New Features

• No new features included in this version.

Improvements

• Internal security framework updated for enhanced and robust security.
• Increased character limit for the username field in mail server settings from 50 to 250 characters.

Bug Fixes

• Fixed issue allowing client organization administrators to access MSP organization details.
• Fixed issue where administrators could approve self-created roles without requiring another administrator's approval.
• Fixed issue causing password exports to Box cloud storage to fail due to a changed redirect URL.
• Fixed issue in the Resources tab where Owned and Managed sections incorrectly displayed passwords shared with only View or Modify permissions.
• Fixed issue preventing custom reports with Japanese characters in their names from being sent via email.

New Features

• REST APIs now support custom log fields in search responses.
• Zendesk Ticketing Tool integration enabled with OAuth 2.0 Authorization Grant Flow configuration.
• INGOS Asset Management integration now allows creating tickets using custom templates.
• New SonicWall Opened Connection and Closed Connection reports added to the Firewall Connections report group.
• Support for RFC 5424 format logs from pfSense/opnSense devices.

Improvements

• Device status during the addition of new devices for log collection now displays "Logs are yet to be collected" instead of "Success".
• SophosXG Update Deny Access Rules block added to Firewall Actions in the Workflow builder.
• Java Runtime Environment (JRE) upgraded.
• Refined parsing rules for Logon reports on Cisco devices and Traffic Allowed reports on Checkpoint devices.
• Fields like backup file location, size, and time now available for MS SQL reports in Search and Custom Alert Criteria Builder.

Bug Fixes

• Fixed issue where non-business hours logs were not displayed for some time zones in the Search tab.
• Fixed issue where a predefined dark web monitoring alert profile could not be edited.
• Fixed issue with indexing logs with timestamps near epoch 0 causing incorrect archive file status.
• Fixed parsing issue causing data enrichment sync with Endpoint Central to fail with "Internal server error".
• Fixed incorrect flagging of archived files as tampered when timestamping was enabled.
• Fixed issue with Disk Usage graph failing to render for users with high disk space.
• Upgraded third-party libraries (PCRE, Libssh2) to more secure versions to address known vulnerabilities.
• Fixed issue where decommissioned devices affected the license count.
• Fixed issue in historic log collection where logs were collected from the device addition time instead of the selected time range.
• Newly added devices are now automatically assigned to the correct log source group based on the detected OS.
• Fixed parsing issues for event IDs 301, 401, 4688, and 8003.
• Fixed "Undefined error" displayed in Windows Server statuses.
• Fixed issue with the collect-only log collection filter for IBM AS400 log sources.
• Archives can now be stored in AWS S3 without requiring a Cloud license.
• Fixed issue with archive indices not being deleted after the retention period.
• Fixed issue in SACL policy verification.
• Fixed issue where the System Diagnostics page showed the old server name after migration.
• Fixed issue where archive files showed "access denied" despite restored connection.
• Fixed issue where storage summary displayed "access denied" when ping was restricted.
• Changed time interval for automatic syslog device status updates to 1 day.
• Automatic syslog status interval now aligns with the Log collection failure alert (LFA) interval if configured.
• Fixed issue during credential synchronization with INGOS Active Directory Audit.
• Fixed error when deleting a device or technician with MS SQL as the backend database.
• Fixed issue with bulk device synchronization with INGOS Asset Management by increasing the API threshold to 1500 per minute.
• Fixed issue where Add/Remove Columns changes were not reflected in CSV exports of Alerts.
• Fixed erroneous "Mail server not configured" message despite successful SMTP API configuration.
• Fixed issue with corrupt ZIP files during scheduled export of compliance reports.
• Improved ambiguous error message during INGOS Asset Management integration due to mandatory ticket fields.
• Fixed issue with importing log files without an extension.
• Fixed issue with syncing site configuration changes from IIS servers.
• Fixed minor issues in the Dashboard module during data refresh and loading.
• Fixed issues in Custom Reports regarding report criteria, custom field display names, and column modifications.

Enhancements

• Automatic Status Updates for Syslog Devices
  • If no logs are received for a certain period (approximately one hour), the status changes to "Logs not forwarded".
  • If the device becomes unreachable, the status changes to "Device not reachable".
• Additional Router Reports
  • Added Denied Connection and Allowed Connection event reports for Cisco ISR routers under the Router Traffic Report by Protocol.
• Refined Parsing Rules
  • Improved parsing for Website Traffic reports on Barracuda devices.
  • Enhanced parsing for VPN User Connected reports on Palo Alto devices.

Bug Fixes

• Installation and Credentials
  • Fixed an issue causing account lockouts when installing agents with missing or incorrect credentials.
• Log Imports
  • Resolved a problem where log imports from shared or remote locations failed if the application server itself was configured as a log source.
  • Addressed an issue with indexing historical logs and collecting logs from AS400 devices.
  • Fixed an SNMP credential parsing issue that caused the log collector to crash.
  • Resolved a credential synchronization problem in log collectors during domain updates.
  • Enhanced log collection filters by adding over 24 sets of criteria for improved customization.
• Device and Agent
  • Fixed an issue that caused decommissioned devices to appear in the active devices category.
  • Resolved a problem with agent registration triggered by duplicate machine UUIDs.
  • Disabled IP refresh for Syslog devices to improve stability.
• Backup and Upgrades
  • Fixed a PostgreSQL backup issue during the upgrade process, ensuring successful backups.
• Vulnerability Patch
  • Patched a SnakeYAML vulnerability (CVE-2022-1471) that could potentially lead to remote code execution.
• Device Names and Display
  • Corrected a mismatch between device names and their display names in Build 12300.
• Elasticsearch Indexing
  • Reduced the queue size for failed bulk indexing requests to optimize heap usage.
• AWS S3 Log Collection
  • Fixed issues affecting machines set to Japanese locales or language settings when collecting AWS S3 access logs.
• SQL Application
  • Fixed a log collection error in SQL Server Backup and Restore reports.
  • Added sorting capability for the "Number of Records" field in the Most Used table report for SQL applications.
• Archives
  • Resolved a log archival error caused by extremely high log flow.

Added:

• Support for collecting logs from INGOS Asset Management via Syslog for real-time auditing.
• Predefined compliance reports for:
  • PCI-DSS, updated to version 4.0.
  • ISO 27001-2022.
• New predefined reports:
  • Configuration changes in Palo Alto devices.
  • VPN logouts in Sophos devices.
• Action log field for Fortinet IDS/IPS device reports to provide deeper insights for threat analysis.

Enhancements:

• Updated internal parameters to reduce false positive events in Apache SQL Injection reports.
• Minor improvements to the PostgreSQL migration process for a smoother service pack upgrade.

Fixed:

• Resolved an issue with detecting tampered archive files to prevent false positives.
• Fixed memory allocation issues during the processing of large MySQL log files.
• Addressed an issue where the product restarted after successful or reverted auto-upgrade installations.
• Fixed auto-upgrade failures caused by improper schedules and delays in agent and DB shutdowns.
• Corrected downtime issues for the Managed Server during auto-upgrades when the Admin Server could not locate it.
• Resolved internal configuration issues with the service pack upgrade for Build 12500