Articles in this section

Self help

ITRS Log Analytics 6.1.5 Release Notes

Avatar
Marcos Galinanes
  • Updated
Follow

Product: OP5 Log Analytics
Release Number: 6.1.5
Release Date: June 12, 2019
Release Type: Micro
Previous Release: 6.1.3

What's New

  • **BREAKING CHANGE**: audit index is from now on created with type "doc" and date field "@timestamp". Old index is not compatible and should be deleted before update:

- Turn of audit logging. In Kibana -> Settings and unmark all in "Update Audit Setting" section.
- Delete the audit index.
- Update elasticsearch-auth.
- Turn on audit logging.

  • ITRS branding
  • Risk Management for Alerts - User can create custom categories for field attributes like Hostname, Hostip, Username. Once the alert is triggered, the result get score amplification calculated from object categories.
  • Alert rule importance - introduction of new value for each alerts that is correlated with object category and helps identify.
  • When creating alerts now we have the ability Test the rule before scheduling this.
  • Playbook introduction - ability to create simple editable instructions(+scripts) that system operator should follow when Alert is triggered.
  • Verify IP on blacklists - if the Alert is triggered for IP, Verify button lets customer check its reputation.
  • When creating alerts operators get ability to validate the alert and find most suitable playbook for it. The Playbook list is automatically sorted.
  • User will get an email notification when Incident is attached to them. New email field in user tab.
  • IP's are correlated towards Bad IP reputation list.
  • Introduction of Incidents. Alerts are now turned into Incidents, with assigned operator and its status.
  • Regular user can configure own Alerts.
  • Netflow, jflow, sflow support.
  • Provided interface for running custom, external, AI jobs created in own programming language.

Improvements

  • Audit index is created with type "doc" and date field "@timestamp".
  • Better Radius authentication support.
  • System auditing corrections.

Fixes

  • Fixed an issue in the intelligence module API.
  • Fixed an issue with sorting alerts.

 


How to install

Download one of the following Log Analytics distributions: Tarball | VMDK | OVA

Documentation can be found here.

Feedback

If you have any questions surrounding this micro release, you are more than welcome to get in touch with us.

Related articles

Comments

0 comments

Please sign in to leave a comment.