Saltar a contenido

Release 25.04

Release notes for 25.04.6

  • Release date: 23/Jun/2025
  • Type: Standard
  • Main changes: redborder-webui This is the release notes for the patch 25.04.7 of redBorder NDR version 25.04.

The latest release introduces enhanced threat intelligence integration in redborder-manager through services that provides malicious IOC's, now available as Reputation Policy. The web UI gains improvements such as bulk alarm selection, MAC address retrieval from incident events, and more precise asset display in linked incidents. Intrusion components now support Snort 3 enhancements, including sensor rule application and CPU affinity fixes, as well as PF_RING testing. Additional updates include smarter login notifications, improved chef-client behavior, and localized IP variable bindings. Several bugs were fixed, including issues with asset selection, policy application, script pathing, dropdown visibility, incident auto-deletion, and alarm and domain report searches.

What's new

  • #20408 [redborder-manager] Improve threat intelligence with external service like virustotal or abuseip or GTI google threat intelligence and integrate this as Reputation Policy
  • #21738 [redborder-webui] Add select/unselect in Tools -> Alarms (from the visible ones)
  • #21696 [redborder-webui] Assets: Add a way to get the mac_address (asset) from the event on incident show view
  • #20992 [redborder-intrusion] Test PF_RING against AF_PACKET daq connector
  • #20989 [redborder-intrusion][..] Apply rules to intrusion sensor & intrusion proxy sensor, make snort3 status panel, fix CPUAffinity for snort3 and include snort3

Improvements

  • #20991 [redborder-intrusion] Make ipvars per binding and not global in intrusion-sensor
  • #21311 [redborder-webui] Only Create Login Notifications When the Login IP Changes
  • #21310 [redborder-webui] Chef-client run should check if there are not jobs run the rake redBorder:start_worker rake task
  • #20885 [redborder-webui] Incidents: On a incident with linked incidents, show correctly the number of assets in the sidebar (index view)

Resolved Issues

  • #21807 [cookbook-rb-manager] Fix cdomain not in .s3cfg_initial file
  • #21805 [redborder-manager] Fix passing a .tar to rb_export_import_segments script from rb_backup_node_v2 script
  • #21803 [redborder-manager] Fix missing full path of mcli in rb_export_import_segments script
  • #21786 [redborder-manager] Add -t option to decide file to export in script rb_export_import_segments.sh
  • #21839 [redborder-webui] Stuck in please wait if change status without selecting an asset
  • #21831 [redborder-webui] When Sensor.root.id is not 1 we cannot apply Global reputation/signature policies to sensors (it will not show up)
  • #21801 [redborder-webui] Time based dropdown doesnt show on alarm creation/edit
  • #21785 [redborder-webui] Fix search alarms
  • #21763 [redborder-webui] Autodelete incidents not deleting when one of the incidents have a report
  • #21759 [redborder-webui] "Reports from domains" search dont work
  • #21856 [redborder-webui] Incidents priority/source filters doesn't work anymore

Release notes for 25.04.6

  • Release date: 15/Jun/2025
  • Type: Standard
  • Main changes: redborder-webui This is the release notes for the patch 25.04.6 of redBorder NDR version 25.04.

The latest release introduces several enhancements and fixes across the redborder platform. Notable new features include the removal of the deprecated darklist system, asset management improvements such as criticality assignment, OS and hardware filtering, and the ability to trigger incidents upon detecting new asset types. A new system was added to cancel Druid queries, and GLPI is now disabled by default in asset settings. The release also improves manual asset creation by allowing users to select existing, unassigned MacObjects. Additionally, critical issues have been resolved, including a broken GeoIP package, changes in the iproute2 configuration directory, and fixes in components like the Druid router, Kafka, and scanner scripts. Configuration updates for Consul and Logstash have also been applied.

What's new

  • #21708 [redborder-webui] Remove darklist system as is replaced by TI policies
  • #21698 [redborder-webui] Assets: Add criticality for InventoryDeviceTypeObjects (will be the default asset criticality on asset creation)
  • #21697 [redborder-webui] Assets: Disable GLPI (by default) in Assets General Setting
  • #21695 [redborder-webui] Assets: Add please wait in bulk actions (like delete asset) on assets list view
  • #21694 [redborder-webui] Assets: Add filter by OS and Hardware
  • #21660 [redborder-webui] Extender inventory device type with an option create an incident when new tye of this asset is discovered
  • #21656 [redborder-webui] Implement a system to cancel a druid query
  • #21365 [cookbook-consul] Update consul configuration

Improvements

  • #20659 [redborder-webui] Assets: On manual asset creation user should be able to select existing MacObject (from the list of MacObjects that are not assign to assets yet)

Resolved Issues

  • #21686 [geoipupdate] Update package as actual one is broken
  • #21682 [redborder-manager][redborder-proxy][redborder-ips] iproute2 config dir changed since v. 6.7.0 from /etc/iproute2 to /usr/share/iproute2
  • #21672 [cookbook-logstash] Remove the comment related with checking peer_ip_src in tagging step
  • #21662 [cookbook-druid] Druid router port is missing in runtime.properties
  • #21643 [redborder-scanner] Script rb_scan_vulnerabilities.rb fails because of XmlMini (NameError)
  • #21513 [cookbook-kafka] Minimum number of topic default partitions should be 2 for 1 node
  • #21104 [redborder-webui] Update the sensor_id of a InventoryDevice should update the sensor_id of all its mac_objects too (also reverse, showing a warning yes/no question)
  • #20867 Fix different cdomain cluster updating erchef.service to erchef.cdomain

Release notes for 25.04.5

  • Release date: 03/Jun/2025
  • Type: Standard
  • Main changes: redborder-webui This is the release notes for the patch 25.04.5 of redBorder NDR version 25.04.

This release introduces several new features, including an improved asset details view in the web UI, new scripts for retrieving incidents and requesting trial licenses in the manager component, and updates to watchdog processes for the intrusion sensor. Additionally, it resolves an issue where the web UI would return a 500 error when no default playbook was set for incidents.

What's new

  • #21579 [redborder-webui] Improve asset details view
  • #21591 [redborder-manager] Create script rb_get_incidents.sh
  • #21583 [redborder-manager] Create script to request trial license
  • #20994 [redborder-intrusion] Review & adapt watchdog and bp_watchdog for intrusion sensor
  • #21634 [redborder-webui] Handle error 504 in webui (when queries timeout)

Improvements

  • #20934 [redborder-webui] Show client proxies IP in table (When View -> Client Proxies) in Sensors -> Tree

Resolved Issues

  • #21514 [redborder-webui] When there is no default playbook incidents return 500 error
  • #21601 [redborder-webui] Language change requires pressing 'Update' button twice to take effect
  • #21600 [redborder-webui] Assets statistics does not have dark mode styles
  • #21637 [redborder-webui] SSO error when registring a user in specific sensor
  • #21245 [redborder-webui] Sensor breadcrumbs are unordered
  • #21320 [redborder-webui] Fix filter creation with pending tab load
  • #21636 [redborder-webui] Cannot create scanner in proxy

Release notes for 25.04.4

  • Release date: 03/Jun/2025
  • Type: Standard
  • Main changes: redborder-webui This is the release notes for the patch 25.04.4 of redBorder NDR version 25.04.

This version introduces several new features and improvements across redborder components. Notably, the manager now supports CrowdSec CTI for IP lookups, includes new scripts for service management and indexing, and enhances GLPI integration for multitenant environments. The CLI has been upgraded to show memory usage per service and support multi-node setups. Enhancements also include expanded event counting, improved UI translations, and new automation in the web interface. Numerous issues have been resolved, such as plugin installation failures, asset import problems, UI inconsistencies, and sensor-related bugs. These updates collectively enhance system stability, usability, and performance.

What's new

  • #21544 [redborder-manager] Add https://app.crowdsec.net/cti as ip lookups
  • #21501 [redborder-cli] Extend rbcli service list with option -m to show memory use by each service
  • #21317 [redborder-cli] Implement rb cli services list for multi-node manager setup
  • #21232 [redborder-events-counter] Add counting of events for multiples pipelines (license purposes)
  • #21216 [redborder-manager] Create rb_consul_service.sh
  • #21105 [redborder-webui] Make GLPI Integration Multitenant
  • #20967 [redborder-manager] Create rb_clean_indexer.sh
  • #20668 [redborder-webui] Assets: Add translations to new assets section
  • #20656 [redborder-webui] Create "Stats" section for Assets in the index view (list of assets)
  • #20600 [redborder-intrusion] Make proxy mode for intrusion sensor
  • #20313 [redborder-webui] New automatic playbook actions

Improvements

  • #21553 [cookbook-logstash] Rename sensor_blocked to just "discard"
  • #21346 [redborder-kafka] Add rb_persec.sh script to count events in kafka
  • #21290 [redborder-manager] Add script to check memcached key via dalli (ruby)
  • #21247 [redborder-webui] Incident filters with invisible option
  • #21182 [redborder-webui] Add generic message for the ipscp sensors in ApplyUpdateJob StoredJob
  • #20671 [redborder-webui] Assets: Add a "Please wait" indicator for links related to recent updated incidents.

Resolved Issues

  • #21549 [cookbook-logstash] Discard events that don't cointain sensor_uuid in netflow pipeline (after sensor data is enriched)
  • #21486 [cookbook-druid] Create DRUIDTYPE.log as druid user instead as root user
  • #21471 [redborder-webui] Health checks for sensor flow inside a proxy don't work
  • #21450 [redborder-webui] Tools -> Plugins not working (not downloading or installing the vault plugins)
  • #21447 [redborder-webui] Error 500 when trying to import signature policies
  • #21445 [redborder-manager] rb_export_import_segments.sh script broken with new version of druid
  • #21433 [redborder-webui] Custom rule source needs snort version (tar.gz rule source)
  • #21358 [redborder-webui] Do not update GLPI Inventory Device if asset is locked
  • #21356 [redborder-webui] Assets can't be created without a name and they are not being imported in GLPI without a name
  • #21354 [redborder-webui] Snort Sources Rules swap to disable after enable and click on Force Rule Update and refresh
  • #21352 [redborder-webui] Bad styles in Incidents -> Statistics
  • #21351 [redborder-webui] Assets css and styles of graph
  • #21329 [redborder-webui] Do not allow exporting proxy and IPS sensors while exporting sensor tree
  • #21321 [redborder-webui] Fix issue where navigating to Intrusion it go directly to RAW view or Unique
  • #21314 [redborder-webui] Fix capacity warnings in monitor indexing
  • #21297 [redborder-webui] Rule sources duplicated in signature policy creation
  • #21292 [redborder-webui] Password validation doesn't work
  • #21288 [redborder-webui] Fix report from incidents
  • #21287 [redborder-webui] Error in rbcharts.js (RB.Bars)
  • #21281 [redborder-webui] Push notification not rendering when creating new signature policy
  • #21264 [redborder-webui] A Box widget is created, but does not load
  • #21243 [redborder-webui] Cant import Telephones or Network Equipments from GLPI
  • #21237 [redborder-webui] policy does not contain rules
  • #21236 [redborder-webui] rule sources not visible when creating policy on root level
  • #21227 [redborder-webui] Number don't fit notification circle if a lot of notifications
  • #21212 [redborder-webui] Error in Incidents -> Statistics
  • #21198 [redborder-webui] Error in dashboard/overview after disable an user that has a dashboard shared with the current user
  • #21194 [cookbook-postgresql][cookbook-minio] Postgresql and minio can be uninstalled and deregistered by accident if external_services data bag fail (for example network problem or erchef restarted at that moment)
  • #21184 [redborder-webui] Cannot paint data when clicking in N/A in "Incident uuid" tab (Intrusion)
  • #21170 [redborder-webui] DB Migrations fail
  • #21168 [redborder-webui] Mac Object should not be changed to user type when it has a inventory device assigned and make the mac objects' sensor the same as the asset
  • #21065 [zookeeper][logrotate] /var/log/zookeeper/ has insecure permissions
  • #21059 [redborder-webui] large 'Message' Column in 'Incidents' Overlaps HTML and Other Elements
  • #21058 [redborder-webui] Vault incidents produce blank or undefined observables names
  • #21039 [cookbook-rb-firewall] Do not open 8084 if is not in use anymore
  • #20955 [redborder-manager] /usr/lib/redborder/scripts/rb_get_tasks.rb should get routers node from zk
  • #20852 [redborder-webui] Fix and improve report mail generation and remove wickedpdf
  • #20785 [redborder-webui] Make ATT&CK matrix responsive and fix colors in dark mode
  • #20739 [redborder-webui] Assets: Table of Assets details invade graphs on the right
  • #20667 [redborder-webui] Fix missing translations when editing the Objects

Release notes for 25.04.3

  • Release date: 08/May/2025
  • Type: Standard
  • Main changes: redborder-webui This is the release notes for the patch 25.04.4 of redBorder NDR version 25.04.

This release introduces a new PF_RING DAQ connector and module for enhanced packet capture in redborder-intrusion, along with support for downloading Snort 3 rules via the web UI. Performance improvements have been made to the incidents display, and several issues have been resolved, including pagination failures in Druid queries, sensor tree inconsistencies, and problems editing worklog notes.

What's new

  • #20993 [redborder-intrusion] - Add PF_RING Daq connector to libdaq
  • #20644 [redborder-intrusion][libdaq] - Create new DAQ Module for packet capture using PF_RING drivers
  • #18896 [redborder-webui] Download snort rules job for Snort 3

Improvements

  • #20884 [redborder-webui] Optimize show method of incidents_controller

Resolved Issues

  • #21102 [redborder-webui] Druid query logging pagination in cluster mode is failing
  • #20747 [redborder-webui] Incidents-Worklog. Can't Edit or delete notes on worklog from playbook
  • #20864 [redborder-webui] Moving an IPS sensor on sensor tree from a organization to a namespace doesn't remove the organization.

Release notes for 25.04.2

  • Release date: 07/May/2025
  • Type: Standard
  • Main changes: redborder-webui

This is the release notes for the patch 25.04.2 of redBorder NDR version 25.04.

This release does not introduce new features but includes several UI improvements, such as enhanced sorting in reports, additional device association visibility, and optimized sensor queries. Numerous issues have been resolved across various components, addressing memory errors, interface misconfigurations, UI bugs, and data synchronization problems to improve overall stability and performance.

What's new

There are no new features introduced in this release.

Improvements

  • #20896 [redborder-webui] Reports should be listed by created_at desc (by default)
  • #20733 [redborder-webui] Add a column in MacObject to show the macObjects that has associate InventoryDevice
  • #21106 [redborder-webui] Optimize Inventory Device Flow query to cover at least all the sensors

Resolved Issues

  • #21087 [cookbook-druid] Druid Historical Java Heap Out Space Error
  • #21013 [cookbook-rb-manager][cookbook-rb-ips][cookbook-rb-intrusion][cookbook-rb-proxy][webui] Empty string on organization's megabytes_limit causes no data from sensor
  • #20686 [cookbook-rb-manager] Do not pass memory variable (not in use by memcached cookbook)
  • #20980 [redborder-ips][redborder-intrusion] management_interface is not set in a IPS with one interface and a bypass card
  • #20968 [cookbook-druid] Wrong calculation of indexer memory
  • #20952 [redborder-cgroups] rb_check_cgroups is broken after chef-workstation update
  • #20940 [redborder-manager][redborder-proxy][redborder-ips][redborder-intrusion] openssl-3.0.1.gemspec is back after an update breaking chef-client
  • #20985 [redborder-webui] Tools -> Jobs & Workers not autorefreshing
  • #20939 [redborder-webui] Cannot delete a user that has response_actions
  • #20891 [redborder-webui] In Tools -> license, IPS sensor show as 0/100 even with the licenses apply to the sensor
  • #20890 [redborder-webui] Delayed job that check status of AP is failing after druid update
  • #20807 [redborder-webui] Not generating outliers by selecting with a name that has an accent
  • #20797 [redborder-webui] Error when creating alarm through form after creating alarm with import option
  • #20777 [redborder-webui] User search in Tools -> Users don't work
  • #20734 [redborder-webui] only menu for type ip in events list
  • #20716 [redborder-webui] Adjust top bar correctly and Incidents tab is not seen reducing the screen width
  • #20672 [redborder-webui] Fix "is updating" on Force Update Assets button while job is executing
  • #21097 [redborder-webui] Error undefined method gsub for nil app/views/jobs/info.html.erb
  • #20971 [redborder-webui] Failure to load sensors when IPS module is disabled
  • #20897 [redborder-webui] Default report is created every time a report / external report is created
  • #20898 [redborder-webui] PDF needs to be uploaded again if you edit a report

Release notes for 25.04.1

  • Release date: 21/April/2025
  • Type: Standard
  • Main changes: redborder-webui

This is the release notes for the patch 25.04.1 of redBorder NDR version 25.04.

This release brings significant enhancements to asset management, including the ability to import/export assets, apply multiple type filters with icons, and view the "Locked" status in the index. The CEP service has been integrated into the NG environment, and key components like Chef Infra and Druid have been updated. UI improvements include more intuitive searches, better display elements, and usability tweaks. Additionally, several issues have been resolved to ensure greater stability and a smoother user experience across the platform.

What's new

  • #20665 [redborder-webui] Assets: Add option to Import / Export assets
  • #20662 [redborder-webui] Assets: Add multiple type filters (with the icons) and fix type filters checkbox not resetting
  • #20657 [redborder-webui] Show "Locked" status of Assets in index table and search/filter by this attribute
  • #20474 [redborder-manager][cep] Integrate cep service in NG, activate some rules, check that works
  • #20195 [chef-client] Update version of Chef Infra Client due EOL
  • #19925 [redborder-webui] Add a way to notify visually in the webui when druid historicals are missing
  • #19922 [redborder-manager] Create rb_clean_druid_historical.sh script
  • #17733 [druid] Update to latest Druid, Kafka, Zookeeper Version

Improvements

  • #20778 [redborder-webui] Make user search not case-sensitive when assign a user in Incidents
  • #20774 [redborder-webui] Make source names shorter in incidents and assets
  • #20731 [redborder-webui] Remove "Public IP" as default tab in Traffic
  • #20673 [redborder-webui] Assets: Show Total assets in index assets view

Resolved Issues

  • #20932 [cookbook-keepalived] Remove depedency NetAddr gem
  • #20895 [redborder-webui] Reports search is broken
  • #20892 [rb-aioutliers][cookbook-rb-aioutliers] Update druid broker port
  • #20880 [redborder-webui] Druid discoverypath references not up to date after druid update
  • #20875 [redborder-webui] Druid Indexing has an error 500 when enter (related to task of druid historical #19925)
  • #20865 [redborder-webui] Error when editing cep rules in web
  • #20769 [redborder-webui] Assets: Filter is not working for all fields, it seems only working for Mac Address
  • #20757 [redborder-webui] Fix mitre modal in incidents and reports tab
  • #20738 [redborder-webui] GLPI: Add missing assets comments after asset rework + OS matching improvement needed
  • #20711 [redborder-webui] Assets: Fix the index table in lower screen width
  • #20670 [redborder-webui] Assets: Implement a character limit for the comments field to prevent long entries and do not show full comment in index table
  • #20669 [redborder-webui] Assets: Add validation to ensure MAC and IP addresses are not empty and conform to the correct format using regex.
  • #20660 [redborder-webui] Assets: Return error when updating en asset with empty MacObject
  • #20625 [redborder-webui] The advanced search in the signature policy filters returns a 500 error