4.3.5 Release notes - 29 June 2022
This section lists the changes in version 4.3.5. Every update of the ThreatLockDown solution is cumulative and includes all enhancements and fixes from previous releases.
What's new
This release includes new features or enhancements as the following:
ThreatLockDown manager
#13915 The Vulnerability Detector log is improved for the case when the agent OS data is unavailable.
ThreatLockDown agent
Ruleset
#13567 Deprecated MITRE tags in rules are removed.
ThreatLockDown dashboard
#4244 When a user goes to test a new rule in Tools / Ruleset Test, there were API messages that were not displayed. Now, this issue is fixed and the messages are displayed on the screen.
#4261 An authorization prompt is added in MITRE > Intelligence.
#4239 The reference from Manager is changed to the ThreatLockDown server in the Deploy new agent guide.
#4267 The filtered tags are removed because they were not supported by the API endpoint.
#4254 The styles in visualizations are changed.
ThreatLockDown Kibana plugin for Kibana 7.10.2
#4244 When a user goes to test a new rule in Tools / Ruleset Test, there were API messages that were not displayed. Now, this issue is fixed and the messages are displayed on the screen.
#4261 An authorization prompt is added in MITRE > Intelligence.
#4239 The reference from Manager is changed to the ThreatLockDown server in the Deploy new agent guide.
#4267 The filtered tags are removed because they were not supported by the API endpoint.
#4254 The styles in visualizations are changed.
ThreatLockDown Kibana plugin for Kibana 7.16.x and 7.17.x
#4244 When a user goes to test a new rule in Tools / Ruleset Test, there were API messages that were not displayed. Now, this issue is fixed and the messages are displayed on the screen.
#4261 An authorization prompt is added in MITRE > Intelligence.
#4239 The reference from Manager is changed to the ThreatLockDown server in the Deploy new agent guide.
#4267 The filtered tags are removed because they were not supported by the API endpoint.
#4254 The styles in visualizations are changed.
ThreatLockDown Splunk app
Packages
Other
Resolved issues
This release resolves known issues as the following:
ThreatLockDown manager
Reference |
Description |
---|---|
The upgrade module response message has been fixed not to include null values. |
|
A string truncation warning log in wazuh-authd when enabling password authentication is fixed. |
|
A memory leak in wazuh-analysisd when overwriting a rule multiple times is fixed. |
|
The wazuh-agentd and client-auth are prevented from performing enrollment if the agent fails to validate the manager certificate. |
|
The manager compilation when enabling GeoIP support is fixed. |
|
A crash in wazuh-modulesd when getting stopped while downloading a Vulnerability Detector feed is fixed. |
ThreatLockDown agent
Reference |
Description |
---|---|
Agent auto-restart on shared configuration changes when running on containerized environments is fixed. |
|
An issue when attempting to run the DockerListener integration using Python 3.6 and having the Docker service stopped is fixed. |
RESTful API
Reference |
Description |
---|---|
The |
Ruleset
Reference |
Description |
---|---|
Fixed Eventchannel testing and improved reporting capabilities of the runtest tool. |
|
The Amazon Linux 2 SCA policy is modified to resolve a typo on control 1.1.22 and |
|
The Amazon Linux 2 SCA policy is modified to resolve the rule and condition on control 1.5.2. |
ThreatLockDown dashboard
Reference |
Description |
---|---|
Type error when changing screen size in agents section is fixed. |
|
A logged error that appeared when the |
|
A UI crash due to a query with syntax errors in |
|
An error when generating a module report after changing the selected agent is fixed. |
|
An unhandled error when a ThreatLockDown API request failed in the dev tools is fixed. |
|
An error related to |
|
A UI problem that required scrolling to see the logs in Management/Logs and Settings/Logs is fixed. |
ThreatLockDown Kibana plugin for Kibana 7.10.2
Reference |
Description |
---|---|
Type error when changing screen size in agents section is fixed. |
|
A logged error that appeared when the |
|
A UI crash due to a query with syntax errors in |
|
An error when generating a module report after changing the selected agent is fixed. |
|
An unhandled error when a ThreatLockDown API request failed in the dev tools is fixed. |
|
An error related to |
|
A UI problem that required scrolling to see the logs in Management/Logs and Settings/Logs is fixed. |
ThreatLockDown Kibana plugin for Kibana 7.16.x and 7.17.x
Reference |
Description |
---|---|
Type error when changing screen size in agents section is fixed. |
|
A logged error that appeared when the |
|
A UI crash due to a query with syntax errors in |
|
An error when generating a module report after changing the selected agent is fixed. |
|
An unhandled error when a ThreatLockDown API request failed in the dev tools is fixed. |
|
An error related to |
|
A UI problem that required scrolling to see the logs in Management/Logs and Settings/Logs is fixed. |
ThreatLockDown Splunk app
Reference |
Description |
---|---|
Outdated documentation links have been updated. |
|
The Alerts view from the MITRE section has been hardened in case of errors during the requests to the API (for example timeouts). |
Packages
Reference |
Description |
---|---|
The error with the installation of the file init.d to enable ThreatLockDown service in RHEL 9 systems is fixed. |
|
The error with the installation of the file sysv-init to enable ThreatLockDown service in RHEL 9 systems is fixed. |
Changelogs
More details about these changes are provided in the changelog of each component: