Saltar a contenido

Release 25.08

Release notes for 25.08.2

  • Release date: 23/Sept/2025
  • Type: Standard
  • Main changes: redborder-webui

This is the release notes for the patch 25.08.2 of redBorder NDR version 25.08.

This release includes multiple enhancements and fixes across the RedBorder platform. Key updates include integration of rb-exporter in intrusion, enriched inventory and asset management from the Scanner Module, default alarms based on client asset type, improved user roles and permissions, incident tagging, and performance improvements like replacing Memcached with Redis for incident creation. Several UI issues, job logging, and sensor configuration bugs have been resolved. Additionally, we now have a MISP available at misp.redborder.com. While these updates roll out, the team is actively working on the future Malware module and more.

What's new

  • #22470 [cookbook-rb-intrusion] Integrate rb-exporter in intrusion
  • #22266 [redborder-webui] Reintroduce audits for Settings Controller (optimized version)
  • #22210 [redborder-webui] (Scanner Module) Use scanner data to enrich existing inventory devices and create new ones (assets)
  • #22021 [redborder-webui] Create a set of default alarms for traffic base on new field Client Asset Type
  • #18250 [redborder-webui] Add user roles
  • #22618 [redborder-webui] Make help users roles
  • #22469 [redborder-webui] Add tags (labels) to incident
  • #22442 [redborder-webui] Add how long it took to run a delayed job in the stored job
  • #20809 [redborder-webui] Basic AI agent for redborder-webui
  • #22472 [redborder-webui] Replace title/description generation with redborder-agents instead of rb-llm

Improvements

  • #22468 [redborder-webui] Add "Add default homenets" option to sensor API creation (flow sensors)
  • #22410 [redborder-cli] Add column "Cgroup" to rbcli service list
  • #22172 [redborder-webui] Replace Memcached with Redis for Incident Creation
  • #22645 [redborder-webui] When import sensor tree "Override domains and sensors", inform user that assets and incidents associaed with the old domains will be wiped

Resolved Issues

  • #22465 [redborder-webui] Edit not is not formatting note (incident -> worklog) correctly and deleting the format on note updates
  • #22126 [redborder-webui] Fix broken "log" menu buttons in /monitor/indexing
  • #22304 [redborder-webui] Creating rules without files category, activate rules in the category
  • #22286 [redborder-webui] Cannot edit IPS sensor while configuring it
  • #22542 [redborder-webui] JS breaks when incidents are empty-
  • #22411 [redborder-webui] Don't export incident id when exporting alarms
  • #22399 [redborder-webui] Going to second page of Druid Queries makes the user list dissapear (wrong pagination)
  • #22398 [redborder-webui] Cannot sort correctly by Activity in Tools -> User
  • #22383 [redborder-webui] Adapt monitor segments' heatmap to darkmode
  • #22382 [redborder-webui] ap_state settings are not saved on the manager
  • #22705 [redborder-webui] Fix monitor -> diagram view
  • #22553 [redborder-webui][cookbook-rb-manager][cookbook-rb-chrony] add ntp servers configured in the platform
  • #22644 [reborder-manager] rb_psql is pointing to master.postgresql.service.${DOMAIN}
  • #20693 [redborder-manager] Virtual IP of webui should be Virtual IP of nginx
  • #22582 [cookbook-rb-manager] All data indexed for rb_monitor in case of namespaces
  • #21998 [cookbook-logstash] Investigate if sflow data should go through "netflowenrich" step in netflow pipeline
  • #22306 [redborder-druid] Install kafka-emitter during the mock and copy the files instead of in %post
  • #22604 [redborder-logstash-plugins] Some plugins are not updated
  • #22566 [cookbook-keepalived] iptables redirect rule not applied in nodes with nginx enabled and webui disabled
  • #20613 [manager] Sflow messages from different sources show multiple valid domains as array
  • #22435 [redborder-repo] Unknown configuration option: sslcheck = 0
  • #22433 [cookbook-rb-ips] jq: error (at :44): null (null) has no keys
  • #22431 [cookbook-redis] system trying to update redis to 7.2.8.1 and fails.
  • #22406 [snort3] Alert_kafka fails to generate raw packet data for some packets
  • #22761 [cookbook-webui] Aerospike should point to sync ip in webui
  • #22728 [cookbook-nginx] Wrong certifications generation for s3.crt (subjectAltName recommended in one line) and wrong cert names
  • #22710 [cookbook-rb-firewall] rich rules not being checked correctly
  • #22666 [cookbook-snort3] undefined method instance_params
  • #22643 [cookbook-redis] Redis sentinel is restarting each chef-client run

Release notes for 25.08.1

  • Release date: 29/Jul/2025
  • Type: Standard
  • Main changes: redborder-intrusion

This is the release notes for the patch 25.08.1 of redBorder NDR version 25.08.

This release includes major enhancements across the redborder platform. Key updates include Snort3 integration with SnortML for neural network-based exploit detection, improved CLI and bypass control mechanisms, and a new health check script. The manager now replaces MongoDB with a built-in alternative, while SNMP v3 support and improved incident linking have been added to the WebUI. Additional improvements enhance the dashboard, job scheduling, and incident grouping. Several bugs were also resolved, including namespace restrictions and sensor naming issues.

What's new

  • #22319 [redborder-intrusion] validate and compare metrics with snort2
  • #22211 [redborder-intrusion][snort3] - Integrate SnortML for Neural Network Based Exploit Detection
  • #22064 [redborder-intrusion] - Improve CLI Snort3 UI (add bp, bp support, fix rule count)
  • #22007 [redborder-intrusion] Control bypass bassed on Kernel AF_PACKET notifier (net/packet/af_packet.c#L4234)
  • #21774 [redborder-intrusion] Bypass Controlled by Snort and Software Bypass for LibDaq & Snort3
  • #22061 [redborder-intrusion] - Create watchdog health check script for snort3 (enable bp, restore snort...)
  • #22054 [snort3] - Add bulk mode for HTTP alert sending to the manager (FIFO queue)
  • #22218 [redborder-manager] Replace MongoDB with integrated alternative & refactor Logstash scanner plugin (mongocve)
  • #18850 [redborder-manager][...] Add internal virtual ips
  • #22019 [redborder-monitor][redborder-webui] Add snmp v3 support
  • #22136 [redborder-webui] Extract client_mac from Traffic Alarm then notify to vault so we can link incidents to assets
  • #21983 [redborder-webui][snort3] show reputation events in intrusion module
  • #21949 [redborder-webui] Add a menu to Queue Jobs to set run at on demand
  • #21734 [redborder-common] Add script to backup chef nodes and roles

Improvements

  • #22153 [redborder-intrusion] - Add segment to status dashboard and add ascii banner
  • #18458 [redborder-cookbooks] Remove +x permissions on cookbook templates
  • #21846 [rb-druid-indexer] Dimensions should be passed via config file written by cookbook-druid
  • #21520 [redborder-webui] Group Linked Incidents into Single Row in Incident List
  • #21313 [redborder-webui] In monitor indexing, show task lag

Resolved Issues

  • #22333 [cookbook-rb-ips][cookbook-rb-intrusion] Remove cookbook-cron from depend
  • #22299 [logstash-filter-druid-metrics] Sensor name is wrong in druid metrics
  • #22267 [redborder-webui] Disallow linking of incidents from different namespaces
  • #22252 [redborder-webui] Linked incidents in incident's view should show every incident in the linked incident chain
  • #22236 [cookbook-rb-scanner] scanner profile started in proxy, runs also in manager