Falcon LogScale 1.235.0 Not Released (2026-04-07)
| Version? | Type? | Release Date? | Availability? | End of Support | Security Updates | Upgrades From? | Downgrades To? | Config. Changes? |
|---|---|---|---|---|---|---|---|---|
| 1.235.0 | Not Released | 2026-04-07 | Internal Only | 2027-04-30 | No | 1.177.0 | 1.177.0 | No |
Not released.
Advance Warning
The following items are due to change in a future release.
Security
Starting from LogScale version 1.237, support for insecure
ldapconnections will be removed. Self-Hosted customers using LDAP will only be able to useldapssecure connections.
Deprecation
Items that have been deprecated and may be removed in a future release.
The following manuals have been moved to the archives:
The userId parameter for the updateDashboardToken GraphQL mutation has been deprecated and will be removed in version 1.273.
rdns()has been deprecated and will be removed in version 1.249. UsereverseDns()as an alternative function.
Known Issues
Storage
For clusters using secondary storage where the primary storage on some nodes in the cluster may be getting filled (that is, the storage usage on the primary disk is halfway between
PRIMARY_STORAGE_PERCENTAGEandPRIMARY_STORAGE_MAX_FILL_PERCENTAGE), those nodes may fail to transfer segments from other nodes. The failure will be indicated by the error java.nio.file.AtomicMoveNotSupportedException with message "Invalid cross-device link".This does not corrupt data or cause data loss, but will prevent the cluster from being fully healthy, and could also prevent data from reaching adequate replication.
Recent Package Updates
The following LogScale packages have been updated within the last month.
Package Changes
cisco/ios has been updated to v1.9.2.
Enhanced regex patterns to handle optional whitespace after colon separators in event codes
Added support for FPMD and FTMD event types for SD-WAN flow monitoring and traffic analysis
Added IANA protocol number to network transport protocol mapping for common protocols
Improved MAC address parsing to support both lowercase and uppercase hexadecimal characters
Updated ECS version to 9.3.0
Updated parser version to 2.9.1
For more information, see Package cisco/ios Release Notes.
cloudflare/zerotrust has been updated to v2.2.0.
Enhanced email security alert filtering to only generate alerts for malicious, suspicious, or spoof dispositions
Added threat technique name mapping from ThreatCategories for email security alerts
Improved event categorization for email security with separate handling for threat techniques vs general emails
Updated WAF alert generation to trigger only when severity indicates likely attack or attack (severity <= 50)
Updated parser version to 4.2.0
For more information, see Package cloudflare/zerotrust Release Notes.
checkpoint/ngfw has been updated to v2.7.0.
Fixed event.kind assignment for malware detection events to properly set "alert" value
Enhanced conditional logic for malware event categorization in Block and Detect actions
Updated parser version to 3.7.0
For more information, see Package checkpoint/ngfw Release Notes.
fortinet/fortigate has been updated to v2.3.3.
Enhanced VPN tunnel event handling with improved source address mapping for tunnel-up actions
Added source.nat.ip field mapping from Vendor.tunnelip for VPN tunnel events
Improved network direction detection with additional conditions for Vendor.init field
Fixed corrupted type field parsing by restoring "utm" value when type field contains text/css, text/html, or other text/* values
Updated parser version to 5.1.3
For more information, see Package fortinet/fortigate Release Notes.
microsoft/sysmon has been updated to v1.1.4.
Added @dataConnectionID field to the select statement for improved data connection tracking
Updated parser version to 1.1.4
For more information, see Package microsoft/sysmon Release Notes.
darktrace/detect has been updated to v2.0.2.
Updated ECS version to 9.2.0
Updated parser version to 3.0.2
Enhanced timestamp parsing for RFC 3164 syslog format to handle single-digit day values with optional space padding
Added array-based field handling for host.mac[] field
For more information, see Package darktrace/detect Release Notes.
zscaler/internet-access has been updated to v2.1.2.
Fixed event.action field assignment order in firewall events to ensure proper conditional processing
Updated parser version to 4.0.2
For more information, see Package zscaler/internet-access Release Notes.
aws/vpcflow has been updated to v1.3.1.
Added observer.ingress.interface.id field mapping from Vendor.interface-id
Updated parser version to 1.3.1
For more information, see Package aws/vpcflow Release Notes.
dell/isilon has been updated to v1.2.3.
Updated ECS version to 9.3.0
Updated parser version to 1.1.4
Added support for RFC 5424 syslog format parsing
Added log.syslog.version field mapping
Enhanced timestamp parsing with case-based logic for different syslog formats
For more information, see Package dell/isilon Release Notes.
cisco/firepower has been updated to v1.9.2.
Updated parser version to 4.1.2
Enhanced regex patterns for event code 106023 to better handle user domain and username extraction in various formats
Added support for multiple parsing patterns including domain\user combinations and hostname-only formats
Improved connection ID handling in event codes 302013 and 302015 by removing connection ID from event.action field
Added support for event code 402117 for IPSEC non-IPSec packet events
Enhanced key-value parsing regex patterns for events 430001-430007 to handle more complex field structures
Added IANA protocol number to transport protocol mapping for better protocol identification
Fixed whitespace formatting issues in parser code
For more information, see Package cisco/firepower Release Notes.
checkpoint/ngfw has been updated to v2.7.1.
Enhanced client/server field mapping to apply to all events instead of only application control logs
Moved client/server field assignments outside conditional logic for broader coverage
Updated parser version to 3.7.1
For more information, see Package checkpoint/ngfw Release Notes.