Product: OP5 Log Analytics
Release Number: 6.1.5
Release Date: June 12, 2019
Release Type: Micro
Previous Release: 6.1.3
- **BREAKING CHANGE**: audit index is from now on created with type "doc" and date field "@timestamp". Old index is not compatible and should be deleted before update:
- Turn of audit logging. In Kibana -> Settings and unmark all in "Update Audit Setting" section.
- Delete the audit index.
- Update elasticsearch-auth.
- Turn on audit logging.
- ITRS branding
- Risk Management for Alerts - User can create custom categories for field attributes like Hostname, Hostip, Username. Once the alert is triggered, the result get score amplification calculated from object categories.
- Alert rule importance - introduction of new value for each alerts that is correlated with object category and helps identify.
- When creating alerts now we have the ability Test the rule before scheduling this.
- Playbook introduction - ability to create simple editable instructions(+scripts) that system operator should follow when Alert is triggered.
- Verify IP on blacklists - if the Alert is triggered for IP, Verify button lets customer check its reputation.
- When creating alerts operators get ability to validate the alert and find most suitable playbook for it. The Playbook list is automatically sorted.
- User will get an email notification when Incident is attached to them. New email field in user tab.
- IP's are correlated towards Bad IP reputation list.
- Introduction of Incidents. Alerts are now turned into Incidents, with assigned operator and its status.
- Regular user can configure own Alerts.
- Netflow, jflow, sflow support.
- Provided interface for running custom, external, AI jobs created in own programming language.
- Audit index is created with type "doc" and date field "@timestamp".
- Better Radius authentication support.
- System auditing corrections.
- Fixed an issue in the intelligence module API.
- Fixed an issue with sorting alerts.
How to install
Documentation can be found here.
If you have any questions surrounding this micro release, you are more than welcome to get in touch with us.