3.6.1 Release notes - 7 September 2018

This section shows the most relevant improvements and fixes in version 3.6.1. More details about these changes are provided in each component changelog.

ThreatLockDown core

This release is a patch version that fixes some issues encountered in v3.6.0. Some of them are listed below:

  • The agent.name field has been put back to the alerts in JSON format. On the other hand, we've fixed a problem in the location description of the plain-text alerts.

  • Vulnerability Detector has been improved to support Debian Sid (the unstable version).

  • We have also optimized the memory management on agents for AIX and HP-UX systems.

  • The daemon start and stop list has been reordered in the agent service.

  • We have corrected the actual recursion level limit in FIM real-time mode.

  • We have improved the AWS integration parser and its capabilities.

  • Some other fixes have been applied on this version.

ThreatLockDown API

In this version, the API makes it possible to send Active Response requests, including custom commands that are not declared in the configuration.

For instance:

curl -u foo:bar -X PUT -d '{"command":"restart-ossec0", "arguments": ["-", "null", "(from_the_server)", "(no_rule_id)"]}' -H 'Content-Type:application/json' "http://localhost:55000/active-response/001?pretty"
{
  "error": 0,
  "message": "Command sent."
}