Prérequis
this upgrade can be applied from v100-hf7, v100-hf6 ou la v100-hf5.
Warning
All objects from KIBANA (dashboards, visualization, search, ...) created in version 2.5.3.100 will be removed at the first startup of version 2.5.3.101.
Warning
While applying the upgrade 2.5.3.101, all Malcore profils will be reset to their default values.
In order to save the dashboards produced in 2.5.3.100, use the administration interface in kibana> stack management> saved objects: select the personalized visualizations and dashboards, then click on export. After the upgrade to 2.5.3.101, return to the same place in kibana and import the previously saved objects.
Warning
Carefully read the release note before starting the upgrade process.
In particular, in the "known bugs" section the following elements must be taken into account:
Kibana inaccessible : "Elastic did not load properly. Check the server output for more information."
Warning
After the upgrade, the malcore engine must be updated.
Warning
Files used to update the sigflow and malcore engines are no longer the same.
Manual updates can be downloaded from https://update.gatewatcher.com/update/2.5.3.101/gcenter/.
latest_sigflow_v3.gwp corresponds to sigflow rules.
latest_malcore_v3.gwp corresponds to malcore engine.
latest_full_v3.gwp corresponds to malcore engine and sigflow rules.
Notable changes
Logs
General
| Field name | Version < v2.5.3.101 | Version >= v2.5.3.101 | Further information |
|---|---|---|---|
| timestamp_detected | 2021-07-06T17:02:19.595831+0000 | 2021-07-06T17:02:19.595Z | Format change |
Malcore
| Field name | Version < v2.5.3.101 | Version >= v2.5.3.101 | Further information |
|---|---|---|---|
| detail_wait_time | 88 | added | |
| scan_time_average | added | ||
| timestamp_last_malcore_analysis | 2021-07-05T18:15:35.546Z | added | |
| _internal_doc_id | qPzhd3oBnng1PLWX9yKE | added | |
| total_found | 14/15 | value of field total_found can take additionnals values |
Codebreaker Powershell
| Field name | Version < v2.5.3.101 | Version >= v2.5.3.101 | Further information |
|---|---|---|---|
| proba_obfuscated | proba_obfuscated | scores.proba_obfuscated | renamed |
| proba_clean | proba_clean | - | remove |
| scores.analysis | added | ||
| scores.analysis_detailed.Base64 | added | ||
| scores.analysis_detailed.CharInt | added | ||
| scores.analysis_detailed.FmtStr | added | ||
| scores.analysis_detailed.StrJoin | added | ||
| scores.analysis_detailed.StrReplace | added | ||
| scores.analysis_detailed.WebClientInvokationwebclientinvokation | added |