Release Date: 29/04/2022
- An upgraded user-friendly DNIF Query Language.
- DQL blocks now have basic syntax highlighting and autosuggest capabilities.
- Panel to investigate signals with facets and raw events in context.
- Ability to tag and untag signals as false positives.
- Ability to suppress false positive signals with suppression rules.
- Ability to list and terminate slow running queries.
- Ability to test connector configurations.
- Code block adds support for regexp_extract and regexp_match functions.
- Option to filter at PICO with wildcard patterns.
- Early support for DR forwarding from PICO. (requires support intervention)
- New scalable backend for Machine Learning Framework.
- New scalable backend for Outlier Detection Framework.
- New scalable backend for Multi-Datanode environments.
- New Connector: Akamai Netstorage.
- Ability to override task timeouts for interactive, correlation and report workloads.
- Separation of fields and payloads at storage has been deprecated. Compression level is no longer configurable. DNIF now uses the highest compression level by default.
- Visual Block will no longer have a RAW flag in view of the above update.
- Backup & Restore utility config will deprecate config for events.
- GeoEnrichment now supports RemoteIP field in addition to SrcIP, DstIP.
- Visual search block now supports schema on read field access with @ prefix.
- Ability to download results from outlier block.
- Webhook plugin now allows use of non-JSON body in POST calls.
- Old DQL: added group/_agg stat_unique $field1 count_distinct $field2
- Report server allocation increased from 50% to 60% optimized for reporting policy and from 10% to 30% for other compute policies.
- All external API automations enforce a connect timeout of 5s and read timeout of 25s.
- Webhook Automation now honors NO_PROXY environment variable.
- AWS S3 connector now requires an additional configuration item for BUCKET_REGION.
- Unfair data balancing issue for multi-datanode environments.
- Additional measures to ensure auto-recovery of core worker.
Known Issues and Limitations
- Dispatcher service on CORE has been reported to have issues with excess memory utilization in some scenarios.
Was this article helpful?