Released Builds
- Production: Precinct-master-8
- Early Access: Precinct-earlyaccess-6
Builds published to WitFoo Library at 1/26/2018 1849 (CST) due for automatic installation at 1/26/2018 1900 (CST)
Features
- Kibana authentication is now active and enforced using Precinct credentials
- Snort lookup hyperlinks on snort signatures on all lead displays
- New Operations dashboard with detailed metrics and histograms (Demo: https://vimeo.com/249963132)
Improvements
- Tuned WitFoo.Artifact index in Elasticsearch to improve query times
- Upgraded Elasticsearch from 5.2 to 6.1.2
- Upgraded Logstash from 5.2 to 6.1.2
- Upgraded Kibana from 5.2 to 6.1.2
- Kibana is secured with SSL
- [Attack] Disruption status added to leads and incidents
- Leads from WitFoo.Artifacts now use Tool name instead of set id
- NetFlow version 9 is now fingerprinted using vendor fields
- NetFlow and Syslog Streamers combined into single docker container
- Kafka disk usage tuned
- Adaptive syslog parsing processing improvements
- NetFlow processing improvements
- WitFoo Library Agent replaces New Relic APM/Insights for support monitoring
Integrations
- Meraki syslog with disruption detection
- Cisco AMP disruption detection
- Crowdstrike disruption detection
- Cisco ASA disruption detection
- Elastic Winlogbeats
- Cisco NSEL
Bug Fixes
- Corrected slow response times that can occur in certain network and DNS configurations
- Email notifications now send when SMTP authentication is disabled
- Corrected memory handling in browser that caused unresponsiveness when pulling large data sets on the Search page
- Crowdstrike event details formatting is corrected
- Corrected calculation metrics on Reports to guarantee accuracy and precision