Announcing Illuminate v1.5

The Graylog Product Team

3 years ago

Today we are excited to announce Graylog Illuminate v1.5.

This release includes Elasticsearch 7 template support, enhancements to Office 365 applications (e.g., Teams, OneDrive, DLP, Sharepoint, etc.), and additional content for Okta and Windows, all designed to add more flexibility and efficiency to authentication, networking, and application activities and best practices.

ADDITIONS AND IMPROVEMENTS

ILLUMINATE CORE

NEW script to set the proper lookup directory and file permissions during the installation (#94)
Improved category and priority enrichments in Illuminate Core (#11, #83)

ELASTICSEARCH TEMPLATE

The Illuminate Elasticsearch template application script and associated templates now support ES versions 6 and 7 (#23)
Expanded use of associated_* fields in Illuminate ES template (#14, #112)
Expanded date/time formats recognized in Illuminate ES templates (#105)

WINDOWS

Added script to set the proper lookup directory and file permissions during the installation (#94)
Added normalization of Windows Security Event ID 4688/4689, added process widget to account drill down dashboard (#113)
Added Windows built-in groups to Windows static accounts lookup (#42)

IMPORTANT NOTE

We have removed Window copy rules from the Illuminate Window’s Spotlight and merged the Windows normalization into the Windows content pack.

OFFICE 365

Illuminate v1.5 comes with multiple refinements to O365 dashboards, including widgets highlighting DLP messages. Also, we have improved O365 message normalization by applying Graylog Illuminate categories, and we’ve made

enhancements to Office 365 applications (e.g., Teams, OneDrive, DLP, Sharepoint, etc.).

OKTA

Improved Okta message normalization by applying Graylog Illuminate categories

BUG FIXES

The Illuminate template application script now detects the ES version in use (#23)
The Illuminate template application script now has better detection and handling of errors when applying the templates (#23)
The lookup cache configurations will now expire cached entries after a defined time period (#104)
Improved deleted accounts reporting in Windows IAM dashboards (#132)

‍

Compatibility

Graylog v3.3.8 – v3.3.12

Graylog v4.0.2 – v4.0.6