Skip to main content

Version 1.7.0 Released

This release introduces enterprise-grade high availability with Cluster Director architecture and comprehensive pipeline development tools with Pipeline Debugger. Standalone Director security enhancements provide granular access control, while Content Hub expansion delivers 23 new vendor automation and normalization packs. Platform capabilities expand significantly with 16 new target integrations spanning major cloud providers and SIEM platforms, complemented by vendor-based categorization for improved discoverability.

🚀 New Features

  • Cluster Director - High availability architecture enables Directors to operate in cluster configuration with odd-number deployments (3, 5, 7, etc.) for quorum-based decision making. Cluster configuration management is centralized at cluster level, automatically distributing settings across all members. Built-in failover capabilities ensure uninterrupted log collection and processing even when individual Directors become unavailable, providing enterprise-grade reliability for mission-critical environments.

  • Pipeline Debugger - Interactive debugging environment enables real-time pipeline testing and troubleshooting without requiring deployment. Test pipelines downloaded from Content Hub or custom-built configurations using the dedicated debug interface. Step-by-step execution visibility displays input data transformation at each processing stage, with detailed error information identifying exact failure points. Comprehensive input and output inspection accelerates pipeline development and reduces troubleshooting time.

  • Standalone Director Security Enhancement - Token-based authentication and network access controls added to standalone Director configurations, enhancing security for distributed deployments. Token management interface provides granular control over Director authentication credentials, supporting credential rotation and access revocation. Access restriction capabilities enable administrators to limit Director connectivity based on network requirements, ensuring Directors only communicate with authorized platform endpoints.

🔧 Improvements

Content Hub Expansion

Content Hub library expanded with 23 new pipeline packs covering vendor automation, schema transformation, and SIEM integration:

Schema Transformation Packs:

  • Advanced Security Information Model (ASIM) to Common Event Format (CEF) Parser Pack
  • Advanced Security Information Model (ASIM) to Log Event Extended Format (LEEF) Parser Pack
  • Advanced Security Information Model (ASIM) to Open Cybersecurity Schema Framework (OCSF) Transformation Pack
  • Advanced Security Information Model (ASIM) to Unified Data Model (UDM) Transformation Pack
  • Advanced Security Information Model (ASIM) to Common Event Format (CEF) Parser Pack Details
  • Common Security Log (CSL) to Common Event Format (CEF) Parser Pack
  • Common Security Log (CSL) to Log Event Extended Format (LEEF) Parser Pack
  • Common Security Log (CSL) to Snare Parser Pack Details

Encoding Packs:

  • Common Event Format (CEF) Encoder Pack
  • Log Event Extended Format (LEEF) Encoder Pack

SIEM Integration Packs:

  • ArcSight SIEM Automation and Normalization Pack
  • Datadog Cloud SIEM Automation and Normalization Pack
  • Google Security Operations Automation and Normalization Pack
  • Google Security Operations Unified Data Model (UDM) Normalization Pack
  • Graylog SIEM Automation and Normalization Pack
  • Logpoint SIEM Automation and Normalization Pack
  • OpenText Security Log Analytics Automation and Normalization Pack
  • OVHcloud Logs Data Platform Automation and Normalization Pack
  • Rapid7 InsightIDR SIEM Automation and Normalization Pack
  • Snare Prophecy SIEM Automation and Normalization Pack
  • Sumo Logic Cloud SIEM Automation and Normalization Pack

Platform-Specific Packs:

  • Linux Event Log Pack for Microsoft Sentinel
  • Microsoft Sentinel Advanced Security Information Model (ASIM) Normalization Pack
  • Microsoft Sentinel Common Security Log (CSL) Normalization Pack
  • Microsoft Sentinel Vendor Automation Pack

New Targets

Platform integration capabilities expanded with 16 new target destinations spanning cloud storage, streaming platforms, and security operations centers:

Cloud Storage Targets:

  • Alibaba Cloud OSS - Object storage integration for Alibaba Cloud infrastructure
  • Backblaze B2 Cloud Storage - Cost-effective cloud storage with S3-compatible API
  • DigitalOcean Spaces - Object storage for DigitalOcean cloud platform
  • Scaleway Object Storage - European cloud storage provider integration

AWS Ecosystem Targets:

  • Amazon CloudWatch Logs - Direct integration with AWS monitoring and logging service
  • Amazon Kinesis - Real-time data streaming for AWS analytics pipelines
  • Amazon OpenSearch - Managed search and analytics engine integration
  • Amazon SNS - Notification service for event-driven architectures
  • Amazon Security Lake - Centralized security data lake for AWS environments

Azure Ecosystem Targets:

  • Azure Monitor Logs - Integration with Azure's monitoring and analytics platform
  • Azure Service Bus - Enterprise messaging for Azure cloud applications

Google Cloud Targets:

  • Google BigQuery - Data warehouse integration for analytics workflows
  • Google Chronicle - Security analytics platform integration
  • Google SecOps - Security operations platform for threat detection and response

Security Platform Targets:

  • Elastic Security - SIEM and endpoint security platform integration
  • Splunk Enterprise Security - Premium security analytics and SIEM platform

Target Management Enhancement

  • Vendor-Based Target Categorization - Target selection interface enhanced with vendor-based organization and filtering capabilities, improving target discoverability as platform integration options expand. Targets grouped by vendor (AWS, Azure, Google Cloud, etc.) with filtering options for quick navigation. Category-based view reduces search time and helps users identify appropriate targets for their specific cloud provider or security platform.

🐛 Bug Fixes

Pipeline Management

  • Pipeline Timestamp Display - Fixed issue where pipeline creation and update timestamps were displaying incorrectly in the interface. Timestamp information now accurately reflects actual creation and modification times.

  • Pipeline Deletion Navigation - Fixed incorrect URL redirection when attempting to delete pipelines that have active dependencies. When pipelines are connected to devices, targets, or routes, deletion attempts now correctly navigate to the associated dependency page for review.