What's New?
Version 3.2
📅 Smart Monitor version 3.2.0 released on January 17, 2024.
Core
⚡️ Changes- OpenSearch updated to version 2.11.1. Added ability to use zstd codec for data compression
- Added ability to restrict object creation permissions (rules, dashboards, lookups, and tags)
- Added ability to assign view and edit permissions to all objects at once (rules, dashboards, lookups, and tags)
- Smart Monitor object tags are now clickable and enable instant filtering
- When editing Smart Monitor objects, the interface will warn about cancellation without saving changes
Core: Search Interface
⚡️ Changes- Added ability to select displayed fields in the search results interface
Core: Engine
⚡️ Changes- Added ability to cancel a search query
- Added ability to retrieve a list of active queries
statscommand reworked and optimized- Added append parameter to the
sourcecommand; when append=false, merging will occur at the storage level - Added modulo operator to the
pevalcommand - Added ability to specify parameters (
qsize,earliest,latest,timefield) for each storage in thesourcecommand fieldscommand now supports timeline calculation
- System fields in objects moved to
_meta _idusage in configurations replaced with_meta.id- Any internal cluster requests are now available in the
restcommand - Added notifications when subsearch event limit is exceeded
- Fixed error in the
aggscommand when used afterpeval, occurring with multivalue fields - Fixed parsing error with fractional numbers
- Fixed fieldbar display error for queries via
Cross Cluster Search
Core: Job Scheduler
⚡️ Changes- Added new Job Action type that allows a task to launch another task
- Added transfer of launch type and task identifier information when executing SME queries for linking scheduled jobs and queries
- Tasks in SP mode now support role-based model
- Added ability to specify a name for the sent result file in Email Action
- Added ability to use tokenization from results in the To field in Email Action
- Added ability to send result files in .xlsx format in Email Action
- Added ability to use query launch time offset in seconds in task schedule
- Added ability to use assigned task tags and meta fields as parameters or fields
- Added ability to search by SME query text in the task list
- Added error details when attempting to save a task with an incorrect structure
- System fields in objects moved to
_meta _idusage in configurations replaced with_meta.id
- Fixed issue with multiple Metric Action launches if the task returned more than 1 result
Core: Lookup Manager
⚡️ Changes- Added pagination for lookups with large number of records
- Added ability to import data into a lookup
Core: RSM
Improvements- System fields in objects moved to
_meta _idusage in configurations replaced with_meta.id
Core: Smart Beat
⚡️ Changes- Added ability to rotate logs by size
- Archives with executable files from SBM are deleted after unpacking on the agent
- Application hash calculation is now performed without creating tar archives on the agent
Knowledge Center
Improvements- Added ability to use pages as templates
- Added ability to clone pages
- Fixed error with using unregistered enums in queries
- Fixed object statistics calculation when corresponding index is missing
- Fixed permission check error when deleting a page in Wikilogs
Inventory
⚡️ Changes- Added ability to import/export asset configurations
- Added ability to separately specify a list of configurations for launching the calculation module
- Added ability to set composite asset naming from basic and additional fields
- Added check for simultaneous calculation algorithm launch
- Added calculation progress information to the operation log
Incident Manager
⚡️ Changes- Added ability to configure and launch active actions for incidents
- Added max_incidents_list_size parameter to limit the number of returned incidents
- Changed display of incident card settings
- System fields in objects moved to
_meta _idusage in configurations replaced with_meta.id- Extended logging
Cyber Security
⚡️ Changes- Added interface for selecting required content from the module and installing it
- Basic dashboards set reworked for the data model based on the ECS standard
- Basic rules set reworked for the data model based on the ECS standard
Version 3.2.1
📅 Smart Monitor version 3.2.1 released on January 30, 2024.
Core
Changes- Added index name validation when creating a lookup (only lowercase letters, -_ symbols, and digits)
- Fixed error
Config with id and with permissions [all_access] not foundwhen components use internal read requests - Fixed error
t.find is not a functionoccurring when attempting to edit a filter on a dashboard - Fixed error where viewing content and access permissions was unavailable for read-only objects
- Fixed error with incorrect column width calculation in tables (some columns were too wide)
- Fixed text wrapping error in Lookup Manager cells
- Fixed DB Connection Error in DB settings when attempting to load a JDBC driver
- Fixed error preventing use of the "All events with this field" button in the search interface
Core: Engine
Fixes- Fixed error in the
pevalcommand when accessing a variable initialized in anotherpeval - Fixed stats error with empty results occurring when using
statsafter theaggscommand with thecomposite=trueoption - Fixed search error occurring when using subqueries with disabled search limits
- Fixed privilege resolution error when calling the
dbcommand
Core: Knowledge Center
Improvements ⚡️Excluded the cheerio library, which used older versions of lodash with registered vulnerability CVE-2020-8203
Core: Job Scheduler
Fixes- Fixed error where active actions did not appear in the task list filter
Core: RSM
Fixes- Fixed error occurring when displaying a search query in the metric editing form
- Fixed range display issue when editing a metric
Inventory
Fixes- Fixed error occurring when expanding tokens in the asset_name field if the token is replaced with a non-string value
Version 3.2.2
📅 Smart Monitor version 3.2.2 released on February 26, 2024.
Core
Changes- When exporting multiple objects, they will now be automatically packaged into a zip archive
- Added empty field check when deleting from configuration
- Added response validation after updating configurations
- Fixed missing error display when importing data via the data upload menu
- When using the
Checkboxfilter on dashboards, there was no ability to set a default value - Fixed display error in
HTMLvisualization - Fixed error with incorrect dashboard panel deletion via the visual editor
- Fixed error that prevented using tokens like
$row.user.name$inTablevisualization - Fixed
Service Unavailableerror when editing tags
Core: Engine
Improvements- Added server identifier to journal events when canceling a search query, indicating on which server the query was launched
- Fixed display error of
timechartresults whenqsizeexceeded 10,000 events - Fixed Search Anywhere configuration loading
- Fixed error leading to incorrect license check (
Disk Quota Exceedederror) - Fixed error with retrieving REST request environment variables
Knowledge Center
Fixes- Fixed error in the API request for files attached to articles (attached files might not display)
Incident Manager
Improvements- nodemailer library updated to version 6.9.9, which fixes vulnerability GHSA-9h6g-pr28-7cqp
- Fixed status change API in the incident card, which previously ignored meta-information
- Fixed formation of the View additional information link, which could ignore special characters
- Fixed error handling fields of type Multi-select
- Fixed error when editing Incident Manager settings that could lead to deletion of all custom fields
- Fixed error when filtering incidents during search with special characters
- Fixed incorrect license check when using proxy authentication
MITRE ATTACK
Fixes- Fixed filtering error by tactics and techniques in MITRE ATTACK matrices
Version 3.2.3
📅 Smart Monitor version 3.2.3 released on March 26, 2024.
Improvements- es5-ext library replaced with a local fork of version 0.10.64
- json-path library updated to version 2.9.0
- Fixed opening of user tasks without the isSystem flag
- Fixed display of additional fields in Incident Action
- Fixed error retrieving system object configuration
Core: Engine
Improvements Fixes- Fixed error in transaction command, which only output the first result
- Added default timefield to the transaction command
Core: Job Scheduler
Improvements- postgresql library updated to version 42.6.1
- poi-ooxml library updated to version 5.2.5
- commons-compress library updated to version 1.26.1
- Fixed Job Scheduler module parameter initialization error when configurations with incorrect structure exist
- Fixed issue with fixed HTTP client timeout for Script Action
- Fixed incident generation error when Inventory module is missing
- Fixed inability to use scheduled job identifier in tokenization
- In Webhook Action, the Authorization header had higher priority and was not overwritten by authorization settings
- In Webhook Action, fixed tokenization of all request data
Core: Smart Beat Management
Fixes- Fixed configuration checksum calculation logic
Core: Smart Beat
Fixes- Fixed configuration checksum calculation logic
Knowledge Center
Fixes- Fixed logic for opening child nodes when clicked in the article hierarchy
- Fixed error in incorrect saving of autosave settings in Local Storage
Incident Manager
Improvements- All additional fields from the incident card are now passed to Adhoc Actions scripts
- Fixed display of statuses with identical identifiers from different workflows
- Fixed field identifier update logic in the incident card
- Fixed incident card display in dark theme
- Fixed error when requesting MITRE ATTACK techniques without the
.smos_mitrealias
MITRE ATTACK
Fixes- Fixed error with missing task link in coverage matrix
Version 3.2.4
📅 Smart Monitor version 3.2.4 released on May 6, 2024.
Core
Improvements- Added additional notifications when working (modifying, adding, deleting) with objects in Lookup Manager, Knowledge Center, Job Scheduler
- lettuce-core library updated to version 6.3.2.RELEASE
- netty-transport library updated to version 4.1.109.Final
- spring-boot-starter-parent library updated to version 3.2.5
- xlsx library updated to version 0.20.2
- Fixed incorrect pagination behavior on search pages
- Fixed incorrect access to user objects when a system object with the same identifier exists
- Fixed error when retrieving the list of drivers if no driver has been saved yet
- Fixed error with incorrect value coloring ranges in the Metric visualization
- Fixed legend centering error in Line Chart and Column Chart visualizations
- Fixed error when configuring Column Chart splitting by series
- Fixed incorrect display of search history on small screens
- Fixed update of search execution time information
- Fieldbar now displays when searching an index without a time field
- Fixed error when exporting search results to Excel if an array was present
- Fixed incorrect icon in the Refresh button when starting a search
- Added missing tooltips, updated links to documentation in search
Core: Knowledge Center
Fixes- Fixed undefined error when there are no elements in the permission group field when editing rights
- Fixed incorrect article movement
- Fixed error when loading dashboards in an article
Core: Engine
Fixes- Fixed incorrect operation of the transaction command with certain time intervals
- Fixed parser error when using the search command with parentheses
- Fixed error that made it impossible to cancel a query during transaction command execution
- Fixed error when sorting a field in descending order
- Fixed error where a field could not be named os or testt
- Fixed incorrect operation of the strptime function in peval
- Fixed random function in eval which returned a multivalue field
- Fixed incorrect operator precedence of boolean OR and AND operations in the peval command
- Fixed error where a background query remained in the active queries list after search completion
Core: Job Scheduler
Fixes- Fixed error where a query executed with an error was not displayed in logs
- Webhook Action no longer sends duplicate requests within a single trigger when is_once mode is disabled
- Fixed non-working tokenization issue in cases where a field contains %
- Fixed field display in Incident Action, they no longer appear over the menu
- Fixed display of severity options depending on settings in Incident Action
- Fixed duplication of query parameters when specified in the query string in Webhook Action
Incident Manager
Improvements- Added additional notifications when working with configurations
- Added confirmation window when deleting a field from an incident card
- Fixed incorrect translation in the incident card when creating an incident manually
- Fixed error when editing the default value in the Date field type
- Fixed incident count calculation when displaying multiple pages
- Fixed incorrect operation of the Enable multi-edit setting in the incident card
- Fixed incorrect action execution in Workflow (user information was not displayed)
- Fixed incorrect Workflow selection in Incident Action
Inventory
Fixes- Fixed excessive value enumeration when searching the asset database (-fast-only launch flag)
- Fixed incorrect page behavior when deleting prioritization settings from sources
- Fixed display of prioritization fields during creation, field name is no longer empty
- Fixed display of configuration values in the configuration list after saving, updates now apply immediately
Smart Beat
Improvementsgithub.com/stretchr/testifylibrary updated to version 1.6.1
- Fixed incorrect integrity control calculation for unpacked configuration
Version 3.2.5
📅 Smart Monitor version 3.2.5 released on June 3, 2024.
Core
Fixes- Fixed incorrect display of child nodes in RSM after editing
- Fixed incorrect substitution of time tokens when configuring Drilldown
- Fixed data loading into index from CSV files containing Cyrillic characters
- Fixed error that occurred when moving a filter to the dashboard panel
- Fixed incorrect handling of fields with dot and space in Lookup Manager
- Fixed issue with incorrect field display when using the
timechartcommand - Fixed error in the
inputlookupcommand that caused incorrect return of fields with spaces - Fixed incorrect encoding in Job Scheduler results
Incident Manager
Fixes- Fixed error when opening the modal window during incident creation
- Fixed number formatting in incident statistics
- Added default level colors for the Severity field
MITRE ATTACK
Fixes- Fixed error that occurred during initialization from file