Falcon LogScale 1.83.0 GA (2023-03-28)
| Version? | Type? | Release Date? | Availability? | End of Support | Security Updates | Upgrades From? | Downgrades To? | Config. Changes? |
|---|---|---|---|---|---|---|---|---|
| 1.83.0 | GA | 2023-03-28 | Cloud | 2024-05-31 | No | 1.44.0 | 1.26.0 | No |
Bug fixes and updates.
Advance Warning
The following items are due to change in a future release.
Installation and Deployment
Support for running on Java 11, 12, 13, 14, 15 and 16 will be removed by the end of September 2023.
New features and improvements
User Interface
Event List Interactions are now accessible from the Repository and View Settings page.
Automation and Triggers
The default time window for Alerts has been updated:
When creating an alert from the Alerts page, the default query time window has been changed from to to match the default throttle time.
When creating an alert from the Search page, the default Throttle period has been changed to match that of the query time window set.
For more information, see Triggers.
GraphQL API
The querySearchDomain() GraphQL query now allows you to search for Views and Repositories based on your permissions — previously, enforcing specific permissions caused errors.
Dashboards and Widgets
You can now delete or duplicate Event List Interactions from the Interactions overview page.
For more information, see Deleting and Duplicating Event List Interactions.
You can now save interactions with a saved query on the Search page. Interactions in saved queries are also supported in Package Management.
For more information, see Access and Create Event List Interactions.
The combo box has been updated to show multiple selections as "pills".
Interactive elements in visualizations now have the point cursor.
Functions
Performance improvements have been made to the
match()query function in cases whereignoreCase=trueis used together with eithermode=cidr, ormode=string.
Fixed in this release
Other
Fixed bucket downloads that could fail if the segment they were fetching disappeared from global.
Recent Package Updates
The following LogScale packages have been updated within the last month.
Package Changes
microsoft/microsoft365 has been updated to v1.1.0.
Introduces a new "Email IOC detections" dashboard, which allows scanning your emails for matches against any indicators of compromise (IOC) as reported by CrowdStrike.
Includes drilldown capabilities, to easily investigate any IOC matches you might find.
Bumps the minimum supported version of LogScale from 1.50 to 1.77.
Adds a "Sender IP" parameter to the "Email investigation" dashboard, allowing easy filtering on sender IP addresses.
Makes a changes to presentation of data in the "Email investigation" dashboard. Most notably, the "Email details" widget is split in two, to better present the data.
The "Email overview" dashboard now provides a clearer view of what emails have been blocked, and also includes an overview of IOC detections on delivered emails.
The "Email overview" now uses the "FROM" SMTP email address to determine the sender, instead of the "MAIL FROM" address. This brings it in line with the rest of the package.
Some widgets have been moved from the "Email overview" dashboard to "Email threat summary".
For more information, see Package microsoft/microsoft365 Release Notes.
pingidentity/pingone has been updated to v1.1.0.
Adds a widget for viewing short lived accounts in the "Password activity" dashboard
Bumps minimum supported version of LogScale to 1.76 from 1.42
For more information, see Package pingidentity/pingone Release Notes.
crowdstrike/ioc has been updated to v1.0.0.
Removed regular expressions from all queries, as these were causing problems.
Converts the package from an application to a library.
Bumps the minimum supported version of LogScale from 1.29 to 1.45.
For more information, see Package crowdstrike/ioc Release Notes.