • dynamic {INGRESS/EGRESS}_INTERFACE_{NAME/DESCRIPTION}, SELECTOR_ID_NAME and APPLICATION_ID_NAME via options template

  • Objects to associate names to ports

  • nprobe new features

  • Dashboard’s URL

  • Global filters per dashboard

Improvements

  • At Global Filter, apply changes automatically when selecting Range or other selectors.

  • Make Global Filter more compact

  • Make smaller the range selector on Global filter

  • Move TOS from Datalink to Network category

  • Improve modal form for new license

  • Create default dashboard with delayed job.

  • Align subheaders to the right on Domain menu correctly

  • Changes in appearance

  • New look&feel images and color palette

  • Move Applications into Objects view

  • Duplicated dashboards if shared by user and by domain

  • Clarify the dashboard list

  • Include all metrics in the Raw detail view.

  • Functional tests for locations

Resolved Issues

  • BugFix #9035: CheckAlarmJob fails

  • BugFix #9033: APP objects creation fails

  • BugFix #9032: Druid dimensions changed in rb_event

  • BugFix #9021: Error enrichment with wan_ip_country_code

  • BugFix #9020: Remove WAN Net Address

  • BugFix #9019: Remove dimensions

  • BugFix #9017: Javascript error when searching a sensor in Tree

  • BugFix #9016: Disable autocomplete at input search in Sensor Tree

  • BugFix #9001: When Product Type is changed, the license selector show Auto and None.

  • BugFix #8994: Make icons the same size when searching at Sensor’s Tree

  • BugFix #8992: Disable private key at General Settings

  • BugFix #8991: When showing a Floor at Overview, show AP title correctly

  • BugFix #8975: Error 500 at loading licenses after trying to load IPS license

  • BugFix #8973: Graph outside the margin

  • BugFix #8968: If the license file is not valid (like pdf) throw an excption not captured

  • BugFix #8965: Don’t allow create Client Map widget if AP State module is not active.

  • BugFix #8964: Error accesing cluster uuid at Setting model.

  • BugFix #8963: Global filters are not included in Overview queries.

  • BugFix #8962: Objects APP searches doesn’t work

  • BugFix #8952: Legend on Horizontal Bar when the widget is too small

  • BugFix #8947: Error in icon "+" in overview view

  • BugFix #8946: Only show domains in Global filter

  • BugFix #8935: Error on uploaded live image

  • BugFix #8913: Error on rake db:seed on first installation

  • BugFix #8910: Wrong style in Select Organization view.

  • BugFix #8898: Error on organization_users relation

  • BugFix #8890: Labels in Global Filter are not showed

  • BugFix #8888: Error rendering some widgets in reports

  • BugFix #8885: Error in ApplicationObject callback to store in Chef

  • BugFix #8884: Outlier option in contextual menu

  • BugFix #8869: Installation error

  • BugFix #8861: Validate uniqueness of licences

  • BugFix #8852: Invite user window freezed after submitting it

  • BugFix #8790: Avoid warning console

  • BugFix #8786: When a widget is cloned in another dashboard, it’s rendered in the current dashboard.

  • BugFix #8785: Problem with dashboards when it has a lot of rows.

  • BugFix #8784: Error when clicking a widget

  • BugFix #8780: Error in reports/dashboards breadcrumb links

  • BugFix #8778: Error importing data (applications objects) on 10.0.150.17

  • BugFix #8777: Error creating app object

  • BugFix #8776: Error creating blocks in a report.

  • BugFix #8765: Overview widget redirection shows wrong metric in tops

  • BugFix #8758: Error exporting CSV applications

  • BugFix #8755: Error trying to create a widget on a report

  • BugFix #8716: Obtain the last details of RAW table doesn’t work

  • BugFix #8695: Unable to select granularities marked as Slow query

  • BugFix #8694: Improve creation of default widgets depending on active modules

  • BugFix #8693: Change the company value in db/seed

  • BugFix #8692: New gem into Gemfile

  • BugFix #8691: Remove wrong references in emails and change the palette color

  • BugFix #8690: Hide sections that do not work

  • BugFix #8688: Fix support link

  • BugFix #8672: The name of the proxy cannot contains "'".

  • BugFix #8586: Change image for recovery password view

  • BugFix #8566: Wrong percent bps values in widgets

  • BugFix #8526: Incorrect bps units scale.

  • BugFix #8378: Test the WebUI in different browsers and devices

  • BugFix #8342: Fix timestamp format in netflow.

  • BugFix #8951: Error changing sensor geolocation