Skip to content

Release 25.01

Release notes for 25.01.8

  • Release date: 25/February/2024
  • Type: Standard
  • Main changes: redborder-webui

This is the release notes for the patch 25.01.8 of redBorder NDR version 25.01.

In this update, our primary objective was to fix bugs. There is also a new sensor based on Snort 3 but is not ready for production environments (experimental).

What's new

  • #13799 [cookbook-rb-intrusion] New intrusion sensor based on Snort 3 (not production ready).

Improvements

  • #19720 [redborder-ai] Rename the service redborder-ai and its references to redborder-llm

Resolved Issues

  • #20368 [redborder-webui] Alarms made by a user on one domain should be visible by others users in the same domain
  • #20332 [redborder-webui] Missing translation in indexed data of a particular sensor
  • #20330 [redborder-webui] Fix unit aware scale
  • #20303 [redborder-webui] Updating objects without sensor_id fails
  • #20302 [redborder-webui] Incidents link to source modules don't give correct time filters
  • #20119 [redborder-webui] Download model delayed job is stalled
  • #19829 [redborder-webui][nginx] Redirect access via port 80 to 443
  • #20328 [redborder-cli] Cannot disable minio on a cluster with two minios
  • #20130 [redborder-ai] cookbook-rb-ai: Restarts the redborder-ai service everytime
  • #19852 [sfacctd] Stop/Start sfacctd and f2k when running rbcli zookeeper clean script

Release notes for 25.01.7

  • Release date: 13/February/2024
  • Type: Standard
  • Main changes: redborder-webui, minio

This is the release notes for the patch 25.01.7 of redBorder NDR version 25.01.

In this update, our primary objective was to fix bugs and update minio to latest current stable version.

What's new

  • #20196 [minio] Update version

Improvements

  • #19911 [redborder-webui] Alarms: Add import/export
  • #19910 [redborder-webui] Alarms: Add search
  • #20298 [redborder-webui] Enable by default delayed_job.log

Resolved Issues

  • #20237 [redborder-webui] Alarms: Add posibility to sort in Alarms table (for example by name)
  • #20300 [redborder-webui] Remove characters [ and ] from incident syslog messages incident the structure data
  • #20254 [redborder-webui] Alarms for custom monitor categories not triggering (bad value conversion)
  • #20239 [redborder-webui] Error 500 in /users/login when user is already signed in
  • #20231 [redborder-webui] Action buttons in Notifications are displaced in tight windows
  • #20198 [redborder-webui] Missing translation in intrusion saved filters
  • #20197 [redborder-webui] Worklog filtering records are not filtering correctly
  • #20189 [redborder-webui] Assign users white in incident while Dark mode
  • #20170 [redborder-webui] Limits per organization not showing correctly
  • #20148 [redborder-webui] Lose breadcrumbs in Widgets
  • #20134 [redborder-webui] DeleteSensorJob failing or taking long
  • #20095 [redborder-webui] Assing user with different domain of the incident
  • #20091 [redborder-webui] Impact and Event summary section are not working
  • #20031 [redborder-webui] Can't select units in monitor alarms
  • #19931 [redborder-webui] In sensor tree view, ""Expand all"" button not working"
  • #19855 [redborder-webui] OutlierIncidentJob fails
  • #19402 [redborder-manager] Follower script executes when installing first node in mode 'core'
  • #20190 [cookbook-rb-manager] Logstatter should not run if logstash is not running
  • #19040 [cookbook-rb-manager] Fix: Ensure S3 Configuration Applies Correctly When Nginx is Enabled and S3 is Disable
  • #17621 [redborder-cli] rbcli service enable/disable does not work in proxy

Release notes for 25.01.6

  • Release date: 31/January/2024
  • Type: Standard
  • Main changes: redborder-webui

This is the release notes for the patch 25.01.6 of redBorder NDR version 25.01.

In this update, our primary objective was to fix bugs. We also added the secor service, this service backup kafka events in s3.

What's new

  • #17500 [cookbook-rb-secor][cookbook-rb-manager][redborder-cookbooks][redborder-manager][redborder-cgroups][rb-secor] Add secor service in NG
  • #19876 [redborder-webui] Upload "external reports" in PDFs

Improvements

  • #19529 [redborder-webui] Add "show timeline" to Incident Overview graph
  • #19938 [cookbook-rb-ips] Allow "View Raw" functionality in ips on proxy mode

Resolved Issues

  • #17714 [redborder-manager] Management and sync interfaces in the same network make the installation fail
  • #19053 [redborder-webui] Widgets: Hardware status on click not filtering
  • #19146 [redborder-webui] Sensor looks expandable when changing child nodes
  • #19206 [redborder-cli] Do not allow to disable minio if there is only one node with one minio
  • #19284 [redborder-webui] Widget image is nos being correctly contained
  • #19425 [redborder-webui] Search engines in limits and supressions failing
  • #19477 [cookbook-logstash] sFlow sensores without observation id has wrong sensor_name in rb_flow topic
  • #19478 [redborder-webui] Leaving shared dashboard by domain
  • #19484 [cookbook-rb-exporter] Missing vlan id for sflow
  • #19500 [redborder-webui] Fix missing spinner on "Generate" option in incident report section, while delayed job is running
  • #19563 [redborder-manager] Fail to upload elasticache data bag during installation
  • #19715 [redborder-webui] Fix search and filter of Stored Jobs
  • #19719 [redborder-webui] Fix Hardware view
  • #19807 [redborder-manager] Postgresql and redborder-postgresql not showing correct when external postgresql
  • #19815 [cookbook-logstassh] sFlow Split traffic not working because of the way we access interfaces (role vs node)
  • #19826 [redborder-webui] Losing filter in Alarm view after refreshing page (Firefox)
  • #19827 [redborder-webui] Organization dimension in Alarm view should be selectable with a list with "is"
  • #19832 [redborder-manager] Minio not showing correct in rbcli service when external minio
  • #19854 [redborder-webui] Alarms create an incident with unknown severity
  • #19894 [redborder-webui] Sensors: Error when move a domain using drag and drop
  • #19900 [manager][redborder-webui] In spanish, using big size font breaks some text in the overview
  • #19908 [redborder-webui] In sensor tree view we are missing last_update column for ips generic, ips proxy, and probably wrong position in flow_sensor
  • #19909 [redborder-webui] In Exporter Edit view you should not be able to add a Destiny address without a port
  • #19913 [redborder-webui] Duplicated custom tab in alarms and monitor module
  • #19932 [redborder-webui] Delete console.log on success save sensor tree, and "color is:" in top view
  • #19947 [redborder-webui] getNewNotifications being call all the time
  • #19959 [redborder-webui] User cant leave dashboard if shared by user and test fails
  • #19971 [cookbook-druid][cookbook-rb-manager] Druid is using default values leading to perfomance issues
  • #19974 [redborder-webui] Domain lose identation when changing its children sensor to another domain
  • #20001 [redborder-webui] A regex makes an error in the JS of general Settings
  • #20002 [redborder-webui] Options tab is not appearing in lower screens
  • #20011 [cookbook-logstash] Splittrafic: Default MAGIC number is nnot working for putting obervation_id as default
  • #20015 [redborder-webui] In Vault -> Raw: Detail button downloads empty json
  • #20019 [cookbook-webui] Static assets are not served correctly
  • #20039 [redborder-webui] Incident get lost when filters applied and there is not incidents
  • #20042 [redborder-webui] Reports: Fix shared by domain reports pagination
  • #20046 [redborder-webui] Timeline browser console error
  • #20053 [redborder-webui] In Monitor, inside tops view, the load more function fails
  • #20061 [redborder-webui] Search bar in Sensor -> Flow sensor view is not working
  • #20087 [redborder-webui] Dashboard raw table columns wrong color on Dark mode
  • #20088 [reborder-webui] Button on top of another button in global filters
  • #20089 [redborder-webui] Fix styles in widget Horizontal bar
  • #20104 [redborder-webui] Sensor Tree: Dropdown stays after deleting the last sensor on a domain
  • #20105 [redborder-webui] Incidents: Unassign user from incidents doesnt work
  • #20106 [redborder-webui] Playbooks: Duplicate playbook create it with the original user and not current user
  • #20114 [redborder-webui] Reports: Table order by doesnt work (header table)
  • #20132 [redborder-webui] AI requires a higher number of tokens
  • #20142 [redborder-webui] Incidents: Outliers Incidents without classification try to show it
  • #20149 [redborder-webui] Incidents: Error 500 trying to view an incident with assets
  • #20163 [cookbook-druid] Always select hot tier if possible and fix merge buffer

Release notes for 25.01.5

  • Release date: 18/January/2024
  • Type: Standard
  • Main changes: redborder manager.

This is the release notes for the patch 25.01.5 of redBorder NDR version 25.01.

In this update, our primary objective continued to be the resolution of existing bugs, with a special emphasis on enhancing the functionality of webui adding the dark theme.

What's new

  • #19652 [redborder-webui] Show uptime in sensor tree on sensors of type ips and proxy
  • #19621 [redborder-webui] Add Observables Related, Assets Related, Events Related in Asset sidebar on Incident View. Unify related assets and observables in one GRAFO table. Adapt sidebar to new way of getting incident druid data
  • #19588 [redborder-manager] Integrate external reputation list for: ip, domains, url, sha-1 and sha-2
  • #19360 [redborder-webui] Add dark mode theme for web interface

Improvements

  • #19749 [redborder-webui] Add more logs on UpdateThreatIntelJob output, validation of input and expiration of memcached keys (like 1h.), change dimension translation name "wan ip is malicious" -> "wan ip malicious"
  • #19528 [redborder-webui] Add all the info of linked incidents in Incident Detail view
  • #19523 [redborder-webui] Rework notifications to show the number of pending notifications on the top menu

Resolved Issues

  • #19858 [cookbook-keepalived] Add notify master/backup script for sfacctd virtual ip (similar to the webui one)
  • #19853 [redborder-manager] create splittraffic & splitintrusion false by default during installation
  • #19848 [redborder-webui] dark theme doesn't work when you try to edit a user you are not logged in
  • #19831 [cookbook-rb-manager] s3 host should be taken from s3_secrets
  • #19825 [redborder-webui] glpi can enqueue more than one jobs at the same time
  • #19808 [redborder-manager] s3 access key not correctly loaded when external s3
  • #19797 [redborder-manager] postgres_TAG not defined in rb_bootstrap_common
  • #19789 [redborder-webui] theme is switching with user preference when login out
  • #19783 [redborder-webui] Tool -> Object Types showing a table sorter header element empty
  • #19775 [redborder-webui] Translation missing - playbook assignment rule
  • #19770 [redborder-webui] missing error logo in dark theme
  • #19765 [redborder-webui] Priority is always using the ID of database instead an specific column
  • #19757 [redborder-webui] Alarms compute the value bad
  • #19721 [redborder-manager] OutlierIncidentJob enqueue without checking if exists
  • #19718 [redborder-webui] Default alarms not filtering by node
  • #19704 [redborder-webui] Check if the object type of an object is nil before getting the object image. If doesnt have type, put "MacObject" in type in assets list
  • #19696 [redborder-webui] RbVulnerabilitiesUpdateDBJob give massive message in Last error column
  • #19498 [redborder-webui] Vertical bars widgets gives error when dashboard updates
  • #19390 [redborder-webui] Error when editting playbook while having 26 playbooks (max number of playbooks). Also limit the playbook count to 25
  • #19366 [redborder-webui] Error when ordering by priority
  • #19186 [redborder-webui] Mitre rule assignation: subtechnique direct assignation
  • #19134 [redborder webui] Widgets duplicated column
  • #19057 [redborder-webui] Intrusion help when there's no IPS shows old installation
  • #18698 [redborder-webui] Pagination for event rules limits also affects the suppress list
  • #17929 [redborder-webui] In Objects and Object Types, pagination is not updated