3.1 coming soon

October 18, 2011 | Dominique Karg

Get the latest security news in your inbox.

Subscribe via Email

No thanks. Close this now.

Big news on the release front. Some features didn’t make it into 3.0 due to QA but now this has been solved and we wanted to roll out a minor release (which is not so minor if you look at the Changelog…) with this data, before heading towards 4.0 (IPv6 support, huge improvements on the multitenancy/multicustomer side and big performance related database structure changes).

So, without further delay, click below if you want to have a look at the 3.1 changelog. We’ll be updating the list (thanks Juanma, Pablo 😊 ) as we get more things validated and tested and expect to release late next week. And futhermore, we’ve got a huge surprise hatching on the 11-11-11, I’ll keep you posted.

3.1 (preliminary) Changelog below:

* No specific mention

+ Will be seen on video (bold+italic) 

- Will be talked about on the video (bold) 

* New Plugin: Amun Honeypot http://sourceforge.net/projects/amunhoney/

+ New Feature: Raw tcpdump filter now available in Traffic Capture module

* Improved alarm panel performance when loading groups of alarms

+ Captions added to multiple Graphs in the Dashboards 

* Fixed small typos in the web interface

* New Feature: Beep on alarm (Incidents -> Alarms), Play a sound on new alarms

* Risk Maps can now query Nagios to get availability status in real time (Using mklivestatus http://mathias-kettner.de/checkmk_livestatus.html)

* Display Issues Fixed when using IE

* Queries updated in the Dashboard graphs to include new taxonomy categories

+ Complete redesign of the Real Time event Viewer: Improved peformance and new filtering options 

* Limit results displayed on some graphs in the Dashboards panel

* New feature: Voice control (More commands will be coming soon)

* Removed dead code

* Fix: Apache plugin updated in order to accept new event formats

* New Feature: Ping added as a service in the host_services table (Availability Monitoring)

* Fix:  Fixed decryption of passwords for OMP profiles (OpenVas)

* Improved performance when using Custom Views (SIEM console)

+ New Feature: Add PDF and CSV Report to Unique Events View (SIEM console) 

* Hide Analysis -> SIEM -> Statistics menu whenever EventStats is disabled

* Clean Code: Deprecated sytle deleted

* Fix: Issue when displaying the hardware info screen in firefox  

--> http://sourceforge.net/tracker/?func=detail&aid=3159019&group_id=15&atid=100015

* Improved Logger queries used in Asset report

* Fixed utf-8 display issues

* Fixed a problem when inserting services that existed in the db

* Some issues fixed when generating a pdf report

* Maps updated to use google Maps v3 api (No key required in google maps)

* Fixed an issue displaying blank description in vuln reports when using some pdf readers

+ New feature: Pcap web-based analyzer (Traffic capture) 

* New feature: Lilian date support in the agent

* Fixed several memory leaks ans bugs in the Open Source OSSIM Server

+ Improved the style sheet used to display alarms 

* Fixed a bug when trying to close an alarm group

* Updated port service descriptions

+ New feature: See related traffic (Right click menu) 

* New feature: See related events (Right click menu)

+ New feature: See related security events (Right click menu)

* New feature: Added loading message in multiple pages

* New permissions for the new menus

+ New feauture: Display IDM data in OSSEC management interface when IDM is enabled 

+ New feature: Add a message when loading Logger graphs 

* New feature: New action availability (Policy & Actions) -> Open a new ticket

* Font changed when displaying pcap file in SIEM Console

* Logger top graph now uses GMT+tz

+ IDM Support in SIEM Console 

* Fix: Increase memory limit in Asset report

* Support new formats in the Snare plugin

* Fix: Allow as an agent in the OSSEC Web Interface (DHCP Enviroments)

* New mcafee-epo plugin

* Fixed connection issues between the framework and the database

* Added a link to see event detail from Real Time Event Viewer

* New feature: IDM output in the agent (Feeds the alienvault-idm daemon)

- New feature: FTP plugins support 

* Fixed some issues when inserting networks with special characters on their names

* Fixed some issues in the Risk Maps

* Support "All" in the time frame selection when generating a report in the SIEM Console

* Updated taxonomy filters in Dashboard Graphs

* Fix: Removed noisy messages generated by the cron daemon

- New feature: Logger support in more subreports 

* Fix: Snort rules were not displayed properly with some sids

* Fix: Debug info removed from some log files

* Fix: Asset properties display only the latest OS in each host

* New feature: New function in the plugins normalize_date_american

* New feature: New traffic lights in the Risk Maps

* Fix: Fixed an issue when deleting the default tab in Dashboards panel

* New plugin: Cisco-ips-syslog

* New feature: Network Groups support in Risk Maps

* Fixed an issue when exporting the SOX report in PDF format, some fonts were not properly displayed

+ New feature: Show IP Reputation info in the real time event panel 

+ New menu: Ip reputation 

* Improved usability in some graphs: bigger clickable area

- Updated chinese translation 

* Some message removed when starting the ossim agent

* New feature: Pagination when displaying more than 50 agents in the web interface

* Communication between the frameworkd and the agent now depends on the ip of the agent and not on the name of the agent

* Fix: Error fixed when generating reports including Flows information

* Removed unused links in Downloads

* Fix: Fixed a bug when editing a network asset

* Fix: Fixed an issue displaying RRD graphs for some networks

* New plugin: Vmware-vcenter

+ New feature: Show IP reputation info in Alarms 

+ New feature: Right click support in grouped alarms 

* Updated intrushield priority values

+ New feature: Open a ticket from the Logger or SIEM console 

* New feature: IP reputation in the event detail

* New feaure: Assing permissions to automatically generated tickets

* Fix: Error when creating Nagios configuration files for some hosts

+ New feature: Create host groups based on their location (For public IP addresses) 

* Updated bluecoat plugin

* Updated cisco-3030 plugin

* New feature: New categories on ticket status

* Updated Netscreen firewall plugin

* New feature: Display a message when deleting

* New feature:  Email template for tickets in HTML format

* Support the new nmap output format

* Fix: Allow _ in indicator name (Risk Maps)

* New plugin: Xtera's Ascenlink devices

* Unused configuration options removed

* New feature: Default custom views in the SIEM Console

* Fix: Fixed some "image not found" in Jasper reports

* Fix: Get rid of apache (already used by another worker) warnings at restart

* Fix: No need to logout to update user's timezone

* Fix: Issue when rotating logs when Fw1loggraber is enabled

+ Improved the way plugin sids are loaded, the Server now loads much faster 

* Updated cisco-asa plugin

* Added latitude and longitude information when importing assets using csv file

* Updated pam_unix plugin

* Updated real secure plugin

* New feature: Search box in Configuration -> SIEM Components -> Sensors

* Fixed several issues when displaying chinese characters

* Fix: Issue when collecting  some multi-line events

* New permission: Edit tickets

* New feature: Collect from multiple devices when using the SDEE plugin

* Fix: Error attaching big files in the Knowledge DB

* Updated Vyatta plugin

* Display a message when deleting alarms

* New feature: Disable correlation directives

* Fix: Display an error when images can not be displayed in reports

* New feature: New reports for HIDS information

* New feature: Find alarms containing an event type

* New feature: Import networks using a CSV file

- New feature: Add to DS Group button in Siem events 

* Fix: Allow inserting as a network

* New feature: Export Networks and host as a CSV file

* New feature: Include remote loggers info in Asset Report

* New feature: Support filtering when deleting alarms

* Fix: Issue when stopping the network discovery tool (Nmap)

* New feature: Allow ANY in traffic capture tool

* Fix: styles in several pages (buttons, width,...)

* New feature: Allow event forwarding whenever SIEM is disabled (Policy rules)

* Fix: Small issues when working with multiple tzones in the web interface

* Fix: Duplicates entries in sources.list

* Updated compliance mappings

* Speed up the process of generating reports

* Fix: Issue when applying filters in the Metrics Report

* New feature: Added FW rules for openvasm

* New feature: Added FW rules for framework

* Fix: Clean duplicated Nagios link in Apache configuration

* New feature: New auto-complete options in the Logger console

* New feature: MOTD is now installed when using distributed installation profiles

* Fix: Bug when generating the geographic reports with some specific filters

* Fix: Issue when updating the ossim-server password from ossim-reconfig

* Fix: Typos

* Fix: Avoid Ntop to connect to the internet to check the version

* Fix: noisy perl messages new aliases for df, du enable timestamp in history

* New feature: Further restrict kernel logging on the console

* Improved Openvas4 auto-configuration

* Updated init scripts

* Use alienvault as the default hostname

* Updated nagios stylesheet

* Fix: Small issues in the availability report

+ New feature: IP Reputation + New feature: IDM (Identity Management) 

* Fix: Use alienvault-update when ossim-update is executed

* HA configuration in ailenvault-reconfig

+ Updated Tshark (introducing Sharkvault) 

* Speed up the correlation process

* Memory usage reduced when events are correlated

* Memory usage reduction when thousands of networks are present in the inventory

- New feature: IDM daemon alienvault-idm 

+ IDM and reputation added to custom SIEM views 

* New feature: Add a cron job for apt-get autoclean
Dominique Karg

About the Author: Dominique Karg

Read more posts from Dominique Karg ›



Watch a Demo ›
Get Price Free Trial