Cyber Defense with MITRE Framework | Graylog + SOC Prime | On-Demand Webinar >> ​

Free Tools
See Demo

Announcing Graylog Illuminate v3.3

Announcing Graylog Illuminate 3.3

  • Updated default user and device priority level assignments in static_accounts.csv (#1248)
    • Severity and priority levels have been changed to be aligned
    • Account and device prioity levels are: 1=low, 2=medium, 3=high, 4=critical
    • All severity levels are now 1=informational, 2=low, 3=medium, 4=high, 5=critical
  • This release requires Graylog 5.0.0 or later system with a valid Security or Operations license
  • New Illuminate content included with Illuminate 3.3.0:
    • Snort 3 IDS Processing and Spotlight Packs (#1204)
    • Checkpoint Firewalls Processing Pack (#1053)
    • pfSense/OPNsense Firewall Processing and Spotlight Packs (#1208)
  • Spotlight files are now included in the Illuminate bundle
  • The following Graylog Illuminate Spotlight packs have changed:
    • Core: Added Network Traffic dashboard (#148)

GRAYLOG ILLUMINATE 3.3

Released: 2023-05-18

Fixes

  • Core
    • Added checks to verify proper values assigned to user and device priority levels (#1248)
    • Entity enrichment lookup allows unsafe value entries (#1245)
  • Microsoft Defender
    • Extraction pattern breaking when encountering empty User field (#1278)
  • Microsoft Windows Security
    • Parsing breaking due to localization of keywords fields (#1212)
  • Meraki
    • Fixed parsing of flow logs when hostname present in log header (#1239)
  • Cisco ASA
    • “vendor_event_outcome” used where it should be “vendor_event_action” (#1187)
    • Fixed logic issues destination_reference selection rule criteria (#1299)
  • Apache HTTPD:
    • Added support for CentOS/Redhat/FreeBSD default log filenames (#1271)
    • vendor_event_severity_level should be vendor_event_severity (#1272)

Enhancements

  • Added Winlogbeat version 8.x support for Windows Security, Sysmon, and Microsoft Defender content (#755)
  • Core
    • Added src_ip, src_port, dst_ip, dst_port mappings to Sigma mapping table (#1218)
    • Added automatic mappings for event_severity to event_severity_level and visa versa (#1222)

Known Issues:

  • Auditbeat cannot process events with multiple values assigned to vendor_event_action (#622)

 

Let us know what you’d like to have included in our GitHub issue tracker.

The Graylog Product Team

View More Posts By The Graylog Product Team

Categories

Get the Monthly Tech Blog Roundup

Subscribe to the latest in log management, security, and all things Graylog blog delivered to your inbox once a month.

Blog Graphic
Read Now

Products

Graylog Security
Graylog Enterprise
Graylog Open
Graylog API Security
Graylog Cloud
Graylog Illuminate
Graylog Small Business
Pricing

Features

Access Control
Anomaly Detection
Audit Logs & Archiving
Data Enrichment
Data Management
Events & Alerts
Fleet Management
Integrations
Investigations
Reports & Dashboards
Risk Management
Scalable Architecture
Search

LEARN

Resource Hub
Blog
Videos
Webinars
Events
Community

SUPPORT

Customer Support
Documentation
Graylog Academy
Open Community

Company

About
Leadership
Partners
Careers
News & Awards
Contact

[email protected]

Follow Us:

Facebook-f Linkedin Github Youtube Reddit-alien

GRAYLOG HEADQUARTERS

1301 Fannin St, Ste. 2000
Houston, TX 77002

GRAYLOG COLORADO

1919 14th Street, Suite 700, Office 18
Boulder, CO 80302

GRAYLOG UNITED KINGDOM

34-37 Liverpool Street, 7th Floor
London, EC2M 1PP
United Kingdom

GRAYLOG GERMANY GMBH

Poolstraße 21
20355 Hamburg, Germany

© 2024 Graylog, Inc. All rights reserved

Privacy Policy | Legal | Sitemap