3.1 coming soon

October 18, 2011 | Dominique Karg

Big news on the release front. Some features didn’t make it into 3.0 due to QA but now this has been solved and we wanted to roll out a minor release (which is not so minor if you look at the Changelog…) with this data, before heading towards 4.0 (IPv6 support, huge improvements on the multitenancy/multicustomer side and big performance related database structure changes).

So, without further delay, click below if you want to have a look at the 3.1 changelog. We’ll be updating the list (thanks Juanma, Pablo 😊 ) as we get more things validated and tested and expect to release late next week. And futhermore, we’ve got a huge surprise hatching on the 11-11-11, I’ll keep you posted.

3.1 (preliminary) Changelog below:

Legend:
* No specific mention

+ Will be seen on video (bold+italic) 

- Will be talked about on the video (bold) 



* New Plugin: Amun Honeypot http://sourceforge.net/projects/amunhoney/

+ New Feature: Raw tcpdump filter now available in Traffic Capture module

* Improved alarm panel performance when loading groups of alarms

+ Captions added to multiple Graphs in the Dashboards 

* Fixed small typos in the web interface

* New Feature: Beep on alarm (Incidents -> Alarms), Play a sound on new alarms

* Risk Maps can now query Nagios to get availability status in real time (Using mklivestatus http://mathias-kettner.de/checkmk_livestatus.html)

* Display Issues Fixed when using IE

* Queries updated in the Dashboard graphs to include new taxonomy categories

+ Complete redesign of the Real Time event Viewer: Improved peformance and new filtering options 

* Limit results displayed on some graphs in the Dashboards panel

* New feature: Voice control (More commands will be coming soon)

* Removed dead code

* Fix: Apache plugin updated in order to accept new event formats

* New Feature: Ping added as a service in the host_services table (Availability Monitoring)

* Fix:  Fixed decryption of passwords for OMP profiles (OpenVas)

* Improved performance when using Custom Views (SIEM console)

+ New Feature: Add PDF and CSV Report to Unique Events View (SIEM console) 

* Hide Analysis -> SIEM -> Statistics menu whenever EventStats is disabled

* Clean Code: Deprecated sytle deleted

* Fix: Issue when displaying the hardware info screen in firefox  

--> http://sourceforge.net/tracker/?func=detail&aid=3159019&group_id=15&atid=100015

* Improved Logger queries used in Asset report

* Fixed utf-8 display issues

* Fixed a problem when inserting services that existed in the db

* Some issues fixed when generating a pdf report

* Maps updated to use google Maps v3 api (No key required in google maps)

* Fixed an issue displaying blank description in vuln reports when using some pdf readers

+ New feature: Pcap web-based analyzer (Traffic capture) 

* New feature: Lilian date support in the agent

* Fixed several memory leaks ans bugs in the Open Source OSSIM Server

+ Improved the style sheet used to display alarms 

* Fixed a bug when trying to close an alarm group

* Updated port service descriptions

+ New feature: See related traffic (Right click menu) 

* New feature: See related events (Right click menu)

+ New feature: See related security events (Right click menu)

* New feature: Added loading message in multiple pages

* New permissions for the new menus

+ New feauture: Display IDM data in OSSEC management interface when IDM is enabled 

+ New feature: Add a message when loading Logger graphs 

* New feature: New action availability (Policy & Actions) -> Open a new ticket

* Font changed when displaying pcap file in SIEM Console

* Logger top graph now uses GMT+tz

+ IDM Support in SIEM Console 

* Fix: Increase memory limit in Asset report

* Support new formats in the Snare plugin

* Fix: Allow 0.0.0.0/0 as an agent in the OSSEC Web Interface (DHCP Enviroments)

* New mcafee-epo plugin

* Fixed connection issues between the framework and the database

* Added a link to see event detail from Real Time Event Viewer

* New feature: IDM output in the agent (Feeds the alienvault-idm daemon)

- New feature: FTP plugins support 

* Fixed some issues when inserting networks with special characters on their names

* Fixed some issues in the Risk Maps

* Support "All" in the time frame selection when generating a report in the SIEM Console

* Updated taxonomy filters in Dashboard Graphs

* Fix: Removed noisy messages generated by the cron daemon

- New feature: Logger support in more subreports 

* Fix: Snort rules were not displayed properly with some sids

* Fix: Debug info removed from some log files

* Fix: Asset properties display only the latest OS in each host

* New feature: New function in the plugins normalize_date_american

* New feature: New traffic lights in the Risk Maps

* Fix: Fixed an issue when deleting the default tab in Dashboards panel

* New plugin: Cisco-ips-syslog

* New feature: Network Groups support in Risk Maps

* Fixed an issue when exporting the SOX report in PDF format, some fonts were not properly displayed

+ New feature: Show IP Reputation info in the real time event panel 

+ New menu: Ip reputation 

* Improved usability in some graphs: bigger clickable area

- Updated chinese translation 

* Some message removed when starting the ossim agent

* New feature: Pagination when displaying more than 50 agents in the web interface

* Communication between the frameworkd and the agent now depends on the ip of the agent and not on the name of the agent

* Fix: Error fixed when generating reports including Flows information

* Removed unused links in Downloads

* Fix: Fixed a bug when editing a network asset

* Fix: Fixed an issue displaying RRD graphs for some networks

* New plugin: Vmware-vcenter

+ New feature: Show IP reputation info in Alarms 

+ New feature: Right click support in grouped alarms 

* Updated intrushield priority values

+ New feature: Open a ticket from the Logger or SIEM console 

* New feature: IP reputation in the event detail

* New feaure: Assing permissions to automatically generated tickets

* Fix: Error when creating Nagios configuration files for some hosts

+ New feature: Create host groups based on their location (For public IP addresses) 

* Updated bluecoat plugin

* Updated cisco-3030 plugin

* New feature: New categories on ticket status

* Updated Netscreen firewall plugin

* New feature: Display a message when deleting

* New feature:  Email template for tickets in HTML format

* Support the new nmap output format

* Fix: Allow _ in indicator name (Risk Maps)

* New plugin: Xtera's Ascenlink devices

* Unused configuration options removed

* New feature: Default custom views in the SIEM Console

* Fix: Fixed some "image not found" in Jasper reports

* Fix: Get rid of apache (already used by another worker) warnings at restart

* Fix: No need to logout to update user's timezone

* Fix: Issue when rotating logs when Fw1loggraber is enabled

+ Improved the way plugin sids are loaded, the Server now loads much faster 

* Updated cisco-asa plugin

* Added latitude and longitude information when importing assets using csv file

* Updated pam_unix plugin

* Updated real secure plugin

* New feature: Search box in Configuration -> SIEM Components -> Sensors

* Fixed several issues when displaying chinese characters

* Fix: Issue when collecting  some multi-line events

* New permission: Edit tickets

* New feature: Collect from multiple devices when using the SDEE plugin

* Fix: Error attaching big files in the Knowledge DB

* Updated Vyatta plugin

* Display a message when deleting alarms

* New feature: Disable correlation directives

* Fix: Display an error when images can not be displayed in reports

* New feature: New reports for HIDS information

* New feature: Find alarms containing an event type

* New feature: Import networks using a CSV file

- New feature: Add to DS Group button in Siem events 

* Fix: Allow inserting 0.0.0.0/1 as a network

* New feature: Export Networks and host as a CSV file

* New feature: Include remote loggers info in Asset Report

* New feature: Support filtering when deleting alarms

* Fix: Issue when stopping the network discovery tool (Nmap)

* New feature: Allow ANY in traffic capture tool

* Fix: styles in several pages (buttons, width,...)

* New feature: Allow event forwarding whenever SIEM is disabled (Policy rules)

* Fix: Small issues when working with multiple tzones in the web interface

* Fix: Duplicates entries in sources.list

* Updated compliance mappings

* Speed up the process of generating reports

* Fix: Issue when applying filters in the Metrics Report

* New feature: Added FW rules for openvasm

* New feature: Added FW rules for framework

* Fix: Clean duplicated Nagios link in Apache configuration

* New feature: New auto-complete options in the Logger console

* New feature: MOTD is now installed when using distributed installation profiles

* Fix: Bug when generating the geographic reports with some specific filters

* Fix: Issue when updating the ossim-server password from ossim-reconfig

* Fix: Typos

* Fix: Avoid Ntop to connect to the internet to check the version

* Fix: noisy perl messages new aliases for df, du enable timestamp in history

* New feature: Further restrict kernel logging on the console

* Improved Openvas4 auto-configuration

* Updated init scripts

* Use alienvault as the default hostname

* Updated nagios stylesheet

* Fix: Small issues in the availability report

+ New feature: IP Reputation + New feature: IDM (Identity Management) 

* Fix: Use alienvault-update when ossim-update is executed

* HA configuration in ailenvault-reconfig

+ Updated Tshark (introducing Sharkvault) 

* Speed up the correlation process

* Memory usage reduced when events are correlated

* Memory usage reduction when thousands of networks are present in the inventory

- New feature: IDM daemon alienvault-idm 

+ IDM and reputation added to custom SIEM views 

* New feature: Add a cron job for apt-get autoclean
Dominique Karg

About the Author: Dominique Karg

Read more posts from Dominique Karg ›

TAGS:

‹ BACK TO ALL BLOGS

Get the latest security news in your inbox.

Subscribe via Email

Watch a Demo ›
Get Price Free Trial