Release History

Support alert log formats * Added support for parsing alert logs and added log schema

Changelog - Separately extracted the malware, tool, campaign, and vulnerability fields from the relation field in the Quaxar threat intelligence feed to facilitate data processing. Renamed the existing malware field to malware_family. - Fixed a bug that resulted in duplicate records of the same IoC when downloading Quaxar threat intelligence feeds. - Fixed NPE when running quaxar-attack-surface-reports, quaxar-exposed-services commands (service response changed) - Fixed JSON parsing error when running quaxar-exposure-service-stats and quaxar-exposure-trends commands (service response changed)

Added 37 WAPPLES query commands: * wapples-acl-rules * wapples-add-acl-rule * wapples-add-acl-rule-batch * wapples-add-snmp-trap-server * wapples-add-syslog-server * wapples-alerts * wapples-audit-snmp-trap-categories * wapples-audit-syslog-categories * wapples-cpu-info * wapples-disk-partitions * wapples-ha-info * wapples-intrusion-snmp-trap-categories * wapples-intrusion-syslog-categories * wapples-intrusion-syslog-fields * wapples-license * wapples-remove-acl-rule * wapples-remove-acl-rule-batch * wapples-remove-snmp-trap-server * wapples-remove-syslog-server * wapples-set-audit-snmp-trap-categories * wapples-set-audit-syslog-categories * wapples-set-intrusion-snmp-trap-categories * wapples-set-intrusion-syslog-categories * wapples-set-intrusion-syslog-fields * wapples-set-snmp-trap-config * wapples-set-syslog-ca-certificate * wapples-set-syslog-chain-certificate * wapples-set-syslog-client-certificate * wapples-set-syslog-config * wapples-snmp-trap-config * wapples-snmp-trap-servers * wapples-syslog-config * wapples-syslog-servers * wapples-syslog-tls-certificates * wapples-sysmon-stats * wapples-users * wapples-version

Improvement * Modified slack-send-batch query command to be available in stream queries.

Changes - Support cancel the withflow-rules command while it is running

First release - Support withflow-rules command

First release - SLF Platform 2.5.5.3.6, Analysis Engine 4.5.9.4 version - File upload, Get analysis status, Get analysis report commands.

First release - Log parser, Log schema, Logger model, Dashboard

First release - Log parser, Log schema, Logger model, Dashboard

First release - JSON Normal log parser - Logger model - Process, File, HTTP event dashboards

Support four additional formats of V2.8.3 firmware * Added audit, dns_security, ips_ddos_detect, ips_ddos_incident log types * Added four log schema * Added Attack Dashboard

Fixed in and out fields having opposite meanings.

Support for log v0.7 format - cubevms-assets: apply additional code value of asset status - cubevms-solidstep-reports: add multiple output fields

First release - log parser, logger model, Log schemas, dashboard

First release - CEF log parser, logger model, dashboard

Support Apache Hadoop 2.10

Minor bug patch * Fixed an issue where the ctas-add-entry-batch query command failed to initialize, resulting in a tick listener not found exception

Support M3.0, M3.1, U1.0 model's log formats

Fix error when changing connecti profile

First release - NexG VForce UTM v4.6 parser, logger model, 9 log schemas.