Changelog
Version 24.3.2
2024-11-14
Fixed
- Improved reliability of RabbitMQ connections
- Improved efficiency when creating multiple reports simultaneously
Version 24.3.1
2024-11-05
Fixed
- Improved reliability of RabbitMQ connection
Version 24.3.0
2024-10-21
Added
- Added export of Alerts and HTTP traffic to CSV
- Added Attack type field on Legitimate creation wizard
- Added Protocol field on Traffic Source creation form
Changed
- Improved field options on Legitimate creation wizard
Fixed
- Improved SQL Injection detection module
- Improved deobfuscation of control characters when scanning for injection attacks
- Traffic source listener doesn't truncate transactions bigger than 4K bytes
- Reports with Log4J JNDI Injection alerts are now correctly created
- Search on Domain Group input field in Add to existing Domain Group action is now working properly
- Improvements in overall system stability and resilience
Version 24.2.1
2024-08-05
Added
- Added missing Expression filter on Protection - Rules page
Fixed
- SIEM Notification modules now include a Timezone reference
- Improved Malicious Scanner and SQL Injection detection modules
- Increased report generation timeout to handle longer processing times
Changed
- Time intervals for sending Telemetry data have been reduced
Version 24.2.0
2024-07-02
Added
- New HTTP clients table on Alert details page to inspect attack sources
- Updated CLI with new automation features, including license activation and rule management
- New Attack trends chart on Dashboard
- New telemetry module to enable shared threat intelligence
- Hosts can be associated to an existent Domain Group from the Assets - Hosts page
- New filter that allows to show/hide Hosts associated with a Domain Group on Assets - Hosts page
- New targets on Custom Rule creation
- Network rule automation can be enabled for specific Domain Groups, Hosts or attack types
- Detection can be disabled for specific response codes or client IPs
- Hosts not assciated with a Domain Group that are not seen by the software for a configurable amount of time will be deleted
Fixed
- Improved Path Traversal and Bruteforce detection modules
- Improved concurrency and efficiency on main Seer Box Engine processes
- The loading times of the Alert page have been drastically reduced
- The loading times of the Metrics data have been drastically reduced
- Oplon WAF rule translation
Version 24.1.2
2024-05-15
Fixed
- Bug blocking sending of application rules to Oplon WAF
- Bug preventing network rule syncronization after their expiration date
- Wrong IP validation on Seer Box GUI input fields
Changed
- Generic Oplon firewall integration is now split in Oplon WAF and Oplon Firewall for IP blacklisting
Added
- Prevent alert detection for specific subset of status codes
Version 24.1.1
2024-04-24
Fixed
- Bug blocking license validation process after license service disruption
- Error while inserting User Agent data related to alerts
- Minor fixes
Removed
- Redundant dependency on Seer Box GUI container image
Version 24.1.0
2024-04-11
Added
- New Audit Logs section on Seer Box web interface
- New Seer Box Sentinel component to enable distributed traffic monitoring
- Built-in support for standard NCSA log formats
- Alert will be automatically ignored after a configurable amount of time
- New filters available on Alerts, Rules, Legitimates and HTTP Traffic pages
- Sample configurations for Kubernetes-based deployments
Changed
- HAProxy log format now supports more fields, including HTTP request body
- Docker-based deployments now support host directory bind mounts
- Notifications destination now allows hostnames
Fixed
- Type mismatch exception on report creation
- Bug preventing Seer Box Engine from restarting its listeners
- Bug preventing Seer Box Engine to properly cache metrics and trends
- PostgreSQL connections are now limited to allow reuse
no datawarning on Dashboard traffic chart- Report generation on Docker-based deployments
- Editing an existing SIEM Notification resets the log format to
CEF