Released Builds

  • Production: Precinct-master-8
  • Early Access: Precinct-earlyaccess-6

Builds published to WitFoo Library at 1/26/2018 1849 (CST) due for automatic installation at 1/26/2018 1900 (CST)



  • Kibana authentication is now active and enforced using Precinct credentials
  • Snort lookup hyperlinks on snort signatures on all lead displays
  • New Operations dashboard with detailed metrics and histograms (Demo:


  • Tuned WitFoo.Artifact index in Elasticsearch to improve query times
  • Upgraded Elasticsearch from 5.2 to 6.1.2
  • Upgraded Logstash from 5.2 to 6.1.2
  • Upgraded Kibana from 5.2 to 6.1.2
  • Kibana is secured with SSL
  • [Attack] Disruption status added to leads and incidents
  • Leads from WitFoo.Artifacts now use Tool name instead of set id
  • NetFlow version 9 is now fingerprinted using vendor fields
  • NetFlow and Syslog Streamers combined into single docker container
  • Kafka disk usage tuned
  • Adaptive syslog parsing processing improvements
  • NetFlow processing improvements
  • WitFoo Library Agent replaces New Relic APM/Insights for support monitoring


  • Meraki syslog with disruption detection
  • Cisco AMP disruption detection
  • Crowdstrike disruption detection
  • Cisco ASA disruption detection
  • Elastic Winlogbeats
  • Cisco NSEL

Bug Fixes

  • Corrected slow response times that can occur in certain network and DNS configurations
  • Email notifications now send when SMTP authentication is disabled
  • Corrected memory handling in browser that caused unresponsiveness when pulling large data sets on the Search page
  • Crowdstrike event details formatting is corrected
  • Corrected calculation metrics on Reports to guarantee accuracy and precision