Saltar a contenido

Release 25.04

Release notes for 25.04.5

  • Release date: 03/Jun/2025
  • Type: Standard
  • Main changes: redborder-webui This is the release notes for the patch 25.04.5 of redBorder NDR version 25.04.

This release introduces several new features, including an improved asset details view in the web UI, new scripts for retrieving incidents and requesting trial licenses in the manager component, and updates to watchdog processes for the intrusion sensor. Additionally, it resolves an issue where the web UI would return a 500 error when no default playbook was set for incidents.

What's new

  • #21579 [redborder-webui] Improve asset details view
  • #21591 [redborder-manager] Create script rb_get_incidents.sh
  • #21583 [redborder-manager] Create script to request trial license
  • #20994 [redborder-intrusion] - Review & adapt watchdog and bp_watchdog for intrusion sensor

Improvements

There are no tasks of this type in this release.

Resolved Issues

  • #21514 [redborder-webui] When there is no default playbook incidents return 500 error

Release notes for 25.04.4

  • Release date: 03/Jun/2025
  • Type: Standard
  • Main changes: redborder-webui This is the release notes for the patch 25.04.4 of redBorder NDR version 25.04.

This version introduces several new features and improvements across redborder components. Notably, the manager now supports CrowdSec CTI for IP lookups, includes new scripts for service management and indexing, and enhances GLPI integration for multitenant environments. The CLI has been upgraded to show memory usage per service and support multi-node setups. Enhancements also include expanded event counting, improved UI translations, and new automation in the web interface. Numerous issues have been resolved, such as plugin installation failures, asset import problems, UI inconsistencies, and sensor-related bugs. These updates collectively enhance system stability, usability, and performance.

What's new

  • #21544 [redborder-manager] Add https://app.crowdsec.net/cti as ip lookups
  • #21501 [redborder-cli] Extend rbcli service list with option -m to show memory use by each service
  • #21317 [redborder-cli] Implement rb cli services list for multi-node manager setup
  • #21232 [redborder-events-counter] Add counting of events for multiples pipelines (license purposes)
  • #21216 [redborder-manager] Create rb_consul_service.sh
  • #21105 [redborder-webui] Make GLPI Integration Multitenant
  • #20967 [redborder-manager] Create rb_clean_indexer.sh
  • #20668 [redborder-webui] Assets: Add translations to new assets section
  • #20656 [redborder-webui] Create "Stats" section for Assets in the index view (list of assets)
  • #20600 [redborder-intrusion] Make proxy mode for intrusion sensor
  • #20313 [redborder-webui] New automatic playbook actions

Improvements

  • #21553 [cookbook-logstash] Rename sensor_blocked to just "discard"
  • #21346 [redborder-kafka] Add rb_persec.sh script to count events in kafka
  • #21290 [redborder-manager] Add script to check memcached key via dalli (ruby)
  • #21247 [redborder-webui] Incident filters with invisible option
  • #21182 [redborder-webui] Add generic message for the ipscp sensors in ApplyUpdateJob StoredJob
  • #20671 [redborder-webui] Assets: Add a "Please wait" indicator for links related to recent updated incidents.

Resolved Issues

  • #21549 [cookbook-logstash] Discard events that don't cointain sensor_uuid in netflow pipeline (after sensor data is enriched)
  • #21486 [cookbook-druid] Create DRUIDTYPE.log as druid user instead as root user
  • #21471 [redborder-webui] Health checks for sensor flow inside a proxy don't work
  • #21450 [redborder-webui] Tools -> Plugins not working (not downloading or installing the vault plugins)
  • #21447 [redborder-webui] Error 500 when trying to import signature policies
  • #21445 [redborder-manager] rb_export_import_segments.sh script broken with new version of druid
  • #21433 [redborder-webui] Custom rule source needs snort version (tar.gz rule source)
  • #21358 [redborder-webui] Do not update GLPI Inventory Device if asset is locked
  • #21356 [redborder-webui] Assets can't be created without a name and they are not being imported in GLPI without a name
  • #21354 [redborder-webui] Snort Sources Rules swap to disable after enable and click on Force Rule Update and refresh
  • #21352 [redborder-webui] Bad styles in Incidents -> Statistics
  • #21351 [redborder-webui] Assets css and styles of graph
  • #21329 [redborder-webui] Do not allow exporting proxy and IPS sensors while exporting sensor tree
  • #21321 [redborder-webui] Fix issue where navigating to Intrusion it go directly to RAW view or Unique
  • #21314 [redborder-webui] Fix capacity warnings in monitor indexing
  • #21297 [redborder-webui] Rule sources duplicated in signature policy creation
  • #21292 [redborder-webui] Password validation doesn't work
  • #21288 [redborder-webui] Fix report from incidents
  • #21287 [redborder-webui] Error in rbcharts.js (RB.Bars)
  • #21281 [redborder-webui] Push notification not rendering when creating new signature policy
  • #21264 [redborder-webui] A Box widget is created, but does not load
  • #21243 [redborder-webui] Cant import Telephones or Network Equipments from GLPI
  • #21237 [redborder-webui] policy does not contain rules
  • #21236 [redborder-webui] rule sources not visible when creating policy on root level
  • #21227 [redborder-webui] Number don't fit notification circle if a lot of notifications
  • #21212 [redborder-webui] Error in Incidents -> Statistics
  • #21198 [redborder-webui] Error in dashboard/overview after disable an user that has a dashboard shared with the current user
  • #21194 [cookbook-postgresql][cookbook-minio] Postgresql and minio can be uninstalled and deregistered by accident if external_services data bag fail (for example network problem or erchef restarted at that moment)
  • #21184 [redborder-webui] Cannot paint data when clicking in N/A in "Incident uuid" tab (Intrusion)
  • #21170 [redborder-webui] DB Migrations fail
  • #21168 [redborder-webui] Mac Object should not be changed to user type when it has a inventory device assigned and make the mac objects' sensor the same as the asset
  • #21065 [zookeeper][logrotate] /var/log/zookeeper/ has insecure permissions
  • #21059 [redborder-webui] large 'Message' Column in 'Incidents' Overlaps HTML and Other Elements
  • #21058 [redborder-webui] Vault incidents produce blank or undefined observables names
  • #21039 [cookbook-rb-firewall] Do not open 8084 if is not in use anymore
  • #20955 [redborder-manager] /usr/lib/redborder/scripts/rb_get_tasks.rb should get routers node from zk
  • #20852 [redborder-webui] Fix and improve report mail generation and remove wickedpdf
  • #20785 [redborder-webui] Make ATT&CK matrix responsive and fix colors in dark mode
  • #20739 [redborder-webui] Assets: Table of Assets details invade graphs on the right
  • #20667 [redborder-webui] Fix missing translations when editing the Objects

Release notes for 25.04.3

  • Release date: 08/May/2025
  • Type: Standard
  • Main changes: redborder-webui This is the release notes for the patch 25.04.4 of redBorder NDR version 25.04.

This release introduces a new PF_RING DAQ connector and module for enhanced packet capture in redborder-intrusion, along with support for downloading Snort 3 rules via the web UI. Performance improvements have been made to the incidents display, and several issues have been resolved, including pagination failures in Druid queries, sensor tree inconsistencies, and problems editing worklog notes.

What's new

  • #20993 [redborder-intrusion] - Add PF_RING Daq connector to libdaq
  • #20644 [redborder-intrusion][libdaq] - Create new DAQ Module for packet capture using PF_RING drivers
  • #18896 [redborder-webui] Download snort rules job for Snort 3

Improvements

  • #20884 [redborder-webui] Optimize show method of incidents_controller

Resolved Issues

  • #21102 [redborder-webui] Druid query logging pagination in cluster mode is failing
  • #20747 [redborder-webui] Incidents-Worklog. Can't Edit or delete notes on worklog from playbook
  • #20864 [redborder-webui] Moving an IPS sensor on sensor tree from a organization to a namespace doesn't remove the organization.

Release notes for 25.04.2

  • Release date: 07/May/2025
  • Type: Standard
  • Main changes: redborder-webui

This is the release notes for the patch 25.04.2 of redBorder NDR version 25.04.

This release does not introduce new features but includes several UI improvements, such as enhanced sorting in reports, additional device association visibility, and optimized sensor queries. Numerous issues have been resolved across various components, addressing memory errors, interface misconfigurations, UI bugs, and data synchronization problems to improve overall stability and performance.

What's new

There are no new features introduced in this release.

Improvements

  • #20896 [redborder-webui] Reports should be listed by created_at desc (by default)
  • #20733 [redborder-webui] Add a column in MacObject to show the macObjects that has associate InventoryDevice
  • #21106 [redborder-webui] Optimize Inventory Device Flow query to cover at least all the sensors

Resolved Issues

  • #21087 [cookbook-druid] Druid Historical Java Heap Out Space Error
  • #21013 [cookbook-rb-manager][cookbook-rb-ips][cookbook-rb-intrusion][cookbook-rb-proxy][webui] Empty string on organization's megabytes_limit causes no data from sensor
  • #20686 [cookbook-rb-manager] Do not pass memory variable (not in use by memcached cookbook)
  • #20980 [redborder-ips][redborder-intrusion] management_interface is not set in a IPS with one interface and a bypass card
  • #20968 [cookbook-druid] Wrong calculation of indexer memory
  • #20952 [redborder-cgroups] rb_check_cgroups is broken after chef-workstation update
  • #20940 [redborder-manager][redborder-proxy][redborder-ips][redborder-intrusion] openssl-3.0.1.gemspec is back after an update breaking chef-client
  • #20985 [redborder-webui] Tools -> Jobs & Workers not autorefreshing
  • #20939 [redborder-webui] Cannot delete a user that has response_actions
  • #20891 [redborder-webui] In Tools -> license, IPS sensor show as 0/100 even with the licenses apply to the sensor
  • #20890 [redborder-webui] Delayed job that check status of AP is failing after druid update
  • #20807 [redborder-webui] Not generating outliers by selecting with a name that has an accent
  • #20797 [redborder-webui] Error when creating alarm through form after creating alarm with import option
  • #20777 [redborder-webui] User search in Tools -> Users don't work
  • #20734 [redborder-webui] only menu for type ip in events list
  • #20716 [redborder-webui] Adjust top bar correctly and Incidents tab is not seen reducing the screen width
  • #20672 [redborder-webui] Fix "is updating" on Force Update Assets button while job is executing
  • #21097 [redborder-webui] Error undefined method gsub for nil app/views/jobs/info.html.erb
  • #20971 [redborder-webui] Failure to load sensors when IPS module is disabled
  • #20897 [redborder-webui] Default report is created every time a report / external report is created
  • #20898 [redborder-webui] PDF needs to be uploaded again if you edit a report

Release notes for 25.04.1

  • Release date: 21/April/2025
  • Type: Standard
  • Main changes: redborder-webui

This is the release notes for the patch 25.04.1 of redBorder NDR version 25.04.

This release brings significant enhancements to asset management, including the ability to import/export assets, apply multiple type filters with icons, and view the "Locked" status in the index. The CEP service has been integrated into the NG environment, and key components like Chef Infra and Druid have been updated. UI improvements include more intuitive searches, better display elements, and usability tweaks. Additionally, several issues have been resolved to ensure greater stability and a smoother user experience across the platform.

What's new

  • #20665 [redborder-webui] Assets: Add option to Import / Export assets
  • #20662 [redborder-webui] Assets: Add multiple type filters (with the icons) and fix type filters checkbox not resetting
  • #20657 [redborder-webui] Show "Locked" status of Assets in index table and search/filter by this attribute
  • #20474 [redborder-manager][cep] Integrate cep service in NG, activate some rules, check that works
  • #20195 [chef-client] Update version of Chef Infra Client due EOL
  • #19925 [redborder-webui] Add a way to notify visually in the webui when druid historicals are missing
  • #19922 [redborder-manager] Create rb_clean_druid_historical.sh script
  • #17733 [druid] Update to latest Druid, Kafka, Zookeeper Version

Improvements

  • #20778 [redborder-webui] Make user search not case-sensitive when assign a user in Incidents
  • #20774 [redborder-webui] Make source names shorter in incidents and assets
  • #20731 [redborder-webui] Remove "Public IP" as default tab in Traffic
  • #20673 [redborder-webui] Assets: Show Total assets in index assets view

Resolved Issues

  • #20932 [cookbook-keepalived] Remove depedency NetAddr gem
  • #20895 [redborder-webui] Reports search is broken
  • #20892 [rb-aioutliers][cookbook-rb-aioutliers] Update druid broker port
  • #20880 [redborder-webui] Druid discoverypath references not up to date after druid update
  • #20875 [redborder-webui] Druid Indexing has an error 500 when enter (related to task of druid historical #19925)
  • #20865 [redborder-webui] Error when editing cep rules in web
  • #20769 [redborder-webui] Assets: Filter is not working for all fields, it seems only working for Mac Address
  • #20757 [redborder-webui] Fix mitre modal in incidents and reports tab
  • #20738 [redborder-webui] GLPI: Add missing assets comments after asset rework + OS matching improvement needed
  • #20711 [redborder-webui] Assets: Fix the index table in lower screen width
  • #20670 [redborder-webui] Assets: Implement a character limit for the comments field to prevent long entries and do not show full comment in index table
  • #20669 [redborder-webui] Assets: Add validation to ensure MAC and IP addresses are not empty and conform to the correct format using regex.
  • #20660 [redborder-webui] Assets: Return error when updating en asset with empty MacObject
  • #20625 [redborder-webui] The advanced search in the signature policy filters returns a 500 error