Falcon LogScale 1.87.0 GA (2023-04-25)

Version?Type?Release Date?Availability?End of SupportSecurity UpdatesUpgrades From?Downgrades To?Config. Changes?
1.87.0GA2023-04-25

Cloud

2024-05-31No1.44.01.26.0No

Bug fixes and updates.

Advance Warning

The following items are due to change in a future release.

  • Installation and Deployment

    • Support for running on Java 11, 12, 13, 14, 15 and 16 will be removed by the end of September 2023.

New features and improvements

  • Dashboards and Widgets

    • When using the Edit in search view item on a dashboard widget, the values set in parameters in the query are also carried over into the search view.

    • When Make your Dashboard Interactive, the {{ startTime }} and {{ endTime }} special variables now work differently, depending on whether the query, widget or dashboard is running in Live mode or not. They now work as follows:

      • In a live query or dashboard, the startTime variable will contain the relative time, such as 2d whereas endTime will be empty.

      • In a non-live query or dashboard, startTime will be the absolute start time when the query was last run. endTime, similarly, will have the end time of when the query was last run.

  • Functions

    • base64Decode() query function has been updated such that, when decoding to UTF-8, invalid code points are replaced with a placeholder character.

    • The memory usage of the functions selectLast() and groupBy() has been improved.

  • Packages

Fixed in this release

  • User Interface

    • An issue in the Usage page that could fail showing any data has been fixed.

      The Usage page now shows an error if there are any warnings from the query.

  • Dashboards and Widgets

    • Attempting to remove a widget on a dashboard would sometimes remove another widget than the one attempted to remove. This issue has been fixed.

    • Non-breaking space chars (ALT+Space) made Template Expressions unable to be resolved. This issue has been fixed.

  • Queries

    • In clusters with bucket storage running queries that take more than 90 minutes, those queries could spuriously fail with a complaint that segments were missing. The issue has now been fixed.

  • Functions

    • The groupBy() function would not always warn upon exceeding the default limit. This issue has now been fixed.

    • timeChart() provided with unitand groupBy() as the aggregation function would not warn on exceeding the default groupBy() limit. This issue has now been fixed.

Recent Package Updates

The following LogScale packages have been updated within the last month.

  • Package Changes

    • microsoft/microsoft365 has been updated to v1.1.0.

      • Introduces a new "Email IOC detections" dashboard, which allows scanning your emails for matches against any indicators of compromise (IOC) as reported by CrowdStrike.

      • Includes drilldown capabilities, to easily investigate any IOC matches you might find.

      • Bumps the minimum supported version of LogScale from 1.50 to 1.77.

      • Adds a "Sender IP" parameter to the "Email investigation" dashboard, allowing easy filtering on sender IP addresses.

      • Makes a changes to presentation of data in the "Email investigation" dashboard. Most notably, the "Email details" widget is split in two, to better present the data.

      • The "Email overview" dashboard now provides a clearer view of what emails have been blocked, and also includes an overview of IOC detections on delivered emails.

      • The "Email overview" now uses the "FROM" SMTP email address to determine the sender, instead of the "MAIL FROM" address. This brings it in line with the rest of the package.

      • Some widgets have been moved from the "Email overview" dashboard to "Email threat summary".

      For more information, see Package microsoft/microsoft365 Release Notes.