Security Teams are Choosing Graylog for their SOC | WHY SWITCH? >>>

Free Tools
See Demo

Announcing Graylog Illuminate v3.2

  • New processing content included with Illuminate 3.2:
    • Bind DNS logs (#1098)
    • Ubiquiti Unifi (#1038)
    • Microsoft DHCP (#797)
    • Symantec Endpoint Protection Manager (#578)
    • Apache Web Server (#1081)
  • The following Spotlight content packs have been updated since Graylog Illuminate 3.1:
    • Graylog Illuminate 3.2.0:Cisco ASA Spotlight
    • The “DNS Transaction” GIM subcategory has been replaced with a multi-subcategory mapping of both “DNS Request” and “DNS Answer” (#361)
    • This release includes an updated message summary template content pack “Message Summaries” (#1054)

 

GRAYLOG ILLUMINATE 3.1

Released: 2023-03-02

Fixes

  • Illuminate Core:
    • Fixed severity mapping issue (#1078)
    • Make lookup file names unique (#1090)
    • Field alert_severity not statically mapped to data type (#1153)
  • Office 365:
    • Lookup file formatting error (#1091)
  • Okta:
    • Lookup file formatting error (#1092)
  • Fortigate:
    • Fixed severity mapping for level ‘notice’ (#1104)
  • Watchguard:
    • Not all DHCP events are being parsed (#1148)
  • Cisco ASA:
    • Fixed issue with Denied Connections widget search (#1186)

 

Enhancements

  • GIM: 
    • Added network.open and network.close subcategories (#635)
  • Illuminate Core:
    • Added MAC address (source_mac/host_mac/destination_mac) as candidate for reference field (source_reference/host_reference/destination_reference) (#1105)
    • Fixed selection order for destination_reference candidate fields (#1170)
    • Enforced IP field format for schema IP fields source_ip, host_ip, destination_ip (#1132)
    • Added “input routing” lookup to help with proper message identification & selection (#1149)
    • Improved IP processing rule criteria efficiency (#1155)
  • Cisco ASA:
    • Added mapping for vendor_event_severity to provide text severity corresponding to the numeric field vendor_event_severity level
    • Added support for events: 338001, 338002, 338003, 338004, 338005, 338006, 338007, 338008, 338101, 338102, 338103, 338104, 338201, 338202, 338203, 338204 (#973)
    • Added support for events: 302014, 302016, 302018, 302022, 302023, 302024, 302025, 302026, 302027, 302036, 302303, 302304, 302306 (#1161)
    • Updated categorization for events: 302013, 302015 (#1161)
  • Cisco Meraki:
    • Parse URLs in Meraki events (#469)
  • Sonicwall:
    • Categorized network open/close events (#1162)

 

Known Issues

  • Auditbeat cannot process events with multiple values assigned to `vendor_event_action’ (#622)

 

Let us know what you’d like to have included in our GitHub issue tracker.

The Graylog Product Team

View More Posts By The Graylog Product Team

Categories

Get the Monthly Tech Blog Roundup

Subscribe to the latest in log management, security, and all things Graylog blog delivered to your inbox once a month.

Blog Graphic
Read Now

Products

Graylog Security
Graylog Enterprise
Graylog Open
Graylog API Security
Graylog Cloud
Graylog Illuminate
Graylog Small Business
Pricing

Features

Access Control
Anomaly Detection
Audit Logs & Archiving
Data Enrichment
Data Management
Events & Alerts
Fleet Management
Integrations
Investigations
Reports & Dashboards
Risk Management
Scalable Architecture
Search

LEARN

Resource Hub
Blog
Videos
Webinars
Events
Community

SUPPORT

Customer Support
Documentation
Graylog Academy
Open Community

Company

About
Leadership
Partners
Careers
News & Awards
Contact

[email protected]

Follow Us:

Facebook-f Linkedin Github Youtube Reddit-alien

GRAYLOG HEADQUARTERS

1301 Fannin St, Ste. 2000
Houston, TX 77002

GRAYLOG COLORADO

1919 14th Street, Suite 700, Office 18
Boulder, CO 80302

GRAYLOG UNITED KINGDOM

34-37 Liverpool Street, 7th Floor
London, EC2M 1PP
United Kingdom

GRAYLOG GERMANY GMBH

Poolstraße 21
20355 Hamburg, Germany

© 2024 Graylog, Inc. All rights reserved

Privacy Policy | Legal | Sitemap