13.1. Analysis Cockpit v4.2
13.1.1. Analysis Cockpit 4.2.0
Release Date: Mon, 2 Dec 2024 11:49:00 +0100
Features
Introduced a new notification type to alert users on events without case assignments
Added a new notification type that triggers when a new asset is affected by a case
Added an option to run event retention based on the
time
field instead of@timestamp
Enhanced the Overview page with connectivity details for Management Center and Security Center
Enabled Management Center to connect with Security Center via a reverse proxy, eliminating the need for direct access
Cases can now be assigned directly to specific users, supporting user-specific workflows
Added LDAP users to the User Management table for improved user administration
Improvements
Converted 'Started' and 'Duration' graphs in the scan table to more intuitive line charts
Established a real-time sync API between Management Center and Analysis Cockpit for Thunderstorm events
Added "Expunge Deleted Events" setting for complete event deletion in retention settings
Made the 'Assets' column in the Management Centers table sortable
Implemented a fallback in event table filters to truncate search terms over 1000 characters
Improved
rsyslog
configuration by switching toimptcp
fromimtcp
Cases can now be sorted correctly by their status in the case table
UX
Automatically clear empty condition fields in the 'Create Case' condition builder
Added a 'Back' button in the 'Create Scheduled Report' dialog for easier navigation
Added a loading indicator when testing proxy connections
Enabled ChatGPT prompt submission with the 'Enter' key
Expanded THOR event right-click context menu to additional views
Adjusted retention settings page to use full-width layout
Added THOR's 'Archive' field as an option for file collection from assets
Removed the option to delete oneself from the User table
Restricted creation of THOR dashboards for Aurora and vice versa
Enhanced handling of ElasticSearch error messages for better troubleshooting
Made the right sidebar resizable for flexible layout adjustment
Bugfixes
Resolved an issue with event assignments to already merged cases; this update will automatically correct any prior mis-assignments
Restored missing example events for certain findings in the Security Center
Added missing API key in curl examples within API documentation
Addressed timezone issues in MariaDB by setting the timezone in configuration
Correctly display negation filters in the 'Save Dashboard' dialog
Validated 'Run at' field in retention settings before submission
Increased Elasticsearch's
max_nested_depth
to 100 to prevent query failuresCorrected a typo in API documentation for
GET /events/search
endpointFixed processing of Bifrost file names
Ensured UUIDs are generated for new suggested cases
Added a
.gitignore
file to the config directory to avoid certain files from being backed upFixed updates in the 'Actual events' column
Addressed empty entries in case change logs when adding comments without other changes
Chore
Corrected a typo in the licensing section