Build IDs: 6-0-1-1, master-46, master-48

Bug Fixes

  • Red color on incidents should be > .75, Orange >=.75 and <.5, Yellow > .5
  • On Incident Count badge, count should be total_count in API Call
  • On integrations, checkbox for enable does not work
  • Qualys Vulns not reporting
  • SAML Login does not work
  • Streamer node using externalkafka is crashing
  • Streamer splunk pipeline crashing for normal splunk query strings
  • Demo Data not generating
  • pan firewall parser not catching half of traffic
  • Last observed timestamp on sender hosts & stream names
  • Tool Effectiveness API call has incorrect data
  • Authentication type on user edit (admin/users) not displaying
  • Register is not in right format
  • IG Facets need 50 limit moved to after sort
  • Search not returning results
  • Caprica Metrics slow
  • Not processing artifacts
  • Streamnames stats wrong
  • Fix Crowdstrike API label
  • Only count disruption on blocking tool
  • User not updating on Incident
  • Carbonblack not working
  • Last observed on Artifacts not updating
  • IE Processing may be deeply backlogged
  • Troubleshoot queries
  • Flat lined artifact processing on some deployments
  • Artifact date stamps off
  • SOC not showing records
  • StealthWatch reporting error
  • Initial load of Reports UI often fails; needs to be refreshed
  • When doing a URL search on Artifacts, the builder does not build
  • Download of artifacts fails to work as hoped
  • Streamer running out of memory
  • Artifact Search: Absolute date sends NaN instead of selected timestamp


  • External Kafka to Syslog Pipeline Stage
  • Cache Library Lookups
  • Add ‘parsers’ field to appliance config in library
  • Honor parser list in syslog parsing
  • Set severityCode to 1 for all estreamer artifacts
  • Cassandra gc and compaction job/maintenance
  • Cassandra saturday night repair and gc / compaction maintenance
  • Job to truncate artifacts, full_artifact_partitions_ and artifact_partitions tables
  • SUP job to prune incidents


  • Add meta on Cisco Wireless Controller
  • Sonicwall
  • pfSense Firewall


  • Tool Effectiveness Reports – The 2nd & 3rd widgets reference “Leads” instead of “Incidents”
  • Remove scroll bars on CSC Report; move the columns Right of Product column to a modal/popup when clicked
  • Reports->Operational Efficiency->FTE Cost: The x-axis should be displayed as currency.
  • Make API passwords into HTML password fields
  • ClientGUID to Artifact search
  • Add a success indicator (checkmark or the like) when settings are successfully saved (API returns success)
  • Kafka to 2.2.2
  • Upgrade to Cassandra 3.11.6
  • Write StreamNames to Library metrics
  • Logstash to 6.8.7
  • Greatly reduce CPU for cisco asa and ace parsers
  • Calculate tiered artifact insert TTL in SUP, and use it for streamer insert
  • Disable cassandra 3-day repair maintenance
  • Include support workflow metrics into “Artifact Streams” kibana dashboard and streamer application
  • Artifact: Days before selector should not go negative
  • Add zoom and reset button to Graph Relationships on Artifacts results
  • Clean up streamer metrics
  • Use local storage to persist a users filter settings on the incidents page
  • Enhanced Cassandra disk clean up and optimization
  • Have cassandra insert ttl calculation use 45% of available disk for upper bound of storage
  • Allow user to change cytoscape layout on Artifacts and Incidents
  • On the incident panel, don’t reset the position of the nodes unless layout is changed or reset is pressed
  • Add modal to view lead on Incident bottom bar


RSS Feed for release notes is:

Email notifications for WitFoo Release Notes can be subscribed to here: