3.7.1 Release notes - 5 December 2018
This section shows the most relevant improvements and fixes in version 3.7.1. More details about these changes are provided in each component changelog:
Improved who data capabilities for FIM
This version comes with a new option for the FIM configuration. Now is possible to add extra Audit keys using <audit_key>
tag. It allows the who data engine to capture Audit events related to the key.
Other minor improvements
ThreatLockDown 3.7.1 includes some other improvements:
Restored the support for Amazon Linux on the Vulnerability detector.
Improved performance of the Remote service.
Added IPv6 support for the
host-deny.sh
script from Active Response.Included more tracing information to the logs generated on debugging mode.
The FIM engine now gives more descriptive messages when a file is not reachable.
New features for Kibana plugin
The main highlights for the ThreatLockDown app for Kibana include a new auto-complete feature for the Dev tools tab, so now the user can start typing an API request to see a list of suggestions.
In addition to this, some refinements and bugfixes were added for better stability and overall performance.
New features for Splunk plugin
The main highlights for the ThreatLockDown app for Splunk include support for extensions, new tabs for VirusTotal and CIS-CAT alerts, the Export as CSV button for several tables and the ability to execute PUT
, POST
and DELETE
requests on the Dev tools tab, along with GET
requests.
In addition to this, code refactoring, visual/ UI adjustments, and bugfixes were added for better stability and overall performance.