4.3.4 Release notes - 8 June 2022

This section lists the changes in version 4.3.4. Every update of the ThreatLockDown solution is cumulative and includes all enhancements and fixes from previous releases.

What's new

This release includes new features or enhancements.

ThreatLockDown manager

  • #13437 Integratord now tries to read alerts indefinitely, instead of performing 3 attempts.

  • #13626 A timeout for remote queries made by the Office 365, GitHub, and Agent Update modules is added.

ThreatLockDown dashboard

  • #4166 #4188 The pending agent status is added to some sections where it was missing.

  • #4166 The visualization of Status panel in Agents is replaced.

  • #4166 The visualization of policy in Modules/Security configuration assessment/Inventory is replaced.

  • #4166 #4199 Consistency is improved in the colors and labels used for the agent status.

  • #4169 How the full and partial scan dates are displayed in the Details panel of Vulnerabilities/Inventory is replaced.

ThreatLockDown Kibana plugin for Kibana 7.10.2

  • #4166 #4188 The pending agent status is added to some sections where it was missing.

  • #4166 The visualization of Status panel in Agents is replaced.

  • #4166 The visualization of policy in Modules/Security configuration assessment/Inventory is replaced.

  • #4166 #4199 Consistency is improved in the colors and labels used for the agent status.

  • #4169 How the full and partial scan dates are displayed in the Details panel of Vulnerabilities/Inventory is replaced.

ThreatLockDown Kibana plugin for Kibana 7.16.x and 7.17.x

  • #4166 #4188 The pending agent status is added to some sections where it was missing.

  • #4166 The visualization of Status panel in Agents is replaced.

  • #4166 The visualization of policy in Modules/Security configuration assessment/Inventory is replaced.

  • #4166 Consistency is improved in the colors and labels used for the agent status.

  • #4169 How the full and partial scan dates are displayed in the Details panel of Vulnerabilities/Inventory is replaced.

ThreatLockDown Splunk app

  • #1327 Splunk search-handler event management is improved to avoid forwarder toast error misinterpretation.

Packages

  • #1595 Splunk packages builder is simplified.

  • #1606 The ThreatLockDown logo on the login page is updated.

  • #1628 Support for Ubuntu 22 is added.

  • #1548 The installation assistant now changes the ThreatLockDown API default passwords.

Resolved issues

This release resolves known issues.

ThreatLockDown manager

Reference

Description

#13621

A bug in agent_groups CLI when removing agent groups is fixed.

#13459

Linux compilation errors with GCC 12 are fixed.

#13604

A crash in wazuh-analysisd when overwriting a rule with a configured active response is fixed.

#13666

A crash in wazuh-db when it cannot open a database file is fixed.

#13566

The vulnerability feed parsing mechanism now truncates excessively long values (This problem was detected during Ubuntu Bionic feed update).

#13679

A crash in wazuh-maild when parsing an alert with no full log and containing arrays of non-strings is fixed.

RESTful API

Reference

Description

#13550

The default timeouts for GET /mitre/software and GET /mitre/techniques are updated to avoid timing out in slow environments.

Ruleset

Reference

Description

#13560

The prematch criteria of sshd-disconnect decoder is fixed.

ThreatLockDown dashboard

Reference

Description

#4166

When the platform visualizations didn't use some definitions related to the UI on Kibana 7.10.2 is now fixed.

#4167

A toast message with a successful process appeared when removing an agent of a group in Management/Groups and the agent appears in the agent list after refreshing the table is fixed.

#4176

The import of an empty rule or decoder file is fixed.

#4180

The overwriting of rule and decoder imports is now fixed.

ThreatLockDown Kibana plugin for Kibana 7.10.2

Reference

Description

#4166

When the platform visualizations didn't use some definitions related to the UI on Kibana 7.10.2 is now fixed.

#4167

A toast message with a successful process appeared when removing an agent of a group in Management/Groups and the agent appears in the agent list after refreshing the table is fixed.

#4176

The import of an empty rule or decoder file is fixed.

#4180

The overwriting of rule and decoder imports is now fixed.

ThreatLockDown Kibana plugin for Kibana 7.16.x and 7.17.x

Reference

Description

#4166

When the platform visualizations didn't use some definitions related to the UI on Kibana 7.10.2 is now fixed.

#4167

A toast message with a successful process appeared when removing an agent of a group in Management/Groups and the agent appears in the agent list after refreshing the table is fixed.

#4176

The import of an empty rule or decoder file is fixed.

#4180

The overwriting of rule and decoder imports is now fixed.

#4157

ThreatLockDown now maintains the filters when clicking on the Visualize button of a document field from <Module>/Events and redirects to the lens plugin.

#4198

Missing background in the status graph tooltip in agents is fixed.

#4219

The problem allowing to remove the filters from the module is fixed.

ThreatLockDown Splunk app

Reference

Description

#1329

Unhandled expired session when requesting Splunk DB documents is fixed.

Packages

Reference

Description

#1613

Suse init script installation in agent is fixed.

Changelogs

More details about these changes are provided in the changelog of each component: