FREE User Conference | Oct 4-5 | REGISTER NOW >​

Get Graylog Open
See Demo

The Graylog blog

Announcing Graylog Illuminate v3.3

Announcing Graylog Illuminate 3.3

  • Updated default user and device priority level assignments in static_accounts.csv (#1248)
    • Severity and priority levels have been changed to be aligned
    • Account and device prioity levels are: 1=low, 2=medium, 3=high, 4=critical
    • All severity levels are now 1=informational, 2=low, 3=medium, 4=high, 5=critical
  • This release requires Graylog 5.0.0 or later system with a valid Security or Operations license
  • New Illuminate content included with Illuminate 3.3.0:
    • Snort 3 IDS Processing and Spotlight Packs (#1204)
    • Checkpoint Firewalls Processing Pack (#1053)
    • pfSense/OPNsense Firewall Processing and Spotlight Packs (#1208)
  • Spotlight files are now included in the Illuminate bundle
  • The following Graylog Illuminate Spotlight packs have changed:
    • Core: Added Network Traffic dashboard (#148)

GRAYLOG ILLUMINATE 3.3

Released: 2023-05-18

Fixes

  • Core
    • Added checks to verify proper values assigned to user and device priority levels (#1248)
    • Entity enrichment lookup allows unsafe value entries (#1245)
  • Microsoft Defender
    • Extraction pattern breaking when encountering empty User field (#1278)
  • Microsoft Windows Security
    • Parsing breaking due to localization of keywords fields (#1212)
  • Meraki
    • Fixed parsing of flow logs when hostname present in log header (#1239)
  • Cisco ASA
    • “vendor_event_outcome” used where it should be “vendor_event_action” (#1187)
    • Fixed logic issues destination_reference selection rule criteria (#1299)
  • Apache HTTPD:
    • Added support for CentOS/Redhat/FreeBSD default log filenames (#1271)
    • vendor_event_severity_level should be vendor_event_severity (#1272)

Enhancements

  • Added Winlogbeat version 8.x support for Windows Security, Sysmon, and Microsoft Defender content (#755)
  • Core
    • Added src_ip, src_port, dst_ip, dst_port mappings to Sigma mapping table (#1218)
    • Added automatic mappings for event_severity to event_severity_level and visa versa (#1222)

Known Issues:

  • Auditbeat cannot process events with multiple values assigned to vendor_event_action (#622)

 

Let us know what you’d like to have included in our GitHub issue tracker.

The Graylog Product Team

The Graylog Product Team

View More Posts By The Graylog Product Team
Graylog GO white logo

Learn more at Graylog GO

FREE User Conference, Oct 4-5, Virtual | Houston, TX
Register Now - It's FREE

Get the Monthly Tech Blog Roundup

Subscribe to the latest in log management, security, and all things Graylog Blog delivered to your inbox once a month.

Read Now

Products

Graylog Security
Graylog Operations
Graylog Open
Graylog Cloud
Graylog Small Business
Pricing

Features

Alerting
Anomaly Detection ML / UEBA
Archiving
Audit Logs
Content Packs
Correlation Engine
Dashboards
Forwarder
GELF
Illuminate
Log View
Multi-threaded Search
Reporting
Rest API
Search Parameters
Search Workflows
Sidecar
Teams Management

LEARN

Resource Hub
Blog
Videos
Webinars
Events
Community

SUPPORT

Customer Support
Documentation
Graylog Academy
Open Community

Company

About
Leadership
Partners
Careers
News & Awards
Contact

[email protected]

Follow Us:

Facebook-f Twitter Linkedin Github Youtube Reddit-alien

GRAYLOG HEADQUARTERS

1301 Fannin St, Ste. 2000
Houston, TX 77002

GRAYLOG COLORADO

2101 Pearl St
Boulder, CO 80302

GRAYLOG LONDON

35 New Broad Street
London, EC2M 1NH
United Kingdom

GRAYLOG GERMANY GMBH

Poolstraße 21
20355 Hamburg, Germany

© 2023 Graylog, Inc.All rights reserved

Privacy Policy | Legal | Sitemap