Falcon LogScale 1.82.4 LTS (2023-11-20)
| Version? | Type? | Release Date? | Availability? | End of Support | Security Updates | Upgrades From? | Downgrades To? | Config. Changes? |
|---|---|---|---|---|---|---|---|---|
| 1.82.4 | LTS | 2023-11-20 | Cloud On-Prem | 2024-04-30 | No | 1.44.0 | 1.26.0 | No |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.82.4/server-1.82.4.tar.gz
Hide file hashes
| TAR Checksum | Value | Hash File |
|---|---|---|
| MD5 | 702decdef1d72545f0357091f3623c08 | Â |
| SHA1 | 49b14563b7ea0d01f87cb78e25e99fcab603c2c8 | Â |
| SHA256 | d38ea4ab551ab0f826eab12e772ee78a3870d3d73cfd83bcb4acbeddeb44dd70 | Â |
| SHA512 | e039bfaa94a9c9a4c96cd7350b21ff035fd73d1800514ec53aa416ca555178eb87c99da0c939e2f5366909c5fd63526b0d598318f5672da4d016ef788155a4fe | Â |
| Docker Image | SHA256 Checksum | Hash File |
|---|---|---|
| humio | f801fd236ff5729012c51c035c1607be2fda7909f79843c82af7535b20e6c6f1 | Hash file |
| humio-core | 0a024a74995adcf6ce9d225e731af34bbfdbe5dee016162a3b6ae073f26ce4c4 | Hash file |
| kafka | fd0838840877fadce404c233cb5a4000e31361e9ee49a8ab95cb36c66a70d67b | Hash file |
| zookeeper | 8022e850fe9e6d38c158d8ea8c03a5f88b0607bd1cc2a5cf96219ab3f87db00f | Hash file |
These notes include entries from the following previous releases: 1.82.0, 1.82.1, 1.82.2, 1.82.3, 1.82.0, 1.82.1, 1.82.2, 1.82.3
Bug fix and updates.
New features and improvements
User Interface
Improvements have been made on the Fields Panel, that would flicker when switching between the Results and Events tabs and the query was live. It now displays the fields of the aggregated query when on the Results tab, and the fields of the events query when on the Events tab.
Queries
Added backend support for organization level query blocking. Actors with the
BlockQueriespermission are able to block and stop queries running within their organization.
Functions
Other
Added optional global argument to
stopAllQueries,stopStreamingQueries,stopHistoricalQueries,blockedQueries,addToBlocklistById,addToBlocklistpermissions. Default isfalsei.e. within own organization only.Worker-level query scheduling has been adjusted to avoid long-term starvation of expensive queries.
Fixed in this release
Security
Verified that LogScale does not use the affected Akka dependency component in CVE-2023-31442 by default, and have taken additional precautions to notify customers.
For:
LogScale Cloud/Falcon Long Term Repository:
This CVE does not impact LogScale Cloud or LTR customers.
LogScale Self-Hosted:
Exposure to risk:
Potential risk is only present if a self hosted customer has modified the Akka parameters to a non default value of
akka.io.dns.resolver = async-dnsduring initial setup.By default LogScale does not use this configuration parameter.
CrowdStrike has never recommended custom Akka parameters. We recommend using default values for all parameters.
Steps to mitigate:
Setting
akka.io.dns.resolverto default value (inet-address) will mitigate the potential risk.
On versions older than 1.92.0:
Unset the custom Akka configuration. Refer to Akka documentation for more information on how to unset or pass a different value to the parameter here.
CrowdStrike recommends upgrading LogScale to 1.92.x or higher versions.
User Interface
Fixed some missing Field Interactions options for the data type in the Event List.
For more information, see Field Data Types.
Time Selector and date picker in the Time Interval panel have been fixed for issues related to daylight savings time.
API
Fixed an issue with API Explorer that could fail to load in some configurations when using cookie authentication.
Dashboards and Widgets
The dropdown menu for dashboard parameter suggestions is now faster and can handle several thousand entries without blocking the UI.
For more information, see Work with Dashboard Parameters.
Functions
Fixed an issue where a query with
join(),selfJoin(), orselfJoinFilter()functions would sometimes get cancelled.
Other
Fixed a permission issue for LogScale Self-Hosted having a dependency on the
ManageOrganizationssystem permission, which should not apply to that environment — theManageClustersystem permission in itself is now sufficient for Self-Hosted.Fixed an issue where searching within small subsets of the latest 24 hours in combination with hash filters could result in events that belonged in the time range to not be included in the result. The visible symptom was that narrowing the search span provided more hits.
Fixed an issue that occurred when creating users: when multiple user creation requests were sent at the same time, multiple users were in some cases created with the same name.
Fixed an issue that could cause recently merged mini-segments to be excluded from searches after a reboot.
Recent Package Updates
The following LogScale packages have been updated within the last month.
Package Changes
crowdstrike/spotlight has been updated to v0.1.1.
Fixed error with some dashboard widgets being cut off
For more information, see Package crowdstrike/spotlight Release Notes.
paloalto/firewall has been updated to v0.2.0.
Updates the parser to normalise event data to common schema. It currently supports messages of Traffic, Threat, HIP Match, GlobalProtect, IP-Tag, User-ID, Decryption, Tunnel Inspection, SCTP, Config, Authentication, System, Correlated Events and GTP types.
Removes old queries and dashboards from the package. To keep those, stay on the old version of the package.
Bumps the minimum supported version of LogScale from 1.20 to 1.82
For more information, see Package paloalto/firewall Release Notes.
fortinet/fortimail has been updated to v0.1.1.
Fixes broken link to documentation
For more information, see Package fortinet/fortimail Release Notes.
humio/activity has been updated to v1.1.0.
Minimum supported LogScale version bumped to 1.93.0.
Added a Filter Alerts Overview dashboard showing status of filter alerts.
Renamed the Alerts Overview to Standard Alerts Overview to distinguish it from the Filter Alerts Overview.
For more information, see Package humio/activity Release Notes.
microsoft/microsoft365 has been updated to v1.1.0.
Introduces a new "Email IOC detections" dashboard, which allows scanning your emails for matches against any indicators of compromise (IOC) as reported by CrowdStrike.
Includes drilldown capabilities, to easily investigate any IOC matches you might find.
Bumps the minimum supported version of LogScale from 1.50 to 1.77.
Adds a "Sender IP" parameter to the "Email investigation" dashboard, allowing easy filtering on sender IP addresses.
Makes a changes to presentation of data in the "Email investigation" dashboard. Most notably, the "Email details" widget is split in two, to better present the data.
The "Email overview" dashboard now provides a clearer view of what emails have been blocked, and also includes an overview of IOC detections on delivered emails.
The "Email overview" now uses the "FROM" SMTP email address to determine the sender, instead of the "MAIL FROM" address. This brings it in line with the rest of the package.
Some widgets have been moved from the "Email overview" dashboard to "Email threat summary".
For more information, see Package microsoft/microsoft365 Release Notes.
netskope/casb has been updated to v0.2.0.
Fixed parser to process all events
Added test cases to the parser
Updated dashboards to consume fields extracted by fixed parser
For more information, see Package netskope/casb Release Notes.
asimily/iomt has been updated to v0.1.0.
initial version
For more information, see Package asimily/iomt Release Notes.