Enhancements

• Automatic Status Updates for Syslog Devices
  • If no logs are received for a certain period (approximately one hour), the status changes to "Logs not forwarded".
  • If the device becomes unreachable, the status changes to "Device not reachable".
• Additional Router Reports
  • Added Denied Connection and Allowed Connection event reports for Cisco ISR routers under the Router Traffic Report by Protocol.
• Refined Parsing Rules
  • Improved parsing for Website Traffic reports on Barracuda devices.
  • Enhanced parsing for VPN User Connected reports on Palo Alto devices.

Bug Fixes

• Installation and Credentials
  • Fixed an issue causing account lockouts when installing agents with missing or incorrect credentials.
• Log Imports
  • Resolved a problem where log imports from shared or remote locations failed if the application server itself was configured as a log source.
  • Addressed an issue with indexing historical logs and collecting logs from AS400 devices.
  • Fixed an SNMP credential parsing issue that caused the log collector to crash.
  • Resolved a credential synchronization problem in log collectors during domain updates.
  • Enhanced log collection filters by adding over 24 sets of criteria for improved customization.
• Device and Agent
  • Fixed an issue that caused decommissioned devices to appear in the active devices category.
  • Resolved a problem with agent registration triggered by duplicate machine UUIDs.
  • Disabled IP refresh for Syslog devices to improve stability.
• Backup and Upgrades
  • Fixed a PostgreSQL backup issue during the upgrade process, ensuring successful backups.
• Vulnerability Patch
  • Patched a SnakeYAML vulnerability (CVE-2022-1471) that could potentially lead to remote code execution.
• Device Names and Display
  • Corrected a mismatch between device names and their display names in Build 12300.
• Elasticsearch Indexing
  • Reduced the queue size for failed bulk indexing requests to optimize heap usage.
• AWS S3 Log Collection
  • Fixed issues affecting machines set to Japanese locales or language settings when collecting AWS S3 access logs.
• SQL Application
  • Fixed a log collection error in SQL Server Backup and Restore reports.
  • Added sorting capability for the "Number of Records" field in the Most Used table report for SQL applications.
• Archives
  • Resolved a log archival error caused by extremely high log flow.

Added:

• Support for collecting logs from INGOS Asset Management via Syslog for real-time auditing.
• Predefined compliance reports for:
  • PCI-DSS, updated to version 4.0.
  • ISO 27001-2022.
• New predefined reports:
  • Configuration changes in Palo Alto devices.
  • VPN logouts in Sophos devices.
• Action log field for Fortinet IDS/IPS device reports to provide deeper insights for threat analysis.

Enhancements:

• Updated internal parameters to reduce false positive events in Apache SQL Injection reports.
• Minor improvements to the PostgreSQL migration process for a smoother service pack upgrade.

Fixed:

• Resolved an issue with detecting tampered archive files to prevent false positives.
• Fixed memory allocation issues during the processing of large MySQL log files.
• Addressed an issue where the product restarted after successful or reverted auto-upgrade installations.
• Fixed auto-upgrade failures caused by improper schedules and delays in agent and DB shutdowns.
• Corrected downtime issues for the Managed Server during auto-upgrades when the Admin Server could not locate it.
• Resolved internal configuration issues with the service pack upgrade for Build 12500