Big news on the release front. Some features didn’t make it into 3.0 due to QA but now this has been solved and we wanted to roll out a minor release (which is not so minor if you look at the Changelog…) with this data, before heading towards 4.0 (IPv6 support, huge improvements on the multitenancy/multicustomer side and big performance related database structure changes).
So, without further delay, click below if you want to have a look at the 3.1 changelog. We’ll be updating the list (thanks Juanma, Pablo :blush: ) as we get more things validated and tested and expect to release late next week. And futhermore, we’ve got a huge surprise hatching on the 11-11-11, I’ll keep you posted.
3.1 (preliminary) Changelog below:
Legend:
* No specific mention + Will be seen on video (bold+italic) - Will be talked about on the video (bold) * New Plugin: Amun Honeypot http://sourceforge.net/projects/amunhoney/ + New Feature: Raw tcpdump filter now available in Traffic Capture module * Improved alarm panel performance when loading groups of alarms + Captions added to multiple Graphs in the Dashboards * Fixed small typos in the web interface * New Feature: Beep on alarm (Incidents -> Alarms), Play a sound on new alarms * Risk Maps can now query Nagios to get availability status in real time (Using mklivestatus http://mathias-kettner.de/checkmk_livestatus.html) * Display Issues Fixed when using IE * Queries updated in the Dashboard graphs to include new taxonomy categories + Complete redesign of the Real Time event Viewer: Improved peformance and new filtering options * Limit results displayed on some graphs in the Dashboards panel * New feature: Voice control (More commands will be coming soon) * Removed dead code * Fix: Apache plugin updated in order to accept new event formats * New Feature: Ping added as a service in the host_services table (Availability Monitoring) * Fix: Fixed decryption of passwords for OMP profiles (OpenVas) * Improved performance when using Custom Views (SIEM console) + New Feature: Add PDF and CSV Report to Unique Events View (SIEM console) * Hide Analysis -> SIEM -> Statistics menu whenever EventStats is disabled * Clean Code: Deprecated sytle deleted * Fix: Issue when displaying the hardware info screen in firefox --> http://sourceforge.net/tracker/?func=detail&aid=3159019&group_id=15&atid=100015 * Improved Logger queries used in Asset report * Fixed utf-8 display issues * Fixed a problem when inserting services that existed in the db * Some issues fixed when generating a pdf report * Maps updated to use google Maps v3 api (No key required in google maps) * Fixed an issue displaying blank description in vuln reports when using some pdf readers + New feature: Pcap web-based analyzer (Traffic capture) * New feature: Lilian date support in the agent * Fixed several memory leaks ans bugs in the Open Source OSSIM Server + Improved the style sheet used to display alarms * Fixed a bug when trying to close an alarm group * Updated port service descriptions + New feature: See related traffic (Right click menu) * New feature: See related events (Right click menu) + New feature: See related security events (Right click menu) * New feature: Added loading message in multiple pages * New permissions for the new menus + New feauture: Display IDM data in OSSEC management interface when IDM is enabled + New feature: Add a message when loading Logger graphs * New feature: New action availability (Policy & Actions) -> Open a new ticket * Font changed when displaying pcap file in SIEM Console * Logger top graph now uses GMT+tz + IDM Support in SIEM Console * Fix: Increase memory limit in Asset report * Support new formats in the Snare plugin * Fix: Allow 0.0.0.0/0 as an agent in the OSSEC Web Interface (DHCP Enviroments) * New mcafee-epo plugin * Fixed connection issues between the framework and the database * Added a link to see event detail from Real Time Event Viewer * New feature: IDM output in the agent (Feeds the alienvault-idm daemon) - New feature: FTP plugins support * Fixed some issues when inserting networks with special characters on their names * Fixed some issues in the Risk Maps * Support "All" in the time frame selection when generating a report in the SIEM Console * Updated taxonomy filters in Dashboard Graphs * Fix: Removed noisy messages generated by the cron daemon - New feature: Logger support in more subreports * Fix: Snort rules were not displayed properly with some sids * Fix: Debug info removed from some log files * Fix: Asset properties display only the latest OS in each host * New feature: New function in the plugins normalize_date_american * New feature: New traffic lights in the Risk Maps * Fix: Fixed an issue when deleting the default tab in Dashboards panel * New plugin: Cisco-ips-syslog * New feature: Network Groups support in Risk Maps * Fixed an issue when exporting the SOX report in PDF format, some fonts were not properly displayed + New feature: Show IP Reputation info in the real time event panel + New menu: Ip reputation * Improved usability in some graphs: bigger clickable area - Updated chinese translation * Some message removed when starting the ossim agent * New feature: Pagination when displaying more than 50 agents in the web interface * Communication between the frameworkd and the agent now depends on the ip of the agent and not on the name of the agent * Fix: Error fixed when generating reports including Flows information * Removed unused links in Downloads * Fix: Fixed a bug when editing a network asset * Fix: Fixed an issue displaying RRD graphs for some networks * New plugin: Vmware-vcenter + New feature: Show IP reputation info in Alarms + New feature: Right click support in grouped alarms * Updated intrushield priority values + New feature: Open a ticket from the Logger or SIEM console * New feature: IP reputation in the event detail * New feaure: Assing permissions to automatically generated tickets * Fix: Error when creating Nagios configuration files for some hosts + New feature: Create host groups based on their location (For public IP addresses) * Updated bluecoat plugin * Updated cisco-3030 plugin * New feature: New categories on ticket status * Updated Netscreen firewall plugin * New feature: Display a message when deleting * New feature: Email template for tickets in HTML format * Support the new nmap output format * Fix: Allow _ in indicator name (Risk Maps) * New plugin: Xtera's Ascenlink devices * Unused configuration options removed * New feature: Default custom views in the SIEM Console * Fix: Fixed some "image not found" in Jasper reports * Fix: Get rid of apache (already used by another worker) warnings at restart * Fix: No need to logout to update user's timezone * Fix: Issue when rotating logs when Fw1loggraber is enabled + Improved the way plugin sids are loaded, the Server now loads much faster * Updated cisco-asa plugin * Added latitude and longitude information when importing assets using csv file * Updated pam_unix plugin * Updated real secure plugin * New feature: Search box in Configuration -> SIEM Components -> Sensors * Fixed several issues when displaying chinese characters * Fix: Issue when collecting some multi-line events * New permission: Edit tickets * New feature: Collect from multiple devices when using the SDEE plugin * Fix: Error attaching big files in the Knowledge DB * Updated Vyatta plugin * Display a message when deleting alarms * New feature: Disable correlation directives * Fix: Display an error when images can not be displayed in reports * New feature: New reports for HIDS information * New feature: Find alarms containing an event type * New feature: Import networks using a CSV file - New feature: Add to DS Group button in Siem events * Fix: Allow inserting 0.0.0.0/1 as a network * New feature: Export Networks and host as a CSV file * New feature: Include remote loggers info in Asset Report * New feature: Support filtering when deleting alarms * Fix: Issue when stopping the network discovery tool (Nmap) * New feature: Allow ANY in traffic capture tool * Fix: styles in several pages (buttons, width,...) * New feature: Allow event forwarding whenever SIEM is disabled (Policy rules) * Fix: Small issues when working with multiple tzones in the web interface * Fix: Duplicates entries in sources.list * Updated compliance mappings * Speed up the process of generating reports * Fix: Issue when applying filters in the Metrics Report * New feature: Added FW rules for openvasm * New feature: Added FW rules for framework * Fix: Clean duplicated Nagios link in Apache configuration * New feature: New auto-complete options in the Logger console * New feature: MOTD is now installed when using distributed installation profiles * Fix: Bug when generating the geographic reports with some specific filters * Fix: Issue when updating the ossim-server password from ossim-reconfig * Fix: Typos * Fix: Avoid Ntop to connect to the internet to check the version * Fix: noisy perl messages new aliases for df, du enable timestamp in history * New feature: Further restrict kernel logging on the console * Improved Openvas4 auto-configuration * Updated init scripts * Use alienvault as the default hostname * Updated nagios stylesheet * Fix: Small issues in the availability report + New feature: IP Reputation + New feature: IDM (Identity Management) * Fix: Use alienvault-update when ossim-update is executed * HA configuration in ailenvault-reconfig + Updated Tshark (introducing Sharkvault) * Speed up the correlation process * Memory usage reduced when events are correlated * Memory usage reduction when thousands of networks are present in the inventory - New feature: IDM daemon alienvault-idm + IDM and reputation added to custom SIEM views * New feature: Add a cron job for apt-get autoclean