×
![]()
Log Analytics 6.x Release Notes
Overview Copied
Log Analytics release notes contain the list of all new or enhanced features and a list of all issues fixed in the current release.
To view the current release notes, see 7.x Release Notes.
For more information, see Log Analytics documentation 6.x.x.
Important
ITRS has identified the following products and components impacted by Log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046.
To know more about the impact of this issue on ITRS Log Analytics 6.x and 7.x, see Vulnerability in Apache Log4j (CVE-2021-44228, CVE-2021-45046). A workaround is provided but future releases of Log Analytics will include the necessary changes and fixes.
Log Analytics 6.1.8 Copied
Released: 3 February 2020
New features Copied
These are the new features of this release:
- Network graph/corellation — new Graph vizualization type (Kibana).
- Logtrail feature for covering all system components logs (Kibana).
- Cerebro Management tool support (Kibana).
- Automation for Bad IP reputation lists.
- Detailed restore process of functional indexes (
elasticsearch-auth). - AD/LDAP/SSO API — new endpoint
/role-mapping/_reload(elasticsearch-auth). - License API — new endpoint
/license/_reload(elasticsearch-auth).
Improvements Copied
These are the improvements of this release:
- Enhancements in the Netflow support.
- Explained additional logging class for Elasticsearch in log4j.
- Default Role integrated dynamically when working with AD accounts (
elasticsearch-auth). - Better radius integration with NAS-Identifier and NAS-IP-Address (
elasticsearch-auth). - Skimmer components updated to 1.0.8.
- Backup script updated:
utils/small_backup.sh. - Java environment updated to branch v11.
Issues fixed Copied
These are the issues we have fixed in this release:
- Fixed CSV export not working due to wrong binary definition.
- Fixed an error when trying to delete alert rule with an apostrophe in the name.
- Fixed the Reading of configuration variables in the Config tab (Kibana).
Log Analytics 6.1.7 Copied
Released: 2 December 2019
New features Copied
These are the new features of this release:
- Elasticsearch nodes encryption using transport layer.
- DevTools Support.
- Wazuh support.
- Non Root deployment support.
- Auditing provides more detailed information on user activities.
- Comprehensive Windows AD Reporting.
- SIEM security rules (Windows).
- Netflow support and reporting.
- Syslog support and reporting.
- Windows Remote Management (winrm) support.
Improvements Copied
These are the improvements of this release:
-
Improved query support in CSV export.
-
Cookie session TTL options can be set in
kibana.yml. Default TTL: 10 min, Keep Alive: true:login.cookiettllogin.cookieKeepAlive
-
GeoLite2 database used by the geoip plugin in logstash was updated.
-
Hostname visible in theKibana Config tab.
-
Index.translog.durabilityset to async as default in default-base-template. -
New alert rules:
- ConsecutiveGrowth — rule matches when there are values of
compare_keyin each checked timeframe. - Difference — rule matches for value difference between two aggregations calculated for different periods of time.
- FindMatch — rule matches when in defined period of time, two correlated documents match certain strings.
- Recovery — this rule works generically and can cancel any previously triggered alarm.
- UniqueLongTerm — rule matches when there are values of
compare_keyin each checked timeframe.
- ConsecutiveGrowth — rule matches when there are values of
Issues fixed Copied
These are the issues we have fixed in this release:
- Fixed the Issue #113 — Intelligence mutliply fix.
- Fixed the issue with the Broken Access Control in the config tab.
- Fixed the issue with the Token expiring after user logout.
- Fixed the issue with the Lack of security enhancements HTTP headers.
- Fixed the issue with the ANTI-CSRF mechanism.
- Fixed the issue with Unnecessary API call for users list when accessing the Report plugin.
- Fixed the issue with Duplicated requests made by Kibana Alerts plugin.
- Fixed the issue with the Disable export of empty CSV files.
Log Analytics 6.1.6 Copied
Released: 30 August 2019
Breaking changes Copied
These are the new breaking changes in this release:
- Support of simple upgrade procedure, alert indices have to be re-indexed.
New features Copied
These are the new features of this release:
- Alerting module upgraded.
- System indices created automatically during install.
- Validate playbooks button when updating the alert rule.
- Order of plugins is no longer random.
- Reports plugin now takes roles into consideration when creating and browsing generated reports.
- Object permission lists are now sorted.
- DevTools enabled/disabled directive added to default
kibana.yml. - Timelion enabled/disabled directive added to default
kibana.yml.
Improvements Copied
These are the improvements of this release:
- Improved settings for system indices (priority, shard count, automatic replicas).
- Improved CSV export field list (sorting and bigger size).
- Improved verification for Create User.
- Error message will be displayed when trying to create new alert that already exists.
Issues fixed Copied
These are the issues we have fixed in this release:
- Fixed the issue CVE-2019-7608
- Fixed the issue CVE-2019-7609
- Fixed the issue CVE-2018-3830
- Fixed an issue with filtering logo extension during upload and report generation.
- Fixed an issue with report scheduling for AD users.
- Fixed an issue with downloading JPEG exports now returns correct response header.
- Fixed an issue that prevented risk category to be set to zero.
- Fixed an issue around IE11 compability when creating new alerts.
- Fixed an issue that prevented Admin users from seeing all alerts.
Log Analytics 6.1.5 Copied
Released: 12 June 2019
Breaking changes Copied
These are the new breaking changes in this release:
-
Audit index is from now on created with type
docand date field@timestamp. Old index is not compatible and should be deleted before update. To do it, follow the steps:- Turn of audit logging. In Kibana > Settings and untick everything in the Update Audit Setting section.
- Delete the audit index.
- Update elasticsearch-auth.
- Turn on audit logging.
New features Copied
These are the new features of this release:
- ITRS branding.
- Risk Management for Alerts — user can create custom categories for field attributes like Hostname, Hostip, Username. Once the alert is triggered, the result gets score amplification calculated from the object categories.
- Alert rule importance — introduction of new value for each alerts that is correlated with object category and helps identify.
- When creating alerts now we have the ability Test the rule before scheduling this.
- Playbook introduction — ability to create simple editable instructions (and scripts) that system operator should follow when an Alert is triggered.
- Verify IP on blacklists — if an Alert is triggered for IP, Verify button lets customer check its reputation.
- When creating alerts, operators get ability to validate the alert and find most suitable Playbook for it. The Playbook list is automatically sorted.
- User will get an email notification when Incident is attached to them. New email field was added in the user tab.
- IPs are correlated towards Bad IP reputation list.
- Introduction of Incidents. Alerts are now turned into Incidents, with assigned operator and its status.
- Regular user can configure their own Alerts.
- Netflow, jflow, sflow support.
- Provided interface for running custom, external AI jobs created in own programming language.
Improvements Copied
These are the improvements of this release:
- Audit index is created with type
docand date field@timestamp. - Better Radius authentication support.
- System auditing corrections.
Issues fixed Copied
These are the issues we have fixed in this release:
- Fixed an issue in the intelligence module API.
- Fixed an issue with sorting alerts.
Log Analytics 6.1.3 Copied
Released: 7 May 2019
New features Copied
These are the new features of this release:
- All Elasticsearch API endpoints are now secured.
- New configuration option:
elastfilter.proxytimeout. - Upgraded logstash to 6.6.2
- Default logstash role for the
_bulkaction in Elasticsearch. - New Alert type: Unique Long Term.
- Mobile App for Energy Logserver that works with : Log Analytics, Energy Logsrver, pure ELK. x-pack is extra paid. Available for Android and iOS.
Download from Google Play
Download from the App Store
Improvements Copied
These are the improvements of this release:
- Cleaned unnecessary objects in Kibana indices.
- Secured LDAP/SSO passwords in configuration files (elasticsearch).
- Optimised query for generating CSV reports.
Issues fixed Copied
These are the issues we have fixed in this release:
- Fixed the problem with creating scheduled reports.
- Fixed the problem with SSO login not working due to more secure java.policy.
- Fixed performance issues while using non admin account.
- Fixed Java exception while using elasticsearch-plugin (ES_JAVA_OPTS moved to jvm.options).
- Fixed default encoding for es2csv changed to UTF-8 (CSV export with national characters).
Log Analytics 6.1.2 Copied
Released: 7 March 2019
New features Copied
These are the new features of this release:
- Intelligence Module API (ML, NN).
- Kibana API update.
- Caching for index list and roles for user to handle the high CPU usage on master node.
- Export task as HTML.
- Dashboard report as JPEG.
- Additional logging in debug mode in elasticsearch-auth plugin.
- GC1 is now the default Garbage Collector.
- NioFS is now the default Store Type.
- Enabled compression for http and transport.
- Product Version tab in the Config module.
- New Agents feature for central beats/agents management.
Issues fixed Copied
These are the issues we have fixed in this release:
- Fixed: User session timeouts.
- Fixed: The problem with report generation using 5601->443 port redirection.
- Fixed: The problem with removing a large number of objects from Kibana.
- Fixed: timepicker on export reports to CSV.
- Fixed: special characters in passwords.
- Fixed: java.policy - binding elasticsearch to 0.0.0.0.
- Fixed: service_principal_name - is no longer required directive when logged in via AD/LDAP.
Log Analytics 6.1.0 Copied
Released: 22 September 2018
New features Copied
These are the new features of this release:
- Upgrade the core to 6.2.4 (Elasticsearch, Kibana, Logstash).
- Support for all beats agents in filters and dashboards.
- Default Audit and Alert dashboard.
- Major performance improvements in the Intelligence module.
- Intelligence not sensitive to data types.
- Better Intelligence preview capabilities.
- Intelligence Count & Trend improvements.
- Technology specific dashboards: Windows, Linux, Network.
- Technology specific alerts: Windows, Linux, Network.
- OP5 Monitor perf data support with filtering and dashboards.
- UTF-8 support in custom PDF reports.
Issues fixed Copied
These are the issues we have fixed in this release:
- Logo/title/comment in reports module now is optional.
- Fixed java.policy.
- Fixed Alert Status in Alert module.
- Fixed Percentagematch and Metricaggregation rules fix in the Alerts module.
- Fixed the issue with disabling an alert after deleting an alert rule.
Log Analytics 6.0.1 Copied
Released: 17 September 2018
New features Copied
These are the new features of this release:
- Functional indexes with dots .kibana, .security, .auth.
- Default roles: alert, intelligence, kibana.
- Upgraded the Login module.
- Upgraded the License module.
- Upgraded CSV Export [Task Management].
- Upgraded PDF Export [Reports].
- Upgraded PDF Scheduler.
- Upgraded AD integrations.
Other releases Copied
| Release Notes | Release Date | |
|---|---|---|
| 7.x Release Notes | Released: September 2020 | Last updated: June 2020 |
| 6.x Release Notes | Released: September 2018 | Last updated: February 2020 |
| 2.x Release Notes | Released: June 2018 | Last updated: August 2018 |
Disclaimer
The information contained in this document is for general information and guidance on our products, services, and other matters. It is only for information purposes and is not intended as advice which should be relied upon. We try to ensure that the content of this document is accurate and up-to-date, but this cannot be guaranteed. Changes may be made to our products, services, and other matters which are not noted or recorded herein. All liability for loss and damage arising from reliance on this document is excluded (except where death or personal injury arises from our negligence or loss or damage arises from any fraud on our part).
["Log Analytics"]
["Release Notes"]