Falcon LogScale 1.107.0 GA (2023-09-12)
| Version? | Type? | Release Date? | Availability? | End of Support | Security Updates | Upgrades From? | Downgrades To? | Config. Changes? |
|---|---|---|---|---|---|---|---|---|
| 1.107.0 | GA | 2023-09-12 | Cloud | 2024-11-30 | No | 1.70.0 | 1.26.0 | No |
Bug fixes and updates.
Advance Warning
The following items are due to change in a future release.
Installation and Deployment
We intend to drop support for Java 17, making Java 21 the minimum. We plan to make this change in March 2024.
Automation and Triggers
In LogScale version 1.112 we will change how standard alerts handle query warnings. Currently, LogScale will only trigger alerts if there are no query warnings. Starting with upcoming 1.112, alerts will trigger despite most query warnings, and the alert status will show a warning instead of an error.
Up until now, all query warnings have been treated as errors. This means that the alert does not trigger even though it produces results, and the alert is shown with an error in LogScale. Most query warnings mean that not all data was queried. The current behaviour prevents the alert from triggering in cases where it would not have, if all data had been available. For instance, an alert that would trigger if a count of events dropped below a threshold. On the other hand, it makes some alerts not trigger, even though they would still have if all data was available. That means that currently you will almost never get an alert that you should not have gotten, but you will sometime not get an alert that you should have gotten. We plan to revert this.
When this change happens, we no longer recommend to set the configuration option
ALERT_DESPITE_WARNINGStotrue, since it treats all query warnings as non-errors, and there are a few query warnings that should make the alert fail.
Removed
Items that have been removed as of this release.
Installation and Deployment
Running on Java 11, 12, 13, 14, 15 and 16 is no longer supported. The minimum supported Java version is 17 starting from this LogScale release.
New features and improvements
User Interface
Most tables inside the LogScale UI now supports resizing columns, except the
Tablewidget used during search.It is now possible to highlight results based on the filters applied in queries. This helps significantly when trying to understand why a query matches the results or when looking for a specific part of the events text.
For more information, see Filter Match Highlighting.
Configuration
GCS bucketing and query streaming now use the same proxy configuration as overall system proxy and S3 proxy. Example:
HTTP_PROXY_HOST,HTTP_PROXY_PORT,HTTP_PROXY_USERNAME,HTTP_PROXY_PASSWORD
Fixed in this release
Functions
match()function using a json file and containing an object with a missing field, could lead to an internal error.
Recent Package Updates
The following LogScale packages have been updated within the last month.
Package Changes
broadcom/proxysg has been updated to v0.1.0.
Initial version
For more information, see Package broadcom/proxysg Release Notes.
broadcom/proxysg has been updated to v0.2.0.
Added web as an event category in the event.category[] array.
For more information, see Package broadcom/proxysg Release Notes.
zscaler/internet-access has been updated to v0.2.0.
Changes the firewall, dns, tunnel, and web parsers to normalise event data to common schema.
Adds new dashboards and queries for working with web-logs.
Removes CASB parser, and old queries and dashboards from the package. To keep those, stay on the old version of the package.
Bumps minimum supported version of LogScale for the package to 1.102.
For more information, see Package zscaler/internet-access Release Notes.
okta/sso has been updated to v0.1.1.
Bumps the minimum supported version of LogScale from 1.15 to 1.82
Handles more elements in the target object
Fixes broken URL in the readme
For more information, see Package okta/sso Release Notes.
google/chrome-enterprise-security-events has been updated to v0.1.5.
Introduces 2 new dashboards: Extension Monitoring and ChromeOS Overview.
Includes additional widgets for new Google Chrome Enterprise Events, such as Chrome Remote Desktop (CRD) and Password Reuse Events.
Reorganized widgets within the Security Overview for better visibility of notable events.
Added parameters to dashboards to aid pivoting on key values.
Bumps the minimum supported version of LogScale to 1.82
For more information, see Package google/chrome-enterprise-security-events Release Notes.