Announcing Graylog Illuminate 3.3.1

• This version of Illuminate requires Graylog Server version 5.0.3 or later
• Converted Fortigate from using event_code to event_id
  • While the Fortigate field is numeric it contains leading 0’s and is not intended to be used as a literal numeric value
  • event_code is used for numeric fields to allow ranged searches and other numeric operators
• Defined static mappings for the fields event_code and event_id
  • These fields previously relied on dynamic mappings but this caused mapping conflict errors

GRAYLOG ILLUMINATE 3.3.1

Released: 2023-06-02

Fixes

• event_code and event_id not mapped (#920)
• pfSense dashboard widgets not aligned (#1310)
• pfSense dashboard time series graphs not displaying correctly (#1316)
• Checkpoint event_action value using allowed and not allow (#1321)
• Checkpoint event_severity_level not always defined (#1325)
• Watchguard not identifying some message formats (#1331)
• Snort Spotlight IDS tab missing widget title (#1328)

Enhancements

• Additional field renaming for Snort 3 IDS logs (#1304)
• Improved Cisco ASA saved search (#1306)

Known Issues

• Auditbeat cannot process events with multiple values assigned to vendor_event_action (#622)

Let us know what you’d like to have included in our GitHub issue tracker.