Scheduled Maintenance Update - 3.12.1
Scheduled Maintenance Report for CyFlare
Completed
The scheduled maintenance has been completed.
Posted Aug 26, 2021 - 17:30 EDT
In progress
Scheduled maintenance is currently in progress. We will provide updates as necessary.
Posted Aug 26, 2021 - 14:30 EDT
Scheduled
Dear Subscriber,

Tomorrow, August 26th at 2:30pm EST, CyFlare will be performing regular system maintenance and upgrading our Breach Detection Service to version 3.12.1 to improve our INTERNAL infrastructure. This update includes new features, improvements, enhancements, key fixes and known issues.

Highlights:
● Added Linux sensor support for Ubuntu 20.04.
● Introduced a new Cylance connector that can Contain a host as a response action.
● Introduced a new Sophos connector that collects events and alerts with Sophos Central APIs.
● Added support in the G Suite connector to collect alerts from Google’s G Suite Alert Center.
● Added improvements to log ingestion.

---------------------------------------------------------------------------------------------------------------------
Sensor Enhancement:
● The Linux server sensor now supports Ubuntu 20.04 environments.

Connector Enhancements:
● Introduced a new Cylance connector that can Contain a host with an expiration time as a response action.
● Introduced a new Sophos connector that collects events and alerts with Sophos Central APIs.
● Added support for the G Suite connector to collect alerts from Google’s G Suite Alert Center.

Log Ingestion Enhancements:
● Introduced a log parser for Dell iDRAC.
● Introduced a log parser for Symantec Messaging Gateway.
● Enhanced the Pfsense parser to use the Traffic index when logs contain 5-tuples.
● Renamed the top-level field host as log.syslog.hostname for all parsers. If the host field is not from the syslog header, it is renamed as hostname.
● Moved the following fields in Forcepoint CEF log ingestion to be vendor-specific: dvchost, from, to, and cc.
● Forcepoint CEF log ingestion now parses the truesrc field as srcip on the top level.
● Moved AWS vpcflow logs from the AWS Events index to the Traffic index when srcip and dstip exist. In addition, the bytes, packets, and protocol fields were renamed to totalbytes, totalpackets, and proto, respectively.
● Enhanced the Pulse Secure parser to support additional log types.
● Enhanced the Ubiquiti parser to support additional log types.
● Enhanced the LEEF parser to support additional CarbonBlack log types.
● Renamed the top-level field host to log.syslog.hostname for all parsers if it is extracted from the syslog header; otherwise it is renamed to hostname.
● Moved the field f5 to vendor specific in Oracle logs.

Response Integration Enhancement
● Improved the performance of Palo Alto Firewall responses by grouping multiple actions into one Palo Alto Firewall commit. This also improves the reliability of the response.

Usability Improvements
● Scheduled reports and manual export allow up to 100,000 records in a table.

Please note: during this upgrade, we may see that ingestion and UI are delayed for a period of 60 to 90 minutes.
Posted Aug 25, 2021 - 13:34 EDT
This scheduled maintenance affected: Breach Detection Service.