Release Notes v9.2.0
  • 1 Minute to read
  • Contributors
  • Dark
  • PDF

Release Notes v9.2.0

  • Dark
  • PDF

Release Date: 29/04/2022

What’s New?

  1. An upgraded user-friendly DNIF Query Language.
  2. DQL blocks now have basic syntax highlighting and autosuggest capabilities.
  3. Panel to investigate signals with facets and raw events in context.
  4. Ability to tag and untag signals as false positives.
  5. Ability to suppress false positive signals with suppression rules.
  6. Ability to list and terminate slow running queries.
  7. Ability to test connector configurations.
  8. Code block adds support for regexp_extract and regexp_match functions.
  9. Option to filter at PICO with wildcard patterns.
  10. Early support for DR forwarding from PICO. (requires support intervention)
  11. New scalable backend for Machine Learning Framework.
  12. New scalable backend for Outlier Detection Framework.
  13. New scalable backend for Multi-Datanode environments.
  14. New Connector: Akamai Netstorage.
  15. Ability to override task timeouts for interactive, correlation and report workloads.

What’s Changed?

  1. Separation of fields and payloads at storage has been deprecated. Compression level is no longer configurable. DNIF now uses the highest compression level by default.
  2. Visual Block will no longer have a RAW flag in view of the above update.
  3. Backup & Restore utility config will deprecate config for events.
  4. GeoEnrichment now supports RemoteIP field in addition to SrcIP, DstIP.
  5. Visual search block now supports schema on read field access with @ prefix.
  6. Ability to download results from outlier block.
  7. Webhook plugin now allows use of non-JSON body in POST calls.
  8. Old DQL: added group/_agg stat_unique $field1 count_distinct $field2
  9. Report server allocation increased from 50% to 60% optimized for reporting policy and from 10% to 30% for other compute policies.
  10. All external API automations enforce a connect timeout of 5s and read timeout of 25s.
  11. Webhook Automation now honors NO_PROXY environment variable.
  12. AWS S3 connector now requires an additional configuration item for BUCKET_REGION.

What’s Fixed?

  1. Unfair data balancing issue for multi-datanode environments.
  2. Additional measures to ensure auto-recovery of core worker.

Known Issues and Limitations

  1. Dispatcher service on CORE has been reported to have issues with excess memory utilization in some scenarios.

Was this article helpful?