Falcon LogScale 1.86.0 GA (2023-04-18)

Version?Type?Release Date?Availability?End of SupportSecurity UpdatesUpgrades From?Downgrades To?Config. Changes?
1.86.0GA2023-04-18

Cloud

2024-05-31No1.44.01.26.0No

Bug fixes and updates.

Advance Warning

The following items are due to change in a future release.

  • Installation and Deployment

    • Support for running on Java 11, 12, 13, 14, 15 and 16 will be removed by the end of September 2023.

New features and improvements

  • Automation and Triggers

    • When creating a new Alert, you now have a pulldown menu that suggests labels that you've previously created for other alerts. The same applies to Scheduled Searches.

      For more information, see Triggers.

  • Configuration

    • New configuration parameters have been added allowing control of client.rack for our Kafka consumers:

      • KAFKA_CLIENT_RACK_ENV_VAR — this variable is read to find the name of the variable that holds the value. It defaults to ZONE, which is the same variable applied to the LogScale node zones by default.

Fixed in this release

  • Dashboards and Widgets

    • "" was being discarded when creating URLs for interactions. This issue has now been fixed.

    • '_' was not recognized as a valid first symbol for parameters when parsing queries. This issue has now been fixed.

Recent Package Updates

The following LogScale packages have been updated within the last month.

  • Package Changes

    • microsoft/microsoft365 has been updated to v1.1.0.

      • Introduces a new "Email IOC detections" dashboard, which allows scanning your emails for matches against any indicators of compromise (IOC) as reported by CrowdStrike.

      • Includes drilldown capabilities, to easily investigate any IOC matches you might find.

      • Bumps the minimum supported version of LogScale from 1.50 to 1.77.

      • Adds a "Sender IP" parameter to the "Email investigation" dashboard, allowing easy filtering on sender IP addresses.

      • Makes a changes to presentation of data in the "Email investigation" dashboard. Most notably, the "Email details" widget is split in two, to better present the data.

      • The "Email overview" dashboard now provides a clearer view of what emails have been blocked, and also includes an overview of IOC detections on delivered emails.

      • The "Email overview" now uses the "FROM" SMTP email address to determine the sender, instead of the "MAIL FROM" address. This brings it in line with the rest of the package.

      • Some widgets have been moved from the "Email overview" dashboard to "Email threat summary".

      For more information, see Package microsoft/microsoft365 Release Notes.