Skip to content

Release 25.01

Release notes for 25.01.11

  • Release date: 04/April/2025
  • Type: Standard
  • Main changes: redborder-webui

This is the release notes for the patch 25.01.11 of redBorder NDR version 25.01.

This release focuses on performance improvements and bug fixes across various components. It includes an optimization to the Incident Show view and resolves several issues related to report generation, IP name resolution, asset management in dark mode, and export/import functionalities. Additionally, it addresses a memory buffer limit in the Druid Realtime component and ensures firewall rules are only applied when valid source addresses are present.

What's new

There are no new features introduced in this release.

Improvements

  • #20655 [redborder-webui] Optimize Incident Show view

Resolved Issues

  • #20730 [redborder-webui] Fix broken reports search and list should be order by upload
  • #20705 [redborder-webui] Traffic: Fix missing name resolution on Lan IP and WAN IP
  • #20689 [cookbook-druid] Realtime: processing_memory_buffer_b exceding maximum java integer value
  • #20666 [redborder-webui] Assets: Fix dark mode in the filters select / option and bulk change Criticality and delete
  • #20664 [redborder-webui] Fix Export/Import objects (Hardware, Operating System, Device Type)
  • #20652 [redborder-webui] Reports: Generate PDF feature is failing with default traffic widgets
  • #20588 [cookbook-rb-firewall] Do not apply firewall rule if no valid source address

Release notes for 25.01.10

  • Release date: 27/March/2025
  • Type: Standard
  • Main changes: redborder-webui

This is the release notes for the patch 25.01.10 of redBorder NDR version 25.01.

This release introduces a new feature where alarm notifications now include query data in Syslog incident events. Additionally, several improvements have been made, including the addition of a "Login Status" column in the Tools -> Users section, enhancements to the dark theme, and a rework of asset management. Furthermore, key issues have been resolved, such as adding validation for CPU configuration in IPS groups and fixing a missing column in the sensors table when installing the redborder-intrusion sensor.

What's new

  • # 20202 [redborder-webui] Alarms: Include Query Data in Notify to Incident Syslog Events

Improvements

  • #20601 [redborder-webui] Create column in Tools -> Users "Login Status" or "Status"
  • #20521 [redborder-webui] Dark theme improvements
  • #20267 [redborder-webui] Rework assets

Resolved Issues

  • #20531 [redborder-webui] Add validation configuring CPUs to the IPS groups
  • #20396 [redborder-webui] Missing column in sensors table when install redborder-intrusion sensor

Release notes for 25.01.9

  • Release date: 20/March/2025
  • Type: Standard
  • Main changes: redborder-webui

This is the release notes for the patch 25.01.9 of redBorder NDR version 25.01.

This release introduces several new features, including multitenant alarm support, health checks for sensors, log rotation, and enhanced web UI capabilities such as tracking logged-in users and recent filters. A legacy script has also been restored for asset compilation.

Improvements were made to UI usability, such as scrollbars, dark theme colors, and job handling. Several bugs have been fixed, including issues with Druid query logging, incorrect job executions, failed threat intel updates, and configuration problems across various components.

What's new

  • #20511 [redborder-manager] Bring back rb_compile_assets.sh scripts from legacy to NG
  • #20410 [redborder-manager] Multitenant Alarms
  • #20488 [cookbook-webui] Add log rotation
  • #20311 [redborder-webui] Create healthchecks for the sensors
  • #20310 [redborder-webui] Log the druid queries of each users in the Audits or somewhere accessible by admins
  • #20309 [redborder-webui] Show number of current logged webui users in the webui
  • #19983 [redborder-webui][cookbook-webui] Make web interface to configure the content of config/sso_user_sensor_map.yml

Improvements

  • #20520 [redborder-webui] Skip RbVulnerabilitiesUpdateDBJob process if there are not scanner sensors
  • #20473 [redborder-webui] Add a scroll bar for the dashboard lists
  • #20438 [redborder-weubi] Show domain in incident details
  • #20420 [redborder-webui] Terminate delayed jobs running without active workers
  • #20205 [redborder-webui] Improve colors of Dark Theme
  • #19016 [redborder-webui] Add "recent filters" feature that saves recent filters made by a user
  • #20371 [redborder-manager] In rb_setup_wizard show selected hostname and domain in the last step of the wizard (summary)

Resolved Issues

  • #20581 [redborder-webui] observableContainerPanel is being called in all the pages
  • #20578 [redborder-webui] Incidents side bar should remain behind please wait
  • #20523 [redborder-webui] Should not be able to move a sensor inside an IPS
  • #20487 [redborder-webui][cookbook-webui] druid_query_logging has root user during installation and change extension to log
  • #20466 [redborder-webui] UpdateThreatIntelJob fails when being of type https
  • #20456 [redborder-webui][cookbook-rsyslog] Wrong parsing alarm_severity to alarm_user
  • #20450 [redborder-webui] Fix import and export Objects from CSV
  • #20444 [redborder-webui] Alarms not sending namespace and organization to vault
  • #20441 [redborder-webui] druid_query_logger returns nil error
  • #20379 [redborder-webui] Z-index is wrong in Incident observables
  • #19855 [redborder-webui] OutlierIncidentJob fails
  • #20427 [redborder-ips] /etc/hosts last line construction wrong when registering with domain name
  • #20424 [redborder-intrusion] Management interface should not appear in configure segments
  • #20412 [redborder-manager][redborder-proxy][redborder-ips][redborder-intrusion] rb_setup_wizard crash in case of interface without vendor
  • #20367 [redborder-manager] Cannot install with a domain different than redborder.cluster
  • #20388 [cookbook-rb-manager] get_sensors_info getting wrong the sensor type
  • #20312 [cookbook-webui] Wrong execution of assets:precompile, migrations and seed after update
  • #19763 [cookbook-rb-firewall] Port 514 (tcp/udp) should only be open for vault sensors, managers, ips and proxys registered
  • #19547 [rb-exporter] After reseting configuration rb-exporter service is not "stopped", it keeps sending

Release notes for 25.01.8

  • Release date: 25/February/2025
  • Type: Standard
  • Main changes: redborder-webui

This is the release notes for the patch 25.01.8 of redBorder NDR version 25.01.

This update introduces a new Snort 3-based intrusion sensor (currently not production ready) and renames the redborder-ai service to redborder-llm.

It also resolves various issues, including domain-based alarm visibility, sensor data translations, incorrect time filters in incident links, stalled background jobs, and web access redirection. Additional fixes address service restarts, sensor object updates, and cluster configuration for MinIO and sfacctd.

What's new

  • #13799 [cookbook-rb-intrusion] New intrusion sensor based on Snort 3 (not production ready).

Improvements

  • #19720 [redborder-ai] Rename the service redborder-ai and its references to redborder-llm

Resolved Issues

  • #20368 [redborder-webui] Alarms made by a user on one domain should be visible by others users in the same domain
  • #20332 [redborder-webui] Missing translation in indexed data of a particular sensor
  • #20330 [redborder-webui] Fix unit aware scale
  • #20303 [redborder-webui] Updating objects without sensor_id fails
  • #20302 [redborder-webui] Incidents link to source modules don't give correct time filters
  • #20119 [redborder-webui] Download model delayed job is stalled
  • #19829 [redborder-webui][nginx] Redirect access via port 80 to 443
  • #20328 [redborder-cli] Cannot disable minio on a cluster with two minios
  • #20130 [redborder-ai] cookbook-rb-ai: Restarts the redborder-ai service everytime
  • #19852 [sfacctd] Stop/Start sfacctd and f2k when running rbcli zookeeper clean script

Release notes for 25.01.7

  • Release date: 13/February/2025
  • Type: Standard
  • Main changes: redborder-webui, minio

This is the release notes for the patch 25.01.7 of redBorder NDR version 25.01.

This release includes a MinIO version update and enhancements to the Alarms module, such as import/export, search functionality, and sortable columns. Additionally, delayed job logging is now enabled by default.

Multiple issues have been resolved, including problems with login errors, UI inconsistencies in dark mode, alarm triggers, incorrect filtering, missing translations, and sensor-related operations. Fixes also address structural bugs in syslog messages, job performance, and service handling in various components.

What's new

  • #20196 [minio] Update version

Improvements

  • #19911 [redborder-webui] Alarms: Add import/export
  • #19910 [redborder-webui] Alarms: Add search
  • #20298 [redborder-webui] Enable by default delayed_job.log

Resolved Issues

  • #20237 [redborder-webui] Alarms: Add posibility to sort in Alarms table (for example by name)
  • #20300 [redborder-webui] Remove characters [ and ] from incident syslog messages incident the structure data
  • #20254 [redborder-webui] Alarms for custom monitor categories not triggering (bad value conversion)
  • #20239 [redborder-webui] Error 500 in /users/login when user is already signed in
  • #20231 [redborder-webui] Action buttons in Notifications are displaced in tight windows
  • #20198 [redborder-webui] Missing translation in intrusion saved filters
  • #20197 [redborder-webui] Worklog filtering records are not filtering correctly
  • #20189 [redborder-webui] Assign users white in incident while Dark mode
  • #20170 [redborder-webui] Limits per organization not showing correctly
  • #20148 [redborder-webui] Lose breadcrumbs in Widgets
  • #20134 [redborder-webui] DeleteSensorJob failing or taking long
  • #20095 [redborder-webui] Assing user with different domain of the incident
  • #20091 [redborder-webui] Impact and Event summary section are not working
  • #20031 [redborder-webui] Can't select units in monitor alarms
  • #19931 [redborder-webui] In sensor tree view, ""Expand all"" button not working"
  • #19855 [redborder-webui] OutlierIncidentJob fails
  • #19402 [redborder-manager] Follower script executes when installing first node in mode 'core'
  • #20190 [cookbook-rb-manager] Logstatter should not run if logstash is not running
  • #19040 [cookbook-rb-manager] Fix: Ensure S3 Configuration Applies Correctly When Nginx is Enabled and S3 is Disable
  • #17621 [redborder-cli] rbcli service enable/disable does not work in proxy

Release notes for 25.01.6

  • Release date: 31/January/2025
  • Type: Standard
  • Main changes: redborder-webui

This is the release notes for the patch 25.01.6 of redBorder NDR version 25.01.

This release introduces the new Secor service to the NG platform and allows PDF uploads for external reports. Incident graphs now include a timeline view, and users can view raw IPS data in proxy mode.

Numerous issues have been fixed across the platform, including installation failures, UI glitches, alarm behaviors, widget rendering, dashboard functionality, sensor operations, and performance tuning for Druid. Several enhancements also improve usability, visual consistency, and error handling in the web interface and backend services.

What's new

  • #17500 [cookbook-rb-secor][cookbook-rb-manager][redborder-cookbooks][redborder-manager][redborder-cgroups][rb-secor] Add secor service in NG
  • #19876 [redborder-webui] Upload "external reports" in PDFs

Improvements

  • #19529 [redborder-webui] Add "show timeline" to Incident Overview graph
  • #19938 [cookbook-rb-ips] Allow "View Raw" functionality in ips on proxy mode

Resolved Issues

  • #17714 [redborder-manager] Management and sync interfaces in the same network make the installation fail
  • #19053 [redborder-webui] Widgets: Hardware status on click not filtering
  • #19146 [redborder-webui] Sensor looks expandable when changing child nodes
  • #19206 [redborder-cli] Do not allow to disable minio if there is only one node with one minio
  • #19284 [redborder-webui] Widget image is nos being correctly contained
  • #19425 [redborder-webui] Search engines in limits and supressions failing
  • #19477 [cookbook-logstash] sFlow sensores without observation id has wrong sensor_name in rb_flow topic
  • #19478 [redborder-webui] Leaving shared dashboard by domain
  • #19484 [cookbook-rb-exporter] Missing vlan id for sflow
  • #19500 [redborder-webui] Fix missing spinner on "Generate" option in incident report section, while delayed job is running
  • #19563 [redborder-manager] Fail to upload elasticache data bag during installation
  • #19715 [redborder-webui] Fix search and filter of Stored Jobs
  • #19719 [redborder-webui] Fix Hardware view
  • #19807 [redborder-manager] Postgresql and redborder-postgresql not showing correct when external postgresql
  • #19815 [cookbook-logstassh] sFlow Split traffic not working because of the way we access interfaces (role vs node)
  • #19826 [redborder-webui] Losing filter in Alarm view after refreshing page (Firefox)
  • #19827 [redborder-webui] Organization dimension in Alarm view should be selectable with a list with "is"
  • #19832 [redborder-manager] Minio not showing correct in rbcli service when external minio
  • #19854 [redborder-webui] Alarms create an incident with unknown severity
  • #19894 [redborder-webui] Sensors: Error when move a domain using drag and drop
  • #19900 [manager][redborder-webui] In spanish, using big size font breaks some text in the overview
  • #19908 [redborder-webui] In sensor tree view we are missing last_update column for ips generic, ips proxy, and probably wrong position in flow_sensor
  • #19909 [redborder-webui] In Exporter Edit view you should not be able to add a Destiny address without a port
  • #19913 [redborder-webui] Duplicated custom tab in alarms and monitor module
  • #19932 [redborder-webui] Delete console.log on success save sensor tree, and "color is:" in top view
  • #19947 [redborder-webui] getNewNotifications being call all the time
  • #19959 [redborder-webui] User cant leave dashboard if shared by user and test fails
  • #19971 [cookbook-druid][cookbook-rb-manager] Druid is using default values leading to perfomance issues
  • #19974 [redborder-webui] Domain lose identation when changing its children sensor to another domain
  • #20001 [redborder-webui] A regex makes an error in the JS of general Settings
  • #20002 [redborder-webui] Options tab is not appearing in lower screens
  • #20011 [cookbook-logstash] Splittrafic: Default MAGIC number is nnot working for putting obervation_id as default
  • #20015 [redborder-webui] In Vault -> Raw: Detail button downloads empty json
  • #20019 [cookbook-webui] Static assets are not served correctly
  • #20039 [redborder-webui] Incident get lost when filters applied and there is not incidents
  • #20042 [redborder-webui] Reports: Fix shared by domain reports pagination
  • #20046 [redborder-webui] Timeline browser console error
  • #20053 [redborder-webui] In Monitor, inside tops view, the load more function fails
  • #20061 [redborder-webui] Search bar in Sensor -> Flow sensor view is not working
  • #20087 [redborder-webui] Dashboard raw table columns wrong color on Dark mode
  • #20088 [reborder-webui] Button on top of another button in global filters
  • #20089 [redborder-webui] Fix styles in widget Horizontal bar
  • #20104 [redborder-webui] Sensor Tree: Dropdown stays after deleting the last sensor on a domain
  • #20105 [redborder-webui] Incidents: Unassign user from incidents doesnt work
  • #20106 [redborder-webui] Playbooks: Duplicate playbook create it with the original user and not current user
  • #20114 [redborder-webui] Reports: Table order by doesnt work (header table)
  • #20132 [redborder-webui] AI requires a higher number of tokens
  • #20142 [redborder-webui] Incidents: Outliers Incidents without classification try to show it
  • #20149 [redborder-webui] Incidents: Error 500 trying to view an incident with assets
  • #20163 [cookbook-druid] Always select hot tier if possible and fix merge buffer

Release notes for 25.01.5

  • Release date: 18/January/2025
  • Type: Standard
  • Main changes: redborder manager.

This is the release notes for the patch 25.01.5 of redBorder NDR version 25.01.

This update brings several key enhancements: the sensor tree now displays uptime for IPS and proxy sensors, the incident asset sidebar has been redesigned to unify related data in a single graph view, and dark mode has been added to the web interface. Additionally, an external reputation list for multiple indicators (IP, domains, URLs, hashes) has been integrated.

Improvements include richer incident detail views, better logging and validation for threat intelligence updates, and enhanced notifications with pending count indicators.

A wide range of bugs have been resolved, covering UI inconsistencies, dark mode behavior, S3 and PostgreSQL config issues, alarm calculations, playbook limits, widget rendering, and more—leading to a more stable and user-friendly platform.

What's new

  • #19652 [redborder-webui] Show uptime in sensor tree on sensors of type ips and proxy
  • #19621 [redborder-webui] Add Observables Related, Assets Related, Events Related in Asset sidebar on Incident View. Unify related assets and observables in one GRAFO table. Adapt sidebar to new way of getting incident druid data
  • #19588 [redborder-manager] Integrate external reputation list for: ip, domains, url, sha-1 and sha-2
  • #19360 [redborder-webui] Add dark mode theme for web interface

Improvements

  • #19749 [redborder-webui] Add more logs on UpdateThreatIntelJob output, validation of input and expiration of memcached keys (like 1h.), change dimension translation name "wan ip is malicious" -> "wan ip malicious"
  • #19528 [redborder-webui] Add all the info of linked incidents in Incident Detail view
  • #19523 [redborder-webui] Rework notifications to show the number of pending notifications on the top menu

Resolved Issues

  • #19858 [cookbook-keepalived] Add notify master/backup script for sfacctd virtual ip (similar to the webui one)
  • #19853 [redborder-manager] create splittraffic & splitintrusion false by default during installation
  • #19848 [redborder-webui] dark theme doesn't work when you try to edit a user you are not logged in
  • #19831 [cookbook-rb-manager] s3 host should be taken from s3_secrets
  • #19825 [redborder-webui] glpi can enqueue more than one jobs at the same time
  • #19808 [redborder-manager] s3 access key not correctly loaded when external s3
  • #19797 [redborder-manager] postgres_TAG not defined in rb_bootstrap_common
  • #19789 [redborder-webui] theme is switching with user preference when login out
  • #19783 [redborder-webui] Tool -> Object Types showing a table sorter header element empty
  • #19775 [redborder-webui] Translation missing - playbook assignment rule
  • #19770 [redborder-webui] missing error logo in dark theme
  • #19765 [redborder-webui] Priority is always using the ID of database instead an specific column
  • #19757 [redborder-webui] Alarms compute the value bad
  • #19721 [redborder-manager] OutlierIncidentJob enqueue without checking if exists
  • #19718 [redborder-webui] Default alarms not filtering by node
  • #19704 [redborder-webui] Check if the object type of an object is nil before getting the object image. If doesnt have type, put "MacObject" in type in assets list
  • #19696 [redborder-webui] RbVulnerabilitiesUpdateDBJob give massive message in Last error column
  • #19498 [redborder-webui] Vertical bars widgets gives error when dashboard updates
  • #19390 [redborder-webui] Error when editting playbook while having 26 playbooks (max number of playbooks). Also limit the playbook count to 25
  • #19366 [redborder-webui] Error when ordering by priority
  • #19186 [redborder-webui] Mitre rule assignation: subtechnique direct assignation
  • #19134 [redborder webui] Widgets duplicated column
  • #19057 [redborder-webui] Intrusion help when there's no IPS shows old installation
  • #18698 [redborder-webui] Pagination for event rules limits also affects the suppress list
  • #17929 [redborder-webui] In Objects and Object Types, pagination is not updated