Released Builds
- Production: Precinct-master-10, Precinct-master-19
- Early Access: Precinct-earlyaccess-13, Precinct-earlyaccess-19
Builds published to WitFoo Library at 2/3/2018 1551 (CST) due for automatic installation at 2/3/2018 1600 (CST)
Features
- Email notifications are sent when integrations are down or the system disk is fuller than 90%
Improvements
- Investigative Engine now uses Elasticsearch Scroll API to improve search times
- Lead details cache expanded from 255 characters to 2048
- Appliance Firewall enabled and configured to prevent unauthorized network access to services
- Upgrade Elasticsearch from 6.1.2 to 6.1.3
- Upgrade Logstash from 6.1.2 to 6.1.3
- Upgrade Kibana from 6.1.2 to 6.1.3
Integrations
- Carbonblack/Bit9 Protect API integration (Respond already exists)
- Disruption detection from Infoblox RPZ (sinkhole) action
- Splunk API connector (see: https://vimeo.com/254056535)
- Additional Cisco ASA messages
An updated list of integrations can be found at https://www.witfoo.com/product
Bug Fixes
- When product updates are applied and docker images are not downloaded, the update is incorrectly marked as complete
- STIX/Taxii feeds stop processing when Taxii server provides malformed response
- Password reset does not send email notification in networks using unauthenticated SMTP
- Zookeeper loses contact with Kafka in slower virtual appliances
- Slow processing and high cpu utilization occurs in conditions where connection edges cannot resolve their nodes
- In making calls to Cisco Stealthwatch 6.9.x the Stealthwatch authentication service may crash causing 500 errors on attempted logins. Handled through session caching and throttling.
- In the UI, it is possible to see “undefined” or “unprocessed” as a case/incident status type
- Large API returns can result in truncation of results because of memory limits.
- Cisco AMP malformed API response disrupts asset inventory.
RSS Feed for release notes is: https://community.witfoo.com/category/release-notes/feed/