Changelog
- Changed parsing timestamps by epoch instead of date string
Changelog
- Added blocking direction option to response configuration.
- Added wildcard namespace to dataset configurations.
Support TrusGuard 3.1.0 version.
- (NEW) module_flag 1018: tg-iface-traffic
- Parsing by module_flag regardless of type value for version 3 logs.
Changelog
- Added MARS SLF log parser, log schemas, logger model, and dashboards
Support alert log formats
* Added support for parsing alert logs and added log schema
Changelog
- Separately extracted the malware, tool, campaign, and vulnerability fields from the relation field in the Quaxar threat intelligence feed to facilitate data processing. Renamed the existing malware field to malware_family.
- Fixed a bug that resulted in duplicate records of the same IoC when downloading Quaxar threat intelligence feeds.
- Fixed NPE when running quaxar-attack-surface-reports, quaxar-exposed-services commands (service response changed)
- Fixed JSON parsing error when running quaxar-exposure-service-stats and quaxar-exposure-trends commands (service response changed)
Added 37 WAPPLES query commands:
* wapples-acl-rules
* wapples-add-acl-rule
* wapples-add-acl-rule-batch
* wapples-add-snmp-trap-server
* wapples-add-syslog-server
* wapples-alerts
* wapples-audit-snmp-trap-categories
* wapples-audit-syslog-categories
* wapples-cpu-info
* wapples-disk-partitions
* wapples-ha-info
* wapples-intrusion-snmp-trap-categories
* wapples-intrusion-syslog-categories
* wapples-intrusion-syslog-fields
* wapples-license
* wapples-remove-acl-rule
* wapples-remove-acl-rule-batch
* wapples-remove-snmp-trap-server
* wapples-remove-syslog-server
* wapples-set-audit-snmp-trap-categories
* wapples-set-audit-syslog-categories
* wapples-set-intrusion-snmp-trap-categories
* wapples-set-intrusion-syslog-categories
* wapples-set-intrusion-syslog-fields
* wapples-set-snmp-trap-config
* wapples-set-syslog-ca-certificate
* wapples-set-syslog-chain-certificate
* wapples-set-syslog-client-certificate
* wapples-set-syslog-config
* wapples-snmp-trap-config
* wapples-snmp-trap-servers
* wapples-syslog-config
* wapples-syslog-servers
* wapples-syslog-tls-certificates
* wapples-sysmon-stats
* wapples-users
* wapples-version
Improvement
* Modified slack-send-batch query command to be available in stream queries.
Changes
- Support cancel the withflow-rules command while it is running
First release
- Support withflow-rules command
First release
- SLF Platform 2.5.5.3.6, Analysis Engine 4.5.9.4 version
- File upload, Get analysis status, Get analysis report commands.
First release
- Log parser, Log schema, Logger model, Dashboard
First release
- Log parser, Log schema, Logger model, Dashboard
First release
- JSON Normal log parser
- Logger model
- Process, File, HTTP event dashboards
Support four additional formats of V2.8.3 firmware
* Added audit, dns_security, ips_ddos_detect, ips_ddos_incident log types
* Added four log schema
* Added Attack Dashboard
Fixed in and out fields having opposite meanings.
Support for log v0.7 format
- cubevms-assets: apply additional code value of asset status
- cubevms-solidstep-reports: add multiple output fields
First release
- log parser, logger model, Log schemas, dashboard
First release
- CEF log parser, logger model, dashboard
Support Apache Hadoop 2.10